Your Solution for SMART Response Plans

How Leading Companies Address Complex Response Planning

Posted on Thu, May 04, 2017

Whether plans are mandated by corporate policy or regulatory agencies, an effectively exercised and accessible emergency response plan can minimize impacts of an emergency on employees, the environment, and infrastructure. But when companies have multiple locations, each with site-specific risks and potential operational emergencies, how can corporate leaders know that response plans will be accessible, effective, timely and compliant?

Leading companies with multiple facilities are realizing that generic response planning templates often result in incomplete, ineffective, and non-regulatory compliant plans. As a result, web-based, database-driven software is gaining popularity as the practical solution for companies with complex preparedness obstacles. Advanced web-based software has been proven to streamline the challenges associated with multiple locations and regulatory requirements through a cohesive, yet site-specific standardization of best practices.

In order to maintain company-wide preparedness and regulatory compliance, every response plan must contain accurate, site-specific details consistent with operations, personnel, topography, sensitivities, weather, and other factors. This complex arrangement of continually evolving information has led leading companies to leverage this technology and reap the benefits of web-based, enterprise-wide emergency management systems.

 

Emergency Management Systems

Leading companies are embracing comprehensive, web-based response plan templates with an integrated database that can capture site-specific details for each location. With these systems, emergency managers can:

  • Reduce the need for multiple plans for a single facility
  • Minimize administrative costs
  • Simplify plan reviews
  • Minimize discrepancies across various plans
  • Streamline response directives from one source
  • More easily identify regulatory compliance gaps

 Businessman in blue suit working with digital vurtual screen.jpeg

 

Web-Based System Benefits

Maintaining accurate details across multiple plan types for a large number of facilities is a challenge, especially when there is limited personnel. Intuitive response planning systems that streamline formats, and utilize database technology to leverage and manage information offer tremendous benefits in improving compliance and preparedness. The most advanced systems are specifically designed to improve the following:

Efficiency:  Effective response plans require cyclical maintenance. As a result of changing personnel, fluctuating external response contacts, and revolving equipment availability and inventory levels, maintaining up-to-date and actionable response plans can be administratively time-consuming. Emergency management software should eliminate the need for duplicate updates across multiple response plans. The most advanced web-based software programs utilize a database, allowing for specific repetitive information to be duplicated in the various necessary plan types across an entire enterprise. By minimizing administratively tasking duties, plan changes are more likely to be transferred into the system, optimizing the accuracy of the plans.

Accessibility of plans: In the event of an emergency, updated paper plans are typically not available from all company locations. Additionally, accessing plans housed on a company intranet may be dubious if an incident renders company servers inaccessible.  Although the intranet approach has improved overall plan accessibility, a number of significant difficulties remain. With an intranet approach, plan maintenance, version control, and consistency across multiple plans remain challenging and time-consuming.

Web-based planning software offers every option of instant accessibility: viewed via the Internet from any location, downloaded, or printed. Increasing accessibility options while improving efficiency, functionality, and effectiveness can bolster an entire emergency management program.

Instantaneous updates: With web-based technology and an Internet connection, revised information is immediately available to all approved stakeholders. Both paper-based plans and those housed on a company intranet are often out of date with multiple versions in various locations, potentially misinforming the response team.  Microsoft Word or PDF documents, often the format used in response plans, are cumbersome to revise for various plan types and locations. Web-based systems can eliminate ”version-confusion” and allows responders to apply the most up-to-date and tested processes to a response.

Superior functionality: Web-based plans can provide hyperlinks, forms libraries, simplified interfaces, and other tools designed to improve functionality for plan users. Simplifying documentation during an incident enables prompt response progress, improved regulatory compliance, and a more accurate account of the response. Easy to follow response plans allow responders to carry out specified industry and company procedures in accordance with proven best practices responses.

Multi-purpose data: Typically, response plans share common data with a variety of additional plan types including business continuity, pre-fire plans, hurricane plans, and others. Web-based, database driven plans utilize one database to manage this information, effectively leveraging plan content and revision efforts to all plans and locations that utilize that data.

If best practices are implemented, and training and exercises confirm effective response processes and procedures are in place, response plans can be an effective tool for responders. However, leading companies utilizing web-based, database software are recognizing that swift accessibility to plans with an accurate list of contacts, site-specific response procedures, and available resources, expedite the response process and minimizing impacts across the board.

Multiple Facility Response Planning Company Preparedness Guide DOWNLOAD

Tags: Response Plans, Cloud Computing, Regulatory Compliance

Managing The Key Resources of Industrial Business Continuity Plans

Posted on Mon, Jul 21, 2014

Emergency management is continually evolving. The changing threat environment, including acts of nature, accidents, infrastructure weaknesses, cyber security attacks, and terrorist related incidents, coupled with tightly intertwined supply chains, has increased the urgency to revamp emergency management and business continuity efforts.

Building business continuity and emergency response plans to maintain personnel safety, and protect and restore operations is vital. Companies continue to develop and improve upon existing processes to seamlessly aid in managing risk and the rapid restoration of operational processes. However, with ever-changing threats, multiple sites, and human resource variables across an enterprise, most companies find it challenging to develop and maintain accurate and realistic business continuity plans (BCPs).

While the planning process may be executed with in-house staff, some companies prefer to use seasoned consultants for impartial critical process evaluations and experienced guidance. Consultants should have hands-on experience in business continuity and disaster preparedness. Specialized consultants may offer web-based, database driven platforms that incorporate site-specific business continuity information while streamlining company formats across an enterprise. The web-base option eases maintenance efforts and reduces administrative costs associated with managing BCPs. However, consultants must be able to comprehend core business needs and clearly communicate recommendations in order to successfully develop a customized, site specific, and functional BCP.

According to FEMA, the ability to perform essential functions lies within four key resources.

  • Leadership
  • Staff
  • Communications and Technology
  • Facilities

Site-specific information must be applied to the key resources. It is necessary for continued operation to evaluate and identify alternate site-specific resources that may be utilized during an incident.  If one or more of the key resources are lost, critical business processes may be affected. Keep in mind that any new business operations that may have developed also need to be included in these evaluations.

Leadership

Business Continuity Coordinators (BCCs) are typically responsible for the development and maintenance of business continuity plans. They must work closely with critical business units to understand their processes, identify risks, and provide solutions to help manage and minimize those risks. However, once an incident occurs, the BCCs must communicate, manage, and control activities associated with damage assessments and the recovery of critical business functions. Depending on the enterprise, a BCC may be assigned to an individual facility or a specific geographic location that encompasses numerous facilities with like-operations.

The BCC, in conjunction with the Incident Commander, may be tasked with activating and coordinating organization elements in accordance with an incident action plan.  By working with the appropriate business unit leaders assigned to business continuity/recovery plans, the BCC can also provide guidance for compliance with Incident Action Plan (IAP) components.

Staff

The BCP should systematically guide specifically assigned personnel to restore operations that are affected by abnormal conditions. It is critical to identify the implications of a sudden loss for each business unit or necessary resource by performing a business impact analysis. While critical process evaluations can determine operational dependencies that are required to maintain normal operations, staff must be trained to carry out the BCP objectives. BCP training and exercises should occur (at a minimum) on an annual basis, or as required by regulations or company policy.

A BCP should identify the minimum staffing levels necessary to remain operational. As recovery advances, staffing levels may require adjustments. Depending on the scenario, the least critical process participants might have to vacate the facility while leaving critical players in motion to maintain or restore necessary functions. Companies should ensure staff, contractors, and suppliers understand their initial and adjusted responsibilities, and recovery time objectives.

Communications and Technology

Clear and effective communication channels and critical technologies must be available in order to disseminate information to employees, assess and relay incident updates, and implement necessary recovery strategies. As part of the business continuity mitigation process, companies should evaluate available communication equipment, mass notification systems, and technology storage and backup processes to ensure accessibility and functionality in multiple business continuity scenarios. All critical communication and technology should be included in a BCP with detailed recovery procedures and recovery time objectives.

Facilities

Facility management should be a crucial aspect of a business continuity plan. If an area or facility cannot sustain minimum service or operational levels, companies should mobilize resources, and/or relocate equipment and personnel to alternate areas, facilities, or redundant sites. If deemed acceptable, this may include  “working from home” strategies. In order to respond quickly and effectively to facility damage, BCPs should include predetermined suppliers/contractors (tree services, plumbers, electricians, restoration companies, and/or necessary skilled trades and suppliers).

For a free download on Designing a Crisis Management Program, click the image below:

TRP Corp - Emergency Response Planning Crisis Management

Tags: BCM Standards, Business Continuity key points, Business Continuity, Cloud Computing, Business Continuity Plan

Are you Ready to Maximize Emergency Preparedness in 2014

Posted on Mon, Jan 20, 2014

Emergency preparedness plans aren’t created for “if” an emergency happens, but for “when” an emergency happens. Fortunately, the notion of a securely accessible emergency response planning system capable of adapting to a company’s every location, regulatory requirement, and plan type is within reach to many companies.

As the expectation level of instantaneous information grows, companies that do not embrace available technological advancements can be criticized as being stagnant. Increasingly available and more reliable technology has allowed companies to transition from seemingly archaic binder-based response plans to an all-inclusive web-based preparedness program.

Whether plans are mandated by corporate policy or regulatory agencies, a widely accessible emergency response plan can maximize efficiency and minimize impacts of an emergency on employees, the environment, and infrastructure.  Until web-based preparedness programs became available, plan formats often varied from one facility to another, making it difficult to manage training, compliance efforts, and consistency of basic response procedures. Incorporating a definitive enterprise-wide emergency management system across an enterprise can maximize efforts, allowing for a streamlined and familiar response process.

As we begin 2014, companies are still striving boost efficiency, compliance, and budgets. By upgrading to a web-based emergency management system, companies can maximize preparedness and emergency management. Implementing a web-based planning system offers preparedness programs the following benefits:

Efficiency 

When best practices are implemented, and training and exercises confirm effective response processes and procedures, response plans can be an effective tool for responders. However utilizing web-based, database-driven software allows registered users to swiftly and accurately identify confirmed response contacts, response procedures, and available resources, expediting the response and minimizing impacts.

Effective response plans require cyclical maintenance. As a result of changing personnel, fluctuating external response contacts, and revolving equipment availability and inventory levels, maintaining up-to-date and actionable response plans can be administratively time consuming.

The most advanced web-based software programs utilize a database, allowing for specific repetitive information to be duplicated in the various necessary plan types across an entire enterprise. By eliminating the need for duplicate updates and minimizing administratively tasking duties, plan changes are more likely to be transferred into the system, optimizing the accuracy of the plans and improving the likelihood of an effective response if an incident were to occur.

Accessibility of Plans

Increasing accessibility options while improving efficiency, functionality, and effectiveness can bolster an entire emergency management program. Web-based planning system software offers every option of instant accessibility: via the Internet, downloaded, or printed.

In the event of an emergency, identical duplicate paper plans are typically not available in various locations. If a location-specific incident renders company servers inaccessible, response plans housed on a company intranet may be inaccessible.  Although the intranet approach has improved overall plan and preparedness accessibility, significant difficulties continue to include plan maintenance, version control, and consistency.

Instantaneous Updates

With web-based technology and an Internet connection, revised information is available to all approved stakeholders in “real-time”. Web based software eliminates “version confusion” and allows responders to apply the most up-to-date and tested processes to a response. Microsoft Word or PDF documents are often the culprit of “version confusion”. Multiple versions of paper-based and intranet-based plans can potentially confuse and misinform the response team(s), prolonging a response.

Superior Functionality

Web-based plans can provide hyperlinks, forms libraries, simplified interfaces, and other tools designed to improve streamlined functionality for plan users. Simplifying documentation during an incident enables prompt response progress, improved regulatory compliance, and a more accurate account of the response. Easy to follow response plans allow responders to carry out specified industry and company procedures in accordance with proven best practices responses.

Multi-purpose Data

The ability to duplicate common information minimizes administrative time (and ultimately costs) for managing response plans. Pending industry and regulatory compliance, companies typically utilize more than one response plan. Plan types may include, but are not limited to, the following:

  • Business continuity plans
  • Emergency response
  • Incident action plans
  • Fire pre-plans
  • SPCC plans
  • Severe weather or hurricane plans
  • Crisis management plans
  • Facility response plans

Web-based, database driven plans utilize one database to manage information. This function allows users to effectively duplicate common plan content and revision efforts to all plans and locations that utilize the similar data.

To request a demonstration on how Fortune 500 companies are utilizing web-based planning, click the image below to contact TRP Corp, a web-based response planning system industry leader. 

TRP Corp Emergency Response Planning Demo

Tags: Choosing a Consultant, Tactical Response Planning, Resiliency, Emergency Preparedness, Redundant Systems, Cloud Computing, Regulatory Compliance, Emergency Management Program

Administrative and Logistical Considerations in Response Planning

Posted on Thu, Dec 05, 2013

Corporate emergency preparedness can be defined as the preemptive activities that establish a state of readiness to effectively respond to events that could affect the health and safety of employees, facilities, the environment, and/or the community. These actions, which ideally consist of planning, training, equipping, exercising, evaluating, and mitigating, are required to sustain operational capabilities, despite a range of incident management scenarios.  It is the goal of corporate preparedness to protect individuals, the integrity and functionality of infrastructures, and viability while minimizing the adverse operational impacts of events.

Many aspects of preparedness rely on underlying administrative duties and associated response plans. According to the Department of Homeland Security (DHS), preparedness plans are meant to describe how personnel, equipment, and other governmental and nongovernmental resources will be used to support incident management requirements. These plans represent the operational core of preparedness and provide mechanisms for:

  • Establishing priorities
  • Implementing response functions
  • Integrating multiple entities
  • Establishing collaborative relationships
  • Ensuring communications systems and procedures support incident management activities

There are a wide range of administrative actions associated with achieving a state of preparedness and attaining response goals.  In particular, documents or response plans written prior to the emergency allow for comprehensive review of procedures that may result in improvements in plan and response to actual emergency scenarios. A variety of regulatory authorities govern most aspects of company preparedness administrative procedures and practices.  These requirements may be dictated by company policy, local, state, and/or federal governmental agencies.

A typical response planning process requires ample time for the administrative duties. These duties may encompass details associated with hazard identification, review of plan drafts, exercising the plan, integration of mitigation efforts, training evaluations, and plan distribution. In addition to a yearly review, plan modifications may require administrative efforts:

  • After each training drill or exercise
  • After each emergency
  • When personnel or their responsibilities change
  • When the layout or design of the facility changes
  • When policies or procedures change

Prior to an incident, required corporate preparedness administrative duties and actions may include, but are not limited to, the following:

  • Establishing a written emergency management plan
  • Maintaining training records
  • Mitigation efforts communication and documentation
  • Documenting training, exercises, and associated critiques
  • Communicating with emergency response organizations during planning activities. 
Administrative actions during and after an emergency may include:
  • Maintaining telephone logs
  • Keeping a detailed record of events
  • Maintaining a record of injuries and follow-up actions
  • Accounting for personnel
  • Coordinating notification of family members
  • Issuing press releases
  • Maintaining sampling records
  • Managing finances
  • Coordinating personnel services
  • Documenting incident investigations and recovery operations
  • Response plan maintenance
  • Regulatory submittals

Preparedness administrative duties are often the responsibility of an environmental, health and safety (EHS) department. The size of the planning or incident management team will depend on a facility's operations, requirements, and resources. However, each position within the team has unique planning administrative duties specific to the nature of their responsibility. The responsibilities of the logistics section chief, as well as the planning section chief, rely heavily on organized administrative efforts. The potential complexity of site emergency response logistics should be analyzed, optimized, and communicated within the response plan.  Logistical documentation of the expected and actual resource flow of an incident can minimize response time and maximize efficiency.

Before an emergency, logistical duties may include the following:

  • Identify and acquire service and support requirements for planned and expected operations
  • Supply allocation details
  • Designating emergency facilities
  • Establishing training facilities
  • Establishing mutual aid agreements
  • Preparing a resource inventory
  • Provide input to and review the response plan(s)

During an emergency, logistics may entail:

  • Participating in preparation of the Incident Action Plan (IAP)
  • Providing utility maps to emergency responders
  • Providing material safety data sheets to employees
  • Coordinating and processing requests for additional resources
  • Repairing equipment
  • Arranging for medical support, food and transportation
  • Arranging for shelter facilities
  • Providing for backup power
  • Providing for backup communications
  • Recommend release of resources in conformity with Incident Demobilization Plan
 

 

For a free fire pre planning download, click the image below:

TRP Corp Fire Pre-Plans Pre Fire Plan

Tags: Cloud Computing, Training and Exercises, Supply Chain, Event Preparedness, Communication Plan

Top Five Reasons to Utilize Emergency Management Software

Posted on Thu, Aug 15, 2013

Companies need an enterprise-wide, universally accessible emergency response planning system capable of adapting to every site, regulatory requirement, and plan type. Incorporating a definitive company emergency management system across an enterprise allows for a streamlined and familiar response process. Whether plans are mandated by corporate policy or regulatory agencies, an effectively exercised and accessible emergency response plan can minimize impacts of an emergency on employees, the environment, and infrastructure. The benefits of web-based emergency management systems are:

1. Efficiency:  Effective response plans require cyclical maintenance. As a result of changing personnel, fluctuating external response contacts, and revolving equipment availability and inventory levels, maintaining up-to-date and actionable response plans can be administratively time consuming. Emergency management software should eliminate the need for duplicate updates. The most advanced web-based software programs utilize a database, allowing for specific repetitive information to be duplicated in the various necessary plan types across an entire enterprise. By minimizing administratively tasking duties, plan changes are more likely to be transferred into the system, optimizing the accuracy of the plans.

2. Accessibility of plans: In the event of an emergency, updated paper plans are typically not available from all company locations. Additionally, accessing plans housed on a company intranet may be dubious if an incident renders company servers inaccessible.  Although the intranet approach has improved overall plan accessibility, a number of significant difficulties remain. With an intranet approach, plan maintenance, version control, and consistency across multiple plans remain challenging and time consuming.

Web-based planning system software offers every option of instant accessibility: viewed via the Internet from any location, downloaded, or printed. Increasing accessibility options while improving efficiency, functionality, and effectiveness can bolster an entire emergency management program.

3. Instantaneous updates: With web-based technology and an Internet connection, revised information is immediately available to all approved stakeholders. Both paper-based plans and those housed on a company intranet are often out of date with multiple versions in various locations, potentially misinforming the response team.  Microsoft Word or PDF documents, often the format used in response plans, are cumbersome to revise for various plan types and locations. Web based software eliminates” version confusion” and allows responders to apply the most up-to-date and tested processes to a response.

4. Superior functionality: Web-based plans can provide hyperlinks, forms libraries, simplified interfaces, and other tools designed to improve functionality for plan users. Simplifying documentation during an incident enables prompt response progress, improved regulatory compliance, and a more accurate account of the response. Easy to follow response plans allow responders to carry out specified industry and company procedures in accordance with proven best practices responses.

5. Multi-purpose data: Typically, response plans share common data with a variety of additional plan types including business continuity, pre-fire plans, hurricane plans, and others. Web-based, database driven plans utilize one database to manage this information, effectively leveraging plan content and revision efforts to all plans and locations that utilize that data.

If best practices are implemented, and training and exercises confirm effective response processes and procedures are in place, response plans can be an effective tool for responders. However utilizing web-based, database software allows registered users to swiftly and accurately identify confirmed response contacts, response procedures, and available resources, expediting the response and minimizing impacts.

Resource management is a key practice in the National Incident Management System (NIMS). Web-based software streamlines the resource data incorporated into a response plan allowing NIMS components to be utilized more effectively. NIMS resource management includes:

  • Resource identification: Integrated data allows for all resources to be quantified.
  • Procurement: Through automated contact verification systems, the process of procuring resources is simplified. Accurate contacts, contact numbers, and resource lead times have already been confirmed.
  • Mobilization:  Plan transportation and logistics needs easily identified based on response priorities
  • Track and report:  Web-base response software’s links and forms database allows for easy resource reporting and documentation. Real-time incident management systems can ensure efficient use, coordination, and movement of equipment.
  • Recover and demobilize: Accurate data allocation ensures timely demobilization of equipment, including decontamination, disposal, repair, and restocking activities, as required.
  • Reimburse:  Web-based software contains documentation measures that assisting in tracking costs. This allows for accurate allocations of incident expenses, including contractors, equipment, transportation services, and other costs.
  • Inventory and replenishments: Resource data contained within the web-based software can be utilized to inventory response requirements or site equipment. This feature streamlines the ability to assess the availability of on-site equipment and supplies and determine external resource levels.
For an introduction to web-based planning click HERE:

 

Tags: Data Recovery, Redundant Systems, Cloud Computing, Emergency Response Planning, Data Backup, Safety

Industrial SPCC Plans Accessible in Cloud Technology

Posted on Thu, Feb 07, 2013

As web-based technologies become more accessible and mobile, different options for hosting and managing response plans have evolved. Transitioning to a web-based cloud system to maintain your Spill Prevention, Control, and Countermeasure (SPCC) plans can enhance accessibility, portability, and redundancy, potentially easing communication barriers with responders and regulatory audits.

Environmental, health, and safety (EHS) managers responsible for maintaining regulatory compliance for multiple sites may benefit from web-based cloud computing for emergency management. While cloud technology isn’t a new concept, a recent survey conducted by IT industry association CompTIA, found that more than 80% of companies use or have transitioned to some form of cloud technology. The survey revealed that costs, increased flexibility, and newly available resources are the main motivation for moving to a cloud.  The costs associated with effective emergency management, planning efforts, and overall spill prevention are often much less than the costs associated with spill clean up, fines, and other civil liabilities.

The Environmental Protection Agency (EPA) estimates that approximately 640,000 U.S. facilities are potentially subject to regulations under the SPCC Rule:

A facility that stores, processes, refines, uses or consumes oil and is non-transportation-related is potentially subject to the SPCC rule. The EPA requires SPCC plans for facilities that could discharge oil into navigable water and store more than 1,320 gallons aboveground or more than 42,000 gallons underground.

EHS managers responsible for maintaining SPCC compliance can maximize department efforts and communication. With budgets restraints and increasing workloads, reducing plan maintenance costs, improving communication methods, and minimizing preparedness disparities is critical. Word documents, PDF files, and printed binders are burdensome, administratively time-consuming, and possibly inaccurate or non-compliant.

Here are some questions to determine if web-based cloud technology SPCC plan system is right for your company?

  1. Do you have multiple facilities that are governed by SPCC and/or other regulatory requirements?
  2. Is there repetitive company information in multiple response plans?
  3. When was your last SPCC or facility response plan (FRP) audit and would you be ready if an auditor appeared tomorrow?
  4. Does your company already utilize cloud-based technology?
  5. How effectively do you handle contact information updates and verification? How often does this occur?
  6. How often do you print updated plan copies for distribution, and what costs are involved?
  7. How audit-friendly are your plans?
  8. How many individuals have access to your plans and are authorized to make updates?
  9. Are your plans updated quarterly or annually?
  10. How are new regulatory requirements incorporated into plans?
  11. How much time is dedicated to maintaining and updating your plans?
  12. Do you have a record of changes and revisions?

But with a cloud system, redundancy and back up efforts are essential.  In the event Internet connectivity is terminated or inaccessible, emergency managers must have alternative means to access plans. Redundant data centers, scheduled downloads, and security measures must be a part of any emergency management program based on an intranet or cloud.

Response plans housed in cloud technology also has numerous benefits. When employees are equipped with Wi-Fi enabled devices, authorized users can access response plans information from any location. This can aid in response measures if the incident is isolated to a particular location. SPCC plans can also be readily shared with other company locations and external responders who can relay important detailed facility information to those onsite. Additionally, dedicated administrative time associated with plan maintenance, updating, access, and regulatory submission can be minimized.  

The following EPA list highlights some important elements of an SPCC Plan:

  • Facility diagram and description of the facility
  • Oil discharge predictions
  • Appropriate secondary containment or diversionary structures
  • Facility drainage
  • Site security
  • Facility inspections
  • Requirements for bulk storage containers including inspections, overfill, and integrity testing requirements
  • Transfer procedures and equipment (including piping)
  • Requirements for qualified oil-filled operational equipment
  • Loading/unloading rack requirements and procedures for tank cars and tank trucks
  • Brittle fracture evaluations for aboveground field constructed containers
  • Personnel training and oil discharge prevention briefings
  • Recordkeeping requirements
  • Five-year Plan review
  • Management approval
  • Plan certification (by a Professional Engineer (PE) or in certain cases by the facility owner/operator)

For tips and best practices on designing a crisis management program, download Best Practices for Crisis Management.

TRP Download

Tags: SPCC, EPA, Redundant Systems, Cloud Computing

Protect Critical Systems from Cyber Disaster for Business Continuity

Posted on Thu, Aug 23, 2012

In July, General Keith Alexander, head of the National Security Agency and U.S. Cyber Command chief warned that the changing nature of dangerous cyber attacks is taking a toll on American business. A Department of Homeland Security report on cyber security revealed 198 cyber attack incidents were reported to DHS in 2011. This is a sharp contrast to the nine incidents reported in 2009. The report noted that companies who control critical infrastructure reported higher numbers of attacks on their systems over the past three years.

With cyber threats to these computer systems on the rise, the U.S. Department of Homeland Security (DHS) is working to better protect control systems of critical infrastructure. DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) provides operational capabilities for defense of control system environments against emerging cyber threats. ICS-CERTs were deployed to investigate and analyze threats in 17 of the 198 cases in 2011. By understanding the threats and effectively managing the risks, actions can be taken to reduce the occurrences and sustain critical systems. Specific company names were not released in order to maintain a level of confidentiality and encourage reporting of other cyber attack incidents. Alexander said that for every intrusion detected by the FBI, there are 100 others that remain undetected.

DHS admits that the number of incidents reported to DHS's ICS-CERT has increased partly due to this increased communication between ICS-CERT and the private sector. However, through proper mitigation and business continuity measures companies will be prepared to combat their current lapses in technology.

According to the EPA, “Technological emergencies include any interruption or loss of a utility service, power source, life support system, information system or equipment needed to keep the business in operation.”  Identifying all critical technology related operations is the first step in mitigating and combating threats. Possible critical technologies involved in business operations include, but are not limited to:

  • Utilities including electric power, gas, water, hydraulics, compressed air, municipal and internal sewer systems, wastewater treatment services
  • Security and alarm systems, elevators, lighting, life support systems, heating, ventilation and air conditioning systems, electrical distribution system.
  • Manufacturing equipment, pollution control equipment
  • Communication systems, both data and voice computer networks
  • Transportation systems including air, highway, railroad and waterway

Once technology systems are identified, the following planning considerations should be taken into account in order to safeguard critical systems and develop an effective business continuity plan:

  • Determine the impact of technology service disruptions.
  • Ensure that key safety and maintenance personnel are thoroughly familiar with all building systems, such as alarms, utility shutoffs, elevators, etc.
  • Establish company-wide computer security practices, such as password-protected information, in order to secure technologies. (See CSET Assessment to determine system vulnerabilities)
  • Establish procedures for restoring systems. Determine the need for backup systems.
  • Establish preventive maintenance schedules for all systems and equipment.

ICS-CERT encourages companies to report suspicious cyber activity, incidents and vulnerabilities affecting critical infrastructure control systems. Online reporting forms are available at https://forms.us-cert.gov/report/.

For a sample Emergency Response Checklist, download our helpful and informative guide.

Tags: Data Recovery, Cloud Computing, Data Loss, Cyber-Security, Business Continuity Plan, Business Disruption, Information Security