The challenge of managing and ensuring compliance of Spill Prevention, Control and Countermeasure (SPCC) plans for multiple facilities can be complex. Detailed government inspections, enforcement mandates, costly non-compliance fines, and negative publicity may result from the lack of implemented, site-specific, and up-to-date plans. By utilizing available technology to manage multiple SPCC plans, companies can verify compliance through a cohesive, yet site-specific, standardization of best practices.
For facilities with aboveground storage tank capacities exceeding 1,320 gallons or underground tanks with capacities above 42,000 gallons, Environmental Protection Agency (EPA) compliance requires accurate and up-to-date SPCC plans. A professional engineer must certify SPCC plans if your facilities have more than 10,000 gallons of aboveground oil storage capacity.
Maintaining SPCC compliance requires preparing plans that outline facility-specific spill prevention procedures, associated equipment to prevent spills from occurring, and countermeasures to address the effects of potential oil spills on sensitive environments. For organizations that have many facilities, web-based response planning provides seamless integration of approved enterprise-wide procedures and policies with site-specific, SPCC required information. This optimizes the potential for every location to remain in compliance with SPCC regulations.
Since 1973, the EPA has conducted scheduled or unannounced facility inspections to ensure that facilities identify site-specific practices related to the storage and management of oil and oil tanks, and response procedures in the event of an oil spill. According to the EPA, the SPCC Inspections serve two primary functions:
- To ensure that oil storage facilities, refineries, electrical utilities and oil production fields, among other subject industries, are in compliance with 40 Code of Federal Regulations (CFR) part 112.
- To give U.S. Environmental Protection Agency representatives the opportunity to educate owners and operators about the regulations and ways to ensure compliance.
In order to meet SPCC regulatory requirements, every applicable facility in your organization is required to regularly update and maintain SPCC plans per EPA regulation 40 CFR 112.20. The following is an abbreviated checklist of SPCC associated planning elements that EPA representatives may evaluate during facility inspections:
- Storage tanks and other equipment containing oil
- Storage tank integrity testing requirements
- Truck loading/unloading areas
- Transfer procedures and equipment (including piping)
- Facility layout and diagram
- Drainage patterns and oil discharge predictions
- Secondary containment or diversionary structures and their ability to contain a release of oil
- Site security measures
- Operating procedures
- Personnel training and oil discharge prevention briefings
- Plan certification (by a Professional Engineer (PE) or in certain cases by the facility owner/operator)
Since the prevention and countermeasures identified in SPCC plans must be implemented throughout the facility in order to be in compliance with regulations, a copy of your SPCC plans must be available to inspectors for reference at all times. In addition, it is essential to provide inspectors with relevant documentation of all operating and inspection procedures, spill prevention measures, training records and other compliance verification information.
With a comprehensive, web-based, database-driven SPCC plan management system, emergency managers and health, environmental, and safety departments can:
- Simplify audits
- Easily identify required information
- Verify accuracy of plan contents through secured access
- Revise information in real-time, as necessary
- Identify regulatory compliance gaps
- Account for necessary mitigation endeavors
- Ease maintenance and administrative efforts
- Provide electronic copies of plans to government agencies
Proactive responsive, procedural, and preparedness measures, in conjunction with innovative planning system technologies can maximize compliance efforts and minimize accidents and catastrophes. Transitioning to a web-based system to maintain SPCC plans can enhance accessibility, portability, and redundancy, potentially easing communication barriers with responders and regulatory audits.
For a free download entitled, "The Facility Response Plan and the Spill Prevention, Control, and Countermeasure Plan", click here or the image below:
Current world events, such as the Ebola outbreak, ISIS threats, and Super Typhoon Vongfong continue to alter the focus of emergency management. With each pandemic, security crisis, natural disaster, or emergency incident, a renewed emphasis on specific preparedness initiatives and associated countermeasures evolves. Despite site-specific operation hazards, a well-developed response plan should examine all risks and vulnerability factors in order to provide employees with the knowledge, procedures, and resources necessary to respond appropriately to any situation.
When companies expand globally, identifying, evaluating, mitigating, and planning for continually evolving location-specific risks and vulnerabilities is challenging. Those with the responsibility of global preparedness and planning must address site-specific regulatory compliance measures, inherent risks (including operational and location-specific), technological and physical security needs, and each operational response plan component. Cultural disparities, infrastructure challenges, or security provocations may leave sites vulnerable to particular events and heighten the urgency of preparedness initiatives and planning efforts.
Preparedness, operational sustainability, and employee safety requires a streamlined, coordinated, and exercised response plan. Response plans must be developed to account for each potential emergency and non-emergency scenario that could impact or cause damage to a particular facility or its operations. Aside from innate operational hazards, both physical site security and electronic security must be considered in preparedness measures. (Note: A security breach is just as likely to come in the form of a computer hacker or virus as it is from an actual intrusion, uprising, or physical attack.)
While emergency scenarios may affect the safety and health of employees, operations, and/or the facility infrastructure, non-emergency situations can arise that potentially impact company reputation and operational longevity. A poorly managed situation can negatively affect a company’s reputation, business interests, and relationship with key regulators and partners.
Below are some crisis management situations that could affect business continuity for companies with multinational facilities. Business continuity and crisis management plans should be developed for each of these scenarios that could likely cause significant damage to the business.
Environmental Stewardship: Disparity in international, country, state, county and corporate environmental standards. Environmental regulations may vary regarding:
- Facility or site requirements
- Hazardous spills
- Equipment safety
- Fire fighting methods
- Gas releases
Natural Disasters: Each geographic location has specific historical and potential natural threats.
- Sand/wind storms
Employee issues: While every facility must prepared for potential employee issues, global companies must pay specific attention to:
- Cultural differences
- Language barriers
- Labor relations challenges
- Workplace discrimination or harassment
- Disgruntled workers
- Health and safety disparagements
Marketing: Global markets and unethical business practices can create non-emergency scenarios resulting in the need for crisis management:
- Price gouging
- Supply availability
- Deceptive business practices
Security Breach: A security breach can affect multiple aspects of a company, from business continuity to the physical safety of employees.
- Computer hacking
- Catastrophic IT failure
- Facility security measures
- Civil unrest
- Personnel/employee security
Corporate Governance: Corporate changes can initiate unrest, disrupt operations, and company reputation:
- Organizational restructuring
- Facility closings
- Management successions/promotions
- Financial reporting integrity
Industry/Sector Issues: As industry specific equipment, regulatory advancements, and technologies evolve, preparedness should continually adapt to include safety processes, continuity procedures and best practices.
- Supply disruptions
- Punitive regulations
Illegal Activity: Faults in humanity may be intensified by location specific conditions, supply and demand, and/or greed. Preparedness measures should include business continuity and crisis management procedure for the following circumstances:
- Criminal Investigation
Political/Social issues: As companies strive to be profitable, political and social issues can interfere with daily operations. Situations that may affect productivity include, but are not limited to:
- Human rights
- Political or social unrest
- Economic disparity
Planning for the unpredictable is part of emergency preparedness. Whether preparedness is mandated by corporate policy or regulatory agencies, risk management in cooperation with widely accessible emergency response plans can maximize efficiency and minimize the impacts on employees, the environment, and infrastructure. However, efforts to prepare for, manage, or mitigate risks are often unexecuted, shelved by constrained resources, profit margins, politics, or alternative goals.
In an effort to maximize preparedness and minimize inherent risks, corporate emergency management should provide:
- A system for assessing and prioritizing incidents
- Streamlined and standardized response methods
- Communication and notification procedures
- Roles and responsibilities for corporate and incident level response teams
- Optimized training, drills and exercises
- A demonstrated commitment to safety
By prioritizing an emergency management program, a company demonstrates the foresight to address emergency situations and associated challenges, and proactively affirms its efforts to ensure the safety of employees, the environment, and the surrounding communities. However, in order to maximize safety and plan for inherent emergency situations, site-specific threats and risks must be identified, assessed, mitigated, and planned for.
To manage workplace risks, each facility should be analyzed for potential hazards. These threats to operational status quo may be present in the form of unsafe acts and/or unsafe conditions. Once risks are recognized and evaluated, they should be eliminated if possible, or controlled through procedural planning. A risk management program should include, but not be limited to the following processes and prevention program.
- Risk recognition can occur through inspections, audits, and job hazard analysis
- All levels of management should take interest in their company’s risk management program
- Each manager should establish realistic goals for risk reduction and prevention within their area of responsibility
- Consult with local or online sources that have pre-identified risks based on site operations and location.
- Evaluate accident probability for each process, procedure, and handled material and resulting level of potential severity if an accident were to occur
- Evaluation should take into account the time, place, and conditions in which threats or hazards might occur
- The probability and severity of a risk should determine the priority level for correcting the hazard. The higher the probability and severity of risk, the higher the emphasis should be on corrective action
RISK ELIMINATION or RISK CONTROL
- Targeted effort should be made to isolate and eliminate the root cause
- Realized mitigation opportunities may reduce the amount of response resources required in the event of an incident
- If root cause cannot be eliminated, changes in process and procedure should be made in order to reduce risk:
- Implement risk reducing engineering controls, when applicable
- Implement proactive administrative controls or work place practices
- Establish process to identify inoperable or malfunctioning equipment and machinery through systematic inspections
- Establish processes to minimize the effects of naturally occurring hazards
- Ensure control does not hinder regulatory compliance
- Apply the results of analysis through planning and exercises. Employees should be made aware of hazards associated with any workplace process, materials, or location.
- Accident prevention signs should be posted to remind occupants of the presence of hazards
- Establish and communicate emergency response plans to employees and appropriate emergency response teams. This includes up to date contact information and notification procedures
- Calculate, specify, and communicate resource requirements and operational capacities for each targeted scenario to internal and external responders
- Counteract onsite response deficiencies for each scenario by implementing coordinated interoperability communication
Understanding your company’s risks, from the facility to the corporate level, is essential to preparedness and sustainability. Companies that prioritize risk management and integrate preparedness goals are better prepared to educate employees on potential incidents, and their role in protection, prevention, mitigation, response, and recovery.
Click here, or the image below, to download a free Audit Preparedness Guide:
Incident Management programs shouldn’t be created for IF an incident happens...but for WHEN an incident happens.
Regulatory compliance mandates, a history of incidents, or an awareness of potential crises typically trigger companies to fund preparedness initiatives. At a minimum, preparedness endeavors and response capabilities should be audited, tested, and updated on an annual basis. Budgeting efforts should be aligned with initiatives in an effort to improve incident management and preparedness capabilities. Below are ten “best practice” reasons why companies should prioritize funding to advance preparedness initiatives and associated response programs:
#10. Streamline and standardize improved response methods: A consistent company-wide emergency response management system can deliver site-specific details and management endorsed response processes. Standardization allows employees and responders to conceptualize their roles and responsibilities across an enterprise, creating a common understanding of intended actions. Streamlining response methods can assist responders in assessing, prioritizing, and responding to incidents.
#9. Optimize drills and training: Employee training, emergency response drills, and applicable exercises identify deficiencies in emergency response planning programs. Incorporating appropriate response training and testing response plans with detailed scenarios will improve response capabilities and coordination, as well as reduce response times.
#8 Improve regulatory compliance: Costly non-compliance fines result from the lack of implemented, thorough, and compliant programs. By systematically aligning response plans and their components with corresponding regulations, companies can identify and amend plan deficiencies that may result in fines and potential government mandated shutdowns.
#7. Simplify and automate response plans: Maintaining response plan can be an administratively taxing endeavor. Continual administrative duties associated with personnel contact information, assignments, training records, exercises, and continual plan updates may be inadequate to sustain an optimal program. Maximizing efficiency through advancements in technology can minimize time associated with maintaining incident response plans.
#6. Improve asset utilization: Companies must utilize employees, responders, equipment, and budgets effectively in order to minimize the effects of a crisis or disaster. Realigning current tangible assets (equipment and/or personnel), mitigating current inefficiencies, and/or budgeting for additional response training or improved equipment will improve the overall effectiveness of an emergency management program.
#5. Demonstrate a commitment to safety: Companies should proactively affirm the safety of employees and surrounding communities, and protection of the environment, by establishing proven countermeasures to potential threats and associated risks. Prioritizing emergency preparedness initiatives demonstrates a company’s commitment.
#4. Improve conditions: Harmful conditions pose a risk to occupants, the environment, infrastructures, and/or the surrounding communities. By eliminating or mitigating potentially adverse conditions, unsafe activities, or ineffective responses, companies can reduce the potential for and effect of emergency situations. The risk assessment process can be used to identify potential threats or harmful conditions that can lead to incidents.
#3. Reduce Incidents: By identifying potential threats and risks, mitigation and preventative measures can be taken to curtail the likelihood of an incident from occurring or reduce its impacts. Mitigation measures may include a variety of tactics including, but not limited to training for employees, updating safety processes and procedures, or securing or purchasing updated equipment.
#2. Reduce downtime: Operational downtime and production loss reduces revenues. By optimizing and implementing the most effective and functional incident management program possible, incidents can be promptly managed and rapidly demobilized, thereby reducing response-related costs and downtime. The repercussions from an incident can include detrimental relationships with customers, the surrounding community, and stakeholders.
#1. Cost savings: Proactive compliance efforts, safety initiatives, training and exercises, and response and resiliency planning are typically less expensive than regulatory fines, sustained response efforts, and overall repercussions resulting from an incident.
Implementing a technologically advanced enterprise-wide emergency management system offers opportunities to increase the effectiveness of planning and preparedness efforts. Gathering lessons learned from various site managers, performing site regulatory gap analyses, and implementing new proven concepts will ensure the best possible functionality and processes within a program.
For a free Response Procedures Flowchart, click here or the image below:
Companies may not consider the interdependencies between critical operations, departments, personnel, and services until an event disrupts normal operations. A Business Impact Analysis (BIA), a key component in business continuity planning, presents the ability to identify and quantify which business unit that, when absent, would significantly impact a company. While the size and complexity of essential business elements required for sustainability varies among industries, companies, and specific facilities, the ability to quantify and prioritize critical workflow components is a key business continuity element.
Critical business units, associated functions, and a trained workforce provide the greatest financial value to companies. Companies that prioritize process sustainability initiatives that can meet recovery time objectives have a better chance of minimizing impacts of impeding disruptions.
Within each key business unit, additional business functions should be considered and evaluated. By identifying cross business unit dependencies, the need for integrated risk mitigation solutions can be highlighted and proactive measures can be taken. A workflow analysis may prioritize those business functions and processes that must be recovered in order for business continuity plans to be effective. Functions within each business unit may include, but are not limited to:
- Supply and trading
- Personnel and payroll
- Accounts payable
- Environmental health and safety
- Information technology
Once critical business functions and workflows are assessed and prioritized, a BIA should be performed. The goal of the analysis should be to identify the potential impacts of identified risks, uncontrolled threats, and potential non-specific events on these business functions and dynamic processes. Any potential resilience capabilities should be prioritized and mitigation opportunities should be examined. Operational and process managers should explore and quantify the following aspects to initiate the BIA process:
- Identify critical operational time periods when an interruption would have greater impacts (seasonal, end of quarter, specific month, etc.).
- Priorities should be determined if an interruption during high-output timeframes creates amplified operational and financial impacts.
- Indicate how likely each specific threat could occur, considering existing capabilities, mitigation measures, and history.
- Identify the duration and point in time when an interruption would impair operational processes and have financial impact.
- Estimate the maximum allowable downtime for each specific business function
- Consider downtime impacts from less than 1 hour to greater than one month
- Identify staffing level requirements (including contractors or suppliers) to meet typical daily productivity goals, as well as recovery time objectives.
- Identify the effects associated with a business unit interruption, considering existing mitigation measures. These may include, but are not limited to:
- Lost sales and income
- Negative cash flow resulting from delayed sales or income
- Increased expenses due to overtime, outsourcing or other operations that increase costs
- Regulatory fines and legal implications
- Contractual penalties or loss of contractual bonuses
- Customer dissatisfaction or withdrawal
- Delay of business plan execution or strategic initiatives
- Identify the time frame necessary to recover specific critical processes under existing capabilities and, if possible, potentially altered conditions.
- Determine and quantify financial impacts, considering existing mitigation measures.
- Critical functions that have the highest financial impacts should be prioritized in business continuity plans.
If a business continuity incident affects two or more business processes, the incident has a greater potential for impact. Interoperable communication and coordination among departments must be exercised for a swift recovery. The effects of a multi-tiered business continuity event can extend beyond the facility borders to affect personnel, multiple critical business processes, vendors or suppliers, and customers.
Adverse information technology (IT) conditions may affect numerous company departments, units and functions. IT components may include networks, servers, desktop and laptop computers and wireless devices. The ability to utilize both office productivity and enterprise-wide software may be essential to restore normal operations. Therefore, time critical recovery strategies for information technology, such as exercised data backup and restoration procedures, should be developed in order to limit the effects of interruptions across multiple business units.
Once critical business units are identified and the BIA is completed, companies can develop an applicable business continuity plan, ensuring a faster state of recovery.
Click HERE or the image below for a free download on Enterprise-Wide Response Planning.
In business, every threat can result in the same consequence: the loss or temporary cessation of key business processes. The process that institutes a path to sustainability and recovery is known as business continuity. Because sources and the likelihood of threats continually evolve, business continuity plans (BCPs) must be dynamic to incorporate evolutionary business process countermeasures.
These countermeasures include modern communication techniques. By transitioning from paper-based business continuity plans to a web-based approach, companies have the ability to maximize data and ensure a streamlined approach to business continuity. A web-based plan enables a standardized, enterprise-wide business continuity template, yet allows for site-specific details for each particular site.
A web-based platform, coupled with wireless technology, can speed up the cycle of continuity events. The following core business continuity elements should be included in a BCP, however they must be cyclically assessed for accuracy, potential mitigation opportunities, and lesson-learned insights in order for established processes and communication to be effectively maximized.
1. Plan distribution list and contacts: Business continuity planners must be certain that all current employees listed in the plan, as well as those on the plan distribution list is verified for accuracy. If maintaining accurate contact information is challenging, consider opting for notification verification system with email or text message capability that enables the contact to verify personal information and automatically update associated response plans.
2. Communication: By aligning mass notification methods with typical daily communication habits (cell phone, emails, texting), planners can ensure key contacts are made aware of any business interruption and BCP activation. Clear and effective communication channels must remain available in order to disseminate information to employees, assess and relay damage, and coordinate recovery strategies. Provide employees training in primary and established secondary communication methods in case of disruption of primary communications.
3. Key Staff Roles and Responsibilities: From business continuity implementation through recovery, job specific checklists and assigned procedures should be incorporated in a BCP. Task teams should be formed, at a minimum, to cover each essential business process. Each site may require unique minimum staffing levels to remain operational.
In the event that primary team members are not available, cross team training should be conducted to provide backups. Planners should make appropriate plan changes as operations and staff evolve.
4. Off-site Recovery Location: Include address, contact information, available on-site equipment, and any external equipment necessary for effective continuity of operations.
5. Recovery Time Objectives: Incremental processes and procedures should be identified to meet specific critical business process goals. Recovery goals may include increments of one hour, 24-hours, 48 hours, one week, one month, and long-term recovery.
6. Key Customers’ Data: Identify effective customer communication methods and necessary contact information required to inform customers of disruptions of deliverables or services. Effective customer relations and communication may be critical in retaining clients and maintaining positive relationships during a business interruption.
7. Key Supplier Contact List: Identify critical business unit dependencies and interdependencies and key contacts. Transportation delays could affect delivery times. Plan and mitigate accordingly.
8. Alternate Suppliers List: The consequences of a supply chain failure on associated key business components can be crippling. Alternate suppliers should be included in the BCP to ensure consistent delivery and continued operations in the event primary suppliers are affected by similar business continuity circumstances. As a company’s needs change and new suppliers come online, plans should be updated to include these critical suppliers.
9. Insurance Details: Identify details of insurance coverage and accurate contact information. The burden of proof when making claims typically lies with the policyholder. Accurate and detailed records are imperative.
10. Data Backup Details: Identify the procedural details of computer backups, data restoration methods, and the minimum program needs to re-establish critical business processes.
11. Technology Requirements: Identify necessary hardware and software, and the associated minimum recovery time requirements for each business unit. Companies should examine current data center outsourcing to ensure continuity and accessibility or research continually advancing alternatives.
12. Equipment Requirements: Detail applicable equipment requirements for each business unit and recovery time goals. To prevent unnecessary downtime and additional recovery efforts, identify and procure necessary equipment and establish processes for continued operations and recovery.
13. Review Log: Incorporate newly identified hazards and vulnerabilities into the business continuity plan. A log can include necessary equipment used (requiring replacement or replenishment), altered processes, and lessons learned.
Is your enterprise still utilizing paper or document style plans? Download the "Top 3 Benefits of a Web-Based Response Planning System" to see how your company can benefit.
Oil spill response planning and preparedness are necessary to satisfy applicable regulatory requirements, protect the environment, and ensure safety for responders and employees. Yet, all plans related to oil spills have one common thread: minimize the impacts!
Effective oil spill response plans can minimize the impacts associated with an oil spill. The objectives of these plans, regardless of type of facility, are to:
- Allow response personnel to prepare for and safely respond to spills
- Ensure an effective and efficient response that takes geographical challenges into account
- Outline spill response procedures and techniques at specific locations
- Improve regulatory compliance efforts
- Identify potential equipment, manpower, and other resources necessary to implement a spill response
History has proven that a single oil spill can have significant impacts to the environment and the responsible party. Off-site spill responses and containment efforts present unique challenges compared with spills occurring within the confines of the facility or secondary containment. These migrating spills require a higher level of coordination, communication, and surveillance in an effort to minimize downstream impacts.
It is critical to identify and provide detailed information regarding area socio-economic and natural resources and vulnerabilities that may be damaged if a spill were to occur. This information should guide response personnel to make reasonable, well-informed response actions to protect public health and the environment. Detailed information of downstream vulnerabilities and applicable response procedures should be included in an oil spill or tactical response plan.
Spill surveillance should begin as soon as possible following the discovery of a release to determine the appropriate response tactics. One future option for surveillance is the use of commercial unmanned aircraft systems (UAS), or more commonly known as drones. The push for commercial use of drones is gaining momentum as affordable devices are increasing in popularity. Currently, commercial use of drones are limited by the Federal Aviation Administration (FAA) authorization and require the operator to have certified aircraft and pilots, as well as FAA operating approval.
The FAA is responsible for establishing a plan for “safe integration” of UAS by September 30, 2015. However, some reports have indicated that the integration plan deadline will be delayed due to privacy debates and various industry specific regulations. “The FAA is still developing regulations, policies, and standards that will cover a wide variety of UAS users, and expects to publish a proposed rule for small UAS (under 55 pounds) later this year.”
A few companies have been granted the FAA’s Certificate of Waiver or Authorization for UAS allowing for the limited use of commercial drones. In July 2014, San Diego Gas & Electric (SDG&E) joined the likes of ConocoPhillips and BP with limited permission to use drones.
Until regulations, best practice protocols, and authorizations are established for the commercial use of drones, standardize surveillance guidelines and best practices can continue to enable response personnel to assess spill size, movement, and potential impact locations. These guidelines should be outlined in an oil spill response plan.
Below are guidelines that are routinely included in spill surveillance procedures:
- Dispatch observers to crossings downstream or down gradient to determine the spill’s maximum reach potential.
- During surveillance, travel beyond known impacted areas to check for additional oil spill sites.
- Clearly describe the locations where oil is observed and the areas where no oil has been seen.
- Educate personnel that clouds, shadows, sediment, floating organic matter, submerged sandbanks, or wind-induced patterns on the water may resemble an oil slick if viewed from a distance.
- Use surface vessels to confirm the presence of any suspected oil slicks (if safe to do so); consider directing the vessels and photographing the vessels from the air, the latter to show their position and size relative to the slick. It may be difficult to adequately observe oil on the water surface from a boat, dock, or shoreline.
- Spill surveillance is best accomplished through the use of helicopters or small planes; helicopters are preferred due to their superior visibility and maneuverability.
- If fixed-wing planes are to be used, high-wing types provide better visibility than low-wing types.
- All observations should be documented in writing and with photographs and/or videotapes; include the name and phone number of the person making the observations.
- Describe the approximate dimensions of the oil slick based on available reference points (i.e. vessel, shoreline features, facilities); use the aircraft or vessel to traverse the length and width of the slick while timing each pass; calculate the approximate size and area of the slick by multiplying speed and time.
- Record aerial observations on detailed maps, such as topographic maps.
- In the event of reduced visibility, such as dense fog or cloud cover, boats may have to be used to patrol the area and document the location and movements of the spill; however, this method may not be safe if the spill involves a highly flammable product.
- Surveillance is also required during spill response operations to gauge the effectiveness of response operations; to assist in locating skimmers; and assess the spill's size, movement, and impact.
For a free white paper on Conducting Effective Exercises, click here
, or on the image below.
The modernization of communication technologies has trickled down to the frameworks of emergency management. On July 29, 2014, the 'White House Innovation for Disaster Response and Recovery Demo Day” brought together the disaster response community and innovative entrepreneurs from across the country in the hopes of integrating technological advances with preparedness and disaster response efforts.
As the connectivity of the world increases, EHS programs and emergency managers are embracing collaborative and innovative preparedness and response initiatives. However, in order to germinate or sustain an ongoing culture of preparedness, companies must prioritize funding to incorporate new and relevant systems, training, and/or equipment. Unless mandated by regulatory authorities, many companies delay best practice and technological initiatives until an incident propels response planning to the forefront.
According to the Disaster Recovery Planning Benchmark Survey: 2014 Annual Report, “more than 60% of those who took the survey do not have a fully documented disaster recovery (DR) plan and another 40% admitted that the DR plan they currently have did not prove very useful when it was called on to respond to their worst disaster recovery event or scenario.
As the “Y” or the “Millennial” generation” (those born between 1980’s and 2000) continues to enter the workforce, emerging technologies will become more ingrained into society and the workplace. These educated and tech savvy individuals accustomed to fast-paced technological advancements consider technology as an essential aspect in their lives. Based on current trends, upcoming generations will be acclimated to instantaneous communication and data extraction from any location. Text, social media, and web-based technologies will be expected as commonplace emergency management frameworks, rather than the traditional means that most companies still utilize today. In order to integrate societal norms and stay relevant with upcoming generations of employees, emergency management and disaster response framework must be aligned with currently available utilized tools.
“Statistics suggest that every dollar invested in disaster preparedness yields savings of $4–$11 in disaster response, relief, and recovery.” The Harvard Humanitarian Initiative
Just as computers replaced typewriters to expand productivity, web-based response systems are replacing one-dimensional paper-based plans. Web-based response systems offer a greater streamlined functionality, renovated efficiency, and varied accessibility when compared with traditional paper-based plans. Web-based planning system software offers every option of instant accessibility: viewed via the Internet from any location, downloaded, or printed. Increasing accessibility options while improving efficiency, functionality, and effectiveness can bolster an entire emergency management program.
In order for new functionalities to be introduced to the workplace, emergency managers often are required to justify the initial investment. A cost-benefit analysis of a renovated emergency management program can highlight the potential cost savings of an effective program. Any prevention, mitigation, or plan maintenance costs should be compared with the financial impact of situational recovery processes and the overall costs of an incident. These costs may include, but are not limited to:
- Human life
- Short term or long term business interruption
- Infrastructure damage
- Equipment failure
- Inventory/stock losses
- Environmental destruction
The relevance of innovative techniques and lessons learned should be continually evaluated and incorporated into an emergency preparedness program if appropriate. While often suppressed in favor of short-term profits, budgets for pertinent emergency management initiatives should be prioritized for long-term corporate sustainability. But “change for change’s sake” does not typically enhance programs. The evolution process of an emergency management program should aim to perpetuate improved responses and operational recovery times, and enhance company viability despite crisis scenarios.
For a free download on essential preparedness measures, click here or on the image below.
As complex, advanced technologies, systems, and networks become ingrained in industrial operations and processes, the potential impacts from even minor disruptions increases. Industrial companies that prepare for a large variety of disruptions can limit its impact on business processes and accelerate the return to normal operations. For those not prepared, a targeted incident can become an escalated situation, negatively affecting profitability, customer relationships, and overall business performance. Business continuity plans (BCP) are crucial to ensure long-term viability, yet many industrial companies do not prioritize them.
Many business continuity issues can start as minor, isolated instances or aggravating inconveniences. However, if not addressed in a timely manner, incidents can escalate, potentially spreading to other key processes. With an effective BCP, mitigation measures, and proper employee training, potential disruptions and operational impacting events can be prevented.
Regardless of the size of your enterprise or scope of facility operations, industrial locations should have the following continuity elements in place.
- Standard procedures and assigned responsibilities regarding risk management, restoration, and IT recovery for each critical business area.
- A BIA (Business Impact Analysis)
- A risk assessment that identifies and prioritizes operational imposing scenarios
- Recovery Time Objectives (RTOs) based on cost-benefit analyses and BIAs
- Documented BCP with response, recovery, and restoration procedures
- BCP exercises aimed at improving RTOs and strategies by ensuring plans are accurate, actionable, and thorough
- Audits that test corporate-level standardization and policy implementations
- BCP training for managers and employees
The process of developing a BCP can identify continuity weaknesses within an enterprise and at specific facilities, as well as lapses within individual responsibility and operational processes. To strengthen the prospects of corporate viability, planning and training should include detailed standard operating procedures for BCP activation and address RTOs for each key business process. The BCP should offer procedural flexibility based on real-time situational assessment, as well as procedural variations for each scenario. Precise, site-specific, and accurate BCPs in conjunction with effective training and carefully planned exercises can often counteract a lack of general continuity awareness.
Many industrial facilities managers typically have expertise in proper hazard communications and emergency response techniques. However, industrial facility managers and their employees may lack business continuity experience and necessary expertise. If establishing BCPs or initiating continuity efforts are beyond the scope of managers, companies should consider hiring consultants who specialize in business continuity planning.
Employees who are trained in daily continuity procedures, in addition to response and restorative continuity methods will be better prepared in the event of a business-interrupting incident. By incorporating business continuity training, companies can expand their resilience strategies while minimizing risks to their employees, operations, reputation, and the financial bottom line.
BCP training should include a detailed account of specific roles and responsibilities. This will ensure continuity of knowledge among participants, enterprise-wide standard operating procedures, and site-specific business continuity processes. Companies should also be vigilant in training new hires, as well as be receptive to unique business continuity lesson learned that can be used to strengthen the BCP.
Although all companies should prepared for inevitable business disruptions, industrial facilities typically have heightened levels of vulnerabilities. In an industrial setting, hazards are often identified in order for potential impacts to be fully analyzed and countermeasures to be implemented. For business continuity strategies, a business impact analysis (BIA) can identify, quantify, and qualify the impacts in time of a loss, interruption or disruption of business activities on an organization, and provides the data from which appropriate continuity strategies can be determined.
Whether business disruptions stem from technological, man-made, or natural disasters, business continuity plans can be a valuable tool for protecting viability, securing resources, and maintaining customer relationships.
Click on the image below to download TRP Corp's free Industrial Preparedness white paper.
Process and procedural effectiveness and efficiency are key elements in determining a company’s success. Critically detailed reviews, evaluations, and improvements to your processes and procedures can contribute to overall corporate viability and profitability. Process and procedural effectiveness and efficiency are also critical when it comes to developing and implementing business continuity plans.
The goal of business continuity planning is to efficiently restore operations through a predetermined, systematic approach. Unfortunately, many companies lack adequate recovery planning, and recuperative procedures to restore critical information, essential processes, and normal business operations within an acceptable recovery time frame. The lack of business continuity preparedness can adversely affect corporate reputation, financial stability, and overall resilience.
The business continuity recovery process is typically a sequence of concurrent activities and interdependent activities that facilitate measured advances toward a successful recovery. Decisions and priorities set early in the recovery process often have a cascading effect on the evolution and speed of the recovery progress and business continuity efforts. Because recovery timeliness has a direct impact on operational viability, pre-planning business continuity implementation processes and intended procedures is critical.
Developing relationships and common understandings of roles and responsibilities prior to a disaster increases post-disaster collaboration and unified decision-making, and streamlines the recovery process. A fully coordinated recovery plan may require utilizing internal and external stakeholders. Business unit management and staff, in conjunction with external participants, must be familiar with and trained in the recovery procedures in order to effectively implement directives and maintain minimal business continuity.
Recovery time and outcomes vary based on incident circumstances, challenges, and priorities. A successful disaster recovery can be characterized as the return of operations to pre-disaster conditions. FEMA’s National Disaster Recovery Framework provides key factors that contribute to a successful recovery. With secured sharing abilities, a web-based, database driven planning system can aid in the management and communication of the key factors of a business continuity recovery process. These factors include:
1. Effective Decision-making and Coordination:
- Confirm roles and responsibilities of recovery team and stakeholders
- Examine recovery alternatives, address conflicts and make informed and timely decisions that best achieve recovery
- Establish metrics for tracking progress, ensuring accountability and reinforcing realistic expectations among stakeholders
- Track progress, ensure accountability, and make procedural adjustments as necessary
2. Integration of Community Recovery Planning Processes:
- Engage all stakeholders in pre-disaster business continuity and recovery planning, training, and exercises
- Establish processes and criteria for identifying and prioritizing key recovery actions and projects
3. Well-managed Recovery:
- Leverage and coordinate recovery teams, local response groups, government liaisons, and non-governmental organizations to accelerate the recovery process and avoid duplication of efforts
- Surge staffing and management structures as necessary to support the workload during recovery
- Establish leadership guidance, including the shift of roles and responsibilities, for the transition from response operations to recovery, and eventually a return to a normal (or new normal) operational state
- Ensure regulatory compliance throughout recovery process
4. Proactive Community Partnerships, Public Participation, and Public Awareness:
- Ensure transparency and accountability
- Communicate recovery objectives (short, intermediate and long-term) and applicable detailed information to employees, stakeholders, and community members
5. Well-administered Financials:
- Clearly identify funding sources and financial recovery processes
- Evaluate and present external programs that can provide financial assistance to aid in the recovery progress
- Allow for budgetary flexibility, yet maintain adequate financial monitoring and accounting systems
- Implement processes and systems that detect and deter fraud, waste, and abuse.
6. Organizational Flexibility:
- Institute scalable and flexible processes that can align with recovery operations objectives
- Institute business processes that can evolve and adapt to address the changing landscape of post-disaster environments
7. Resilient Rebuilding:
- Invoke “Lessons Learned” in the restoration phase to minimize risks and threats, and improve response, recovery and restoration efforts.
For a free Response Procedures Flow Chart download, click the image below: