As potentially stressful, chaotic and financially imposing as an emergency, disaster or crisis can be, some companies are still not prioritizing preparedness and response planning.
The three building blocks of preparedness - identify, review and verify can provide the means to effective corporate emergency response plans. When all three aspects are in motion, the ongoing process of preparedness is established, giving companies the best possible prognosis for a response.
Identify Preparedness and Response Plan Criteria
Company profiles are becoming increasingly sophisticated with an intricate network of technology, human resources, and global influences. Companies must routinely identify relevant risks and threats in order to develop practical, compliant, and up-to-date response plans. Improvising and implementing unplanned response actions for unrecognized scenarios often results in inadequate, and potentially damaging outcomes.
Preparedness is a continual sequence of analysis. Operational consolidation, growth, and changing threat variables require recognition. To prepare for and respond to an incident, emergency managers should identify the following preparedness and response planning criteria:
- What risks and hazards may result in an emergency or disaster response event?
- What processes are put in place to limit the exposures to risks and hazards?
- What community/environmental sensitivities exist?
- Who will respond when an incident occurs?
- What processes, procedures, and training are in place for responders?
- How will individuals/employees secure their safety?
- What tools/equipment are necessary to respond to an incident and who will provide them?
- What local, state, and/or federal organizations should be consulted?
- What regulations apply?
With risks, threats, and preparedness needs identified, companies should move forward with developing site-specific response plans. However, preparedness does not end with a completed response plan.
Review Response Plans
Corporate preparedness programs and applicable response plans need to be reviewed for accuracy and effective responses to newly identified variables. Employees familiar and trained with preparedness efforts are more likely to ensure best practices are carried out.
Reviews of response procedures, mitigation opportunities, best practices, response objectives, and operational requirements are necessary to ensure preparedness and effective response measures are in place. Reviews should include, but are not limited to:
- Data and computer needs: Review the procedural details of computer backups, data restoration methods, and the minimum program needs to re-establish critical business processes. Companies should examine current data center outsourcing or other alternatives to ensure continuity and accessibility.
- Notification lists: Response plan administrators must be certain that newly-assigned personnel are included in the plan, as necessary, and that notifications are being delivered to accurate e-mail addresses and/or phone numbers. Review contact lists to ensure all necessary information is correct.
- Communication needs: Clear and effective communication channels must remain available to disseminate information to employees, assess and relay damage, and coordinate a recovery strategy. Evaluate current communication equipment and/or mass notification systems to communicate to key individuals, company employees, or an entire client base, as each scenario deems necessary.
- Supply Chain: As a company’s needs change and new suppliers come online, potential suppliers should be evaluated, and plans should be updated to reflect any changes. Alternate resources should be reviewed to ensure availability, delivery, and continued operations in the event primary suppliers are not available when needed.
- Essential Personnel: Ensure necessary minimum staffing levels are acceptable to remain operational. Review individual responsibilities and recovery time objectives with staff, contractors, and suppliers.
- Equipment needs: Review availability of necessary equipment and establish processes for response, recovery, and continued operations, to minimize downtime and additional recovery efforts.
The review of company emergency response plans should include debriefings with collaborative response entities. Meetings with these outside responders should confirm specific plan and response details that can be carried out to be consistent with best practices and company protocols. Groups to consider in planning reviews include, but are not limited to:
- Local responders (fire, police, emergency medical services, etc.)
- Government agencies (LEPC, Emergency Management Offices, etc.)
- Community organizations (Red Cross, weather services, etc.)
- Utility Company(s) (gas, electric, public works, telephone, etc.)
- Contracted Emergency Responders
- Neighboring Businesses
Verification of Effectiveness and Accuracy
The overall emergency response program readiness must be verified for effectiveness and accuracy, regardless of the threat or hazard. Training and exercises are valuable verification tools that can confirm effective response planning and preparedness efforts. Verification should include, but is not limited to:
- A system for assessing emergency scenarios and prioritizing incident responses
- Thresholds and procedures for activating the Incident Management or Crisis Management Team
- Notification information (if maintaining accurate contact information is challenging, consider opting for an e-mail verification system that enables each contact to verify their contact information.
- Roles and responsibilities of the Incident Management or Crisis Management Team members
- Communication and notification procedures to facilitate interaction among responders and Incident Management Team
- Guidelines and checklists to assist in an efficient and organized response
- Verification of on-site hazardous materials details, response equipment, and response times
Technology, such as a web-based response planning system, provides companies with the tools to balance enterprise-wide standardization and site-specific regulatory criteria. Companies responsible for multiple buildings, possibly in various locations, should demonstrate a commitment to emergency management by creating a systematic template for incident response policies, procedures, and practices. These templates should enable users to incorporate the detailed, site-specific data necessary for an effective response.