National Preparedness Month

September is National Preparedness Month     National Preparedness Month serves as an annual reminder to review your organization's preparedness program-- loss prevention and hazard mitigation, emergency preparedness, business continuity, information technology disaster recovery, and crisis management including crisis communication.    Ten Critical Preparedness Program Elements   1. Program Management: Senior management commitment, direction and support is critical for any program. Management must have a clear understanding of risk, identify/confirm preparedness priorities, ensure that adequate and capable resources are available, and ensure the program can be executed on a moment's notice.  Those vested with the authority for all aspects of the program must also have knowledge, skills and abilities to undertake this task.   2. Risk Assessment:  Understanding hazard, operational, and reputation risk is essential to plan loss prevention, hazard mitigation, response and recovery efforts. A comprehensive risk assessment should identify hazards, their potential magnitudes, assets at risk and their vulnerabilities, and potential impacts on people, property, business operations, the environment, and your reputation and relationships.  Comprehensive guidance is provided in our Preparedness Bulletin: Risk Assessment.   3. Business Impact Analysis: Prioritizing business processes by revenue, profit, or importance to the organization's mission helps define the scope of business continuity planning. Costs and impacts on customers, along with identification of the people, facilities, systems, equipment, technologies, information, and supply chain required to execute priority processes defines the requirements for continuity strategies. Guidance is offered in our Preparedness Bulletins Business Impact Analysis as well as Supply Chain Risk.   4. Resource Needs Assessment: AEDs, emergency generators, alerting, warning and communications systems are examples of resources. People are your most important resource. Information gleaned from the risk assessment and business impact analysis, regulations, and decisions about the level of response and recovery time for priority operations should help define resource needs. Without adequate resources, response and recovery efforts will be delayed or may fail. 5. Prevention & Mitigation: A fire that is quickly detected and suppressed by automatic systems should not jeopardize life safety and should minimize business interruption. Multiple, protected connections to internet service providers that enter the property and building from opposite directions can provide high availability of connectivity to applications and data in the cloud.    Prevention and mitigation begin with land use planning, building and process design and protection, and validation of proper installation. Safety, including physical, operational, and information security, and environmental protection programs are essential. Ongoing inspections, testing, maintenance, and training of these systems are critical to maintain up-time and minimize failure and downtime.  6. Emergency Preparedness: Emergency preparedness requirements vary based on location, type and size of building, hazards within or on-site, and many other factors and variables. Different threats or hazards require different capabilities. Protective actions for life safety (e.g., evacuation, sheltering, lockdown, and "run, hide, fight") vary based on the nature and location of the threat or hazard. Determining whether it is necessary to organize and train teams for medical response, firefighting, and hazardous materials response depends on regulations, severity of the threat or hazard, and the availability, capability and response time of assistance. Read Preparedness Bulletin: Protective Actions for Life Safety. 7. Business Continuity: Does your business continuity plan prioritize the recovery of your business processes? Are the resources required for executing continuity strategies available when needed, and will they support the strategy to the extent needed? Does the plan define strategies for prompt reporting of an incident, alerting of team members, declaring a "disaster," and executing the plan-- -at any time day or night? Are there manual workarounds to be employed when technology fails?  Guidance on these issues is provided in Preparedness Bulletin: Business Impact Analysis. 8. Information Technology Disaster Recovery Planning: Is all vital information backed up? Are employees complying with your information security policy? IT disaster recovery planning begins with ensuring all vital records are backed up and restorable in the event the facility is destroyed. Vulnerabilities and potential failures of computing and information backup strategies should be assessed. Physical protection and security of server rooms, equipment, and information is essential. Protection of infrastructure supporting server rooms including power, connectivity, and climate control should be commensurate with the importance of the technology to the organization's mission.  9. Crisis Management and Crisis Communications: A crisis is a low frequency, high impact situation with many potential causes--  a physical incident at a site, allegation, employment practices, product or service issue, criminal activity, information security breach, geopolitical events, or litigation. A crisis has the potential to cause very significant impacts on the corporation, its security, financial standing, reputation, and relationships with stakeholders. Are processes in place to identify and report issues that surface as well as events that occur? What are the potential issues and what are the current and potential impacts on stakeholders? Who constitutes the crisis management team? How will the crisis be managed, including the execution of communications strategies?  10. Testing, Training & Exercises: If a major incident were to occur, would employees know how to protect their own safety? Would team members be able to carry out their assigned responsibilities? Would the resources and procedures for continuity and recovery work? Testing of continuity and recovery strategies for IT and business processes as well as testing of any physical resource (e.g., a generator) is essential to ensure reliability in time of need. Basic training for all employees to protect their safety and security as well as protect the organization and its physical, digital, and intellectual property is essential today. Every team member needs training so they can execute their job on emergency, continuity, or crisis management team. Exercises are needed to evaluate plans and capabilities, and familiarize those responsible for executing the plan.   Help make your organization more resilient, conduct a self-assessment of your preparedness program using our Comprehensive Self-Assessment Checklist.  This checklist is based on NFPA 1600, our National Preparedness Standard, and references important regulations.   For further guidance read our Preparedness Bulletin: Auditing Your Preparedness Program.   Be sure to check out the hundreds of curated links to preparedness resources provided on our Resources Page.

 

 

Crises On The Rise

Is your organization prepared?

Deloitte conducted a survey [1] of over 500 senior crisis management, business continuity and risk executives.  Findings from this survey indicate respondents believe that crises are on the rise, necessitating the need for them to be ready to respond quickly and appropriately.  This includes plan implementation, testing and rehearsing for these threats.

From the “less visible” events such as cyber-attacks, financial fraud and corruption, and internal safety concerns, to the visually alarming emergencies caused by weather-related events, facility disasters or terrorist events, 80% of organizations have had to mobilize their crisis management teams at least once in the past 2 years.

These crises can have a devastating effect on a company’s financial performance, employee morale, sales and reputation.  Thanks to the proliferation of social media, what was once an accident or minor incident, is now displayed, sometimes within minutes of an incident, for all the world to see.  It is important for an organization to get out in front of an occurrence to maintain the confidence of all stakeholders.

But are organizations truly prepared to implement a crisis communication plan?  While the vast majority of those who responded to this survey do have some sort of crisis management plans in place, it is clear more needs to be done.  Findings from the survey revealed that:

• Confidence outstrips preparedness.  Companies are more confident in their ability to manage a crisis than their level of preparedness indicates.  Nearly three quarters of the survey respondents felt confident in their organizations’ ability to deal with a crisis, yet only half of these companies have plans in place, and just under a third have run simulation exercises.
• Experiencing a crisis drives organizations to avoid them.  Nearly 90% of the survey respondents indicated they have conducted internal reviews following a crisis.  They recognize the need to respond to threats before they happen by detecting the early warning signs, investing more effort in prevention and to identify potential crisis scenarios.
• Leaders need more development for crisis management.  Leading during a crisis is vastly different than leading during normal times.  It is critical that strong leadership skills and situational awareness are well developed.
• Being prepared significantly reduces the negative impact of a crisis.  Having board members and senior management committed and involved in the creation of a crisis management plan and participating in simulations/exercises increases effectiveness of the implementation.  Overall, about a third of organizations with a crisis plan in place report finances have been negatively impacted during a crisis, while that number jumps to nearly half of the organizations surveyed if no plan is in place.
• While third parties may be part of the problem, they can also be part of the solution.  Many crises may be triggered by suppliers or other partners.  And these critical service providers should be involved in crisis planning.  Bringing in outside advisors, identified in advance of any crisis, such as lawyers, PR firms, or other specialists, can help in managing a crisis.

The frequency and causes of crises are not likely to diminish.  There are a constant barrage of potential attacks from a variety of sources just waiting to pounce on the next victim.  Preparing your organization to be ready for any crisis is best handled when the board of directors and senior management is committed and initiates the need for planning.  The appropriate personnel must then be tasked with executing the planning, implementation and conducting simulated exercises, testing those in the organization who would be involved in an actual crisis.  Most organizations must overcome several challenges to be ready to navigate a crisis, however following these recommendations will go a long way towards making your organization more resilient and able to handle these crises as they arise.

Preparedness, LLC has many solutions to help your organization create and implement a crisis management program.  Visit our Crisis Management page to learn more about what we can do to help your firm plan for the unexpected.

Preparedness, LLC also offers capabilities to help your organization evaluate your preparedness program.  Download our Self-Assessment Checklist and check-out our comprehensive solutions to prepare your organization.

[1] Dent, Peter; Woo, Rhonda; Cudworth, Rick. 2018/06/18. Stronger, Fitter, Better. Deloitte Insights.https://www2.deloitte.com/insights/us/en/topics/risk-management/crisis-management-plan-resilient-enterprise.html?mod=djemRiskCompliance?id=us:2el:3es:4di_gl:5eng:6di

National Lightning Safety Awareness Week June 24-30

"When Thunder Roars, Go Indoors" Illustration how threat of lightning increases as a thunderstorm approaches. The exposure to risk reaches a peak when the storm is overhead, and then gradually diminishes as the storm moves away. According to the National Weather Service, 16 Americans were killed by lightning in 2017. This is the fewest annual deaths by lightning strike since tracking these deaths began in the 1940's. That is the good news.  The bad news is that while 10% of people who are struck by lightning are killed, the remaining 90% usually suffer life-long debilitating effects.  Clearly campaigns such as Lightning Safety Awareness Week are having a positive effect on society's recognition of the danger of thunderstorms. As a result of this awareness, policies surrounding sports and recreational organizations have changed for the safer.           There is no such thing as a safe place outdoors when thunderstorms are in the area. The only safe thing to do is to go indoors and wait out the storm. If you can't shelter inside, sheltering in a motor vehicle with windows up is the next best option.  Avoid parking under trees.  If thunderstorms are forecast, have a plan in place so that you have an indoor venue to retreat to, then continue to watch the sky for signs of an impending storm. Once inside, avoid corded phones, electrical appliances and plumbing, as these can conduct electricity in case of a lightning strike. Read more about how to prepare for these storms by protecting your property and people in the Preparedness Bulletin Thunderstorms, Lightning and Tornadoes

Tropical Storm Harvey Bearing Down on Texas Coast

Tropical Storm Harvey is bearing down on the Texas Gulf coast. Heavy rainfall reminiscent of Tropical Storm Allison is forecast along with coastal storm surge and high winds.

Cascading impacts from damage to critical infrastructure including electrical power, telecommunications, and transportation are possible. 

Hazard mitigation can substantially reduce the damage caused by hurricanes. Property insurer FM Global compared the loss history of its policyholders that implemented its loss prevention recommendations with those with outstanding recommendations to complete. FM found that those policyholders that fully implemented its preparedness recommendations had on average 75% to 85% lower dollar losses than those policyholders that did not implement such measures. 

Preparedness, LLC’s 7-page Preparedness Bulletin provides extensive guidance for mitigating hurricane hazards, organizing a team for storm preparedness and response, developing a preparedness and recovery plan, and planning for business continuity and family support. 

Program Development Resources: All Preparedness Bulletins are posted to our website. Be sure to check out the hundreds of links to program development resources and download the program self-assessment checklist based on NFPA 1600.

Hurricane Preparedness

NOAA's updated 2017 Atlantic Hurricane Season Outlook indicates that an above-normal hurricane season is most likely, with the possibility that the season could be extremely active. Hurricane season began on June 1, and the statistical peak of activity is mid-September.

No matter the forecast for number of storms, major hurricanes, and land-falling hurricanes, it only takes one storm to cause many deaths and billions in damages. "Superstorm" Sandy was not technically a hurricane when it made landfall, but it caused billions in damages. Recovery efforts continue years later.

Hurricane hazards include damaging wind, hurricane-spawned tornadoes, flooding from heavy rainfall, and coastal flooding from storm surge. Cascading impacts result from damage to critical infrastructure including electrical power, telecommunications, and transportation. Hurricane Katrina proved that these cascading impacts include widespread supply chain disruption.

Hazard mitigation can substantially reduce the damage caused by hurricanes. Property insurer FM Global compared the loss history of its policyholders that implemented its loss prevention recommendations with those with outstanding recommendations to complete. FM found that those policyholders that fully implemented its preparedness recommendations had on average 75% to 85% lower dollar losses than those policyholders that did not implement such measures.

This 7-page Preparedness Bulletin provides extensive guidance for mitigating hurricane hazards, organizing a team for storm preparedness and response, developing a preparedness and recovery plan, and planning for business continuity and family support.

Program Development Resources: All Preparedness Bulletins are posted to our website. Be sure to check out the hundreds of links to program development resources and download the program self-assessment checklist based on NFPA 1600.

Protective Actions for Active Shooter and Other Acts of Violence

Emergency plans for acts of violence should be established following national standards such as NFPA 1600 and applicable regulations including OSHA and state and local fire codes. Plans should include protective actions for life safety, threat and hazard specific procedures, defined roles and responsibilities, lines of authorities, an incident management system, and the identification and assessment of required resources. Implementation of plans should be accomplished through training, drills, and exercises.

Protective Actions for Life Safety

The emergency operations plan should define actions to protect life safety from foreseeable hazards. Terminology for protective actions has changed over time complicating common usage and understanding essential to prompt action. Review and agree upon common terminology within your organization, with building management and tenants, and with public safety responders.

The three basic protective actions for acts of violence are:

EVACUATION when there is a hazard such as a fire, bomb threat, or suspicious package inside the building and you must move to a safe location usually outside the building. “run” is the protective action to escape an armed perpetrator or active shooter inside a building.

LOCKDOWN (“hide”) when there is an armed perpetrator in the building or believed to be inside, but a safe path to escape is not available. This option may also be referred to as “Shelter-in-Place.” The term shelter-in-place was originally used to describe protection from a hazardous materials release outside a building. The term may also be used to describe sheltering from any hazard outside.

COUNTER (“fight”) when confronted with an armed perpetrator and you must take physical action to take down or distract a perpetrator to protect your safety or the safety of others.

For more information on prevention and deterrence of acts of violence as well as emergency response and recovery planning, read the Preparedness Bulletin: Acts of Violence. Be sure to check all of the Preparedness Bulletins, our lengthy list of curated hyperlinks to preparedness resources on the internet, and our comprehensive program self-assessment checklist. It includes more than 200 questions to help you evaluate your preparedness program.


If you have any questions or comments, please leave a comment along with your email address.

Workplace Violence Prevention

There are many policies and procedures that if implemented can reduce the risk of violence in the workplace. Anti-harassment and discrimination, substance abuse, business conduct, and electronic communications/computer use policies can help to eliminate behaviors and acts that cause workers to violently react to coworkers who they believe are bullying, abusing, or threatening. Any work environment that tolerates threatening or abusive behavior is at risk.

Related policies that establish an employer’s right to access an employee’s workplace computer, desk, locker, and other items may be necessary to investigate a credible complaint.

Risk factors that may expose employees to higher incidence of violence include working at night, working alone (on or off-premises), handling cash; and interacting with persons under the influence of drugs or alcohol. Workers in night retail establishments, healthcare institutions (especially emergency departments), and social services agencies are particularly at risk.

Circumstances or stressors such an impending layoffs or organizational change that elevate tension, stress, or conflict in the workplace should be recognized and appropriate measures taken to mitigate risk.

Termination of employment can be the cause for workplace violence, so planning in advance may be warranted. Planning should begin with a threat assessment; provision of assistance for terminated employees to transition to the next phase of their life, and security measures during and following the termination meeting.

Establishing a threat assessment team to evaluate threatening behaviors and incidents is a good practice and common in public schools and higher education. Suggested team members include human resources, security, legal, safety, union representative, employee assistance program (EAP) provider, outside mental health professionals, and law enforcement.

For more information on prevention and deterrence of acts of violence as well as emergency response and recovery planning, read the Preparedness Bulletin: Acts of Violence. Be sure to check all of the Preparedness Bulletins, our lengthy list of curated hyperlinks to preparedness resources on the internet, and our comprehensive program self-assessment checklist. It includes more than 200 questions to help you evaluate your preparedness program.