Your Solution for SMART Response Plans

The Business Impact Analysis: A Step Towards Business Continuity

Posted on Thu, Sep 18, 2014

Companies may not consider the interdependencies between critical operations, departments, personnel, and services until an event disrupts normal operations. A Business Impact Analysis (BIA), a key component in business continuity planning, presents the ability to identify and quantify which business unit that, when absent, would significantly impact a company. While the size and complexity of essential business elements required for sustainability varies among industries, companies, and specific facilities, the ability to quantify and prioritize critical workflow components is a key business continuity element.

Critical business units, associated functions, and a trained workforce provide the greatest financial value to companies. Companies that prioritize process sustainability initiatives that can meet recovery time objectives have a better chance of minimizing impacts of impeding disruptions.

Within each key business unit, additional business functions should be considered and evaluated. By identifying cross business unit dependencies, the need for integrated risk mitigation solutions can be highlighted and proactive measures can be taken. A workflow analysis may prioritize those business functions and processes that must be recovered in order for business continuity plans to be effective. Functions within each business unit may include, but are not limited to:

  •  Finance 
  • Contracts 
  • Supply and trading 
  • Personnel and payroll 
  • Benefits 
  • Accounts payable
  • Environmental health and safety 
  • Information technology

Once critical business functions and workflows are assessed and prioritized, a BIA should be performed.  The goal of the analysis should be to identify the potential impacts of identified risks, uncontrolled threats, and potential non-specific events on these business functions and dynamic processes. Any potential resilience capabilities should be prioritized and mitigation opportunities should be examined.  Operational and process managers should explore and quantify the following aspects to initiate the BIA process:

Timing:

  • Identify critical operational time periods when an interruption would have greater impacts (seasonal, end of quarter, specific month, etc.).
  • Priorities should be determined if an interruption during high-output timeframes creates amplified operational and financial impacts.

Likelihood Level:

  • Indicate how likely each specific threat could occur, considering existing capabilities, mitigation measures, and history.

Duration:

  • Identify the duration and point in time when an interruption would impair operational processes and have financial impact.
  • Estimate the maximum allowable downtime for each specific business function
  • Consider downtime impacts from less than 1 hour to greater than one month

BCP duration: TRP CORP

Staffing minimums:

  • Identify staffing level requirements (including contractors or suppliers) to meet typical daily productivity goals, as well as recovery time objectives.

Operational Impacts:

  • Identify the effects associated with a business unit interruption, considering existing mitigation measures. These may include, but are not limited to:
    • Lost sales and income
    • Negative cash flow resulting from delayed sales or income
    • Increased expenses due to overtime, outsourcing or other operations that increase costs
    • Regulatory fines and legal implications
    • Contractual penalties or loss of contractual bonuses
    • Customer dissatisfaction or withdrawal
    • Delay of business plan execution or strategic initiatives

Recovery Time:

  • Identify the time frame necessary to recover specific critical processes under existing capabilities and, if possible, potentially altered conditions.

Financial Impact:

  • Determine and quantify financial impacts,  considering existing mitigation measures.
  • Critical functions that have the highest financial impacts should be prioritized in business continuity plans.

If a business continuity incident affects two or more business processes, the incident has a greater potential for impact. Interoperable communication and coordination among departments must be exercised for a swift recovery. The effects of a multi-tiered business continuity event can extend beyond the facility borders to affect personnel, multiple critical business processes, vendors or suppliers, and customers.

Adverse information technology (IT) conditions may affect numerous company departments, units and functions. IT components may include networks, servers, desktop and laptop computers and wireless devices. The ability to utilize both office productivity and enterprise-wide software may be essential to restore normal operations. Therefore, time critical recovery strategies for information technology, such as exercised data backup and restoration procedures, should be developed in order to limit the effects of interruptions across multiple business units.

Once critical business units are identified and the BIA is completed, companies can develop an applicable business continuity plan, ensuring a faster state of recovery.

Click HERE or the image below for a free download on Enterprise-Wide Response Planning.

Multiple Facility Response Planning Company Preparedness Guide DOWNLOAD

Tags: Business Continuity key points, Business Continuity, Resiliency, Business Risk, Redundant Systems, Business Continuity Plan

How to Quickly Develop Response Plans after a Merger or Acquisition

Posted on Thu, May 01, 2014

Companies are not stagnant, as evidenced from the many acquisitions, mergers, and organic growth seen every year. The dynamic nature of the energy sector (and others) requires corporate emergency management and business continuity programs to periodically adjust their approach.

Whether a facility is located in the U.S. or abroad, ensuring compliance, employee safety, and an effective response requires a streamlined, coordinated, and exercised response plan. All response plans within the corporate enterprise should address site-specific facility details, appropriate response processes, standardized company-wide best practices, and maintain location-specific regulatory compliance. A customized response plan template enables development of  a streamlined, site-specific preparedness program that consistently delivers company-standard guidelines and practices while providing a medium for rapid assimilation of acquired facilities.

Generic response plan templates that do not account for site-specific details may result in  incomplete, ineffective, and non-regulatory compliant plans.  Companies with multiple-facility operations should utilize a customizable template with the ability to inject distinct facility information and hazards for each operation, pre-approved company best practices, as well as applicable local, state, and federal requirements. Industrial operations are required by law to institute site-specific emergency response plans, and train employees according to their response roles and method of response pertinent to operations.

Integrating response plans under one centralized format consolidates preparedness and response objectives. In company merger circumstances, this process requires clear, concise, and frequent communication.  A single individual or coordinated team should manage the consolidation of emergency management practices. It is critical to define preparedness objectives, response roles, and responsibilities in order to eliminate ambiguity and confusion.  Responsible parties must apply data, site assessments, and validated information into cohesive, compliant, and effective response plans for the new enterprise.

Acquired facilities must be absorbed into the company-wide emergency management program. If response plans exist, companies should perform a gap analysis or audit to identify any procedural, company policy, or compliance deficiencies.

New or outlying facilities may present preparedness and response challenges. Cultural differences, infrastructure challenges, response equipment availability, minimal response knowledge and training, and security priorities may require heighten preparedness priorities and planning efforts. As a result, new locations within multi-facility companies may be particularly vulnerable to crisis or emergency response situations.

The following fundamental preparedness and response questions may assist companies in absorbing facilities into an established emergency management program. Determining site-specific information, possible mitigation efforts, and response capabilities can mobilize stakeholders to develop necessary and required response planning objectives. (Note: The questions below are meant to initialize conversations and should not be considered a thorough checklist for preparedness and response planning)

Who will be in charge of the  response?

  • Identify Incident Commander
  • Create Emergency Management Team organizational chart
  • Identify Emergency Management Team activation measures
  • Create Emergency Management Team roles and responsibilities checklists

Does the facility have a current response plan?

  • Update necessary contact information and notifications
  • Perform a gap analysis of the current plan(s) against new operations, equipment, company policies, industry best practices and applicable regulations
  • Review agency approval and submittal processes and comply as necessary

What threats affect the facility or employees?

  • Perform a detailed hazard and risk analysis
  • Verify or create response procedures for each identified threat
  • Identify the new process for incident documentation
  • Utilize appropriate ICS Forms
  • Identify current and necessary equipment necessary for response

What regulatory requirements  apply to this facility?

  • Evaluate operations for compliance
  • Identify required training and confirm documentation
  • Review submitted response plan information
  • Perform a compliance audit

If necessary, what organization will conduct additional response duties?

  • Identify response capabilities and determine if additional resources are necessary
  • Initiate a Memorandum Of Understanding or contract specific response needs
  • Confirm contact information, availability, and response times

How will the emergency be reported and response initiated?

  • Create site-specific notification procedures. (Emergency notifications may include 911, National response Center, internal or external response team, emergency services, and others)
  • Identify alarm signals that signal employee evacuation or shelter in place.
  • Test alarms to confirm they are in proper working condition
  • Ensure employees are trained in alarm procedures and immediate response actions per roles and responsibilities
  • Implement company approved emergency classification levels to associated response procedures with emergency conditions to prevent the incident from escalating

What incidents or classification level require evacuation/shelter in place

  • Create multiple evacuation routes.
  • Does the evacuation go beyond facility borders?
  • Identify the muster point(s) and head count procedures?

How are response actions sustained?

  • Establish  command post location
  • Identify internal and external response resources and equipment for a sustained response
  • Share response plan with appropriate responders/stakeholders
  • Develop a communications plan  and identify sustainable communications equipment
  • Identify hazard control applicability and methods
  • Detail external communications and public relations policies

What is done after the incident is secured?

  • Create checklist to demobilize the response
  • Identify post incident review and debriefing objectives
  • Generate a means to apply “lessons learned”
  • Update response plan accordingly and amend necessary training

 

Challenged with managing preparedness amongst your various facilites? Download TRP's best practices guide on response planning for large organizations with multi-facility operations.

Multiple Facility Response Planning Company Preparedness Guide DOWNLOAD

Tags: Response Plans, Redundant Systems, Regulatory Compliance, Facility Management, Emergency Management Program

Concepts of Secured and Redundant Response Plan Accessibility

Posted on Thu, Apr 24, 2014

In preparedness and emergency management, the concept of risk and hazard identification is fundamental. However, the potential inability to access important documents, particularly during an emergency scenario, is often overlooked. If you experienced a catastrophic loss and could not access response plan documents, would you be able to conduct an effective response?

Companies must mitigate the risk that an incident may incapacitate access to response plansIn order to manage risks and build resilience, Traditional risk-management tools must be incorporated with new technology-based concepts. With more people owning multiple computing devices such as laptops, tablets and smart phones, the idea of data being restricted to a single desktop computer or binder without adequate redundancies is antiquated. Cloud and web-based technology offer enterprise-wide, up-to-date redundancies that traditional record keeping methods cannot provide.

Response Team and Stakehold Accessibilty

To counteract potential incidents, fallout vulnerabilities, and regulatory noncompliance, response plans should be securely shared with and accessible to regulators, auditors, inspectors, and responders. Having up-to-date information readily available to trained responders has been proven to limit the duration of the emergency.  The faster responders can locate, assess, access, and mitigate the emergency, the sooner an incident can be contained. However, in order to minimize additional vulnerabilities, applicable data and confidential information must be secured.

A recent survey conducted by IT industry association CompTIA, found that more than 90% of companies use or have transitioned to some form of cloud technology in order to increase flexibility and reduce costs. However, the report revealed that only 48% of those surveyed utilize cloud-based methodology for business continuity/disaster recovery processes. When authorized users can access response plans information from any location, response expertise can be maximized and maintenance efforts can be shared.

Response_Plan_Accessibility.jpg

In the event of an emergency, up-to-date paper plans may not be available from other locations. Although some companies post electronic plans to their intranet that can be accessed remotely, the process of updating these plans is time-consuming and inefficient. In addition, if a catastrophic event occurs, there is the possibility that the main data source or server will be inaccessible.

When an incident is isolated to a particular location, cloud or web-based response plans can enable response measures on a company-wide scale. Cloud or web-based plans can also provide hyperlinks, forms libraries, simplified interfaces, and other tools designed to improve functionality for plan users.

Cyber-Security and Response Plan Redundancy

But with any data system cyber-security and back up efforts are essential. In the event Internet connectivity is terminated or inaccessible, emergency managers must have alternative means to access plans. Redundant data centers, scheduled download, and security measures must be a part of any web or cloud based emergency management program

When first responders can exercise approved response processes and procedures, responses can become second nature. Plan accessibility allows appointed responders to clarify critical contact information and responses to altered site circumstances, operations, or materials. Inaccessible response plan can facilitate confusion, inconsistency, and potentially accelerate impacts and financial loss.

As technology dependencies become more ingrained in company operations and emergency management programs, it is essential to institute company-wide best practices for computer security, downloads, and backups in order to secure necessary technologies and communications networks.

Cyber exercises allow stakeholders to simulate real-world situations, to improve communications and coordination, and to increase the effectiveness of broad-based critical infrastructure protection capabilities without the consequences of real cyber event.  These specific exercises educate employees on technological policies and provide a means to evaluate cyber incident preparedness, mitigation, response, and recovery capabilities.

Be prepared for your next incident! Click the image below to receive your free guide.

Preparedness and Emergency Management - TRP Corp

Tags: Data Recovery, Response Plans, Redundant Systems, Training and Exercises, Cyber-Security, Data Backup

Securely Share Response Plans with Inspectors, Responders, and Auditors

Posted on Mon, Mar 10, 2014

Industrial facilities are vulnerable to innate risks, targeted threats, and security breaches. These vulnerabilities vary according to the location, site characteristics, operations, and hazards. Site-specific response plans are often required by regulatory agencies to address these vulnerabilities.  To counteract potential incidents relating to vulnerabilities and comply with government mandates, response plans are shared with regulators, auditors, inspectors, and responders. However, in order to minimize additional vulnerabilities, applicable confidential information should be secured from unauthorized individuals.

Response Plans must be shared, but information security must be a priority. There are generally three basic means to share response plans with recipients.

1) Paper plans

Long before tablet computers and smart phones, companies composed and shared binder-bound response plans. These plans, which are still used in large numbers today, were/are mailed to agencies, printed for auditors and inspectors, and reproduced for response stakeholders. Paper plan accessibility is limited to physical distribution tactics. This traditional concept may not provide the security measures necessary for the modern world. Paper plans share the following common pitfalls, possibly rendering non-compliance and an ineffective response.

Paper plans are often:

  • Inaccessible: Most plan users will only have a paper copy and will not carry it wherever they go. Because of the lack of accessibility, it is often difficult for a program managers to know when plans were last updated, or approved by regulatory agencies.
  • Inefficient: Repeated information updates, especially in multiple plans, is time consuming There are often duplicate or overlapping information requirements from one plan type to another, and for multiple facilities.
  • Out of date: Having multiple versions of plans in various locations leads to version confusion. It is often difficult to determine and document when company, site, or personnel information has changed. Example: Corporate emergency manager's contact information may reside in many plans. If/when that person's contact information changes, it has to be physically changed in each plan.
  • Inconsistent:  Plan formats usually vary from one facility to another, making it difficult to manage training and compliance efforts.
  • Cumbersome: A company may have multiple plan types, documents, and records for various regulatory agencies. During an audit, inspection, or response, the pure physicality of paper plans can be hindering.

2) Intranet-based plans

Some companies host response plans on their local intranet, or company network. These plans can often be accessed remotely through a Virtual Private Network (VPN). In order to establish a VPN connection with a company's server, the endpoints are typically authenticated to secure access. Plans can be shared through a VPN connection, potentially expanding the accessibility to approved viewers.

Secured access has been historically accomplished through passwords, personal data advanced biometrics, or a combination of security means. Once the connection is made, authorized individuals should be able to securely access a company's network. However, as recent headlines have revealed, company networks are often vulnerable to hackers, data breaches, and network attacks, potentially exposing private company information and broadening vulnerabilities. Companies must prioritize network security, especially when response plans are hosted within this critical business function.

In a variety of scenarios or in the event of an emergency, company servers may be inaccessible; rendering responders ill informed when response information is needed most. It is imperative to regularly back up response data and establish an alternate means to retrieve necessary response information in the event that site and/or company network is involved in the incident. 

Although plan accessibility may be improved with an intranet system, the plans may still be subject to some of the same pitfalls as paper plans:

  • Inaccessibility
  • Inefficient
  • Inconsistent

Efficiency and consistency across multiple plans remains challenging and time consuming when documents utilize separate static word-based files.

3) Web-based plans

As mobile technology advances and becomes more commonplace, many companies are beginning to realize the benefits of web-based emergency response planning systems. Web-based emergency response planning systems offer secured, immediate, and direct access to your emergency response plans from any computer. Since company response plans are no longer stored in a single, centralized location, the risk of inaccessibility, loss, or damage of these critical records in an emergency situation is minimized. More importantly, since every member of your team can easily locate and navigate your emergency response plans at a moment’s notice through a password protected website, your incident response time and management capabilities improve dramatically.

For organizations with multiple facilities and locations, web-based response planning provides site-specific emergency response plans that integrate seamlessly with your organization-wide procedures and policies. This optimizes the opportunity for every location to remain in compliance with state, federal and municipal regulations.

Response plans that utilize an informational database, plans securely open to the latest plan version, providing ability for plans to be shared or printed for auditor analysis and inspectors’ review.

Some benefits of a web-based business continuity system include:

  • Instantaneous Accessibility: A web-based planning system software offers every option of instant accessibility:
    • Viewed via the Internet from any location
    • Downloaded
    • Printed.

Web-based response plans increase accessibility options while improving efficiency, functionality, and effectiveness.

  • Efficiency: The most advanced web-based software programs utilize a database, allowing for repetitive information to be duplicated in all plan types across an entire enterprise. By minimizing administratively tasking duties, plan changes are more likely to be performed, thereby improving accuracy of the plans. Web-based plans can provide hyperlinks, forms libraries, simplified interfaces, and other tools designed to improve functionality for plan users.
  • Instantaneous Updates: Revised information is immediately available to all stakeholders. Web-based, database driven plans utilize one database to manage this information, effectively leveraging plan revision efforts to all plans that utilize that data.

Web-based response plans offer the greatest secured accessibility option for stakeholders, auditors, and inspectors while bolstering an entire emergency management program.

For a free Audit Preparedness Guide for Industrial Regulatory Compliance, click the image below:

Regulatory Compliance with TRP Corp

Tags: Resiliency, Response Plans, Incident Management, Redundant Systems, Regulatory Compliance, Emergency Response Planning, Information Security

Internet Connectivity, Response Planning, and Communication

Posted on Mon, Feb 17, 2014

A study entitled The Connected World: Greasing the Wheels of the Internet Economy examined how Internet accessibility and usage corresponds with economic growth. The report measured “access to” and “engagement with” the Internet across four components; Infrastructure, Industry, Individual, and Information. According to Internet Corporation for Assigned Names and Numbers (ICANN) who commissioned the study, “those with the lowest “e-friction” tend to score well across all four components: they have strong infrastructures, and supportive business and regulatory environments.”

The study reveals compelling insight for companies looking to embrace technological advancements.  However, upgrading technology must have a specific purpose. Incorporating additional technology into operations for the sake of upgrading can be costly, time consuming, and counterproductive. Implementations of new technology should allow for a more streamlined operation.

Within the past few years, technology has allowed an increasing number of companies to automate emergency preparedness and response processes. With budgets restraints and increasing workloads, easing response plan maintenance issues, improving communication methods, and minimizing preparedness disparities is critical in the emergency management realm. Advanced technology for emergency preparedness and response has included everything from gas-leak sensors and drones, to social media integration and adoption of sophisticated emergency management software. The ability to automate a myriad of emergency response activities, including expediting communications with local first responders, safety officials, and those affected by an incident enables companies to potentially minimize the impacts of an emergency on individuals, facilities, and the community.

An incident response relies heavily on effectively communicating accurate information in order to implement the appropriate action(s). The Internet enables the prospect of instantaneous communication to/among facility managers, critical decision makers, emergency response teams, stakeholders, vendors and contractors, and the public.  Communicating through unfamiliar company radio codes, agency specific codes, perplexing acronyms, or specialized jargon will disconnect and confuse employees, responders, communities, and/or stakeholders, possibly prolonging a response and the initiation of necessary actions. Advancing communication technologies, with proper applicable training and protocols, can streamline information circulation.

As web-based technologies become more accessible and mobile, different options for housing industrial regulated response plans have evolved as well. Expediting tasks with reduced resources has become the mantra of many organizations. Transitioning to a web-based cloud system to maintain your emergency response plans can enhance communication, accessibility, portability, and redundancy. In order to minimizes “e-friction” and allow entities to prosper, the ICANN study emphasized the importance of an implementation of effective regulatory procedures, or policy, such as redundancy, back up efforts, and security measures.  In the event Internet connectivity is terminated or inaccessible, emergency managers must have alternative means to access plans. Redundant data-centers, scheduled downloads, and security measures must be a part of any emergency management program based on an intranet or cloud.

Additionally, Internet availability enables additional emergency communications through social media. From communicating facility closures in the event of bad weather or evacuation orders as a result of a hazardous spill, greater Internet accessibility allows for companies to streamline emergency communications to a wider audience with minimal administrative effort. According to PEW Research Center's Social Media Update 2013, 73% of online individuals utilize social media. While individuals tend to join social media because of a perceived need to stay connected to a broader scope of friends and family, it is also becoming a new source for timely circumstantial information.

Internet accessibility and engagement offers companies the opportunity to utilize social media in critical ways that aid in emergency response. With proper protocols in place, social media emergency management allows for the following:  

  1. Speed: Direct communication between informants and those who need information enables responders to react faster, minimizing the duration of the emergency.
  2. Relevance: Disseminate the right message to the right audience
  3. Accuracy: Ensure information is correct, confirmed by company sources, and backed up by facts or direct observation. Multiple informants can confirm accuracy or inaccuracies.
 
To find out how web-based response planning systems can benefit your company, click the image below: 
 
Web based response planning - TRP CORP

 

Tags: Emergency Management, Resiliency, Response Plans, Redundant Systems, Emergency Management Program, Communication Plan

Are you Ready to Maximize Emergency Preparedness in 2014

Posted on Mon, Jan 20, 2014

Emergency preparedness plans aren’t created for “if” an emergency happens, but for “when” an emergency happens. Fortunately, the notion of a securely accessible emergency response planning system capable of adapting to a company’s every location, regulatory requirement, and plan type is within reach to many companies.

As the expectation level of instantaneous information grows, companies that do not embrace available technological advancements can be criticized as being stagnant. Increasingly available and more reliable technology has allowed companies to transition from seemingly archaic binder-based response plans to an all-inclusive web-based preparedness program.

Whether plans are mandated by corporate policy or regulatory agencies, a widely accessible emergency response plan can maximize efficiency and minimize impacts of an emergency on employees, the environment, and infrastructure.  Until web-based preparedness programs became available, plan formats often varied from one facility to another, making it difficult to manage training, compliance efforts, and consistency of basic response procedures. Incorporating a definitive enterprise-wide emergency management system across an enterprise can maximize efforts, allowing for a streamlined and familiar response process.

As we begin 2014, companies are still striving boost efficiency, compliance, and budgets. By upgrading to a web-based emergency management system, companies can maximize preparedness and emergency management. Implementing a web-based planning system offers preparedness programs the following benefits:

Efficiency 

When best practices are implemented, and training and exercises confirm effective response processes and procedures, response plans can be an effective tool for responders. However utilizing web-based, database-driven software allows registered users to swiftly and accurately identify confirmed response contacts, response procedures, and available resources, expediting the response and minimizing impacts.

Effective response plans require cyclical maintenance. As a result of changing personnel, fluctuating external response contacts, and revolving equipment availability and inventory levels, maintaining up-to-date and actionable response plans can be administratively time consuming.

The most advanced web-based software programs utilize a database, allowing for specific repetitive information to be duplicated in the various necessary plan types across an entire enterprise. By eliminating the need for duplicate updates and minimizing administratively tasking duties, plan changes are more likely to be transferred into the system, optimizing the accuracy of the plans and improving the likelihood of an effective response if an incident were to occur.

Accessibility of Plans

Increasing accessibility options while improving efficiency, functionality, and effectiveness can bolster an entire emergency management program. Web-based planning system software offers every option of instant accessibility: via the Internet, downloaded, or printed.

In the event of an emergency, identical duplicate paper plans are typically not available in various locations. If a location-specific incident renders company servers inaccessible, response plans housed on a company intranet may be inaccessible.  Although the intranet approach has improved overall plan and preparedness accessibility, significant difficulties continue to include plan maintenance, version control, and consistency.

Instantaneous Updates

With web-based technology and an Internet connection, revised information is available to all approved stakeholders in “real-time”. Web based software eliminates “version confusion” and allows responders to apply the most up-to-date and tested processes to a response. Microsoft Word or PDF documents are often the culprit of “version confusion”. Multiple versions of paper-based and intranet-based plans can potentially confuse and misinform the response team(s), prolonging a response.

Superior Functionality

Web-based plans can provide hyperlinks, forms libraries, simplified interfaces, and other tools designed to improve streamlined functionality for plan users. Simplifying documentation during an incident enables prompt response progress, improved regulatory compliance, and a more accurate account of the response. Easy to follow response plans allow responders to carry out specified industry and company procedures in accordance with proven best practices responses.

Multi-purpose Data

The ability to duplicate common information minimizes administrative time (and ultimately costs) for managing response plans. Pending industry and regulatory compliance, companies typically utilize more than one response plan. Plan types may include, but are not limited to, the following:

  • Business continuity plans
  • Emergency response
  • Incident action plans
  • Fire pre-plans
  • SPCC plans
  • Severe weather or hurricane plans
  • Crisis management plans
  • Facility response plans

Web-based, database driven plans utilize one database to manage information. This function allows users to effectively duplicate common plan content and revision efforts to all plans and locations that utilize the similar data.

To request a demonstration on how Fortune 500 companies are utilizing web-based planning, click the image below to contact TRP Corp, a web-based response planning system industry leader. 

TRP Corp Emergency Response Planning Demo

Tags: Choosing a Consultant, Tactical Response Planning, Resiliency, Emergency Preparedness, Redundant Systems, Cloud Computing, Regulatory Compliance, Emergency Management Program

Top Five Reasons to Utilize Emergency Management Software

Posted on Thu, Aug 15, 2013

Companies need an enterprise-wide, universally accessible emergency response planning system capable of adapting to every site, regulatory requirement, and plan type. Incorporating a definitive company emergency management system across an enterprise allows for a streamlined and familiar response process. Whether plans are mandated by corporate policy or regulatory agencies, an effectively exercised and accessible emergency response plan can minimize impacts of an emergency on employees, the environment, and infrastructure. The benefits of web-based emergency management systems are:

1. Efficiency:  Effective response plans require cyclical maintenance. As a result of changing personnel, fluctuating external response contacts, and revolving equipment availability and inventory levels, maintaining up-to-date and actionable response plans can be administratively time consuming. Emergency management software should eliminate the need for duplicate updates. The most advanced web-based software programs utilize a database, allowing for specific repetitive information to be duplicated in the various necessary plan types across an entire enterprise. By minimizing administratively tasking duties, plan changes are more likely to be transferred into the system, optimizing the accuracy of the plans.

2. Accessibility of plans: In the event of an emergency, updated paper plans are typically not available from all company locations. Additionally, accessing plans housed on a company intranet may be dubious if an incident renders company servers inaccessible.  Although the intranet approach has improved overall plan accessibility, a number of significant difficulties remain. With an intranet approach, plan maintenance, version control, and consistency across multiple plans remain challenging and time consuming.

Web-based planning system software offers every option of instant accessibility: viewed via the Internet from any location, downloaded, or printed. Increasing accessibility options while improving efficiency, functionality, and effectiveness can bolster an entire emergency management program.

3. Instantaneous updates: With web-based technology and an Internet connection, revised information is immediately available to all approved stakeholders. Both paper-based plans and those housed on a company intranet are often out of date with multiple versions in various locations, potentially misinforming the response team.  Microsoft Word or PDF documents, often the format used in response plans, are cumbersome to revise for various plan types and locations. Web based software eliminates” version confusion” and allows responders to apply the most up-to-date and tested processes to a response.

4. Superior functionality: Web-based plans can provide hyperlinks, forms libraries, simplified interfaces, and other tools designed to improve functionality for plan users. Simplifying documentation during an incident enables prompt response progress, improved regulatory compliance, and a more accurate account of the response. Easy to follow response plans allow responders to carry out specified industry and company procedures in accordance with proven best practices responses.

5. Multi-purpose data: Typically, response plans share common data with a variety of additional plan types including business continuity, pre-fire plans, hurricane plans, and others. Web-based, database driven plans utilize one database to manage this information, effectively leveraging plan content and revision efforts to all plans and locations that utilize that data.

If best practices are implemented, and training and exercises confirm effective response processes and procedures are in place, response plans can be an effective tool for responders. However utilizing web-based, database software allows registered users to swiftly and accurately identify confirmed response contacts, response procedures, and available resources, expediting the response and minimizing impacts.

Resource management is a key practice in the National Incident Management System (NIMS). Web-based software streamlines the resource data incorporated into a response plan allowing NIMS components to be utilized more effectively. NIMS resource management includes:

  • Resource identification: Integrated data allows for all resources to be quantified.
  • Procurement: Through automated contact verification systems, the process of procuring resources is simplified. Accurate contacts, contact numbers, and resource lead times have already been confirmed.
  • Mobilization:  Plan transportation and logistics needs easily identified based on response priorities
  • Track and report:  Web-base response software’s links and forms database allows for easy resource reporting and documentation. Real-time incident management systems can ensure efficient use, coordination, and movement of equipment.
  • Recover and demobilize: Accurate data allocation ensures timely demobilization of equipment, including decontamination, disposal, repair, and restocking activities, as required.
  • Reimburse:  Web-based software contains documentation measures that assisting in tracking costs. This allows for accurate allocations of incident expenses, including contractors, equipment, transportation services, and other costs.
  • Inventory and replenishments: Resource data contained within the web-based software can be utilized to inventory response requirements or site equipment. This feature streamlines the ability to assess the availability of on-site equipment and supplies and determine external resource levels.
For an introduction to web-based planning click HERE:

 

Tags: Data Recovery, Redundant Systems, Cloud Computing, Emergency Response Planning, Data Backup, Safety

Disaster Recovery, Roles, and Responsibilities

Posted on Mon, Jun 10, 2013

The National Disaster Recovery Framework is a guide that enables effective recovery support to disaster-impacted States, Tribes, Territorial and local jurisdictions. It provides a flexible structure that enables disaster recovery managers to operate in a unified and collaborative manner with recovery partners. Although the framework is aimed at the public sector and governmental jurisdictions, companies should evaluate the recovery elements for site-specific applicability, and incorporate pertinent and beneficial aspects.

A business disruption that extends beyond normal operating procedures and exceeds maximum downtime allotment requires a disaster recovery plan. The ability to institute a successful plan requires stakeholders to maintain a clear understanding of post-disaster roles, responsibilities, and objectives.  Clearly defined roles and responsibilities are the foundation to identify opportunities, foster partnerships, and optimize required resources.

Recovery objectives should include the meticulous restoration, strengthening, and revitalization of the site, surrounding infrastructures, and operations. Disaster response operations should prioritize timely and accurate communication to facility managers, critical decision makers, emergency response teams, stakeholders, vendors and contractors, and, if applicable, the public, in order to accelerate recovery without duplicating efforts.

Pre-planning for recovery allows for a collaborative understanding of necessary recovery elements and critical business processes. Business continuity plans should include recovery planning and operational components, including, but not limited to:

RECOVERY PLANNING

  • Coordinate development, training, and exercise of jurisdiction disaster recovery plan.
  • Establish and maintain contacts and networks for disaster recovery resources and support systems.
  • Promulgate principles and practices that further resiliency and sustainability in development and strategic planning initiatives.

RECOVERY OPERATIONS

  • Assess damage
  • Verify facility accessibility and safety
  • Identify internal and external recovery team contacts and contractors
  • Identify the scope of repair work
  • Develop site-specific repair plans and schedules
  • Restore operations
  • Institute mitigation measures
  • Apply “lessons learned” and update plans
The Incident Commander shall initiate the business continuity plan and associated recovery efforts. In the event the incident causes major damage to company facilities, the Incident Commander should serve as primary point of contact for supporting team members during disaster recovery planning and operations. Once the recovery period begins and/or appears that it will extend beyond the recovery capabilities of the facility, the Incident Commander should be responsible for the following:
  • Initialize and coordinate the activities of local recovery organizations and initiatives
  • Work with the Federal, State, and Local agency coordinators to develop a unified and accessible communication strategy
  • Participate in damage and impact assessments with other recovery partners
  • Organize recovery-planning processes to fully engage stakeholders and identify recovery objectives, priorities, resources, capabilities, and recovery capacity
  • Ensure inclusiveness of the community in the recovery process through media and public relations efforts
  • Continually communicate recovery priorities to government liaisons, recovery stakeholders, employees, and the community
  • Incorporate critical mitigation, resilience, sustainability and accessibility building measures into the recovery plans and efforts
  • Lead the development of an actionable and feasible recovery plan based on available funding and capacity
  • Collaborate with government liaisons to identify external financial support for recovery, leverage the resources, and resolve potential duplication of assistance
  • Work closely with the recovery leadership at all levels to ensure a well-coordinated, timely, and well-executed recovery
  • Develop and implement recovery progress measures and communicate adjustments and improvements to applicable stakeholders and authorities

For tips and best practices on designing a crisis management program, download Best Practices for Crisis Management.

TRP Corp - Emergency Response Planning Crisis Management

Tags: Business Continuity, Crisis Management, Redundant Systems, Training and Exercises, Disaster Recovery, Business Disruption

The Need for Common, Enterprise-Wide Response Plan Terminology

Posted on Mon, Feb 25, 2013

Within a company, the difficulty of managing regulatory compliance and response planning grows exponentially with the number of locations or facilities. A systemic understanding and management of business operations within the context of the organization’s culture, beliefs, mission, objectives, and organizational structure should be extended to emergency response planning. For program effectiveness and efficiency, enterprise-wide integration and coordination is necessary to manage multiple response planning functions. While the National Incident Management System (NIMS) Integration Center does not require plain language for internal operations, it strongly encourages the practice of everyday terminology and procedures that will need to be used in emergency situations.

Establishing consistent language across a company’s emergency management structure is critical to provide a common point of understanding. A company must limit the terminology disparities within the company’s emergency management framework in order to align common goals. The following FEMA definitions can serve as a guideline for establishing common company emergency management program language.

Enterprise Management – Enterprise-wide programs and structures, including Business Crisis and Continuity Management, should be aligned and integrated within the overall Enterprise Management structure.

Crisis Communication – All means of communication, both internal and external, used to organize, design, and deliver to support Crisis Management situations.

Risk Management – The synthesis of the risk assessment, business area analysis, business impact analysis, risk communication, and risk-based decision making functions to make strategic and tactical decisions on whether business risks should be ignored, reduced, transferred, or avoided.

Planning – The development of plans, policies and procedures to address the physical and/or business consequences of residual risks which are above the level of acceptance to a business, its assets and its stakeholders.  Planning should be based upon the results of risk management and within the overall context of enterprise management. For companies with multiple locations, each site’s plans should integrate within the overall enterprise management structure.

Program Implementation – The implementation and management of specific programs that support the Crisis, Emergency, and Continuity Management programs within the context of Enterprise Management. Such programs may include, but are not limited to:

  • Physical security
  • Cyber security
  • Business continuity
  • Environmental, health, and safety

Systems Monitoring – Measuring and evaluating program performance in the context of the enterprise as an overall system of interrelated parts.

Awareness/Training/Exercising – A tiered program used to develop and maintain individual, team and organizational awareness and preparedness.  This program can range from individual and group familiarization and skill based training, through full organizational exercises.

Incident Management – The management of operations, logistics, planning, finance, administration, safety, and information flow associated with the operational response to the consequences/impacts of an incident. Through technology, systems are now available that offer real-time incident management.

Incident Response – The tactical reaction to the physical consequences/impacts of an incident. Tactical reactions that support the economic viability of a business may include, but not limited to:

  • Protecting personnel and property
  • Situational assessments
  • Situational stabilization
  • Response operations

Business Continuity – The business specific plans and actions that enable an organization to respond to an incident in a manner such that business units, processes, and sub-functions are recovered and resumed according to a predetermined plan. The recovery efforts should be prioritized by critical function to the economic viability of the business.

Restoration and Transition - Plans and actions to restore and transition a business to “new normal” or “business as usual” operations following an incident.

For tips and best practices on designing a crisis management program, download Best Practices for Crisis Management.

TRP Download

Tags: Business Continuity key points, Business Continuity, Emergency Preparedness, Redundant Systems, Event Preparedness

Industrial SPCC Plans Accessible in Cloud Technology

Posted on Thu, Feb 07, 2013

As web-based technologies become more accessible and mobile, different options for hosting and managing response plans have evolved. Transitioning to a web-based cloud system to maintain your Spill Prevention, Control, and Countermeasure (SPCC) plans can enhance accessibility, portability, and redundancy, potentially easing communication barriers with responders and regulatory audits.

Environmental, health, and safety (EHS) managers responsible for maintaining regulatory compliance for multiple sites may benefit from web-based cloud computing for emergency management. While cloud technology isn’t a new concept, a recent survey conducted by IT industry association CompTIA, found that more than 80% of companies use or have transitioned to some form of cloud technology. The survey revealed that costs, increased flexibility, and newly available resources are the main motivation for moving to a cloud.  The costs associated with effective emergency management, planning efforts, and overall spill prevention are often much less than the costs associated with spill clean up, fines, and other civil liabilities.

The Environmental Protection Agency (EPA) estimates that approximately 640,000 U.S. facilities are potentially subject to regulations under the SPCC Rule:

A facility that stores, processes, refines, uses or consumes oil and is non-transportation-related is potentially subject to the SPCC rule. The EPA requires SPCC plans for facilities that could discharge oil into navigable water and store more than 1,320 gallons aboveground or more than 42,000 gallons underground.

EHS managers responsible for maintaining SPCC compliance can maximize department efforts and communication. With budgets restraints and increasing workloads, reducing plan maintenance costs, improving communication methods, and minimizing preparedness disparities is critical. Word documents, PDF files, and printed binders are burdensome, administratively time-consuming, and possibly inaccurate or non-compliant.

Here are some questions to determine if web-based cloud technology SPCC plan system is right for your company?

  1. Do you have multiple facilities that are governed by SPCC and/or other regulatory requirements?
  2. Is there repetitive company information in multiple response plans?
  3. When was your last SPCC or facility response plan (FRP) audit and would you be ready if an auditor appeared tomorrow?
  4. Does your company already utilize cloud-based technology?
  5. How effectively do you handle contact information updates and verification? How often does this occur?
  6. How often do you print updated plan copies for distribution, and what costs are involved?
  7. How audit-friendly are your plans?
  8. How many individuals have access to your plans and are authorized to make updates?
  9. Are your plans updated quarterly or annually?
  10. How are new regulatory requirements incorporated into plans?
  11. How much time is dedicated to maintaining and updating your plans?
  12. Do you have a record of changes and revisions?

But with a cloud system, redundancy and back up efforts are essential.  In the event Internet connectivity is terminated or inaccessible, emergency managers must have alternative means to access plans. Redundant data centers, scheduled downloads, and security measures must be a part of any emergency management program based on an intranet or cloud.

Response plans housed in cloud technology also has numerous benefits. When employees are equipped with Wi-Fi enabled devices, authorized users can access response plans information from any location. This can aid in response measures if the incident is isolated to a particular location. SPCC plans can also be readily shared with other company locations and external responders who can relay important detailed facility information to those onsite. Additionally, dedicated administrative time associated with plan maintenance, updating, access, and regulatory submission can be minimized.  

The following EPA list highlights some important elements of an SPCC Plan:

  • Facility diagram and description of the facility
  • Oil discharge predictions
  • Appropriate secondary containment or diversionary structures
  • Facility drainage
  • Site security
  • Facility inspections
  • Requirements for bulk storage containers including inspections, overfill, and integrity testing requirements
  • Transfer procedures and equipment (including piping)
  • Requirements for qualified oil-filled operational equipment
  • Loading/unloading rack requirements and procedures for tank cars and tank trucks
  • Brittle fracture evaluations for aboveground field constructed containers
  • Personnel training and oil discharge prevention briefings
  • Recordkeeping requirements
  • Five-year Plan review
  • Management approval
  • Plan certification (by a Professional Engineer (PE) or in certain cases by the facility owner/operator)

For tips and best practices on designing a crisis management program, download Best Practices for Crisis Management.

TRP Download

Tags: SPCC, EPA, Redundant Systems, Cloud Computing