Integrated Preparedness Program

Coordinated development and implementation of program
elements can reap significant benefits.

The objectives of a preparedness program are to safeguard life, conserve property, maintain the continuity of operations, prevent environmental contamination, and protect reputations and relationships. Emergency management, business continuity, IT disaster recovery, and crisis management are common terms for programs to accomplish these objectives. Prevention and mitigation programs including occupational health and safety, fire prevention, physical/operational security, cyber/information security, environmental protection, enterprise risk management, and crisis communications also have roles achieving these objectives.

 
Significant investments in people, facilities, systems, technologies, equipment, supplies, intelligence, and time are required to establish and maintain preparedness programs. Coordinated development and implementation of program elements can reap significant benefits including an enhanced understanding and treatment of risks, enhanced response capabilities, better outcomes, reduced costs, and a reduction in duplicative efforts.

Organize to enhance coordination and to delineate roles and responsibilities

Preparedness programs of large organizations are managed at vertical levels including corporate, business units, and sites or facilities. Corporate establishes policies and manages those incidents with the potential to cause significant impacts to the corporation. Business units have responsibility for aspects of crisis management and especially for the continuity of manufacturing and service delivery integrated within their organizations. At the site or facility level, it is common for loss prevention and risk mitigation programs to be developed and managed by different internal experts. For example, security manages security risks, HR and safety manage employee risks, and IT manages technology risks.

Planning for emergencies, continuity and recovery of operations, and the protection of the organization’s reputation and relationship with stakeholders requires teams at all levels to work together. Defined roles and responsibilities for planning, development, and execution of plans and programs are essential.

Risks cross departmental boundaries and business units. Corporate’s role to monitor risk and actively manage those with potential to cause significant impacts is critical. While responsibility for crisis management may rest at the executive or corporate level, effective response is dependent on an understanding of risk, prompt incident detection, and coordinated response between and within all levels of management.

Business continuity planning must involve senior management, operations management, and leadership of the functions required to support continuity and recovery of business operations. Information technology is essential to support business operations and must be involved in business continuity planning and incident management.

When an incident occurs, the incident management team should be led by the available person with the best combination of knowledge, skills, and abilities for the type of incident. All teams must work together within a common operational framework. Defined roles and responsibilities, clear lines of authority, protocols and procedures, and resource management during an incident are essential.

Clear understanding of risk, contracts, and regulations should inform priorities for, and investment in, the preparedness program

Enterprise-wide risk assessments should inform senior management decisions about investments to achieve the goals of the preparedness program. Assessments should identify strategic risks and inform crisis management and communications programs. Business impact analyses should inform decisions to protect assets and to implement business continuity strategies. Facility risk assessments should inform decisions about accident prevention, life safety, property protection, and environmental protection.

Customer contracts may dictate business continuity priorities and requirements especially for critical suppliers. Regulations dictate minimum requirements for health and safety, environmental protection, information security, business continuity, and information technology disaster recovery.

Coordinated planning involving corporate, business units, and facilities informed by the risk profile and mindful of contractual and regulatory requirements is the best means to develop overarching preparedness program objectives and prioritize investments to achieve them.

Protocols, procedures, and technologies are essential for prompt incident response

An incident at a facility, one involving a product or service, or disruption of supply chain, infrastructure, or technology can quickly generate media attention, regulatory scrutiny, or customer dissatisfaction. Word travels fast in today’s digital world reducing reaction time.

The risk assessment should identify the types of incidents that could occur, the stakeholders potentially affected, the issues that may arise, strategies for communications, and spokespersons. Protocols defining the circumstances that require notification of management at the facility, business unit, and corporate levels must be in place. Procedures and technologies to facilitate prompt and ongoing communications should tested and ready. Roles and responsibilities for development and approval of communications to internal and external stakeholders must be defined.

Plans and procedures need to be immediately accessible, easy to use, bring together necessary resources, and initiate incident management practices

When an incident threatening life occurs, warning and protective actions must be accomplished quickly. When operations are interrupted, strategies must be implemented within predetermined recovery times to avoid unacceptable losses. Communications with stakeholders is necessary to protect relationships. Plans must provide required information in a format that will inform decision-making during the critical initial minutes of an incident.

Today’s technologies can replace the inches thick binders collecting dust on a bookshelf. Wireless access to networks provides one click access to digital information that can be formatted visually to enhance comprehension and decision-making. A click can initiate warnings, notifications, and launch multi-user forms to conduct situation assessment, develop action plans, and facilitate incident briefings. Mass notifications systems can provide real-time status of employee response to evacuation or other warnings. Multiple documents, diagrams, and resource lists can be integrated through hyperlinks to authorized persons.

Conclusion

Coordinated planning involving all levels of the organization provides the best opportunity to identify, evaluate, and prioritize risk. Risk priorities along with contractual and regulatory requirements should inform decisions about investments in a holistic preparedness program. Coordinated planning and an integrated incident management organization that defines roles and responsibilities within a common framework better informs decision-making and management of response actions, and reduces miscommunication, confusion, and blind spots.

The sum of all elements of the preparedness program is greater than the sum of the individual, disconnected pieces.

For a printable copy of this Preparedness Bulletin, go to https://bit.ly/37w3sen