Are Your Plans Smart Enough?

FRP Compliance for Crude Oil Storage Facilities

Posted on Thu, Aug 27, 2015

According to an August 11th report by the U.S. Energy Information Administration, crude oil storage fell slightly from 1,150.4 million barrels on July 31, 2015 to 1,148.7 million barrels on August 7, 2015. Although crude levels continue to vary, facilities that are bound by the EPA Facility Response Plan (FRP) requirement must ensure compliance. This is especially true during mergers, acquisitions, and when new storage facilities come online. In response to the potential growth opportunities, numerous U.S. companies are expanding storage capabilities.

  • Magellan Midstream Partners and LBC Tank Terminals have a $95 million crude oil storage and transportation project along Houston’s Gulf Coast. The two companies said they will build about 700,000 barrels of new crude oil storage and distribution infrastructure near Seabrook, Texas, about 30 miles southeast of Houston. The new storage will be connected into the area’s existing oil transportation infrastructure by a planned 18-inch diameter pipeline.
  • The Louisiana Offshore Oil Port is adding three new above-ground oil tanks and 1.1 million barrels of storage capacity to its Clovelly Hub, one of the nation's largest oil trading and distribution centers. It is expected to be completed by late summer 2016.
  • Florida Fuel Connection is investing $75 million to build a petroleum terminal and rail transportation facility near the Mississippi River.


Because a single oil spill can have a significant or catastrophic impact, it is imperative for emergency managers to evaluate response processes for best practices and maintain the most current FRP possible. Storage facilities that meet EPA capacity thresholds and could reasonably cause "substantial harm" to the environment by discharging oil into or on navigable waters, must prepare and submit FRPs. Facilities that could cause "significant and substantial harm" are required to have their plans approved by an EPA Regional Administrator (RA).

Substantial Harm
According to the FRP rule, a facility may pose "substantial harm" if:

  1. The site has a total oil storage capacity greater than or equal to 42,000 gallons and it transfers oil over water to/from vessels; or
  2. The site has a total oil storage capacity greater than or equal to 1 million gallons and meets one of the following conditions:
  • Does not have sufficient secondary containment for each aboveground storage area.
  • Is located at a distance such that a discharge from the facility could cause "injury" to fish, wildlife, and sensitive environments.
  • Is located at a distance such that a discharge from the facility would shut down a public drinking water intake.
  • Has had a reportable discharge greater than or equal to 10,000 gallons within the past five years.

If the facility meets the criteria, an FRP is required to be prepared and submitted to the regional EPA office. Once the FRP is submitted to the EPA, the regional administrator (RA) will review and determine if the facility should be classified as a significant and substantial harm facility. If the regional administrator determines that the facility could cause significant and substantial harm, the FRP requires approval by the RA.

Significant and Substantial Harm
An RA determines if a facility could cause significant and substantial harm to the environment by discharging oil into or on the navigable waters and adjoining shorelines. This is determined by factors similar to the substantial harm criteria, as well as:

  • The age of tanks;
  • Type of transfer operations;
  • Oil storage capacity;
  • Lack of secondary containment;
  • Proximity to fish, wildlife, and sensitive environments or drinking-water intakes;
  • Spill history and frequency of past discharges; or
  • Other information, including local impacts on public health.

The landscape of growth opportunities may be changing as the Department of Commerce recently announced a partial lift to the 1975 Energy Policy and Conservation Act ban allowing U.S. companies to export domestically produced crude oil to Mexico. However, despite the change or volatility of the oil industry, companies must ensure regulatory compliance remains across their enterprise.

Response Planning For Large Organizations with Multi-Facility Operations DOWNLOAD

Tags: Facility Response Plan, Oil Spill

Improvised Planning Is Costly: 7 Regulatory Compliance Tracking Factors

Posted on Thu, Aug 20, 2015

"It's not what happens to you, but how you react to it that matters." - Epictetus

Despite best mitigation efforts, emergencies and disasters occur. Although emergency managers can relate to Epictetus’s antidote, it has been proven by the abundance of regulatory fines and fees that responses should not be improvised. Numerous government agencies require that responses be planned for, exercised, and compliant across multiple fronts.

While organizations may see compliance efforts as challenging, the purpose of regulations is to shape practices to limit harm and protect communities and the surrounding environment. However, every month, companies across the nation receive regulatory enforcement mandates.

Regulatory non-compliance is expensive, time consuming, and potentially dangerous to company employees and the surrounding communities. For example, a Seattle area marine terminal that transfers large quantities of ethanol fuel and grain from rail cars to tanker trucks was fined more than $420,000 by Washington’s Department of Labor and Industries for numerous non-compliance issues. Additionally, the agency placed an immediate order to restrain the company’s ethanol transfer operation because of inadequate emergency response planning. Compliance costs are typically lower than the expenditures associated with non-compliance fines, litigation, reputational risk, and government mandated shutdown of operations.

Many industrial facilities must comply with multiple regulations sanctioned by various government agencies. For example, one specific industrial facility in Louisiana has to meet as many as 700 individual requirements. In order to ensure optimal compliance capabilities, companies should have an effective compliance management process in place that can enhance efforts, and limit the potential for fines and operational downtime.

In recent years, advanced technology has allowed an increasing number of companies to automate emergency preparedness, response processes, as well as regulatory compliance. One of the most important aspects of maintaining compliance is ensuring that required response plan and associated revisions are submitted to the proper regulatory agencies in a timely manner. The various agencies have different submission requirements regarding initial and plan revision compliance.


A company must associate each regulatory requirement with applicable mandatory submission requirements and tasks for each facility. From a corporate standpoint, incorporating a regulatory requirements tracking system can ease the complicated exponential challenges associated with managing multiple regulatory requirements for numerous locations. A regulatory compliance tracking system can eliminate redundancies that typically occur across converging compliance specifications
A methodological tracking system should itemize applicable federal, state, and local regulations, and include categorical information that satisfies that regulation. A tracking system should, at a minimum, contain the following components:

  1. Operational categories: Categories can range from air quality and hazardous materials, to construction safety and general safety and health. Depending on the detail required by the regulations, further breakouts by subcategories may also be required.
  2. Applicable Regulation Level: Regulations should be further broken down to Federal, state or local regulation categories.
  3. Time/Date Stamping: The time and date that each regulation was last updated.
  4. Compliance Feedback: Applicable notes regarding compliance or non-compliance.
  5. Industry Standard: Apply best practices related to compliance with specific regulatory requirements, when practical to do so.
  6. Facility Compliance responsibility: Identify contact assigned to maintain compliance for each regulatory requirement.
  7. Action Item Reporting: Provides a list of outstanding and completed action items, along with due dates and person(s) assigned. Reports should have filters to customize queries as required by the users.
The results of an effective compliance tracking system is an efficient and integrated program that optimizes the efforts of all stakeholders and allows for optimum compliance.

Tags: Response Plans, Regulatory Compliance, Facility Management

EPA Fines Multiple Companies for SPCC Plan Violations

Posted on Thu, Aug 13, 2015

Multiple California companies are in non-compliance with the U.S. Environmental Protection Agency’s Spill Prevention, Control, and Countermeasure (SPCC) regulation. The agency recently announced a series of financial penalties totaling more than $140,000 from both large and small facilities.

The SPCC regulation was created under the Clean Water Act to prevent oil from reaching navigable waters and adjoining shorelines, and to contain and respond to discharges of oil. It requires onshore oil storage facilities with identified capacities to develop and implement SPCC plans, identifying established procedures, methods, and equipment requirements to prevent and effectively respond to spills.

Under EPA’s Clean Water Act, facilities with aboveground storage tank capacities exceeding 1,320 gallons or underground tanks with capacities above 42,000 gallons, are required to comply with SPCC regulations.

“All companies who store oil must comply with federal standards. Facilities are required to prevent spills and be prepared to respond to a worst case oil discharge emergency," said Jared Blumenfeld, EPA’s Regional Administrator for the Pacific Southwest. “Preventing spills and protecting our waterways from oil spills is essential.”

True_cost_of_incidentsWhile it is not possible for EPA to identify and inspect every SPCC facility, owners and operators need to be proactive in developing and maintaining accurate plans. Despite inspection probabilities, companies must prioritize regulatory compliance in order to minimize financial burdens resulting from fines, negative public perceptions, and potential government mandated shutdown of operations. Recent California SPCC violations include:

  • A waste oil recycler facility in Newark, CA was ordered to pay a $90,000 penalty for failing to provide secondary containment around an oil storage area; failing to secure and control access to oil handling, processing and storage areas; failing to use safe containers and good engineering practices, including liquid level alarms to avoid discharges; and failing to develop a complete Facility Response Plan.
  • A vegetable oil terminal operator and packaging facility in Fullerton, CA, was fined $45,000 by failing to update and recertify its spill prevention plan; failing to provide adequate oil containment and drainage controls; failing to ensure that the secondary containment walls of a tank farm could contain spilled oil; and failing to remove accumulations of oil outside tanks and piping, transfer areas and process area collection trenches.
  • A building materials company in Pittsburg, CA was fined $2,775 for failure to provide a proper spill prevention plan, implement tank inspection and integrity testing programs, and provide documentation of employee training.
  • A grease service and disposal service facility in Riverside, CA was fined $2,400 for failure to provide a proper SPCC plan, for storing oil in improper storage containers, and for failing to implement a tank integrity testing program to prevent releases.
  • A food products facility in La Mirada, Calif. was fined $2,250 for failure to provide a proper SPCC plan and have adequate secondary containment for vegetable oil storage tanks.
  • A grease service and disposal facility in Riverside, CA was fined $1,900 for failing to provide a proper SPCC plan, and complete inspection records, The facility also lacked an adequate tank integrity testing program and proper oil drum secondary containment. 

Managing SPCC plans and associated compliance can be achieved through a cohesive, yet site-specific, standardization of best practices. The costs associated with effective emergency management, planning efforts, and overall spill prevention are often much less than the costs associated with fines, spill clean-up, and other civil liabilities. By utilizing available technology, companies can enhance accessibility, portability, and redundancy, and potentially ease communication barriers with responders and regulatory audits.


Tags: SPCC, EPA, Regulatory Compliance

Why Real-Time Incident Management Systems are Now EXPECTED!

Posted on Thu, Aug 06, 2015

Text messages, Facetime, Skype, live-streaming, and email are just a few of the communications technologies that offer current Environment, Health, and Safety (EHS) professionals and responders a unique advantage over their counterparts from years past. Because of the commonality of instantaneous access to communication and information, real-time technology should be incorporated into corporate Incident Management Systems (IMS). From the moment an incident is discovered, the response process of information gathering, assessments, response coordination, and documentation should not be halted by the communication barriers of the past.

The intent of an Incident Management Plan, which should be based on the Incident Command System (ICS), is to define, document, and provide tactical intelligence to those managing and responding to incidents. These plans should guide management, supervisors, employees and contract personnel as to their roles and necessary actions based on the current environment at the incident site. Timely, clear, and concise communication is pivotal. As a result, Incident Management Plans should incorporate:

  • Internal and external communication processes and procedures
  • Accurate contact information, highlighting the preferred method of communication
  • Methodology and protocols for two-way communication with all parties

A two-way information flow breakdown during the chaos of an incident commonly results in a diminished ability to quickly restore the site to “business as usual”. The IMS is the response communication tool that allows users to provide and receive current information enabling those with assigned response roles to carry out swift and appropriate resolutions. Compromised incident response communication often results in jeopardized safety, greater impacts, questionable company reputation, escalated costs, and diminished profits.

Incident Management Systems can be designed to expeditiously facilitate emergency management and coordinate responses through the use of interactive database-driven interfaces and real-time situational displays. Systems with 24/7 web-based access to the incident site information are extremely beneficial to decision makers. With a real-time system in play, emergency managers, on-site responders, as well as approved stakeholders at any location, are more likely to stage an effective and timely response. Providing an instantaneous method of situational awareness provides a means to:

  1. Monitor site response status/scenario
  2. Prioritize the health and safety of staff members and responders based on current information
  3. Aggregate data into a format that enables real-time analysis and decision making
  4. Determine the status and effectiveness of response actions
  5. Modify response strategies, tactics, and objectives based on the information received
  6. Determine the deployment of resources in order to prevent duplication of efforts
  7. Integrate incident response plan contacts and assigned tasks, as necessary
  8. Minimize miscommunications that can delay time sensitive responses
  9. Document stakeholder and agency directives to be used as a reference or learning tool

Despite a real-time communication, best practice processes, and state-of-the-art systems, the incident response will not be successful without a trained response team. Best practices have proven that individuals who demonstrate a clear understanding of their response role and responsibilities in exercised scenarios are better prepared to implement a precise, streamlined, and effective response.

Individual incident management responsibilities vary by role and the site-specific scenario. However, the lack of procedural and incident status communication can lead to the mishandling and mismanagement of a response. Real-time communication can benefit general supervisory responsibilities which may include, but are not limited to the following:

  • Initial response actions
  • If the situation demands, limit or restrict access to the incident scene and surrounding area
  • Determine or carry out directives regarding required personal protective equipment
  • Request medical assistance, if necessary
  • Identify representatives from each agency for associated responsibility, including communication links and location
  • Verify any substance released and obtain Safety Data Sheets, as necessary
  • If properly trained, identify and isolate source to minimize product loss and potential harm
  • Maintain records and individual logs, as necessary
  • Coordinate required response actions with Incident Commander and local responders
  • Communicate response actions to assigned specialized team members
  • Document all complaints and suspicious occurrences

Preparedness and Emergency Management - TRP Corp

Tags: Incident Management, Communication Plan

Cyber-Security Framework Aids in Business Continuity Planning

Posted on Thu, Jul 30, 2015

Company operations are increasingly intertwined with critical technology. A company’s business continuity plan (BCP) should include processes related to critical technologies that may be lost during an incident. A BCP is a vital tool that companies can use to plan for the restoration of normal operations after a business disrupting incident. In order to minimize the risk of technology-related continuity incidents, company-wide computer security best practices are essential.

Computer and cyber security mitigation measures, along with BCP reviews, can safeguard necessary integrated technologies, prevent hacking, and ensure business continuity. A breach in computer security can create a temporary or permanent loss of operations, software, and/or vital records.

In 2014, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) received and responded to 245 incidents reported by asset owners and industry partners. The Energy Sector reported the most reported incidents, followed by critical manufacturing. It is essential that companies share cyber security breach information, review lessons learned, and protect technologies in order to minimize the threat to critical infrastructure.


Source: ICS-CERT  245 incidents reported by sector (FY2014)

According to ICS-CERT, the graph represent only reported incidents. Many more incidents occur in critical infrastructure that go unreported. The Energy Sector Cybersecurity Framework Implementation Guidance manual states, “ICS-CERT continues to encourage asset owners to report malicious activity impacting their environment even if assistance is not needed or requested.” As incidents are reported, ICS-CERT can provide situational awareness to critical infrastructure industries about similar or related incidents, as well as share data regarding potential hacking and evasive techniques and tactics.

Identifying the procedural details of computer backups, data restoration methods, and minimum software requirements are crucial to re-establish technology-related critical business processes and business continuity planning. In early 2015, the Energy Department released guidance to help the energy sector establish or align existing cybersecurity risk management programs to meet the objectives of the Cybersecurity Framework released by the National Institutes of Standards and Technology (NIST). In an effort to maintain business continuity, a cyber-security program framework should be implemented.

The cyber-security program framework consists of a continuous seven-step approach that enables organizations to address the steadily evolving risk environment. In order to secure business continuity efforts, companies should evaluate the framework against their current cyber-security efforts.

Cybresecurity_Framework_Implementation_ApproachSTEP 1: Prioritize and Scope

  • Address how to frame, assess, respond to, and monitor risk.
  • Evaluate industry specific critical infrastructure protection objectives and priorities

STEP 2: Orient

  • Focus on critical systems and assets
  • As resources permit, expand focus to include less critical systems and assets
  • Determine evaluation approach used to identify current cyber security and risk management environment (ex: self-evaluations, third-party evaluations)
STEP 3: Create a Current Profile
  • Evaluate and determine status of current systems and security protocols
  • Identify existing cyber security risk management practices and measure them against best practices and proven frameworks. “It is important to understand that the purpose of identifying a Current Profile is not simply to create a map between organizational practices and Category and Subcategory outcomes, but also to understand the degree to which those practices achieve the outcomes outlined by the Framework.”  (Energy Sector Cybersecurity Framework Implementation Guidance, page 10)

STEP 4: Conduct a Risk Assessment

  • Perform cybersecurity risk assessments to identify and evaluate cyber security risks, and determine which are outside of current tolerances.

STEP 5: Target Outcomes

  • Identify the desired outcomes and associated cyber security and risk management standards, tools, methods, and guidelines that will mitigate cyber security risks, commensurate with the risk to organizational and critical infrastructure security.
  • When creating a Target Profile, the organization should consider:
    • current risk management practices
    • current risk environment
    • legal and regulatory requirements
    • business and mission objectives
    • organizational constraints

STEP 6: Determine, Analyze, and Prioritize Gaps

  • Identify gaps between current profile and targeted outcomes.
    ● Mitigation priority levels should be assigned to all identified gaps. Prioritization of gaps should include consideration of current:
    • risk management practices
    • risk environment
    • legal and regulatory requirements
    • business and mission objectives
    • any applicable organizational constraints
  • Develop a plan of prioritized mitigation actions to advance to “Targeted Outcome” based on available resources, business needs, and current risk environment.

STEP 7: Implement Action Plan

  • Execute the implementation plan
  • Track progress and completion
  • Evaluate to ensure gaps are closed and risks are monitored

TRP Corp - Emergency Response Planning Crisis Management

Tags: Business Continuity key points, Cyber-Security, Business Continuity Plan

An Evaluation of Industrial Response Planning Technology

Posted on Thu, Jul 23, 2015

Industrial facilities are continually challenged to maintain compliant, up-to-date, and effective response plans. Companies willing to embrace proven innovative tools are often the ones that outperform their counterparts. Long before tablet computers and smartphones, industrial companies composed and shared multiple binder-bound response plans. These formidable plan binders, which are still used in large numbers today, were/are printed and reprinted for responders, auditors, inspectors, and stakeholders, and were mailed to multiple agencies for regulatory approval. Fortunately, technology provides a solution to the countless challenges associated with maintaining multiple plans types often required of industrial facilities.

The notion of a securely accessible emergency response planning system capable of adapting to a company’s every location, regulatory requirement, and plan type is within reach to many companies. Web-based, database driven planning systems have proven to enhance compliance and ease plan maintenance demands. Before companies assimilate to planning software, maintaining multiple plans can be challenging when:

  • A company has multiple facilities with various planning requirements
  • The template put forth by the company did not allow for the facility-specific information required for regulatory compliance
  • Plan updates result in “version confusion” or lack of data consistency
  • Known quantities of hazardous materials varied and fluctuated, depending on facility and operational status

Companies strive to stretch budgets, boost response planning efficiency, and minimize the negative reputation associated with non-compliance. However, incorporating new software is often seen as an expensive and questionable expense. If processes are working, why change them? That same question can be asked of other archaic entities that simplified challenges, encouraged productivity, and minimized efforts. What would your enterprise be like today if technological advancements were not incorporated into corporate structures?


A comprehensive planning system should identify the resources required to effectively manage potential hazards, document necessary response actions, and fulfill multiple compliance mandates. Upgrading to web-based planning software will enable emergency managers across an enterprise to;

  • Reduce the need for multiple plans
  • Minimize administrative costs
  • Simplify plan reviews
  • Minimize discrepancies across various plans
  • Streamline response directives from one source

Company leadership and EHS teams must evaluate the case for integrating response planning software across an enterprise. Below are key questions that may help determine if an enterprise-wide response planning system is right for your company:


  1. Do you have more than one facility that is governed by regulatory requirements?
  2. Are individual facilities required to comply with multiple agencies requirements?
  3. How do you integrate frequently evolving regulatory requirements across your various facilities?
  4. How often are you audited and would you be ready if an auditor appeared tomorrow?
  5. Have audits result in fines or violations?


  1. Do you have multiple versions of plans, leading to “version confusion”?
  2. Does employee turnover rate create inaccuracies in your response plans?
  3. How effectively do you handle contact information updates and verification?
  4. Are your plans updated quarterly or annually?
  5. Do you plans address site operational hazards, risks, and threats?
  6. Is there repetitive information in multiple plans at multiple facilities?
  7. Do plans include site-specific criteria for provisional tiered responses?
  8. Do spill trajectory maps mimic local observations and historical tendencies?
  9. Do your personnel and responders have access to your existing plans?
  10. Have plot plans and area mapping been integrated with the most recent GIS data and knowledge?
  11. Do all sites have plans, or have you recently gone through a merger or acquisition?
  12. Do responses reflect lessons learned and exercise findings?


  1. Do local responders have access to your most up-to-date emergency response plan?
  2. Are your plans updated quarterly or annually, and how do you integrate new regulatory requirements.
  3. How much time is dedicated to maintaining, updating, and distributing your plans?
  4. Can you use your existing plan to expedite training?
  5. Do you have a record of changes and revisions?

Regulatory Compliance with TRP Corp

7 Corporate Social Media Strategies for Incident Management

Posted on Thu, Jul 16, 2015

In today’s expansive world of smartphones and instantaneous social media reporting, incident commanders no longer have the luxury of controlling communication with the public and media. As a result, a company must establish an incident management communication plan that includes a facet for assessing and distributing communication through social media.

Social media communication has advanced from its origins as a picture-sharing medium strictly used by young adults, to a comprehensive, informative, and responsive communication tool. Companies must incorporate these platforms that instantly validate observations, enable shared experiences, and provide valuable information.

Public relations planning that includes a social media element must be developed as part of an overall incident management plan. In order to sustain a positive, productive, and profitable relationship with stakeholders and communities, proactive corporate visibility and timely communications is essential. Established Twitter feeds, Facebook pages, and company websites can be used as sources of incident communications. Employees, the press, and communities want to know the details of “what happened”, “who/what was impacted”, “why did the incident occur”, and “what will happen” in the near future.


The more timely and detailed the information, the less chance the public and media outlets will have room for interpretation. In order to regulate inaccurate perceptions, an incident management communication plan must contain the following elements:

  1. An initial brief, focused, and factual description of the situation: Even if the situation is ongoing, the current facts must be presented barring any information that may cause further harm.
  2. Initial response action details: Identify the “who, what, when, and where”. The “why” is often speculative in the early stages of an incident. Refrain from communicating the “why” until all the facts can be evaluated and confirmed.
  3. Ongoing processes established to minimize and counteract the emergency: Identify what process and procedures will be in place in order to restore the scene to a “business as usual” scenario. This may include, but is not limited to:
    1. ongoing security measures
    2. safety mandates, such as shelter in place or evacuations
    3. supply chain disruptions
    4. employee directives
    5. request for assistance/volunteers
  4. A statement of commitment to return to “business as usual”: Companies must communicate their intent/attempt to return the affected area to its original or improved state. If ‘business as usual” will be delayed or altered, details of those terms must be communicated when logistics and associated details are confirmed.
  5. An expression of empathy to those affected by the incident: If an incident affects employees, stakeholders, and/or the community, a company should make every effort to “be human” and show compassion. However, communicating “acts of compassion” speak louder than words.
  6. Access to subject matter experts to answer media inquiries: Experts that understand the details of the incident and how it relates to operations can often provide specific, factual information. These individuals can often be representatives that explain “why” an incident occurred. If a company does not provide expert analysis, the public and media may seek out alternative sources that may not have all the necessary deductive and accurate information to the specific incident.
  7. Timing for follow up information: Companies should only promise what can be delivered. A companies should refrain from predicting response times. While exercises should give incident commanders a general sense of time frame, each scenario is unique. Companies should provide employees, the press, and the public with incremental times for situational updates. Those times should be hard scheduled but should not interfere with the response. Even if additional factual information is not available, the public information officer (PIO), or the designated representative, should maintain communication.

Social media engagement has become one of the “lessons learned” from the 2013 West, TX fertilizer plant explosion. Frank Patterson, Waco-McLennan County emergency management coordinator, called the incident a “CNN event”. “We didn’t use social media. It ate us up,” said Patterson. Misinformation and rumors surrounding the explosion saturated the Internet.

It is imperative for a PIO or representative to effectively manage and engage in media communication and social media chatter. For larger companies or if operational risks and worst-case scenarios have the potential for a considerable impact, it may be advantageous to establish a communications team that includes a social media monitoring facet. Regardless, companies must be tuned into the vast digital network of social chatter. While the specific incident circumstances will define a response strategy, basic communications processes typically remain consistent. Viral rumors and antagonistic communications can often be inhibited with a timely, factual, and proactive incident management communications campaign.

Tags: Incident Management, Media and Public Relations

Essential Elements for a Successful Company Crisis Management Response

Posted on Thu, Jul 09, 2015

Crisis situations can erupt suddenly and without warning. Most successful responses result from a prepared strategy, with a cooperative understanding of the incident, response roles, and assigned responsibilities. It is critical that a crisis management framework, response measures, and communication strategies be established and exercised before a crisis actually occurs.

“Drive thee business, or it will drive thee” – Benjamin Franklin

Regardless of the circumstances, every crisis has the potential to significantly impact a company’s short and long-term reputation, daily operations, and financial performance if the situation is not handled properly. Resolutions require a prepared crisis management plan (CMP) with flexible, yet pre-identified responses and actions. A CMP should be viewed as a reference tool, not a stagnant directive.

The following concepts should be utilized to generate effective corporate crisis management plans:

Potential threats: Identify all potential threats to “business as usual” operations. This can range from safety incidents and life-threatening emergencies, to social media glitches and human resource controversies.

Evaluate responses: Since each crisis is unique and comes with varying degrees of impact, each potential threat must be evaluated and resolved individually based on:

  • The potential impact on current and potential clients and customers
  • The potential impact to employees and the company
  • Stakeholders interested in the outcome of the incident
  • The level of control the company has over the situation
  • Complexity of the crisis and specialists required

Position: Determine the company’s public position or viewpoint for each potential issue. A public relations strategy and communications plan to relate this information should be established.

Mitigation Measures: Take preventive measures to avert emergency situations and proactively deter negative perceptions, including generating effective response procedures and recovery processes for a variety of potential threats.

Plan: Prepare a CMP for responding to all internal and external aspects of the crisis. This may include identifying all stakeholders that may be affected by each crisis situation, communicating effectively, and collaborating with additional necessary resources.

Persevere: Proactive efforts, honesty, empathy, and preparedness will assist in maintaining company viability and reputation. Utilize your plan, modify per incident specifics, and communicate company positions and ongoing activities to counteract the incident commotion.


The composition of a crisis management team (CMT) will vary depending on the nature and scale of the crisis. Depending on the requirements, following roles may be designed to provide the company with the essential functions necessary to manage most events (*denotes support positions activated as necessary):

1. Crisis Manager (CMT Team Leader) - Approve theCMP  and provide overall leadership.

2. Security Advisor - Provide input regarding security related procedures contained in the CMP during scheduled plan reviews, and provide guidance regarding current or potential security issues during a crisis.

3. Public Affairs Advisor - Provide input and participate on all aspects of Crisis Communications.

4. Medical Advisor - Assess and assist in human health impacts during a crisis.

5. Human Resource Advisor -– Provide guidance relating to communications with employees, and work to minimize impacts to employees and their families. Maintain a current, accessible contact list of all employees, contract employees, and responders,

6. Health, Safety, Security, and Environmental Advisor (HSSE) – Provide guidance regarding actual or potential environmental, safety, and health issues related to the crisis. Coordinate direct implementation, and training and updating of Incident Response Plans.

7. Legal Advisor - Ensure a Legal representative is available at all times in case of a crisis to assess potential legal impacts of response actions and communications.

8. CM Advisor - Supervise and coordinate necessary support roles. However, individual Aides may be assigned to work directly under any core CMT position to fill a specific need. Also responsible for the readiness of a Crisis Management Center, if necessary.

9. *Aide(s) - Administrative resource(s).

10. *Business Unit Advisor(s) - Anticipate Business Unit issues, develop strategic plans to proactively address these issues, and adjust staffing of Business Unit Group to suit evolving incident needs.

11. *Subject Matter Expert(s) (SME) - Be available to assist crisis manager on as “as needed” basis. Examples of potential SMEs may include specialized technical, legal, or environmental experts

CMPs and activated CMTs are of little value to a situation if they are never tested on realistic crisis scenarios. Exercising a plan with established and communicated objectives and expectations can vastly improve the effectiveness of required responses, the decision making process, and task-related performances.

TRP Corp - Emergency Response Planning Crisis Management

Tags: Crisis Management

Oil Spills and Water Do Not Mix: Guidance for Company SPCC Plans

Posted on Thu, Jul 02, 2015

Most analogies regarding oil and water convey an image of chaotic polarity. If oil comes in contact with water in an industrial setting, it can be destructive and costly. Oil spills that discharge into waterways have adversely affected environments and wildlife, caused substantial economic losses to communities, and inflicted financial penalties on companies.

If a company is subject to the Environmental Protection Agency’s Spill Prevention, Control, and Countermeasure (SPCC) rule, they must ensure plans are established, accurate, and compliant. The EPA estimates that approximately 640,000 U.S. facilities are potentially subject to regulations under the following rule:

A facility that stores, processes, refines, uses or consumes oil and is non-transportation-related is potentially subject to the SPCC rule. The EPA requires these plans for facilities that could discharge oil into navigable water and store more than 1,320 gallons aboveground or more than 42,000 gallons underground.

Since 1974, owners and operators of certain oil-handling facilities have been subject to the regulation. When referring to a recently plan delinquent and fined rail facility, the EPA stated that the failure to “maintain and fully implement an adequate SPCC plan leaves a facility unprepared to deal with an oil spill and to prevent a spill from having potentially serious consequences.”

Compliant "spill prevention" plans can prevent spills from occurring, as well as speed up necessary response and recovery actions. For EPA compliance, plans should provide site-specific details that allow responders to best access, assess, and quickly respond to off-site spills, limiting the effects of a spill on sensitive environments. The plans also relay site specific information related to the storage and management of oil. These plans require that facilities identify sufficient containment and/or other applicable countermeasures to reduce the potential for oil spills to reach navigable waters.


Typical elements of an SPCC Plan include:

  • Professional Engineer Certification
  • Discussion of conformance with federal regulations
  • Facility description, plot plan, and contacts
  • Potential spill volume and flow rates
  • Inspections, tests and record keeping processes
  • Personnel training requirements
  • Loading/Unloading and transfer details
  • Discharge prevention measures
  • Security Measures
  • Recovered material drainage and disposal methods
  • Bulk Storage tanks details
  • Secondary containment locations and volumes
  • Discharge notification information and procedure
If a facility has more than 10,000 gallons of aggregate aboveground oil storage capacity, the plan must be inspected and certified by a professional engineer (PE). The certifying engineer must:
  • Be familiar with plan requirements
  • Visit applicable site and examine the facility
  • Certify that the plan has been prepared in accordance with good engineering practices, including consideration of applicable industry standards
  • Confirm that procedures for required inspections and testing have been established
  • Certify that the plan is adequate for the specific facility

Facilities that require these plans, yet have an aboveground oil storage capacity of less than 10,000 gallons, may self-certify these plans if they meet the following criteria;

The facility must not have had

  1. A single discharge of oil to navigable waters exceeding 1,000 U.S. gallons
  2. Two discharges of oil to navigable waters each exceeding 42 U.S. gallons within any twelve-month period, in the three years prior to the SPCC Plan certification date, or since becoming subject to Title 40, Part 112 of the Code of Federal Regulations (CFR) if facility has been in operation for less than three years.

If a facility owner meets the above criteria, then the company may;

  • Prepare a self-certified plan
  • Meet tailored facility security and tank integrity inspection requirements without PE certification
  • Prepare a Plan which includes required PE certification for only the portions dealing with environmental equivalence and impracticability determinations. The remaining portions of the plan could be self-certified by the facility owner/operator.


Tags: SPCC

Preparedness & Response Planning for Supply Chain Business Continuity

Posted on Thu, Jun 25, 2015

Weather, natural disasters, and other uncontrollable events can interrupt transportation flow and your supply chain – anytime, anywhere, and with little warning. - service alert

In January and February of 2015, blizzards, ice, and frigid cold temperatures targeted the eastern half of the United States. The deluge of extreme weather brought residents, cities, and supply chains to their knees. Meanwhile on the west coast, labor disputes between the International Longshore and Warehouse Union and the Pacific Maritime Association created the partial closure of 29 ports. The Port of Oakland experienced a 39% drop in cargo imports because of the circumstances (Wall Street Journal). The trucking and railroad industries lost valuable time and money, and customers experienced delayed delivery of tons of expected goods. The ripple effect of delayed shipments forced many customers to stockpile goods when available, and alter contracted shipping means when time sensitive goods were required.

Ensuring ample supplies in the midst of an incident can be challenging, especially when external forces create delays. Supply continuity and preparedness efforts are becoming more important as more companies depend on world-wide suppliers. These recent major supply disruptions, both on the east and west coasts, emphasize the need to develop business continuity plans (BCPs) that identify primary and secondary suppliers and alternate resources. By identifying and contracting with vendors and alternate suppliers prior to an incident, a company improves its ability to quickly and successfully respond to unforeseen disruptions.

Pre-emptive identification and mitigation efforts are crucial to preventing supply chain interruptions and costly consequences. Factors to consider in the identification of critical suppliers are complex and extend well beyond first glance analyses. While suppliers of material goods and business-specific products may be critical to business practices, suppliers may also include those that provide the following services, utilities, or infrastructures:

  • Sole source services
  • Electrical power
  • Water
  • Fuel
  • Telecommunications
  • Transportation
  • Staffing
  • Waste Management
  • Facilities


Companies should utilize BCPs to prepare for incidents that could impair or impede the ability to operate as a result of a temporary or permanent loss of required supplies, equipment, critical staff, data, and necessary infrastructure. A BCP can help minimize or counteract many of the potential impacts of a supply interruption or set procedures in motion that limit the effects on operations.

Identification of risks and business impact analyses (BIA) should be performed for critical supply chains as part of the development of BCPs. For common disruptions, inept supplier performance, required resources forecasting errors, and transportation and delivery breakdowns, companies can typically utilize historical data to quantify the level of risk and necessary response effort. However, when extraordinary events impact the supply chain, such as the east and west coast incidents, companies may encounter atypical and domino effect impacts. Continuity plans with supply chain response measure must be in place to mitigate the disruption, sustain operations, and restore “business as usual”.  The following supply chain related questions, while not all-inclusive, can be used as response planning discussion points to identify necessary supply-related business continuity and response elements:

  • How would a potential critical material supply disruption affect both internal and external resources?
  • Have critical supplies, interdependencies, and potential bottleneck scenarios been identified?
  • Have critical materials and response equipment needs, minimum levels, and recovery time limits been evaluated and defined?
  • Are processes in place to monitor internal and external supply chains that identify potential delivery disruption?
  • Have back up suppliers been identified and communicated with?
  • Are memorandum of understandings (MOUs) for services, and equipment or supply contracts been established and/or up-to-date?
  • Do business continuity initiation procedures encompass verified primary and secondary supply chain contacts?
  • Is there historical data that indicates potential impacts and durations that can be used for planning?
  • Are “Best Practices” supply chain continuity procedures available from like-companies and industry experts?
  • Do critical suppliers have alternate processes and delivery methods in case an event affects their operations?
  • Have supply disruption scenarios been included in emergency response and business continuity exercises?
  • Are employees trained in the event of supply disruption?
  • Have mitigation measures been examined and implemented based on BIAs?

TRP Corp - Emergency Response Planning Crisis Management

Tags: BCM Standards, Business Continuity key points, Business Continuity Plan, Business Disruption, Mitigation