Archive for Disaster Prevention

Another Day, Another Headline

So, if you and/or the organization you work for are not yet convinced that you need complete and well-rehearsed Emergency Response, Disaster Recovery, Business Continuity and Crisis Management Plans in place today – I am not sure that you will ever be convinced.

In the past few days we have seen an example of an emergency caused by a direct and willful act to cause harm and destruction in the incident at the Boston Marathon; and, an example of an emergency caused through accidental means in West, Texas.  These events occurred as some companies continue to assess their responses to and management of the disruptions caused by Superstorm Sandy – an example of an emergency caused by nature.

Unfortunately, we don’t have to go very far back in our recent history to discover other compelling examples of why we need to be prepared for these types of emergencies and catastrophes.

It has been less than two weeks ago since I delivered a final Findings and Recommendations Report to a large international company with numerous physical locations in the Northeastern United States that were impacted by the carnage caused from Superstorm Sandy.  This analysis included the evaluation of other, like sized companies, in the region and how they responded to and managed this incident.  One of the not-so-surprising conclusions reached was that the ability to efficiently and effectively respond to this event was directly related to the amount of pre-planning and plan exercising that had been completed in the years prior to the storm.  This is a common finding following most of these types of incidents.  Those organizations that prepare for and practice their responses to emergencies fare better during these events than those that do not.  This only makes sense.

What stops many organizations from preparing and exercising is their belief that they are not susceptible to these types of events.  The headlines of the past few days, few months and few years, suggest that that is just not true.  Everyone is at risk.  Even if you are not in an area that experiences violent weather events, floods or earthquakes; even if you operate in an area that is relatively secure and isolated, the Boston Marathon and West, Texas incidents should prove – that it just doesn’t matter.

Bad things can and will occur.  Be prepared.  You owe it to your employees, your customers and family.  If you think otherwise now, you are just not paying attention.  Hoping that nothing happens is no longer a valid strategy.

Once again – our thoughts and prayers go out to yet another community in West, Texas, having to deal with the tragic loss of lives and homes.  I hate to think about what the next headline might bring.

The Boston Marathon Tragedy

I am always hesitant to immediately write about lessons to be learned from a tragedy such as what occurred during the recent Boston Marathon for fear that it might come across as an ambulance chasing kind of attempt to garner attention or attract more business.  But, on the other hand, it is when the news is news and people are focused on the incident and the meaning behind it, that the lessons can most readily be learned.

First of all, let me make it clear that my first thoughts are always with the victims of such a tragedy.  I cannot imagine the horror and pain suffered by those who were so horrendously impacted by this heinous act of cowardice.  To be enjoying what should be a moment of pride and celebration for just crossing or nearing the finish line with your loved ones waiting to share the accomplishment with you and to have it all interrupted in an instant of violence is simply devastating.  Even though I work in emergency preparedness and crisis management, I cannot help but shed tears every time I watch these events unfold.

There will be many so-called “lessons learned” that come from this incident.  Some of them valid; some of them, simply, the wrong conclusions.  The news media is and will continue to step all over each other trying to get the better story and trying to out-analyze the other channels in an attempt to gain greater market-share.  There is still much to assess and much to learn.  Most of the real, valid conclusions are still weeks away – when, unfortunately, some other news story will steal the headlines and those of us that were not directly impacted will have moved on with our lives.

At this point in time, I can merely speculate on what will be discovered, but I do have some of my own opinions.  I think that this event shows us that the U.S., that for such a long time, has been somewhat void of the risks and threats of terrorism when compared to many of our international friends, must now acknowledge that we are susceptible to these types of risks.  And, in my opinion, I think we will learn that this type of terrorism does not require a sophisticated, organized and well-financed group with a political agenda to carry out such an incident with relatively large impact (considering the numbers of people injured).  No, I think we will learn that any idiot with access to the internet and with evil in their heart can pull off this type of terror.  What this means is – everyone, everywhere is fair target for such a tragedy.

There are already many people, and there will be more, second-guessing the security at this event and calling for more stringent security for future, similar events.  I, personally, don’t think that is the answer.  There is always more we can do to try to prevent these occurrences, but, I think this incident shows us that there is always an opening for terrorism.  Where ever you have mass gatherings, there is an opportunity for someone(s) to do damage.  Yes, we need to do everything we can to prevent these tragedies but there is a point where prevention starts to hinder our freedoms.  The other side of the equation is to be prepared.

I have already heard many people suggest that we need to keep on living, and I agree.  But, we can keep on living with a higher level of preparedness.  I think the people of Boston responded pretty well to the tragedy.  The level of preparedness they had for foreseen medical issues resulting from running a marathon were leveraged to help respond to this unforeseen incident.  The people they had in place managing the event were the right people for responding to this tragedy and, I think, they responded admirably.

There are other things we can do as individuals to be better prepared for incidents such as this.  Having pre-established meeting areas – including virtual meeting places via common people to call – is just one example.  There are others that I am sure you have already read about in other articles.  I am just going to go way outside my area of expertise and way outside the considerations of business continuity and suggest that one way we can help prepare ourselves for these types of tragedies is to remember to say our “I love you”s before we are impacted by these types of events.

I am about to board a plane to the Continuity Insights Management Conference in San Diego.  I am sure the Boston Marathon tragedy will be vastly discussed, formally and informally, by the many professionals that will be in attendance.  I am sure to hear a wide variety of opinionated causes and corrections – some, I will learn from; some, I will shake my head at.  What I am going to make sure I do, however, is to say my “I love you”s before getting on the plane.  That is one lesson we should never forget.

Out with the Old In with the New

Well, we are now several weeks into the new year and, as crisis management and business continuity professionals, we are happy to see 2012 in our rear view mirrors.  Maybe it is just the relative recentness of Hurricane Sandy, or the fact that she devastated such a wide and highly populated area in the United States, but 2012 seemed to have been a very busy year for business continuity planners.  And, this is not just in terms of responses to a number of disasters, but also in terms of preparing for high-risk events such as the London Olympics, the US Presidential Party Conventions and several Political Summits throughout the region.

I guess some of the reasons we were so busy are good reasons.  I am witnessing a much higher level of awareness for the potential of business interruptions occurring from mass gathering events.  I have been somewhat impressed with the levels of preparedness from both the public and private domain for events such as the Olympics and the Conventions.  It seems people are starting to realize the benefits of the private and public sectors working together in preparation for these events.  Coordinating work schedules and being aware of commuting challenges and potential mass gatherings, coupled with work from home solutions and proactive strategies for shifting work-flows and employees away from the congestion during the most active event times, seem to all have helped businesses and communities cope with the challenges of hosting such events.

And, I think, by planning for these kind of scheduled interruptions, our programs have been strengthened and improved, allowing us to better respond to the unscheduled interruptions that seem to be happening at an alarmingly more frequent rate with a much wider footprint.

This article from Huffington Post does a pretty good job in summarizing the challenges we experienced in 2012 caused by disaster.  Even though there are a number of “disasters” associated with wildfires in the US this past year, there are enough other events that support my statement that 2012 was a busy year.

The one quote that stands out to me in the Huffington Post article is from the acting director of the U.S. National Weather Service, Laura Furgione, who states, “The normal has changed, I guess. The normal is extreme.”  Well, if extreme is our new normal, it is up to all of us to make sure that “prepared” is our new posture.

Whereas, I am glad to put 2012 behind us, I am also anxious to make sure that we, as planners, have grown and applied the lessons learned from these events in our 2013 and beyond plans.  Do not fall into the trap of believing what we learned from Hurricane Sandy only prepares us for the next Hurricane.  Focus on the impacts.  Some of the lessons learned from Sandy are applicable for any event that immobilizes a large portion of our workforce, or forces closure of a number of our key facilities, or results in widespread power outages, and on and on.

The German writer, artist, politician Johann Wolfgang van Goethe once said, “The greatest tragedy in all of life is to experience the pain but miss the lesson.”   I hope that the pain experienced in 2012 was not for nothing.

Now, bring on 2013.  I can’t wait to see what she has in store for us.

Are We Prepared for the Next Disaster?

I found and listened to this NPR radio story titled, “Is the U.S. Prepared for the Next Disaster?”.  Even though this interview was conducted a year ago, I think the message is still valid and important.

I think the interviewee, Craig Fugate, does a good job in identifying a problem with past disasters being a failure to engage the proper level of support through a formal request for assistance.  Although Mr. Fugate doesn’t use this term, I like to label these the “triggers to engage”.  One of the biggest problems with the response to Hurricane Katrina was that Federal authorities assumed the trigger to engage was a call from the local authorities, whereas the local authorities thought the trigger to engage was the event itself.  While Federal agencies were waiting to be asked for help, local agencies were sitting and waiting for the help to arrive.  Meanwhile, crucial time was slipping by and the losses and damages were escalating.

I was glad to learn that FEMA now self-engages not only when an incident occurs but also when the threat of incident rises.

I think this is an important lesson to learn and address in our own plans.  I think it is important to identify and practice those “triggers” for engaging certain components in our Emergency Response, Business Continuity and Disaster Recovery Programs.  What are the “triggers” for: putting vendors on alert; communicating with employees; mobilizing resources; alerting customers and other stakeholders; declaring a disaster; etc.?

Also, Mr. Fugate notes that having a single entity in charge introduces a single-point-of-failure in the response process.  Whereas, I understand his point, I also think it is important to mention that when you have lots of links in your communication and control “chain” you have lots of opportunity for the chain to break.  If the mayor engages the governor who engages the president – well, there are lots of mis-engagements that can occur.  And, if one link in the chain breaks, all the links that follow are missed.

I agree with Mr. Fugate that we are better prepared today than what we were in the past, but saying you are in better shape today than you were when you were grossly out of shape, does not mean you are in good shape.  Unfortunately, I also believe that the further removed you are from the last significant event, the more likely you are to get back out of shape.  We are never more prepared to respond to a disaster than we are immediately after a disaster occurs.  Lessons learned are fresh in the mind, implementation guidelines and procedures are reviewed, refreshed and rehearsed.  But, as time goes by, we start to, once again get complacent and once again start to slip back into our bad habits.  And, as soon as we start to believe we are in good shape, I start to get more worried.

In conclusion, I think this is a terrific interview with important messages that are worth listening to again.  I encourage you to think about and rehearse the “triggers” in your program and to identify potential weak links in your communications and engagement chains.  And, never allow yourself to believe we are prepared for the next disaster … continue to work on improving your level of preparedness.  After all … how do you think people would have responded to the question, “Is the U.S. Prepared for the Next Disaster?” on September 10, 2001?

Preparing for the London Olympics

I am assisting a client in developing contingency plans for their London offices in preparation for the upcoming 2012 Olympics.  We are researching possible risks, threats and disruptions based on past Olympics and past London-area events.  And, believe me, there is plenty of material there to raise a concern.

In this process we have developed two paths of recommendations: Precautionary Strategies and At-the-Ready Contingencies.

Precautionary Strategies are actions we recommend be taken to lessen the possible impacts of disruptions that are likely to occur.  These actions require no triggers to enact; we recommend following this course of action simply as a matter of business during the Olympics.

Precautionary Strategies include:

  • Scheduling work-from-home times where the capability already exists and the disruption to work flow negligible.
  • Rerouting business processes to non-London offices where this can be easily accomplished and does not stress the remote offices work flow.
  • Utilizing facilities outside of the Olympic parameters where possible.  This may include working out of their business continuity work sites if this can be managed at little expense.

Precautionary Strategies will be temporary, low cost, easy to implement and low disruption activities that can remove some of the stress that the Olympic events may cause.

At-the-Ready-Contingencies are more of your typical business continuity solutions that will be engaged only if threats and disruptions occur.  These actions will include identified triggers that must be monitored and tracked throughout the Olympics.  Most of these strategies, hopefully, are already in place as part of their existing Business Continuity Program.

The London Olympics will certainly disrupt the commuting processes to London area businesses and introduces a threat of civil disorder, terrorist activity, and security breaches.  London area companies should be well aware of the Olympic footprint and understand the traffic flows that may interfere with their employee’s commutes.  And, these interruptions and threats will exist for pre-Olympic activities as well as for the Paralympics that follow.

Where possible, we believe London area businesses should evaluate the possibility of minimizing their London-based business activities during this event to lessen the possible impacts to their firms.  Wherever you can take precautionary steps at low expense, it might be advisable to do so.  And, of course, you should brush the dust off your Business Continuity Plans and ensure that your recovery strategies are still viable given the risks this event incurs.  For example – if your alternate site locations are also within the Olympic footprint, you may need to establish a temporary other location during this event.

Certainly, there will be plenty of security provided and lots of precautions and contingencies put in place by the local and national authorities.  Be sure you are aware of these plans and make sure that your plans will work within the parameters provided.

We hope for a smooth and exciting Olympics in 2012 – let’s just hope all of the excitement is on the athletic fields and within the competitive framework of the games.

Deadly Volcanoes

Last night I stumbled upon an interesting episode of “Nova” on PBS – “Deadliest Volcanoes”

Now I am not suggesting everyone update their emergency preparedness and business continuity plans to prepare for a volcano eruption, but it did present a pretty scary scenario of just how devastating a volcano can be.  We even have recent history of how volcano ash clouds can be very disruptive to the air travel industry with the recent eruptions in Iceland – (Eyjafjallajökull in 2010) and Alaska (Mt. Redoubt in 2009)

There were stories included about potential eruptions all over the world, including some relatively highly populated regions, including Naples, Italy; Japan; Yellowstone and others.  The Yellowstone situation is actually pretty interesting, because it is not what one would normally think about when considering volcanic eruptions.  The Yellowstone “super volcano” does not include the cone shaped mountain spout that most of us associate with volcanoes. 

Then they started talking about the volcano that practically sits in my backyard!  I am awed by the sight of Mount Rainier each and every clear day that she appears on my horizon.  I have lived here for only 4 years, but natives of the area tell me she is always an amazing sight that you will never get used to.  I knew Mt. Rainier was an active volcano – similar to her sister mountain, Mt. St. Helens, which erupted relatively recently in 1980 with significant damages being incurred – but, never really thought about the risk too much.  Well, this episode has given me a little greater appreciation of what could be in our future.  Interestingly enough, this segment suggested that the eruption itself, as devastating as it may be, would probably be the least of our worries.  No, there is a phenomena known as a Lahar, which is a catastrophic mud and rock slide that flows down the volcano into the valleys below.  A Lahar caused by an eruption in Mt. Rainier has the potential to reach all the way to Seattle destroying much of what lies in its path.  The nearby town of Orting, WA, even has a Lahar warning system installed in their community. 

I found this episode to be very educational and informative.  You may want to watch it, too.  Unfortunately for me, my seven year old son was listening to the show from another room and is now terrified by that beautiful mountain that we often hike near and around.  I hope he is not so scared that he won’t want to take another hike out there with me – it is truly inspiring. 

Check out this show if you have time – and, check out the risks that might be near your places of business.

Critical Data: Don’t Overlook the Hardcopy

I know we like to think we now work in a paperless society, but the fact is, we do not.  There are still plenty of industries and processes that rely on hardcopy documentation for historical records and in support of daily operations.  Business Continuity and Disaster Recovery programs often overlook these vital records as they focus on technology and electronic medium – I caution you not to fall into this same trap.

In know this to be true, especially in airlines, medical and educational organizations as well as in some financial services and other industries. 

For example:

Airlines are required to maintain and have access to all mechanical and maintenance records for each and every aircraft that they fly.  In many instances maintenance initiatives issued by various agencies are printed and given to the mechanics and engineers who then make handwritten notations and sign off on the printed form.  These printed forms, with their notations, become the official record of the maintenance activity in compliance with the initiative.  Should this physical, hardcopy record be destroyed or lost, the plane (or an entire fleet of planes) will have to be grounded until the maintenance check is performed once again and a new record created.  Some airlines maintain these records in a single location and do not scan or digitally record the information (keeping costs down, you know).  Should the facility housing these documents go up in smoke, it could take months or longer to recreate the audit trail for those planes – which, by law, must be grounded until proof that all the maintenance initiatives have been completed.

Many medical offices maintain a slew of forms and doctor reports in handwritten form.  Just notice all the filing cabinets up and down the halls in your doctor’s office.  These records are seldom scanned or stored electronically and are susceptible to numerous risks and threats.  The same is true for school records and other information gathered in handwritten forms.

Financial services firms and brokerages still house plenty of hardcopy documents in the form of payment instructions and customer documentation that could cause plenty of financial exposure and compliance irregularities if lost or destroyed.

For those of you who think that we operate in a paperless society, just take a look around and count the number of filing cabinets still in use.  What do you suppose is kept in all this space?  And, what would be the cost or impact to the organization if they were permanently destroyed?

Now, I am not saying this is true in every environment.  Certainly there are many, many offices and industries that truly have no exposure to hardcopy documentation and information.  I am just suggesting that your risk analyses, impact analyses and recovery requirements analyses do not simply overlook this potentially critical information base and include consideration of this potentially risky business practice.

Backing up or electronically scanning and storing hardcopy documentation, especially historical documentation, may be something your organization needs to look into.  There are plenty of vendors that can help you achieve this end.

Disaster Preparedness: A Risky Combination

At the risk of having a bunch of folks attack me for being an alarmist and pointing out how uninformed I am about the real vs. perceived dangers from nuclear power plants, I am going to go ahead and post this blog any way.

I am working on a couple of unrelated projects with tabletops and risk analyses.  One company is planning a tabletop exercise around an incident at a nuclear generating plant near one of their campuses and another is concerned about potential risks from earthquakes.  Just as a hoot, I thought I would combine the two risks and do an Internet search on “nuclear power plants near earthquake fault lines”.  And, I thought I would pass along what I found and let you decide if this is worth losing any sleep over.

Now, I am going to post a few links to stories I found that suggest there might be a concern with nuclear sites near fault lines.  I do recognize many of these websites as being those that others have told me are “whackos with an agenda” – but, then again, perhaps some of those folks who are just as adamant that this is all a bunch of hyped up fear mongering, have a bit of an agenda themselves?  I’m sure it’s probably somewhere in between; maybe not as bad as some of these sites might suggest, but, maybe a bit more risky than some nuclear specialists are willing to admit.  Anyway, I am not an authority on either side of this argument, just passing on some information I found.  I will let you be the judge.

STORIES ON NUCLEAR PLANTS NEAR EARTHQUAKE FAULT LINES

Like I said, I just did this out of my own curiosity.  The one thing I did learn from my quick research is, I am not the first one to ask this question.  Those who wish to accuse me of unnecessarily alarming others, I want to assure you I have not passed these findings on to any clients indicating they have a risk to be concerned about.  I am simply posting links here in the blog for other professionals to take a look at and come to their own conclusions.

I do welcome, however, comments from anyone who wishes to refute the reports, chastise me for passing the links along, or to, heaven forbid, thank us for thinking about looking into this possible threat.

Emergency Preparedness Plans: Evacuating Persons With Disabilities

Do your emergency evacuation plans include procedures for assisting persons with disabilities?  The American Red Cross has a few tips for how to go about this on their website.  Although they seem to no longer use the term “Buddy System” it seems to me that that is what they used to call it years ago.

When I did a little research on this lately, I found many University plans that include some pretty good documentation on their “buddy system” approach for this.  I have included some of them here for you to look at for yourself.

What I have found, over time, is that even for those organizations that have a pretty well established “buddy system” in place it is usually well implemented for people who have permanent disabilities but not so much for those who may have temporary disabilities like a broken leg, recovering from surgery, or, although not a disability but a condition that may require evacuation assistance, women in their third trimester pregnancy.

I am not always up on the most recent politically correct terminology, but I know some folks who have taken to using the term, “mobility challenged individuals”.  This is probability a more apt description that would include pregnant women and other similar situations that are not disabilities but could result in the need for evacuation assistance.  I remember talking to first responders who helped with the evacuation of the World Trade Center following the first bombing in 1993 and they told me that they were surprised by the number of pregnant women requiring assistance – some of them were evacuated up to the roof top because they could not go down some 100 flight of stairs in complete darkness.  (Just an aside you may not be aware of – during the evacuation in 1993 they discovered that there was no emergency lighting in the stairwells.  People had to evacuate in complete darkness.  Not only that, but they did not know that stairwells only traversed about 30 floors, requiring an exit to a lobby area to find the next set of stairs.)

Persons with permanent disabilities are somewhat used to and less embarrassed by seeking assistance and pro-actively engaging in a buddy system program.  They can be assigned and trained with a buddy(ies) prior to an actual evacuation.  And, HR usually knows who these employees are and can solicit their involvement in these programs.  Persons with temporary mobility challenges are less likely to be aware of the program; are less likely to identify themselves as someone who might need a buddy; and, are less likely known by HR personnel.

If your program includes floor wardens, you should alert them to be aware of employees who might have temporary disabilities and train them to delicately approach these individuals to educate them on the buddy system and try to assign them a buddy until their recovery is complete.

If your organization has a buddy system in place – thank you!  If not, maybe you might want to check out a few of the links provided.  Thanks, Buddy.

The Next Disaster

So is your “Falling Satellite Hits Building” plan up to date?

Although I do not think this is a serious threat and do not suggest anyone become too alarmed by this story, I am somewhat amused with the quote:

“Since the beginning of the Space Age in the late-1950s, there have been no confirmed reports of an injury resulting from re-entering space objects. Nor is there a record of significant property damage resulting from a satellite re-entry.”

For many disasters that occur throughout history, prior to the event, you could probably safely say there was no record of that particular event occurring.  For example: Were there any records of significant damage resulting from a tsunami compromising a nuclear power facility?  Were there any records of significant damage resulting from terrorist attacks into high rise buildings with hijacked airplanes?  I could add a few more, but think you get the point.

Now, I am in no way suggesting that this threat has the potential to equal either of those two events – or, to even cause any damage at all – I am just saying, we cannot always rely on history to indicate what the next crisis might be.

Please, do not confuse me with Chicken Little here, running around yelling, “The sky is falling, the sky is falling” – I really am not an alarmist, despite the occupation I have chosen – I am merely pointing out the lack of assurance I get hearing someone say, “Well, this has never happened before so why should we worry about it”.

Do not activate your Command Centers monitoring “the satellite threat”.  Do not put business areas or your recovery site vendors on alert.  I am merely suggesting, do not expect your next disaster to necessarily have a historic precedent.

Now go out there and have a great day – just look up every now and then.