Tag Archive for emergency response

Your Plandemic – The Plan to Plan Plan

Now that the Ebola virus has made its way to the United States and we enter the traditional US Flu season, companies are beginning to revisit and/or develop Pandemic Plans to address this scare.  But, Pandemic Planning is a little bit different than your standard business continuity plan development process.  I have often chastised organizations for saying they have business continuity or disaster recovery “plans” when all they really have are plans to create plans, but, in the case of pandemic planning, I think, that is actually the right approach to take.

The reason why it is so important to have well developed and relatively detailed business continuity plans, strategies and solutions in place today is that most disasters occur without warning and do not provide the luxury of time to figure out what to do after the incident occurs.  Pandemics represent an evolving threat that comes in various shapes and sizes and does afford us a luxury (if that word really applies here) to construct a response plan based on the particular pandemic that poses the threat.

The “Pandemic Influenza Risk Management / WHO Interim Guidance” published by the World Health Organization in 2013 (click here to read this document) states:

“Member States had prepared for a pandemic of high severity and appeared unable to adapt their national and subnational responses adequately to a more moderate event.”

And recommends,

“a risk-based approach to pandemic influenza risk management and encourages Member States to develop flexible plans, based on national risk assessment, taking account of the global risk assessment”

I think this applies to individual company plans, as well.  The Pandemic Plans that now sit on the shelves of most companies today include the best practices recommended for addressing the Avian Flu or Swine Flu or H1N1 – whichever scare was prevalent at the time they wrote their plan.  Although these plans may still contain lots of terrific practices for any epidemic or pandemic, it will probably need to be adjusted to address whatever pandemic actually occurs in their area.  It is for this reason that I believe the best approach to pandemic planning is to establish an environment in which you “plan to plan” for whatever pandemic might present itself.

The recommended, new WHO Pandemic Model has been simplified to include only 4 Pandemic Phases:

“Interpandemic phase: This is the period between influenza pandemics.

Alert phase: This is the phase when influenza caused by a new subtype has been identified in humans. Increased vigilance and careful risk assessment, at local, national and global levels, are characteristic of this phase. If the risk assessments indicate that the new virus is not developing into a pandemic strain, a de-escalation of activities towards those in the interpandemic phase may occur.

Pandemic phase: This is the period of global spread of human influenza caused by a new subtype. Movement between the interpandemic, alert and pandemic phases may occur quickly or gradually as indicated by the global risk assessment, principally based on virological, epidemiological and clinical data.

Transition phase: As the assessed global risk reduces, de-escalation of global actions may occur, and reduction in response activities or movement towards recovery actions by countries may be appropriate, according to their own risk assessments.”

I recommend that your Pandemic Program establish actions to take during each of these phases.

During the Interpandemic Phase, your Business Continuity Department (or Human Resources or Health Department, perhaps) should monitor WHO, CDC and local Health Agencies tracking of developing health risks and threats.

Should a situation occur where the Pandemic Level is raised to the Alert Phase, you should begin to develop more specific Prevention, Response and Contention strategies based on the health organization’s recommendations for the particular health risk that causes the alert.  You will likely be able to leverage many of the solutions developed in your previous pandemic plan, but your final plan will be geared towards this particular threat.

Should this threat result in either a regional epidemic or world-wide pandemic, you then put that plan into action.

Once the threat has been normalized and we enter the Transition Phase, your course of action should be to remain poised for a second wave of this particular pandemic while also documenting lessons learned to be considered should another threat develop.  You then “shelve” this particular plan and return to your tracking and monitoring position in the Interpandemic phase.

So, in effect, your Pandemic Program provides the basis for you to wait for a threat to develop and then jump into action developing the “plan” for this particular threat – in other words, you plan to plan.

Now, of course, there is also that part of the plan in which you must consider continuity of operations given that your work force is depleted or immobilized and/or given that key senior management have been impacted (ill or even died).  This is where you would deploy contingencies you have in place for such impacts.  (See the “Scenario Based vs Impact Based Planning” blog for more discussion on contingency planning.)

This approach will not work for other common business interruption risks and threats, but, I think, is the appropriate approach for addressing Pandemic Planning.

Meanwhile, promote day-to-day health and sanitation practices in your work environment – always a good way to combat any seasonal flu or more serious health risks.

Good luck, and stay healthy.

Scenario Based vs Impact Based Planning

I have participated in a number of conversations where people argue what the basis for business continuity plans should be.  Some people say you should have plans designed for specific threats inherent in your environment and others say that “what” happens is not important; plans should be based on the impacts of what happened and not the event itself.  I say, they are both right, in a way.

Business continuity planning, I think, has evolved over time and has expanded in scope of what it tries to achieve.  I’m not sure why we have gotten away from the term “contingency plans”, but I think Business Continuity Planning today includes both emergency response components and contingency planning components.

Considering these two components of the overall program, I think the Emergency Response part, that part that addresses how an organization responds to an incident should, in fact, have scenario specific components for the known risks and threats in the area where you do business.  If you have facilities in hurricane regions, you absolutely should have Hurricane Preparedness Plans.  Same goes for if you have facilities on fault lines; in flood plains; near active volcanoes; near nuclear power plants; etc.  When specific threats arise, like pandemics, for example, your organization should develop a scenario specific plan for prevention and contention techniques for that exact threat.

But, on the contingency side of things, the focus should be on the impact.  Contingency plans should be developed based on impacts, such as: loss of access to the building; loss of access to technology tools, applications and data; interruptions in workflow; depleted or immobilized work force; etc.

Then the entire program should allow a cross mapping of the two plan components.  The threats, for which you have specific plans, could result in any or all of the impacts for which you have contingencies.  Take Pandemic Plans for example.  Many companies attack this issue as if it is an entirely new challenge and try to develop Pandemic Plans as holistic, stand-alone, programs.  Once you realize that the impacts of a Pandemic might be a depleted or immobilized work force and interruptions to critical workflows, you realize that you should be able to leverage those contingency plans already developed and focus on the health and safety of your work force and work environment for the particular pandemic that poses the threat.  The pandemic response might be unique to this threat, but the contingencies could be leveraged for any event that impacts your work force availability, such as; transit strikes; civil unrest in the area; etc.

So, if you are responsible for developing plans that address both response and contingency components of the overall program, I suggest that you will be doing both – developing scenario specific and impact based policies, procedures, strategies and solutions.  Then, you may even create a matrix that identifies which contingencies might come into play under each specific scenario.  I do, however, think you still need that generic response plan to handle those scenarios for which specific response plans have not been created.  These plans should focus on the logistics for getting decision makers together to address the challenges of an unplanned for interruption in an effective and efficient manner and adequately communicating decisions and instructions to the impacted parties.

Good luck.  No one said this job was going to be easy.

R U O K?

Many business continuity, disaster recovery, emergency response and crisis management programs currently utilize some sort of automated notification tool to alert employees of an incident and/or to call them to action following a disaster.  I have written past blogs about being careful with what you say in the recorded message being used for this notification because you can never be quite sure who is listening to the message – but, now, I want to know if you are making sure you also use this tool to ask, “Are you okay?”

I often hear business continuity and disaster recovery planners remind employees that job one is to ensure the health and welfare of employees and job two is to recover business operations and the tools to support them.  I think it is important to practice what we preach and to construct our emergency messages in the same vain.  I think it would be nice to first put in some information on how the company can help the employee, if they need, prior to asking the employee to help the company by engaging their recovery plans.

And, this does not just apply to messages being recorded (or typed) for the automated notification systems.  If your program still relies on phone call trees, I think it is a good idea to include this verbiage in a suggested script to be used for these calls.

Furthermore, I think it is important to keep the “Are you okay?” mantra going throughout the recovery effort.  I think it is important to do more than just make sure that employees know how to contact the Employee Assistance Program (EAP), but to also make that ask throughout the effort.  Not only should you help keep the employee okay by enforcing shift limits and making sure no one over does it in their anxiety to help the company through a tough time – but you need to make the ask.  Ask them if they are okay before they show signs that indicate otherwise.

And, finally, that same ask should be made after the incident is over.  There are many emergency response programs that require a mental health recovery period following participation in an incident.  You may want to consider a similar policy for certain members of your emergency response, crisis management, business continuity and/or disaster recovery teams.

Making sure the employees are okay during and throughout an emergency may require more than what your EAP has to offer.  There are companies out there that provide at time of disaster mental health assistance that can be on-site to help identify problems and help resolve issues when they arise.  You should consider including these types of companies in your program directories.  One such company, Empathia, is included in the My Links section of this blog page – but there are others, as well.

Just a thought.  And, I hope this blog finds you OK!

Another Day, Another Headline

So, if you and/or the organization you work for are not yet convinced that you need complete and well-rehearsed Emergency Response, Disaster Recovery, Business Continuity and Crisis Management Plans in place today – I am not sure that you will ever be convinced.

In the past few days we have seen an example of an emergency caused by a direct and willful act to cause harm and destruction in the incident at the Boston Marathon; and, an example of an emergency caused through accidental means in West, Texas.  These events occurred as some companies continue to assess their responses to and management of the disruptions caused by Superstorm Sandy – an example of an emergency caused by nature.

Unfortunately, we don’t have to go very far back in our recent history to discover other compelling examples of why we need to be prepared for these types of emergencies and catastrophes.

It has been less than two weeks ago since I delivered a final Findings and Recommendations Report to a large international company with numerous physical locations in the Northeastern United States that were impacted by the carnage caused from Superstorm Sandy.  This analysis included the evaluation of other, like sized companies, in the region and how they responded to and managed this incident.  One of the not-so-surprising conclusions reached was that the ability to efficiently and effectively respond to this event was directly related to the amount of pre-planning and plan exercising that had been completed in the years prior to the storm.  This is a common finding following most of these types of incidents.  Those organizations that prepare for and practice their responses to emergencies fare better during these events than those that do not.  This only makes sense.

What stops many organizations from preparing and exercising is their belief that they are not susceptible to these types of events.  The headlines of the past few days, few months and few years, suggest that that is just not true.  Everyone is at risk.  Even if you are not in an area that experiences violent weather events, floods or earthquakes; even if you operate in an area that is relatively secure and isolated, the Boston Marathon and West, Texas incidents should prove – that it just doesn’t matter.

Bad things can and will occur.  Be prepared.  You owe it to your employees, your customers and family.  If you think otherwise now, you are just not paying attention.  Hoping that nothing happens is no longer a valid strategy.

Once again – our thoughts and prayers go out to yet another community in West, Texas, having to deal with the tragic loss of lives and homes.  I hate to think about what the next headline might bring.

The Boston Marathon Tragedy

I am always hesitant to immediately write about lessons to be learned from a tragedy such as what occurred during the recent Boston Marathon for fear that it might come across as an ambulance chasing kind of attempt to garner attention or attract more business.  But, on the other hand, it is when the news is news and people are focused on the incident and the meaning behind it, that the lessons can most readily be learned.

First of all, let me make it clear that my first thoughts are always with the victims of such a tragedy.  I cannot imagine the horror and pain suffered by those who were so horrendously impacted by this heinous act of cowardice.  To be enjoying what should be a moment of pride and celebration for just crossing or nearing the finish line with your loved ones waiting to share the accomplishment with you and to have it all interrupted in an instant of violence is simply devastating.  Even though I work in emergency preparedness and crisis management, I cannot help but shed tears every time I watch these events unfold.

There will be many so-called “lessons learned” that come from this incident.  Some of them valid; some of them, simply, the wrong conclusions.  The news media is and will continue to step all over each other trying to get the better story and trying to out-analyze the other channels in an attempt to gain greater market-share.  There is still much to assess and much to learn.  Most of the real, valid conclusions are still weeks away – when, unfortunately, some other news story will steal the headlines and those of us that were not directly impacted will have moved on with our lives.

At this point in time, I can merely speculate on what will be discovered, but I do have some of my own opinions.  I think that this event shows us that the U.S., that for such a long time, has been somewhat void of the risks and threats of terrorism when compared to many of our international friends, must now acknowledge that we are susceptible to these types of risks.  And, in my opinion, I think we will learn that this type of terrorism does not require a sophisticated, organized and well-financed group with a political agenda to carry out such an incident with relatively large impact (considering the numbers of people injured).  No, I think we will learn that any idiot with access to the internet and with evil in their heart can pull off this type of terror.  What this means is – everyone, everywhere is fair target for such a tragedy.

There are already many people, and there will be more, second-guessing the security at this event and calling for more stringent security for future, similar events.  I, personally, don’t think that is the answer.  There is always more we can do to try to prevent these occurrences, but, I think this incident shows us that there is always an opening for terrorism.  Where ever you have mass gatherings, there is an opportunity for someone(s) to do damage.  Yes, we need to do everything we can to prevent these tragedies but there is a point where prevention starts to hinder our freedoms.  The other side of the equation is to be prepared.

I have already heard many people suggest that we need to keep on living, and I agree.  But, we can keep on living with a higher level of preparedness.  I think the people of Boston responded pretty well to the tragedy.  The level of preparedness they had for foreseen medical issues resulting from running a marathon were leveraged to help respond to this unforeseen incident.  The people they had in place managing the event were the right people for responding to this tragedy and, I think, they responded admirably.

There are other things we can do as individuals to be better prepared for incidents such as this.  Having pre-established meeting areas – including virtual meeting places via common people to call – is just one example.  There are others that I am sure you have already read about in other articles.  I am just going to go way outside my area of expertise and way outside the considerations of business continuity and suggest that one way we can help prepare ourselves for these types of tragedies is to remember to say our “I love you”s before we are impacted by these types of events.

I am about to board a plane to the Continuity Insights Management Conference in San Diego.  I am sure the Boston Marathon tragedy will be vastly discussed, formally and informally, by the many professionals that will be in attendance.  I am sure to hear a wide variety of opinionated causes and corrections – some, I will learn from; some, I will shake my head at.  What I am going to make sure I do, however, is to say my “I love you”s before getting on the plane.  That is one lesson we should never forget.

Business Continuity Planning in 140 Characters or Less

As I have mentioned in some recent blogs, I am now immersed in the world of Twitter.  The challenge of tweeting is trying to get a message across in 140 characters or less.  This is especially difficult when much of your audience does not know your jargon and you need to spell out many of the words to make a coherent point.

At first, I tried to find famous quotes from others about planning or disasters or emergencies and response.  I found a few, many of which I had posted earlier in this article on “planning”.  But, after a while, I had to challenge myself to come up with some business continuity, emergency response, crisis management, and disaster recovery related tweets of my own.

In this blog, I am simply going to share those tweets that I have come up with so far – and, if I must say so myself, I think a few of them are pretty good for 140 characters or less, but I will let you be the judge of that.  I tweet a lot about current events and other topics; this blog only includes general quotes about the field in which we practice.  I hope you find one or two you like.

And, if you do like them – re-tweet them.  And, please feel free to follow me on Twitter, @jpflach

Joe Flach Tweets from Past Weeks:

Planning ahead is important; practicing ahead is vital. A script w/out rehearsals doesn’t prepare you for opening night.

Knowing how to respond before the disaster strikes saves precious time in figuring out how to respond after it strikes.

Disasters happen. Recoveries have to be orchestrated.

I believe in the power of prayer – except when it comes to business continuity, then I believe in the power of planning.

How you respond to a crisis may adversely impact your company more than the crisis itself. Add Communications & PR teams to your plans.

The disaster that impacts your company may also impact employee’s homes – make sure continuity plans include alternate workforce options.

There r heroes who rush into burning buildings to save ppl and heroes who improve fire prevention and evacuation plans. The latter is easier

If you are not worried about the impacts of a disaster on your company, then who in your company is?

The fear of failing a business continuity test results in masking many a program’s weakness and promoting a false sense of security

It takes 1 to plan, many to be prepared. Train, educate and exercise your programs.

There is no one right way to prepare for a disaster – but, not preparing for one is clearly the wrong way!

There is a thin line between being unprepared for a disaster and being negligent. Don’t put it to the test: be prepared.

When the fire alarm sounds, people do not reach for the “Fire Alarm Response Manual”. Same should be true when you “Declare” a disaster.

If disasters strike when least expected, then make sure you always expect one.

Risk mitigation programs do allow for calculated risks. That is why most cars have only 1 spare tire instead of 4.

Business Continuity Planning is not about preventing any loss following disaster; it is about limiting losses to a defined, acceptable level

The only “failed” emergency response test is one in which you do not discover ways to improve your program

The best way to handle a disaster is to stop it from happening. Create Disaster Prevention and Risk Mitigation Plans.

“The good Lord willing and the creek don’t rise” is a fun colloquial saying and does not a good business continuity plan make.

Continuity Plans are like backup parachutes – hardly ever needed but you don’t want to operate without one.

Many people experiencing a crisis simply freeze because they have not been conditioned how to respond. Break the ice and conduct training.

Incidents become disasters for those who are not prepared.

The only thing worse than having no emergency response plan is thinking you have one when you don’t. Be honest: don’t promote false security

 

There are more, but I think that is enough for now.  Did you find one you like?

The World of Twitter

As mentioned in the previous article, thanks to the persuasion of my daughter, I have re-entered the world of Twitter.  I actually signed up for a Twitter account two years ago but never really embraced the application.  I maybe sent out one or two tweets, got one or two followers, but grew tired of it after a day or two and moved on.

But, for the last few months, as I have been actively trying to promote this blog page, the Safe Harbor Consulting website and our facebook page, my daughter has been telling me that I have got to start tweeting to increase SHC’s visibility.  Torrie has been successfully using this tool to promote the company she works for and has been trying to convince me of its value.  So, finally, I gave in.

I have been actively tweeting now for just over one week.  My followers have grown a whopping 700% from 2 to 14 (if there was a sarcastic font, I would have used it there).  But, once I got over the shame of having no one jump at the chance to follow me, I finally realized the value to be gained from those I follow.

To me, this is a valuable tool for tracking and monitoring threats and unfolding events.  I have already added these accounts to my following list:  FEMA; NTSB; NFPA; NYC OEM; UNISDR; NHC; UN SPIDER: NOAA; USGS; American Red Cross; and others.  Now I realize you may not recognize all those acronyms, but they provide varying information on risks and threats around the world.

I also realize that I am in danger of reaching “information overload”, but, so far, I am finding that these sights do not over-tweet and, once I start managing and organizing my use of this tool, I am sure I will whittle it down to the most relevant accounts for me.

I also do realize the limitations and potential pitfalls in this tool and would not recommend it as the sole source for this type of information, but I am finding it a good source for informing me of breaking news events that I can get more information on elsewhere.

I am just wondering – does or should this tool have further use in a business continuity / emergency response / crisis management program?  Do any of you have this tool formally included in your program to either monitor or send out information regarding risks, threats or responses in your environments?

You can tweet me with your answers @jpflach ;-)

And, thanks Torrie – got any more advice for your old man?

More Thoughts on Planning and Plans

Mike Tyson is quoted as saying, “Everyone has a plan, ‘till they get punched in the mouth.”

How well do your plans stand up to the punch in the mouth?

Field Marshal Helmuth von Moltke put it this way, in a more familiar quote, “No plan survives contact with the enemy.”

In our case, the enemy is the disaster or business interruption event we are planning for.

And, Arthur C. Clarke, had this observation, “All human plans [are] subject to ruthless revision by Nature, or Fate, or whatever one preferred to call the powers behind the Universe.”

The point is; whatever you had in mind when developing your business continuity, emergency response or disaster recovery plans, the event you will have to respond to will be nothing like what you envisioned.  Now, I know many of you are thinking, “That is why we do not plan for particular scenarios, we plan for the impacts of scenarios!”  But, I still say, you cannot plan without certain assumptions and certain biases about how the response will take place or how the crisis will unfold – and, I suggest, it won’t happen that way.

This is why I always like to look for evidence in a plan that you have provided the framework for decision makers to get together, make changes to the plan as needed, and, have the means to communicate these decisions to those who need to know this information.

I happen to believe in what Lester Robert Bittel had to say about planning, “Good plans shape good decisions.”  But, it is important to understand that not all decisions are made ahead of the event and the good plan must lay the foundation for at-time-of-disaster decisions to be made to adjust the plan based on how the enemy is responding.

Now, I happen to make a good living from helping organizations create, document and test crisis management, emergency response, business continuity and disaster recovery plans.  So, I would not dare under-emphasize the importance of planning – but, like some of the quotes I will share below – I think the value gained is in the planning process and not so much in the plans.

Dwight D. Eisenhower said it this way, in a quote that is often repeated, “In preparing for battle I have always found that plans are useless, but planning is indispensable.”

Dr. Gramme Edwards paraphrases it this way, “It’s not the plan that’s important, it’s the planning.”

Indeed!  It is in the planning process where we build out solutions, implement recovery capabilities and exercise our abilities to respond.  This is the real value and the enablers that will allow us to survive the business interruption event.  The written plan, with step-by-step instructions for how we operate, sometimes for weeks after the event – will hardly ever be referenced and certainly, not referenced after the first 24 hours.  I do believe that those decisions we made before the event that provide action steps within the first few hours of an event can be valuable – but once decision makers get together and have the luxury of a little time to figure out where we currently stand – decisions made before the event occurred will have less value.

The capabilities we have in place because of the planning process will be the key to our survival.  How we utilize those capabilities will require flexibility based on the event itself.

Winston Churchill said, “Those who plan do better than those who do not plan even thou they rarely stick to their plan.”

I think that is a much better way of saying what I mean!

I do run up against “pride of authorship” when I evaluate written plans – and I understand and completely empathize with that.  I am guilty of the same.

But, Publilius Syrus says, “It’s a bad plan that admits of no modification.”

I do believe in the power of planning.  And, I agree that planning is essential.

Although attributed to many different people, I think Tariq Siddique says it best and simplest, when he states, “If you are failing to plan, you are planning to fail.”  (This quote is often attributed to Benjamin Franklin, who may have said the same thing or something very similar.)

And, I couldn’t agree more with Sun Tzu in his The Art of War, when he suggests, “Plan for what is difficult while it is easy.”

This is why we must plan before the disaster.  Not only because we do not have the luxury of time to plan afterwards, but because the planning process is easier lacking the chaos and confusion that will accompany the disaster.

But, remember, it is the planning that is important and the resulting capabilities put in place during the planning process.  The plans themselves, may not be what is needed to get you through the particular crisis you are responding to.

Hillel J. Einhorn states, “In complex situations, we may rely too heavily on planning and forecasting and underestimate the importance of random factors in the environment. That reliance can also lead to delusions of control.”

I think our plans need to allow for the flexibility to respond to these random factors.  And, yes, I do think some of us have “delusions of control” when it comes to assessing our state of readiness.

I want to end with two more thoughts on planning.  I have witnessed so many programs lacking progress because of their desire to create the perfect plan.

George Patton is quoted as saying, “A good plan today is better than a perfect plan tomorrow.”

I agree.

And, lastly, when exercising our plans and our recovery capabilities, I so often find planners who like to assign pass/fail grades to the tasks.  I like to rely on what Thomas Edison had to say about failures, “I have not failed.  I’ve just found 10,000 ways that won’t work.”

There, I think I have reached my quota of quotes.  If you made it all the way to the end of this blog – I applaud you.  Thanks.

If you have a favorite quote to share with us, please do so by adding a comment.

The “Stand-Down” Employee – An Outside the Box Idea

Every business continuity program includes a number of employees who do not support time sensitive business functions.  These employees are not assigned seats in the alternate recovery site; are not expected to work from home; and, are not targets to relocate to other locations.  In general, these employees are asked to “stand-down” during the business interruption event until such time as an interim work location is established or the production facility is restored and ready for re-occupancy.

Many programs will note that these employees may be called upon to perform other emergency response and/or restoration activities to help the company respond to and recover from the event that caused the business interruption.  And some programs go as far as to include information in their employee databases regarding special skill-sets or other attributes (such as, whether or not they have four-wheel drive vehicles) to consider on how to possibly re-deploy these individuals to help in this regard.

I also like to caution management not to forget about these employees as they will soon be concerned about their status in the company; whether or not they still have a job; and, what their compensation status is while they “stand-down”.  History has shown that if management does not keep these individuals informed of their status and periodically communicate with these individuals they will start calling in and hunting you down to give them the answers and reassurances they are looking for.

Most HR plans fall short of defining an absolute policy with regards to how these employees will be addressed during an outage, other than to establish it as a task that they evaluate the situation, make a case-by-case determination as to how the situation will be handled and define the tools and means to communicate that to the employees.  All in all, I believe that this is a valid strategy and position to take.

I am working with one organization that is considering taking this to another level with a program that, I think, is very creative and resourceful.  This organization is considering establishing a position in their Crisis Management Program responsible for organizing a Community Response and Relief Team to provide whatever assistance and relief they can to others in the community that may have been impacted by the event that caused their business interruption.  This team would be comprised of “stand-down” employees who volunteer to be members of this program.  This type of program may be similar to and could possibly draw upon the practices employed by airlines’ CARE programs for responding to an aviation disaster and providing compassionate assistance to impacted families from the incident.

This idea is still just on the drawing board but it is an idea that I thought others might wish to consider and, perhaps, something others have already implemented.  If anyone is willing to share their ideas on this or can share examples of where it has been implemented, we would love to hear from you.

I, for one, would like to see this idea come to fruition at this organization and would love for it to catch on at others.  I will start exploring this option at other organizations I work with should the opportunity present itself.

Are We Prepared for the Next Disaster?

I found and listened to this NPR radio story titled, “Is the U.S. Prepared for the Next Disaster?”.  Even though this interview was conducted a year ago, I think the message is still valid and important.

I think the interviewee, Craig Fugate, does a good job in identifying a problem with past disasters being a failure to engage the proper level of support through a formal request for assistance.  Although Mr. Fugate doesn’t use this term, I like to label these the “triggers to engage”.  One of the biggest problems with the response to Hurricane Katrina was that Federal authorities assumed the trigger to engage was a call from the local authorities, whereas the local authorities thought the trigger to engage was the event itself.  While Federal agencies were waiting to be asked for help, local agencies were sitting and waiting for the help to arrive.  Meanwhile, crucial time was slipping by and the losses and damages were escalating.

I was glad to learn that FEMA now self-engages not only when an incident occurs but also when the threat of incident rises.

I think this is an important lesson to learn and address in our own plans.  I think it is important to identify and practice those “triggers” for engaging certain components in our Emergency Response, Business Continuity and Disaster Recovery Programs.  What are the “triggers” for: putting vendors on alert; communicating with employees; mobilizing resources; alerting customers and other stakeholders; declaring a disaster; etc.?

Also, Mr. Fugate notes that having a single entity in charge introduces a single-point-of-failure in the response process.  Whereas, I understand his point, I also think it is important to mention that when you have lots of links in your communication and control “chain” you have lots of opportunity for the chain to break.  If the mayor engages the governor who engages the president – well, there are lots of mis-engagements that can occur.  And, if one link in the chain breaks, all the links that follow are missed.

I agree with Mr. Fugate that we are better prepared today than what we were in the past, but saying you are in better shape today than you were when you were grossly out of shape, does not mean you are in good shape.  Unfortunately, I also believe that the further removed you are from the last significant event, the more likely you are to get back out of shape.  We are never more prepared to respond to a disaster than we are immediately after a disaster occurs.  Lessons learned are fresh in the mind, implementation guidelines and procedures are reviewed, refreshed and rehearsed.  But, as time goes by, we start to, once again get complacent and once again start to slip back into our bad habits.  And, as soon as we start to believe we are in good shape, I start to get more worried.

In conclusion, I think this is a terrific interview with important messages that are worth listening to again.  I encourage you to think about and rehearse the “triggers” in your program and to identify potential weak links in your communications and engagement chains.  And, never allow yourself to believe we are prepared for the next disaster … continue to work on improving your level of preparedness.  After all … how do you think people would have responded to the question, “Is the U.S. Prepared for the Next Disaster?” on September 10, 2001?