Within a company, the difficulty of managing regulatory compliance and response planning grows exponentially with the number of locations or facilities. A systemic understanding and management of business operations within the context of the organization’s culture, beliefs, mission, objectives, and organizational structure should be extended to emergency response planning. For program effectiveness and efficiency, enterprise-wide integration and coordination is necessary to manage multiple response planning functions. While the National Incident Management System (NIMS) Integration Center does not require plain language for internal operations, it strongly encourages the practice of everyday terminology and procedures that will need to be used in emergency situations.
Establishing consistent language across a company’s emergency management structure is critical to provide a common point of understanding. A company must limit the terminology disparities within the company’s emergency management framework in order to align common goals. The following FEMA definitions can serve as a guideline for establishing common company emergency management program language.
Enterprise Management – Enterprise-wide programs and structures, including Business Crisis and Continuity Management, should be aligned and integrated within the overall Enterprise Management structure.
Crisis Communication – All means of communication, both internal and external, used to organize, design, and deliver to support Crisis Management situations.
Risk Management – The synthesis of the risk assessment, business area analysis, business impact analysis, risk communication, and risk-based decision making functions to make strategic and tactical decisions on whether business risks should be ignored, reduced, transferred, or avoided.
Planning – The development of plans, policies and procedures to address the physical and/or business consequences of residual risks which are above the level of acceptance to a business, its assets and its stakeholders. Planning should be based upon the results of risk management and within the overall context of enterprise management. For companies with multiple locations, each site’s plans should integrate within the overall enterprise management structure.
Program Implementation – The implementation and management of specific programs that support the Crisis, Emergency, and Continuity Management programs within the context of Enterprise Management. Such programs may include, but are not limited to:
- Physical security
- Cyber security
- Business continuity
- Environmental, health, and safety
Systems Monitoring – Measuring and evaluating program performance in the context of the enterprise as an overall system of interrelated parts.
Awareness/Training/Exercising – A tiered program used to develop and maintain individual, team and organizational awareness and preparedness. This program can range from individual and group familiarization and skill based training, through full organizational exercises.
Incident Management – The management of operations, logistics, planning, finance, administration, safety, and information flow associated with the operational response to the consequences/impacts of an incident. Through technology, systems are now available that offer real-time incident management.
Incident Response – The tactical reaction to the physical consequences/impacts of an incident. Tactical reactions that support the economic viability of a business may include, but not limited to:
- Protecting personnel and property
- Situational assessments
- Situational stabilization
- Response operations
Business Continuity – The business specific plans and actions that enable an organization to respond to an incident in a manner such that business units, processes, and sub-functions are recovered and resumed according to a predetermined plan. The recovery efforts should be prioritized by critical function to the economic viability of the business.
Restoration and Transition - Plans and actions to restore and transition a business to “new normal” or “business as usual” operations following an incident.
For tips and best practices on designing a crisis management program, download Best Practices for Crisis Management.