Tag Archive for FEMA

Are We Prepared for the Next Disaster?

I found and listened to this NPR radio story titled, “Is the U.S. Prepared for the Next Disaster?”.  Even though this interview was conducted a year ago, I think the message is still valid and important.

I think the interviewee, Craig Fugate, does a good job in identifying a problem with past disasters being a failure to engage the proper level of support through a formal request for assistance.  Although Mr. Fugate doesn’t use this term, I like to label these the “triggers to engage”.  One of the biggest problems with the response to Hurricane Katrina was that Federal authorities assumed the trigger to engage was a call from the local authorities, whereas the local authorities thought the trigger to engage was the event itself.  While Federal agencies were waiting to be asked for help, local agencies were sitting and waiting for the help to arrive.  Meanwhile, crucial time was slipping by and the losses and damages were escalating.

I was glad to learn that FEMA now self-engages not only when an incident occurs but also when the threat of incident rises.

I think this is an important lesson to learn and address in our own plans.  I think it is important to identify and practice those “triggers” for engaging certain components in our Emergency Response, Business Continuity and Disaster Recovery Programs.  What are the “triggers” for: putting vendors on alert; communicating with employees; mobilizing resources; alerting customers and other stakeholders; declaring a disaster; etc.?

Also, Mr. Fugate notes that having a single entity in charge introduces a single-point-of-failure in the response process.  Whereas, I understand his point, I also think it is important to mention that when you have lots of links in your communication and control “chain” you have lots of opportunity for the chain to break.  If the mayor engages the governor who engages the president – well, there are lots of mis-engagements that can occur.  And, if one link in the chain breaks, all the links that follow are missed.

I agree with Mr. Fugate that we are better prepared today than what we were in the past, but saying you are in better shape today than you were when you were grossly out of shape, does not mean you are in good shape.  Unfortunately, I also believe that the further removed you are from the last significant event, the more likely you are to get back out of shape.  We are never more prepared to respond to a disaster than we are immediately after a disaster occurs.  Lessons learned are fresh in the mind, implementation guidelines and procedures are reviewed, refreshed and rehearsed.  But, as time goes by, we start to, once again get complacent and once again start to slip back into our bad habits.  And, as soon as we start to believe we are in good shape, I start to get more worried.

In conclusion, I think this is a terrific interview with important messages that are worth listening to again.  I encourage you to think about and rehearse the “triggers” in your program and to identify potential weak links in your communications and engagement chains.  And, never allow yourself to believe we are prepared for the next disaster … continue to work on improving your level of preparedness.  After all … how do you think people would have responded to the question, “Is the U.S. Prepared for the Next Disaster?” on September 10, 2001?

PS-Prep: Why Get Certified?

For those of you who don’t know, PS–Prep is a voluntary private sector preparedness accreditation and certification program established by the US Department of Homeland Security as a direct result of a law passed by Congress following the Recommendations of the 9/11 Commission.

Basically, PS-Prep provides a means for private sector organizations that have business continuity, disaster recovery and emergency preparedness programs compliant with any one of three widely accepted planning standards to be certified by trained and approved Certifying Bodies (CB).

Although backed by Public Law 110-53, the need to be certified is not a law.  This is strictly a voluntary program.

So, the question is – Why get Certified?

This question is a topic of much debate amongst business continuity professionals, certifying bodies and the public authorities trying to promote PS-Prep.  I don’t think anyone is arguing against the benefits or principals behind PS-Prep, but rather, are skeptical that PS-Prep will provide any real added incentive to corporations to plan.  There is some discussion on the appropriateness of PS-Prep being a government initiative versus managed by a private sector forum, and there is some debate on whether or not PS-Prep has aligned itself with the right, or all of the right established standards, but these are arguments of the details and do not provide answer to the question, Why get certified?

I think many of the proponents of PS-Prep are answering the wrong question.  Much of the argument I hear supporting PS-Prep really simply answers the question, why do business continuity planning?  Why plan is a much different question than why get certified.

Although I have met up with violent opposition to my belief, I think the most compelling reason today supporting the benefit of being certified is to provide a defensible position for after-the-disaster litigation showing your organization had taken due care to protect your organization up to DHS supported standards.

Remembering that the answers; because it is a good business practice; it is necessary to stay in business; it protects your employees and corporate assets – are all answers to the question “why plan” and not “why get certified” – I think providing a certificate showing you planned to DHS standards as a defense in court helps support the PS-Prep initiative.

Another potential answer to “why certify” is to leverage a marketable position communicating that your organization has taken steps to protect its organization and assets consistent with the findings in the 9/11 Commission’s Report.   Should PS-Prep become a more recognizable label, including a banner or logo stating PS-Prep accredited in advertising and marketing material could have some benefit.

What DHS would love to see happen is for large, private companies to embrace PS-Prep and make it a requirement that their suppliers, vendors and partners be PS-Prep certified.  Should that start to occur, the answer to “why get certified” will be market-driven and accelerate the program tremendously.

One other impetuous that might help get PS-Prep going is to have insurance companies that offer loss of business insurance to discount these premiums for firms that are PS-Prep certified.

I hate sounding like a skeptic, but until you can show real marketable, return on investment reasons for certifying these programs, I just don’t see companies jumping on the PS-Prep band wagon.

But the debate is not over and PS-Prep is just starting to hit the headlines.  So, it should be interesting to see how this plays out over the next few months and years.  Regardless of PS-Prep acceptance however, business continuity planners should (and I believe most of the good ones do) continue to create programs consistent with and in compliance of the standards identified in the PS-Prep program.

FEMA and Joint Agencies’ Emergency Alert System Test

For those of who are not aware, the Federal Emergency Management Agency (FEMA), Federal Communications Commission (FCC), and National Oceanic and Atmospheric Association (NOAA), will be conducting a joint nationwide Emergency Alert System test on November 9, 2011 at 2:00 p.m. Eastern / 1:00 p.m. Central / 12:00 noon Mountain / 11:00 a.m. Pacific time.  For more information on this exercise you can click here to go to the FEMA website.

This will be the first nationwide test of this kind and, I think, a good idea to ensure a consistent delivery of notification for a national emergency.  There is some concern that a test of this nature and magnitude could cause some unnecessary concern from those who may not be aware it is only a test, so, do your part in making others aware of this event.

You might also want to monitor the test yourself and witness how this message is broadcast via multiple medium.  Turn on your radios and televisions and maybe even tune in to several stations or channels (use your teams if you have to) and see if there are any differences or flaws in the process.  Might be an interesting little exercise for ourselves.  And, wouldn’t it be neat to see how our security or crisis management teams would respond to a message like this if it were real?

It is probably too late to coordinate an internal exercise around this event, but it might be a good idea to just send around notice of this test to key response areas and ask them what their process would be if a national emergency was announced through the public media channels.  Their answers might be interesting, if not surprising.

So, be on your toes and remember, this is a test, this is just a test.

EDIT:  A reader provided me with this update information: Nov. 9 Nationwide EAS Test Shortened to 30 Seconds

Business Continuity Self Help Websites

If you don’t think business continuity and emergency preparedness planning have become mainstream topics in corporate America these days, you just are not paying attention.  Years ago, in social settings, when asked what I do for a living, I simply answered, “I’m a management consultant.”  If asked what kind of management consulting in particular I would just say, “Technology related”, because it was too hard to explain business continuity or disaster recovery to the uninformed in a social setting.  Nowadays, I see billboards while driving down the road promoting emergency planning and disaster recovery.  I hear commercials on the radio and even television commercials promoting companies that perform roles in the field.  And, try doing an Internet search – pages upon pages of information pop up.  Now, when in a social setting, if I say I am a management consultant specializing in crisis management and business continuity planning, not only do people know what I am talking about, but most of them have some firsthand experience with these types of programs and issues.

This is both good news and bad news for me.  Good, in that people can relate to what I do and understand the need for my services – Bad, in that people are getting educated on the planning process and there is much more competition in my field of expertise.

Even so, I would have to say the good outweighs the bad.

And, even though it might not be good business practice to point folks to tools that can help them prepare without the consulting services of a firm like Safe Harbor Consulting, I just have to let you know that there are some terrific websites out there that can help the small to medium business owner develop their own plans.  One, for example, is the Ready Business website sponsored by FEMA.  Take a look at this site – it might give you some good ideas on what to include in your programs.

No need to thank me – just when you complete your plans and want some help on how to test and exercise them, give us a call, perhaps we can help with that.