While all risks cannot not be avoided, companies can minimize the potential of an incident if risk mitigation measures are identified and implemented. FEMA has identified 31 core capabilities that should be incorporated into emergency management programs. Four of these core capabilities fall under the mission area of mitigation.
In Part 3 of this series on core capabilities, we will explore the concepts relating to FEMA’s mission area of mitigation. Although the FEMA concepts of the core capabilities are aimed at the public sector and governmental jurisdictions, companies should evaluate these mitigation elements for site specific applicability. Implementation of identified mitigation measures can minimize risks and advance corporate strategic and tactical environmental, health, and safety (EHS) goals.
According to FEMA, the concept of mitigation includes the core capabilities necessary to reduce the potential for loss of life, property damage, and environmental impacts. By reducing the potential, consequences and impacts, the duration, and the financial and human costs related to response and recovery, a company becomes more resilient.
Risk mitigation includes recognizing, understanding, communicating, and planning for possible arrangements, procedures, and/or assets that can directly minimize the impact or likelihood of the threat, or simplify or automate recovery requirements. Each facility has its own unique associated risks, however, through dedicated risk mitigation analysis and proactive measures, hazards and business disruptions can be minimized.
Community Resilience: “Lead the integrated effort to recognize, understand, communicate, plan, and address risks so that the community can develop a set of actions to accomplish Mitigation and improve resilience.”
It is critical to gain corporate support to ensure reliance and the financial backing for necessary mitigation efforts. EHS programs should include training efforts that highlight potential threats/hazards and instruct individuals on procedures and processes that minimize those risks. An enterprise-wide program that prioritizes safety reinforces its commitment to individuals and the surrounding environment.
Long-term Vulnerability Reduction: “Build and sustain resilient systems, communities, and critical infrastructure and key resources lifelines so as to reduce their vulnerability to natural, technological, and human-caused incidents by lessening the likelihood, severity, and duration of the adverse consequences related to these incidents.”
A continual effort to improve safety measures, mitigate risks, and apply lessons learned bolsters the long-term viability of a company. Quantifying measurable safety statistics with baseline information allows companies to determine if mitigation efforts and safety measures are successful. By analyzing preparedness measures, companies can determine which priorities to implement to reduce long-term vulnerabilities. As companies grow and infrastructure expands, proven safety measures can be incorporated into site specific preparedness and operational activities.
Risk and Disaster Resilience Assessment: “Assess risk and disaster resilience so that decision makers, responders, and community members can take informed action to reduce their entity's risk and increase their resilience.”
A business impact analysis should be used to identify critical business processes, potential recovery strategies, and areas that could benefit from risk mitigation. This resilience assessment should be used as a tool for EHS management to identify potential vulnerabilities and initiate proactive changes to minimize impacts if a disaster were to occur. If the level of risk identified is deemed unsafe or unacceptable for operational viability, additional recovery options, safety procedures, or applicable strategies may need to be developed and implemented.
Threats and Hazard Identification: “Identify the threats and hazards that occur in the geographic area; determine the frequency and magnitude; and incorporate this into analysis and planning processes so as to clearly understand the needs of a community or entity.”
Threats and vulnerabilities can stem from both external and internal actions. Therefore, companies must analyze potential threats from a variety of potential sources. A localized vulnerability and impact analysis should include typical weather patterns, geographical influences, security efforts, cyber evaluations, inherent operational hazards, as well as facility design and potential maintenance issues. Companies who understand associated risks can better prepare for and possibly mitigate vulnerabilities.