Our mission is to safeguard people, protect property, minimize business interruption, and protect reputations.

Our vision is to thoroughly understand each client’s business and become a long-term trusted adviser.



Thursday, May 20, 2021

Emergency Operations Plans


An employee complains of chest pains. A delivery truck backs into the gas meter, and a strong odor of gas invades the building. A “suspicious” package is found in the unattended lobby. Gunfire erupts in the shop area, and coworkers are fleeing. A severe thunderstorm warning has been issued following an earlier tornado watch. Blocks away a group of protesters is growing larger. The power goes out on a bitterly cold day. Water is leaking through the ceiling of the server room.

Who is going to act? What actions should be taken to safeguard life and protect property? How quickly can they react? How effectively can they act? The actions taken in the critical initial minutes of an emergency often dictate the outcome.

An emergency operations plan that is risk-based, makes best use of available internal and external resources, and is executable by an organization with defined roles and responsibilities is essential.

Objectives, Priorities & Resources

The number one priority of emergency operations is to safeguard life. Other objectives include protection of property, the environment, and the organization’s reputation. Continuity of business operations benefits from effective emergency operations.

Priorities for emergency operations become apparent when conducting a risk assessment. Threats and hazards with high probability of occurrence or potential for significant impacts should be high on the list. The increasing frequency and severity of civil unrest, active shooter incidents, wildland fire, power outages, and severe weather warrants the need for enhanced planning.

Often overlooked when considering objectives and priorities is the availability and capabilities of internal and external resources. Are sufficient personnel with the required knowledge, skills, and abilities available during operational hours to respond to foreseeable threats? Are facilities protected with detection, alerting, warning, suppression, and life safety systems that have been designed, installed, and maintained in accordance with national standards? What are the capabilities of public emergency services, their knowledge of the facility and its hazards, and their response times? Answers to these questions will identify resource limitations that must be overcome for effective response to emergencies.

Planning for Emergencies

The emergency operations plan is a product of a process that includes understanding risk, the availability and capabilities of resources, and applicable regulatory and accreditation requirements. The risk assessment identifies threats and hazards that require protective actions. The resource needs assessment identifies the required personnel, competencies, systems, equipment, and supplies for response to the identified risks. The assessment also evaluates the availability and capabilities of resources and identifies limitations that must be overcome. Minimum requirements for emergency response are established by applicable Federal and state health, safety, and environmental regulations, state and local fire codes, and accreditation requirements (e.g., Joint Commission for health care facilities).

Together, the risk assessment, resource needs assessment, regulations, and accreditation requirements inform decisions about the functions of incident management teams and the actions they will take.

Download the Preparedness Bulletin "Emergency Operations Plans" to learn more about:

  • Planning committee
  • Regulations & standards
  • Risk assessment & impact analysis
  • Incident management team
  • Alerting, warning, and communications 
  • Incident management facilities 
  • Emergency operations plan
  • Concept of operations
  • Incident management system
  • Protective actions for life safety
  • Threat or hazard-specific tactical plans
  • Crisis communications
  • Implementation, maintenance & continuous improvement

Thursday, January 21, 2021

 Winter Weather Preparedness & Response

Arctic freeze, heavy snow, high winds, blizzard conditions, freezing rain, and flooding are winter’s challenges to maintaining a safe and operational facility. Before winter weather watches and warnings are broadcast, prepare your facility and your employees. Preparations now can save costly damage to facilities and equipment and maintain business operations.

A snowplow on the streets of Denver during a blizzard. (Photo credit: FEMA)

Winter storms caused $2.1 billion in insured losses in 2019, compared with about $3 billion in 2018, according to insurer Munich Re and reported by the Insurance Information Institute[1]. The costliest U.S. winter storm, occurring March 11-13, 1993 affecting 24 states, caused $5 billion in losses[2]. Winter storms and cold waves are the third leading cause of natural disaster losses behind severe thunderstorms and flooding. 

The impact of major snowstorms, blizzards, and ice storms on business operations can be significant. Direct costs of property damage from freeze-ups and structural failures and the cost snow removal are quantifiable. Loss of sales when manufacturing and distribution operations are shut down due to loss of utilities or supply chain disruption are harder to quantify.

Ice storms can have deadly and crippling impacts over a wide area. The January 1998 ice storm that affected Upstate New York and Northern New England resulted in 44 deaths and caused $1.4 billion damage in the U.S. and $3 billion in Canada. Ice accretion of 3 inches was reported, and widespread power outages lasted weeks. Ice storms have impacted southern states, and The Great Ice Storm of 1951 impacted a 100-mile-wide swath from Louisiana to West Virginia.[3]

Facilities are especially vulnerable to freeze-ups when planned reductions in production, shutdowns, and vacations occur. Reduced use of space heating, reduced or no heat from production equipment, and few or no personnel on-site to monitor temperature and respond to freeze conditions contribute to losses.

Read the latest Preparedness Bulletin to read more about:
  • Winter Preparedness
  • Preparations for Arctic Freeze and Winter Storms
  • Precautions when Extreme Cold is Forecast
  • Response During Winter Storms
  • Safety During and After the Storm

[1] Facts + Statistics: Winter Storms, Insurance Information Institute, https://www.iii.org/fact-statistic/facts-statistics-winter-storms

[2] Ibid

[3] “The Nation’s Worst Ice Storms,” Weather.com, January 11, 2017

Thursday, December 3, 2020

Integrated Preparedness Program

Coordinated development and implementation of program
elements can reap significant benefits.

The objectives of a preparedness program are to safeguard life, conserve property, maintain the continuity of operations, prevent environmental contamination, and protect reputations and relationships. Emergency management, business continuity, IT disaster recovery, and crisis management are common terms for programs to accomplish these objectives. Prevention and mitigation programs including occupational health and safety, fire prevention, physical/operational security, cyber/information security, environmental protection, enterprise risk management, and crisis communications also have roles achieving these objectives.

Significant investments in people, facilities, systems, technologies, equipment, supplies, intelligence, and time are required to establish and maintain preparedness programs. Coordinated development and implementation of program elements can reap significant benefits including an enhanced understanding and treatment of risks, enhanced response capabilities, better outcomes, reduced costs, and a reduction in duplicative efforts.

Organize to enhance coordination and to delineate roles and responsibilities

Preparedness programs of large organizations are managed at vertical levels including corporate, business units, and sites or facilities. Corporate establishes policies and manages those incidents with the potential to cause significant impacts to the corporation. Business units have responsibility for aspects of crisis management and especially for the continuity of manufacturing and service delivery integrated within their organizations. At the site or facility level, it is common for loss prevention and risk mitigation programs to be developed and managed by different internal experts. For example, security manages security risks, HR and safety manage employee risks, and IT manages technology risks.

Planning for emergencies, continuity and recovery of operations, and the protection of the organization’s reputation and relationship with stakeholders requires teams at all levels to work together. Defined roles and responsibilities for planning, development, and execution of plans and programs are essential.

Risks cross departmental boundaries and business units. Corporate’s role to monitor risk and actively manage those with potential to cause significant impacts is critical. While responsibility for crisis management may rest at the executive or corporate level, effective response is dependent on an understanding of risk, prompt incident detection, and coordinated response between and within all levels of management.

Business continuity planning must involve senior management, operations management, and leadership of the functions required to support continuity and recovery of business operations. Information technology is essential to support business operations and must be involved in business continuity planning and incident management.

When an incident occurs, the incident management team should be led by the available person with the best combination of knowledge, skills, and abilities for the type of incident. All teams must work together within a common operational framework. Defined roles and responsibilities, clear lines of authority, protocols and procedures, and resource management during an incident are essential.

Clear understanding of risk, contracts, and regulations should inform priorities for, and investment in, the preparedness program

Enterprise-wide risk assessments should inform senior management decisions about investments to achieve the goals of the preparedness program. Assessments should identify strategic risks and inform crisis management and communications programs. Business impact analyses should inform decisions to protect assets and to implement business continuity strategies. Facility risk assessments should inform decisions about accident prevention, life safety, property protection, and environmental protection.

Customer contracts may dictate business continuity priorities and requirements especially for critical suppliers. Regulations dictate minimum requirements for health and safety, environmental protection, information security, business continuity, and information technology disaster recovery.

Coordinated planning involving corporate, business units, and facilities informed by the risk profile and mindful of contractual and regulatory requirements is the best means to develop overarching preparedness program objectives and prioritize investments to achieve them.

Protocols, procedures, and technologies are essential for prompt incident response

An incident at a facility, one involving a product or service, or disruption of supply chain, infrastructure, or technology can quickly generate media attention, regulatory scrutiny, or customer dissatisfaction. Word travels fast in today’s digital world reducing reaction time.

The risk assessment should identify the types of incidents that could occur, the stakeholders potentially affected, the issues that may arise, strategies for communications, and spokespersons. Protocols defining the circumstances that require notification of management at the facility, business unit, and corporate levels must be in place. Procedures and technologies to facilitate prompt and ongoing communications should tested and ready. Roles and responsibilities for development and approval of communications to internal and external stakeholders must be defined.

Plans and procedures need to be immediately accessible, easy to use, bring together necessary resources, and initiate incident management practices

When an incident threatening life occurs, warning and protective actions must be accomplished quickly. When operations are interrupted, strategies must be implemented within predetermined recovery times to avoid unacceptable losses. Communications with stakeholders is necessary to protect relationships. Plans must provide required information in a format that will inform decision-making during the critical initial minutes of an incident.

Today’s technologies can replace the inches thick binders collecting dust on a bookshelf. Wireless access to networks provides one click access to digital information that can be formatted visually to enhance comprehension and decision-making. A click can initiate warnings, notifications, and launch multi-user forms to conduct situation assessment, develop action plans, and facilitate incident briefings. Mass notifications systems can provide real-time status of employee response to evacuation or other warnings. Multiple documents, diagrams, and resource lists can be integrated through hyperlinks to authorized persons.


Coordinated planning involving all levels of the organization provides the best opportunity to identify, evaluate, and prioritize risk. Risk priorities along with contractual and regulatory requirements should inform decisions about investments in a holistic preparedness program. Coordinated planning and an integrated incident management organization that defines roles and responsibilities within a common framework better informs decision-making and management of response actions, and reduces miscommunication, confusion, and blind spots.

The sum of all elements of the preparedness program is greater than the sum of the individual, disconnected pieces.

For a printable copy of this Preparedness Bulletin, go to https://bit.ly/37w3sen  


Friday, October 23, 2020

Civil Unrest

Amid the anxiety and angst of the worst pandemic in 100 years, the elimination of social injustice has been the rallying cry of protesters following the George Floyd incident. Peaceful demonstrations erupting into violence under the cover of darkness have been national news. Cities of all sizes have seen demonstrations—some experiencing civil unrest night-after-night for months.

 Acts of vandalism, malicious destruction of property, and arson have been perpetrated on government buildings, statues, vehicles, and other property. Public streets, highways, and public space have been blocked and barricaded to prevent the free movement of citizens and commerce. Assault, battery, and homicide have been perpetrated with bricks, stones, firearms, and other weapons. Police, protesters, counter-protesters, and innocent people have been injured. Businesses have been looted and destroyed by fire. Block after block of storefronts have been boarded up. Losses to businesses in at least 40 cities in 20 US states may come close to the costliest civil disorder in US history. [Claims Journal, June 2, 2020] 

Recent decades have witnessed protests and civil disorder surrounding issues of social injustice, world economic and trade forums, political conventions, major sporting events, and labor disputes. Riots have plagued the United States for more than half a century, and 50 countries have seen a surge in civil unrest since 2019 according to political risk consultants Verisk Maplecroft. 

Concern about protests and demonstrations like those surrounding the 2016 Presidential election have law enforcement planning for the possibility of a repeat. Directors of security worry that volatile political divisions in our society may provoke conflicts between workers escalating into acts of workplace violence. Civil unrest is now a foreseeable threat requiring preparedness. 

In this Preparedness Bulletin the following topics are covered in detail:

  • Recognizing the Potential for Civil Unrest
  • Weapons & Tactics
  • Vulnerability & Risk Assessment
  • Security, Life Safety & Emergency Planning
  • Preparedness for Planned Demonstrations
  • Response to Civil Unrest
  • Workplace Violence 

Links to other resources are also provided to help organizations prepare for civil unrest and workplace violence.

Read the entire Preparedness Bulletin: bit.ly/3dNCgLd


Wednesday, September 30, 2020

Incident Management System

Florida SERT Chief briefs staff managing concurrent responses to the Covid-19 pandemic
and Hurricane Isaias.

The ongoing Covid-19 Pandemic, weeks-long civil disturbances, and numerous natural disasters emphasize the need for effective incident management.

No longer an exclusive practice of public safety agencies, incident management system is an essential capability for all organizations to protect lives, property, business operations the environment, reputations, and stakeholder relationships. 

An incident management system (IMS) can and should be used for all incidents planned, forecast, or occurring that require activation of emergency operations, business continuity, IT Disaster Recovery, and crisis management plans. 

An incident management system is defined by NFPA 1600 as "the combination of facilities, equipment, personnel, procedures, and communications operating within a common organizational structure and designed to aid in the management of resources during incidents." 

Implementation of an IMS enhances communications, coordination, efficiency, and effectiveness by organizing and bringing together the functional roles necessary to manage any incident.

Read the full September Preparedness, LLC Bulletinhttps://bit.ly/36nX3my


Tuesday, November 19, 2019

Building Resilience: ISO Standard for Business Continuity Updated

Business interruption and the potential impact on revenues, profits, contracts, and customers is an ever present concern for business executives. Hurricanes, flooding, wildfires, and now preemptive power outages are in the news. An effective business continuity management capability is essential and increasingly a customer requirement.

ISO 22301, "Business Continuity Management Systems – Requirements," is one of the two leading standards for business continuity programs along with NFPA 1600 “Standard on Continuity, Emergency, and Crisis Management,” which is published by the National Fire Protection Association.

The 2019 edition of ISO 22301 has been published by ISO and is available for purchase. ISO has also published a free publication explaining the standard: https://www.iso.org/news/ref2446.html.

Don Schmidt, CEO of Preparedness, LLC, is a long-time member of the USA’s Technical Advisory Group to ISO’s 292 and predecessor 223 committee that is responsible for ISO 22301 and related standards. He is also the past-chair of the NFPA 1600 technical committee. If you have questions about ISO 22301 or NFPA 1600, please contact us.

Friday, October 25, 2019

Cybersecurity Month

photo credit: niccs.us-cert.gov
October is Cybersecurity Month, reminding us that we must constantly protect our digital information. Businesses are constantly under attack and face potentially significant financial loss when the corporate network is compromised. Here are 10 actions to enhance cyber-security and data protection:

1.  Employee Education: Every employee (and family member) needs to be educated about cyber security. From the “C Suite” to the mail room, anyone on the network can compromise security by installing and using unauthorized software applications or browser extensions; copying files from malware infected flash drives to the network, opening phishing emails, or visiting unsafe sites. All employees should understand data protection policies and procedures. Educate employees about how personal information obtained from social media and web searches can be used by hackers to target them.
2.  Data Access: Identify confidential and company proprietary information; restrict access as needed; and verify that all confidential, proprietary, and important information is stored on drives that are backed up regularly. Educate employee and audit to verify that files are not stored on local hard drives and sharing company confidential or proprietary information with unauthorized recipients is prohibited.
3.  Physical Security: Smartphone and laptops are targeted by thieves for resale and especially for the information the devices store. Configure laptops with encrypted hard drives and ensure biometric or strong password access is enabled. Educate employees to secure laptops in hotels, meeting rooms, public places, and in vehicles. Remind employees to keep their smartphones close by and not in a position where they can be easily stolen.
4.  Network Security: Vulnerabilities in networking components including routers, switches, and wireless access points can be exploited. Inventory network hardware and sign up for notifications from vendors to be informed when vulnerabilities have been identified. Download firmware updates when they are offered. Enable the highest level of encryption for wireless connections. Restrict administrative access to the network to trustworthy technical staff.
5.  Operating System Updates: The cycle of computer and smartphone operating system updates is increasing to patch the latest known vulnerabilities. Ensure that automatic updates are enabled or ensure that your technology professionals promptly review and install patches.
6.  Passwords: Password management is a pain and overuse of simple passwords is common. Thankfully, enterprise password management can make passwords available across a company, computers, and devices. Implement password management software, restrict access to password vaults to those with a need to know; require strong, and unique passwords for each site; and promptly remove access when off-boarding employees.
7.  Software Applications: Enable multi-factor authentication whenever possible. Enable automatic updates to keep software updated or restrict software installations until security assessments have been completed. Audit software periodically to ensure the latest version has been installed, and security settings have been turned on.
8.  Malware Detection: Firewalls and malware detection software is critical and definition files must be continuously updated to protect against the latest threats. Prohibit access to the network if malware software is not enabled.
9.  Secure Connectivity for Remote Connections: All connections for employees working remotely or business partners should require encryption. Maximize security for remote management of the network and disable external access ports that are not needed.
10. Business Continuity & IT Disaster Recovery: Ensure that all important digital information is backed up. Maintain three (3) copies, each on different media (e.g., hard drive, network server, and cloud). Store one copy remote from the primary site in case of physical damage to the facility. Document hardware and software inventories; maintain current images of standard computers; and document a plan for recovery.