The site at Ready.gov provides tools businesses can use to think through preparedness. They follow the approach of the National Fire Protection Association in their standard on Disaster/Emergency Management and Business Continuity Programs.
The overview below provides a great introduction to content from Ready.gov. For help in implementing any of these actions we refer you to the action plans and services of Crucial Point.
We point to key portions of the Ready.gov site below, the references they coordinated are important for any business to review directly. But we also want to add an important point. Businesses should all seek to implement their own methods to stay informed on threat activity. We produce the Daily Threat Brief to help businesses continually track a wide range of threats so you can stay better informed and we recommend your entire team sign up to this report to stay informed on the threats to your business. We also recommend you leverage Twitter by following @ThreatBrief and by reviewing this UN report on Hashtag Standards for Emergencies. Also track by tracking key hashtags of #VOST and #SMEM on Twitter.
More from Ready.gov:
Preparedness Planning for Your Business
Businesses can do much to prepare for the impact of the many hazards they face in today’s world including natural hazards like floods, hurricanes, tornadoes, earthquakes and widespread serious illness such as the H1N1 flu virus pandemic. Human-caused hazards include accidents, acts of violence by people and acts of terrorism. Examples of technology-related hazards are the failure or malfunction of systems, equipment or software.
Ready Business will assist businesses in developing a preparedness program by providing tools to create a plan that addresses the impact of many hazards. This website and its tools utilize an “all hazards approach” and follows the program elements withinNational Fire Protection Association 1600, Standard on Disaster/Emergency Management and Business Continuity Programs. NFPA 1600 is an American National Standard and has been adopted by the U.S. Department of Homeland Security.
The five steps in developing a preparedness program are:
- Program Management
- Organize, develop and administer your preparedness program
- Identify regulations that establish minimum requirements for your program
- Gather information about hazards and assess risks
- Conduct a business impact analysis (BIA)
- Examine ways to prevent hazards and reduce risks
Write a preparedness plan addressing:
- Resource management
- Emergency response
- Crisis communications
- Business continuity
- Information technology
- Employee assistance
- Incident management
- Testing and Exercises
- Test and evaluate your plan
- Define different types of exercises
- Learn how to conduct exercises
- Use exercise results to evaluate the effectiveness of the plan
- Program Improvement
- Identify when the preparedness program needs to be reviewed
- Discover methods to evaluate the preparedness program
- Utilize the review to make necessary changes and plan improvements
Leadership and Commitment
The preparedness program is built on a foundation of management leadership, commitment and financial support. Without management commitment and financial support, it will be difficult to build the program, maintain resources and keep the program up-to-date.
It is important to invest in a preparedness program. The following are good reasons:
- Up to 40% of businesses affected by a natural or human-caused disaster never reopen. (Source: Insurance Information Institute)
- Customers expect delivery of products or services on time. If there is a significant delay, customers may go to a competitor.
- Larger businesses are asking their suppliers about preparedness. They want to be sure that their supply chain is not interrupted. Failure to implement a preparedness program risks losing business to competitors who can demonstrate they have a plan.
- Insurance is only a partial solution. It does not cover all losses and it will not replace customers.
- Many disasters — natural or human-caused — may overwhelm the resources of even the largest public agencies. Or they may not be able to reach every facility in time.
- News travels fast and perceptions often differ from reality. Businesses need to reach out to customers and other stakeholders quickly.
- An Ad Council survey reported that nearly two-thirds (62%) of respondents said they do not have an emergency plan in place for their business.
- According to the Small Business Administration, small businesses:
- Represent 99.7% of all employer firms
- Employ about half of all private sector employees
- Have generated 65% of net new jobs over the past 17 years
- Made up 97.5% of all identified exporters.
How much should be invested in a preparedness program depends upon many factors. Regulations establish minimum requirements and beyond these minimums each business needs to determine how much risk it can tolerate. Many risks cannot be insured, so a preparedness program may be the only means of managing those risks. Some risks can be reduced by investing in loss prevention programs, protection systems and equipment. An understanding of the likelihood and severity of risk and the costs to reduce risk is needed to make decisions.
A preparedness policy that is consistent with the mission and vision of the business should be written and disseminated by management. The policy should define roles and responsibilities. It should authorize selected employees to develop the program and keep it current. The policy should also define the goals and objectives of the program. Typical goals of the preparedness program include:
- Protect the safety of employees, visitors, contractors and others at risk from hazards at the facility. Plan for persons with disabilities and functional needs.
- Maintain customer service by minimizing interruptions or disruptions of business operations
- Protect facilities, physical assets and electronic information
- Prevent environmental contamination
- Protect the organization’s brand, image and reputation
Key employees should be organized as a program committee that will assist in the development, implementation and maintenance of the preparedness program. A program coordinator should be appointed to lead the committee and guide the development of the program and communicate essential aspects of the plan to all employees so they can participate in the preparedness effort.
The preparedness program should be reviewed periodically to ensure it meets the current needs of the business. Keep records on file for easy access. Lastly, where applicable, make note of any laws, regulations and other requirements that may have changed.
TESTING & EXERCISES
You should conduct testing and exercises to evaluate the effectiveness of your preparedness program, make sure employees know what to do and find any missing parts. There are many benefits to testing and exercises:
- Train personnel; clarify roles and responsibilities
- Reinforce knowledge of procedures, facilities, systems and equipment
- Improve individual performance as well as organizational coordination and communications
- Evaluate policies, plans, procedures and the knowledge and skills of team members
- Reveal weaknesses and resource gaps
- Comply with local laws, codes and regulations
Testing the Plan
When you hear the word “testing,” you probably think about a pass/fail evaluation. You may find that there are parts of your preparedness program that will not work in practice. Consider a recovery strategy that requires relocating to another facility and configuring equipment at that facility. Can equipment at the alternate facility be configured in time to meet the planned recovery time objective? Can alarm systems be heard and understood throughout the building to warn all employees to take protective action? Can members of emergency response or business continuity teams be alerted to respond in the middle of the night? Testing is necessary to determine whether or not the various parts of the preparedness program will work.
When you think about exercises, physical fitness to improve strength, flexibility and overall health comes to mind. Exercising the preparedness program helps to improve the overall strength of the preparedness program and the ability of team members to perform their roles and to carry out their responsibilities. There are several different types of exercises that can help you to evaluate your program and its capability to protect your employees, facilities, business operations, and the environment.
For help implementing the many actions above please visit Crucial Point. We provide our CTO Advisory Services clients with unique success-focused capabilities through engagement teams led by the award winning Top 25 Global CTO Bob Gourley. Services include:
Strategic Consulting: Leverage experienced professionals with proven past performance. Our clients include major telecommunications firms, defense systems integrators and IT firms with dramatic, “game changing” technology. We also help highly regulated businesses and government agencies respond to a continuous stream of new mandates for cybersecurity compliance.
CTO Outsourcing and CTO-as-a-Service: Our model provides highly qualified, experienced Chief Technology Officer (CTO) or Chief Information Security Officer (CISO) leadership on your staff to manage and lead your technology partners, developers, engineers and IT support. We offer part-time, full-time, retained and hourly services. We also provide compliance services.
Technology Research: Our experts in technology can assess the relevance of technology prior to investment and prior to you bringing the capability into your enterprise. We prepare customized briefings on technology and provide context on IT focused on your needs.
Due Diligence:We support private equity firms, venture capital, and businesses looking to acquire other businesses. We can also help independently verify and place into context the discriminators of technologies in the firms you are considering.
Cybersecurity and CISO-as-a-Service Crucial Point provides architecture reviews and action plans for enhancing cybersecurity. We also provide analysis of solutions and products and strategies associates with cybersecurity, including market potential analysis, product offering development and marketing/messaging creation.
Government Market Evaluation and Support: We serve high tech companies who want to do business with the government. We can assist you in flattening the learning curve and will help you produce a winning strategy.