Tag Archive for emergency management

Nuclear Power Plant Emergency Information – An Example of Good Plans

We are currently assisting a company in preparing for certain risks that could impact its employees and/or their ability to work from certain strategic geographic locations.  One of their facilities lies in the Phoenix, AZ area.  Their facility lies within the 50 mile “ingestion pathway” of the Palo Verde Nuclear Generation Station.  Although their facility is outside the 10 mile “plume exposure pathway”, which could be evacuated during a “General Emergency”, some of their employees may live within 10 miles and, they are aware, that panic and confusion could result in many more employees not being available to work during a significant Palo Verde emergency.

This webpage from the United States Nuclear Regulatory Commission (US NRC) provides a good explanation of the two pathway zones and nuclear power plant emergency classifications.

During the course of our engagement we reached out to the Arizona Division of Emergency Management for a copy of the information packets they send to residents within 10 miles of Palo Verde.  Each year, the ADEM, sends out Palo Verde emergency information in the form of a new calendar with instructions and information for residents to follow in the case of emergency.

Without getting into the discussion of “real” risks versus “perceived risks”, I applaud ADEM for compiling this information and making it available to the public.  I think the calendar is well done and is a good example of keeping the plan short, concise and useable at time of need.  Putting the information in a calendar format with appealing and creative content, helps increase the probability that the calendar is actually posted in an accessible and remembered location.

I have not looked at the information provided for residents of other nuclear power stations in the United States, but am sure that the respected offices of emergency management do an equally impressive job at educating the public of the dangers and plans in place to respond to an emergency.

If you are an emergency planning professional, or, if you happen to live near a nuclear power plant (either in the plume exposure or ingestion pathways), I encourage you to take a look at the information provided through the links in this blog.  I think business continuity planners could benefit from trying to keep their plans simple and creative as shown in the calendar example.

Thanks goes out to the folks at the Arizona Division of Emergency Management who so willingly worked with us on behalf of our client.  Their responsiveness in providing us the information through links and in hard copy is much appreciated.

Deadly Volcanoes

Last night I stumbled upon an interesting episode of “Nova” on PBS – “Deadliest Volcanoes”

Now I am not suggesting everyone update their emergency preparedness and business continuity plans to prepare for a volcano eruption, but it did present a pretty scary scenario of just how devastating a volcano can be.  We even have recent history of how volcano ash clouds can be very disruptive to the air travel industry with the recent eruptions in Iceland – (Eyjafjallajökull in 2010) and Alaska (Mt. Redoubt in 2009)

There were stories included about potential eruptions all over the world, including some relatively highly populated regions, including Naples, Italy; Japan; Yellowstone and others.  The Yellowstone situation is actually pretty interesting, because it is not what one would normally think about when considering volcanic eruptions.  The Yellowstone “super volcano” does not include the cone shaped mountain spout that most of us associate with volcanoes. 

Then they started talking about the volcano that practically sits in my backyard!  I am awed by the sight of Mount Rainier each and every clear day that she appears on my horizon.  I have lived here for only 4 years, but natives of the area tell me she is always an amazing sight that you will never get used to.  I knew Mt. Rainier was an active volcano – similar to her sister mountain, Mt. St. Helens, which erupted relatively recently in 1980 with significant damages being incurred – but, never really thought about the risk too much.  Well, this episode has given me a little greater appreciation of what could be in our future.  Interestingly enough, this segment suggested that the eruption itself, as devastating as it may be, would probably be the least of our worries.  No, there is a phenomena known as a Lahar, which is a catastrophic mud and rock slide that flows down the volcano into the valleys below.  A Lahar caused by an eruption in Mt. Rainier has the potential to reach all the way to Seattle destroying much of what lies in its path.  The nearby town of Orting, WA, even has a Lahar warning system installed in their community. 

I found this episode to be very educational and informative.  You may want to watch it, too.  Unfortunately for me, my seven year old son was listening to the show from another room and is now terrified by that beautiful mountain that we often hike near and around.  I hope he is not so scared that he won’t want to take another hike out there with me – it is truly inspiring. 

Check out this show if you have time – and, check out the risks that might be near your places of business.

Goodbye 2011; Hello 2012

My how time flies.

An entire month went by without a single blog being posted to this site.  What was I thinking!?

The good news is:

  • Business at Safe Harbor Consulting has picked up and I have been busy spending time on other, income generating tasks.
  • I took time off in December to spend with my family and friends and let this blog take second priority for a while.
  • There have been no real big, disaster events demanding my attention and prompting me to write a blog.

The bad news is: 

  • I have been experiencing a little writer’s block and have been challenged to come up with new topics to write about.
  • I have received little feedback from blog readers on my postings and have wondered about the effectiveness of this tool.
  • Business at Safe Harbor Consulting has picked up and I have been busy spending time on other tasks.  (Sometimes, news is both good and bad.)

But alas, it is time for the New Year’s resolutions to kick in and I must, at least, try to fulfill one resolution before the month of January expires.

I hope everyone had a terrific holiday season and a safe and happy New Years.

2011 was an interesting and eventful year for many of us in the Business Continuity and Emergency Management arena.  If the Mayans are correct, 2012 will prove to be even more so.

If you have any subjects or ideas you would like me to try to tackle in the next few blog entries, by all means, let’s hear them.  Otherwise, I may ask you to bear with me as I repeat a few topics, with perhaps, a new spin or refocused emphasis.

May 2012 bring you much joy, happiness and few disasters – at least none that you can’t recover from.

Happy New Year,

Joe Flach

Calamityville

Having spent some time visiting my brother and his family this past weekend, we finally got to talking about how our individual specialties have real synergistic potential to help advance and improve our own fields of expertise.  My brother, Dr. John Flach, is the Professor and Chair of Psychology at Wright State University in Dayton, Ohio.  John (I don’t have to call him, Dr. Flach) specializes in Human Factors Engineering and has been spending a lot of time studying human factors at time of crisis.

John put me on to this Calamityville project at Wright State which sounds rather interesting.  I get all goose-bumpy thinking about how this could be applied to a number of emergency response practices and organizations.  Interesting stuff I thought you might like to check out.

We then spent a few hours watching a near-disaster take place as my alma mater, the Ohio State University, nearly lost a football game to the University of Toledo – but, that is another story for a different kind of blog.

Check out the Calamityville website and let me know what you think.  Does this sound like something that will work and have potential to give us greater insight in crisis response techniques and practices?  Your comments are welcomed – just don’t tell me you are a Michigan fan!

A Business Continuity Football Analogy

Football season is just around the corner – and, I love football season.  So, in keeping with the season, I thought I would use a little football analogy for today’s blog.

Imagine you are the head coach for a football team.  You work long and hard in putting together a playbook with complicated blocking schemes, stunts, trick plays, disguised coverages, blitzes, audibles, etc.

Now imagine that you put the playbook on the shelf just waiting for a game to begin.

You wouldn’t do that, would you?  No.  You would give it to your players and expect them to study it in great detail, memorizing their assignments and what is expected of those around them.  You would practice the plays, looking to improve performance and perfect each and every play so that when game time comes, you are prepared.

Now imagine you are the manager of a crisis management program.  Yeah, I think you get the point.

Yet, many organizations do exactly that.  They invest time and money in putting together quite sophisticated emergency response, business continuity and disaster recovery plans but do not distribute them to the “players” to study and memorize, do not routinely practice them under varying downs and distances, and just sit back waiting for the whistle that begins the game.  And, remarkably, wonder why things did not go well when a disaster occurs.

So, my recommendation is, wipe the dust off your playbook, distribute it widely and get down to some serious practicing – maybe not two-a-days, but more than once-a-years – or, prepare yourself for a losing season.

Disasters With Warning and Those Without

In just a matter of days, locations on the East Coast of the United States will experience both a disaster that comes with some advance warning, in Hurricane Irene, and a disaster that seemingly pops up out of nowhere, with no advance warning, in the earthquake centered in Virginia.
For events like a hurricane, organizations should have a checklist of actions to take 72, 48 and/or 24 hours before impact that can prepare them for the potential threat and lessen the impact of the event.
For scenarios like the one that played out yesterday on the east coast, organizations need to be ready in a moments notice to react, respond and recover from the threat.
Luckily, yesterday’s earthquake had limited impact to both domestic and corporate facilities – although there may have been a few laundry bills that had to be paid.  And, hopefully, Hurricane Irene will, likewise, have limited impact on the East Coast.
In both cases, however, there should be plenty of opportunity to learn a few lessons to improve our overall disaster preparedness posture – let’s hope organizations take advantage of this opportunity.
And, even if your company or home does not and did not lie in the path of either of these two events, you can prepare yourself for similar scenarios and … test, test, test your level of preparedness through plan walkthroughs, table top exercises and/or mock disasters.
I hope you fared well in yesterdays earthquake and that Irene decides to pass us by unharmed.  But, I also hope each event allows you to take advantage of the heightened awareness of the possibility of crises to update, improve and better socialize your crisis management, emergency preapredness, business continuity and disaster recovery programs.

Business Continuity Self Help Websites

If you don’t think business continuity and emergency preparedness planning have become mainstream topics in corporate America these days, you just are not paying attention.  Years ago, in social settings, when asked what I do for a living, I simply answered, “I’m a management consultant.”  If asked what kind of management consulting in particular I would just say, “Technology related”, because it was too hard to explain business continuity or disaster recovery to the uninformed in a social setting.  Nowadays, I see billboards while driving down the road promoting emergency planning and disaster recovery.  I hear commercials on the radio and even television commercials promoting companies that perform roles in the field.  And, try doing an Internet search – pages upon pages of information pop up.  Now, when in a social setting, if I say I am a management consultant specializing in crisis management and business continuity planning, not only do people know what I am talking about, but most of them have some firsthand experience with these types of programs and issues.

This is both good news and bad news for me.  Good, in that people can relate to what I do and understand the need for my services – Bad, in that people are getting educated on the planning process and there is much more competition in my field of expertise.

Even so, I would have to say the good outweighs the bad.

And, even though it might not be good business practice to point folks to tools that can help them prepare without the consulting services of a firm like Safe Harbor Consulting, I just have to let you know that there are some terrific websites out there that can help the small to medium business owner develop their own plans.  One, for example, is the Ready Business website sponsored by FEMA.  Take a look at this site – it might give you some good ideas on what to include in your programs.

No need to thank me – just when you complete your plans and want some help on how to test and exercise them, give us a call, perhaps we can help with that.

Emergency Notification / Crisis Management Tool: MissionMode

There are plenty of good automated notification and crisis management tools out on the market today.  One that I have recent, in depth, hands-on experience with is MissionMode.  And, like all the other similar tools out there, the value and benefits you realize from the use of this product are directly related to how you plan for and implement its features.

Too often, I see organizations rush to implementation of a new software product without first spending the time to properly design and strategize over the best use of the product.  Going back and fixing obvious implementation mistakes, poorly thought out naming conventions, or complicated hierarchy and categorization schemes can be costly, both in terms of hours spent and in the damage done with the confidence and conviction of the user community.

Having said that, I think that if implemented properly, MissionMode can satisfy most organization’s emergency notification and incident management needs.

Like I said, similar to other tools of this nature, it will take time to install properly – you do not plug it in and have instantaneous automated notification at the click of a switch.  You need to give some thought to the proper user naming conventions, incident templates, notification groups and what notification devices to use for which incidents.  If possible, I would recommend reaching out to other MissionMode users and gain some ideas from them on what they found out works and does not work well for them.  Or, you can get assistance from a consulting company that has experience with the product – oh, I don’t know, maybe a company like Safe Harbor Consulting, perhaps (gratuitous self promotion warning!).

And, of course, how you train end users and how you test (and the frequency in which you do so) the product will greatly influence how well it is received and used in your organization.  Although a relatively easy, user friendly tool – like all other similar products – if not practiced and routinely accessed, your user community will forget passwords and be clumsy with its usage – all of which, limits the effectiveness of the tool at time of need – during a crisis.

I did find the folks at MissionMode willing to listen; work with you; and, give serious consideration to your proposed product enhancements and changes.  They are not a market leader in the industry yet, but are willing to do what it takes to help change that fact.

You may find better tools for emergency notification or better software for crisis management – but if you are searching for one tool that combines both disciplines in one product, I would recommend that you include the evaluation of MissionMode in your software cost/benefits analysis.

Monitoring Developing Threats

Traditionally, business continuity and disaster recovery planners are responsible for identifying the needs for continuity and recovery of business and technology operations after a business or technology interruption event occurs.  The planning methodology also includes analyses to identify potential threats to the business / technology environments and to speculate on the probability a particular type of event might occur.  Some programs also include policies and procedures for responding to the event as it unfolds within the aspects of an Emergency Response and Crisis Management program. 

My question for this blog entry is:  Who monitors the current state of affairs and tracks potential threats that may be developing?

In some environments, there are active Security Departments who constantly monitor potential, developing threats.  I have seen a few Business Continuity Programs that maintain an active Command Center monitoring the stability of work environments.  But, for the most part, I think most organizations do not have any department or area responsible for this task.

This may only be a relevant issue for large, multi-national firms.  If your organization has facilities in hurricane prone areas, who monitors the pending storms to identify facilities that may be at risk when storms develop?  If your company has facilities in unstable political environments, is someone responsible for monitoring civil unrest threats that may develop?  If an earthquake occurs, or a nuclear explosion were to happen, or a volcano erupt, or a chemical spill happen – how quickly would your organization know whether or not one of its facilities and/or employees are in harm’s way?  How quickly would a Command Center be established that can monitor and track the response and impacts of such an event?

How proactive is your organization in monitoring developing risks and threat before they have a detrimental impact on your facilities?  How proactive should it be?  I don’t believe there is a one size fits all answer to this question, but I do think it is something every large firm should consider.  Identifying potential threats in advance of them having an adverse impact on your organization may be the difference between a successful response and a failed one.

At the very least, it might be useful for business continuity and disaster recovery planners to routinely check out the FEMA website for disaster events and developing threats.  And, if your organization does track these threats through another department, such as the Security Department, make sure you are aware of their notification and escalation process and that your team is included in the loop.

Adjusted Recovery Confidence Factor ©

A couple of the groups that I am a member of in LinkedIn, (in particular the Association of Contingency Planners Group and the Disaster Recovery Journal Group) have an active discussion topic on what is the one most important reporting metric to share with your executive management team?

This got me to thinking – and when I think, trouble starts.  To me this is a challenge, not to pick the one most important metric, but to create a metric that allows me to share the most information concerning the program.  So, time to get creative.

So, what I would do, because I can be a jerk sometimes, is to provide a metric that makes them ask me to explain it.  And, what I came up with is…

The Adjusted Recovery Confidence Factor or ARCF.

Imagine if you went in the board room and simply announced, “Concerning our Enterprise Emergency Management Program, we have an Adjusted Recovery Confidence Factor of 54%.  Any questions?”

Oh, so you want to know what the ARCF is?  Well, let me explain.

The ARCF is our Recovery Confidence Factor multiplied by a Confidence Adjuster and a Documentation Adjuster.

The Recovery Confidence Factor (RCF) is the # of Critical Business Units (CBUs) that have executed Successful Recovery Tests (SRT) in the past 12 months / the total # of (CBUs).

A  SRT is a test in which the business units have achieved the pre-defined Recovery Time Objectives (RTO) as established in our Business Impact Analysis.  CBUs that do not have pre-defined RTOs, by definition, cannot have conducted a SRT.

The Confidence Adjuster (CA) is a value, as a percentage, that depicts our confidence that we have identified the right CBUs.  If the CBUs have been established as a result of conducting a thorough and complete BIA, the CA is 100%.  Otherwise, it is a subjective number based on the process we went through to define our CBUs.

The Documentation Adjuster (DA) is a value, as a percentage, that depicts the degree in which our recovery program is supported by fully documented recovery procedures that eliminate our dependency on our most expert and experienced resources to execute the recovery solutions.

So, for example, you might report:

We have 20 CBUs.

Although we did not conduct as thorough a BIA as best practices suggest, I am 90% confident that we have identified the right CBUs.

Of the 20 CBUs, although all of them have participated in tests, only 15 of them successfully demonstrated the ability to meet their RTOs.  The other 5 have some issues that must be resolved prior to the next test.

The documentation that supports our entire recovery process is, in my estimation, 80% complete.  There are some plans that require maintenance and some recovery procedures that are not fully documented.

So, our Recovery Confidence factor is 15 CBUs with SRTs / 20 CBUs or 75%.

And, our Adjusted Recovery Confidence Factor is our RCF of .75 multiplied by our Confidence Adjuster of .90 and our Documentation Adjuster of .80 (.75 X .90 X .80) for a final ARCF of 54%.

So there.  By reporting one metric, I was able to share a lot of information about our program.

Will this work in a real world situation?  Probably not – but I kind of like the ARCF©.  I think I will keep it.