Title: Principles of Incident Response and Disaster Recovery
1Principles of Incident Response and Disaster
Recovery
- Crisis Management and Human Factors
2Objectives
- Understand the role of crisis management in the
typical organization - Guide the creation of a plan preparing for crisis
management - Understand and deal with post-crisis trauma
- Work toward getting people back to work after a
crisis - Know the impact of the decisions regarding law
enforcement involvement
3Objectives (continued)
- Manage a crisis communications process
- Prepare for the ultimate crisis in an
organization through succession planning
4Introduction
- Reactions to a crisis are typically focused on
technical issues and economic priorities - The most critical assets the people are often
overlooked - People cannot be readily replaced
5Crisis Management in the Organization
- Crises are inevitable, whether the organization
is prepared or not - Crisis management brings its own terminology, and
a host of myths
6Crisis Terms and Definitions
- Crisis a significant business disruption that
stimulates extensive news media coverage - Crises are typically caused by
- Acts of nature (storms, earthquakes, volcanic
activity, etc.) - Mechanical problems (ruptured pipes, metal
fatigue, etc.) - Human errors (wrong valve opened,
miscommunications, etc.) - Management decisions and indecisions (ignoring a
problem, hiding a problem, etc.)
7Crisis Terms and Definitions (continued)
- Crises can be categorized into two types
- Sudden crisis
- Smoldering crisis
- Sudden crisis a disruption in the companys
business that - Occurs without warning
- Is likely to generate news coverage
- May adversely impact employees, investors,
customers, suppliers, and other stakeholders
8Crisis Terms and Definitions (continued)
- A sudden crisis may be
- A business-related accident resulting in
significant property damage that disrupts normal
business operations - Death or serious illness or injury of management,
employees, contractors, customers, visitors,
etc., as the result of a business-related
accident - Sudden death or incapacitation of a key executive
- Discharge of hazardous chemicals or other
materials into the environment - Accidents that cause disruption of telephone or
utility service
9Crisis Terms and Definitions (continued)
- A sudden crisis may be (continued)
- Significant reduction in utilities or vital
services needed to conduct business - Any natural disaster that disrupts operations or
endangers employees - Unexpected job action or labor disruption
- Workplace violence involving employees, family
members, or customers - Smoldering crisis any serious business problem
not generally known within or without the
company, which may generate negative news
coverage if or when it goes public
10Crisis Terms and Definitions (continued)
- Examples of smoldering crises
- Sting operations by a news organization or
government agency - OHSA or EPA violations that could result in fines
or legal action - Customer allegations of overcharging or other
improper conduct - Investigation by a federal, state, or local
government agency - Action by a disgruntled employee such as serious
threats or whistle-blowing
11Crisis Terms and Definitions (continued)
- Examples of smoldering crises (continued)
- Indications of significant legal, judicial, or
regulatory action against the business - Discovery of serious internal problems that will
have to be disclosed to employees, investors,
customers, vendors, and/or government officials - Crisis management (CM) those actions taken by an
organization in response to a an emergency
situation in an effort to minimize injury or loss
of life
12Crisis Terms and Definitions (continued)
- Emergency response all activities related to
safely managing the immediate physical, health,
and environmental impacts of an incident - Crisis communications the public relations
aspect of crisis management, including both
internal and external communications - Humanitarian assistance efforts designed to
address the psychological and emotional impact on
the workforce
13Crisis Misconceptions
- Myth 1 The majority of business crises are
sudden crises - Fact There are more smoldering crises than
sudden crises - Myth 2 Crises are most commonly the result of
employee mistakes or acts of nature - Fact Crises resulting from management actions,
inactions, or decisions are more prevalent
14Preparing for Crisis Management
- Organizations must prepare for crisis management
- Crises may be small and innocuous, or large and
catastrophic - The most effective executives have learned to
deal successfully with crises - Goal is to keep crises well managed and out of
the media when possible
15General Preparation Guidelines
- Preparation tips
- Prepare contingency plans in advance
- Immediately and clearly announce internally that
only the crisis team members should speak about
the crisis to the outside world - Move quickly the first hours after the crisis
breaks are when the media will jump on it - Use crisis management consultants
- Give accurate and correct information trying to
manipulate information will backfire - Consider both short-term and long-term effects
when making decisions about actions
16General Preparation Guidelines (continued)
- Excuses frequently offered by companies in
crisis - Denial It cant happen to us.
- Deferral or low prioritization Weve got more
important issues to handle. - Ignorance Risk? What risk?
- Inattention to warning signs I didnt see it
coming. - Ineffective or insufficient planning I thought
we were ready!
17Organizing the Crisis Management Team
- Crisis management planning committee
- Group charged with analyzing vulnerabilities,
evaluating existing plans, and developing and
implementing a comprehensive crisis management
program - Should include representatives of all appropriate
departments - May include an outside consultant
- Crisis management team responsible for handling
the response to an actual crisis situation
18Organizing the Crisis Management Team (continued)
- CM team
- May consist of only a few individuals
- Usually relatively devoid of technical
proficiency - Primary focus is the command and coordination of
human resources in an emergency - Crisis management focuses on the physical,
mental, and emotional health and well-being of
the people in the organization
19Organizing the Crisis Management Team (continued)
- CM team members typically include
- Team leader responsible for overseeing the
actions of the CM team usually a senior HR
executive - Communications coordinator manages all
communications between CM team, management,
employees, and the public, including media and
government - Emergency services coordinator responsible for
contacting and managing all interactions between
the organization and any emergency services,
including utilities - Other members as needed
20Organizing the Crisis Management Team (continued)
- Head count
- Physical accountability of all personnel
essential in determining the whereabouts of
employees during an emergency - Usually the responsibility of the first-line
supervisor, with reporting to the next level of
management - Top of the chain of command aggregates the totals
to ensure all employees are accounted for - Crisis management planning team is responsible
for developing the CM plan
21Organizing the Crisis Management Team (continued)
- Questions in preparation
- What kind of notification system do we have or
need? Automated or manual? How long does it take? - Is there an existing crisis management plan? How
old is it? When was it last used or tested? - What internal operations must be kept
confidential to prevent embarrassment or damage
to the organization? How are we currently
protecting that information? - Is there an official spokesperson? Who is the
alternate?
22Organizing the Crisis Management Team (continued)
- Questions in preparation (continued)
- What information should be shared with the media?
With our employees? - What crises have we faced in the past? What
crises have other organizations in our region
faced? Have we changed how we operate as a result
of those crises? - CM Planning team should also use the BIA and IR,
DR, and BC scenarios with best-case, worst-case,
and most likely outcomes to provide insight
23Crisis Management Critical Success Factors
- Critical success factors those few things that
must go well to ensure success for a manager or
organization - Crisis management critical success factors
- Leadership
- Speed of response
- A robust plan
- Adequate resources
- Funding
- Caring and compassionate response
- Excellent communications
24Crisis Management Critical Success Factors
(continued)
- Leadership
- Provides purpose, direction, and motivation to
others - Leaders need not be managers
- Important leadership skills
- Multitasking
- Rational under pressure
- Empathy
- Quick, effective decision making
- Delegation
- Communications
- Prioritization
25Crisis Management Critical Success Factors
(continued)
- Golden hour in medical terms, the first hour
after an injury if treated within this period,
there is the highest probability of recovery - Speed of response
- Handle as much as possible in the first hour to
ensure the highest probability of minimizing
crisis impact - A robust plan
- Plan is the heart of the CM response
- Plan must be clearly defined, rehearsed, and
managed
26Crisis Management Critical Success Factors
(continued)
- Adequate resources
- The right resources at the right place
- Some critical resources include
- Access to funds, especially cash
- Communications management
- Transportation to and/or away from the crisis
area - Legal advice
- Insurance advice and support
- Moral and emotional support
- Media management
- Effective operations center
27Crisis Management Critical Success Factors
(continued)
- Funding
- Dont be cheap spend what is needed when it is
needed - Cutting corners may lead to legal fees and
punitive damages later - Expenses may include
- Employee assistance programs, including
counseling - Travel expenses, including lodging
- Employee overtime for hourly staff
- Replacement of lost, damaged, or destroyed
property for employees - Compensation for those who were injured
28Crisis Management Critical Success Factors
(continued)
- Caring and compassionate response
- At some point it has to be people concerned about
people - CM team and management must have good people
skills, be able to demonstrate they understand
the personal issues their employees are facing - Excellent communications
- Fear of the unknown is the worst fear of all
- Keep employees, the community, and the media
informed of events and the organizations efforts
29Crisis Management Critical Success Factors
(continued)
- Communications items to consider in planning
- Have key personnel undergo media training
- Know your stakeholders and keep them apprised
- Tell it all, tell it fast, and tell the truth
- Have information ready to distribute, either
verbally or in writing - Express pity, praise, and promise
30Developing the Crisis Management Plan
- Crisis management plan
- Developed by the CM planning team
- Specifies the roles and responsibilities of
individuals during a crisis - Provides instruction to the CM team and to
individual employees - Can serve as both policy and plan
31Developing the Crisis Management Plan (continued)
- Typical CM plan has these sections (continued)
- Purpose
- Crisis management planning committee
- Crisis types
- Crisis management team structure
- Responsibility and control
- Implementation
- Crisis management protocols
- Crisis management plan priorities
- Appendices
32Developing the Crisis Management Plan (continued)
- Purpose
- Overview of the purpose
- Identifies the individuals to whom this plan
applies - Crisis management planning committee
- Identifies the CM planning committee
- Distinguishes the planning committee from the
operating team - May also specify the frequency and location of
the planning committee meetings
33Developing the Crisis Management Plan (continued)
- Crisis types
- Groups crises into 3 or 4 categories with
corresponding level of response required - Examples
- Category 1 Minor damage to physical faculties or
minor injury to personnel addressable with
on-site resources or limited off-site assistance - Category 2 Major damage to physical facilities
or injury to personnel requiring considerable
off-site assistance - Category 3 Organization-wide crisis requiring
evacuation of facilities
34Developing the Crisis Management Plan (continued)
- Crisis management team structure
- Identifies CM team and responsibilities by names
or titles - Responsibility and control
- Defines the level of authority granted to the CM
team leader during a crisis - Chain of command list of officials from an
individual to the top level executive - Executive-in-charge the ranking executive on
site when the crisis occurs
35Developing the Crisis Management Plan (continued)
- Implementation
- Details on implementation, including
contingencies - Should handle optimal and suboptimal situations
with reduced services - Key tasks include communications to emergency
services, management, and employees - Crisis management protocols
- Notification protocols for individuals based on
typical crisis or emergency events
36Developing the Crisis Management Plan (continued)
- Typical protocols include
- Medical emergency epidemic or poisoning
- Violent crime or behavior robbery, murder,
suicide, personal injury (existing or potential),
etc. - Political situations riots, demonstrations, etc.
- Off-campus incidents or accidents involving
employees - Environmental or natural disasters fires,
earthquakes, floods, chemical spills or leaks,
explosions, etc. - Bomb threats
37Developing the Crisis Management Plan (continued)
- Crisis management plan priorities
- Defines priorities of effort for the CM team and
other responsible individuals - Requires the establishment of general priorities,
each with a number of subordinate priorities - Details the objectives for each priority level
- Appendices
- Critical phone numbers (communications roster)
- Building layouts or floor plans
- Planning checklists
38Developing the Crisis Management Plan (continued)
- Assembly area (AA) an area where individuals
should gather to facilitate a quick head count - Sample CM plan is included in Appendix C
39Crisis Management Training and Testing
- Includes desk check, talk-throughs,
walk-throughs, simulation, and other exercises on
a regular basis - Training exercises unique to CM include
- Emergency roster test (notification test or alert
roster test) seeks to determine the ability of
the employees to respond to a notification system - Tabletop exercises scenario-driven talk-through
- Simulation allows employees to practice their
responses to the simulated situation may be done
in concert with fire or emergency services
40Crisis Management Training and Testing (continued)
- First aid training
- Advisable for first responders
- Should include first aid and CPR training
- May include heart defibrillators
41Other Crisis Management Preparations
- Emergency kits containing
- Laminated checklist of steps in CM plan
- Map with assembly areas and shelters
- Laminated card with emergency services numbers
- Flashlight, batteries, and reflective vests
- Warning triangle markers and caution tape
- First aid kit with disposable gloves
- Clipboard, notepad, and pens
- Permanent markers
- Spray paint or other high-visibility markers
42Other Crisis Management Preparations (continued)
- ID cards
- Contain employee personal information plus
emergency information - Must protect employee privacy, however
- Medical alert tags and bracelets
- Recommended for all employees with allergies,
diabetes, or other special medical conditions
43Post Crisis Trauma
- Post-traumatic stress disorder can affect anyone
who has experienced a severe traumatic episode - The organization must look out for the well-being
of its employees - Effects of trauma may not show up for some time
44Post-Traumatic Stress Disorder
- Post-traumatic stress disorder (PTSD)
- A psychiatric disorder that can occur following
the experience or witnessing of life-threatening
events such as military combat, natural
disasters, terrorist incidents, serious
accidents, or violent personal assaults like rape - Often manifests as nightmares and flashbacks
- Symptoms include difficulty sleeping, detachment
- Requires outside expert assistance
45Employee Assistance Programs
- Employee assistance program (EAP)
- Provide a variety of counseling services
- May include
- Counselors
- Legal aides
- Medical professionals
- Interpreters
- May be part of health benefits program
46Immediately After the Crisis
- Use assembly areas to gather employees, conduct
head counts, and assess injuries and needs - Hold an information briefing to provide employees
with an overview of the situation and what the
course of action will be - Advise employees not to speak with the media
- Be prepared to deal with family members
- May need outside expert assistance
- Follow up with employees receiving medical care
- Personal visits to injured employees or grieving
families is advised
47Getting People Back to Work
- Start with an information briefing to all
employees to squelch the rumor mill - Include the facts, managements response, impact
on the organization, and plans to recover, plus
timetables if available - Vital to use skilled crisis management
professionals to monitor and follow up on
employees as needed
48Dealing with Loss
- Employees may leave the organization through
- Death
- Serious injury
- Unwillingness to return after a crisis
- Vital skills and organizational knowledge may be
lost when employees leave - Techniques to prepare for loss of skills and
knowledge include - Cross-training
- Job and task rotation
- Redundancy
49Dealing with Loss (continued)
- Cross-training
- Ensuring that every employee is trained to
perform at least part of the job of another
employee - Usually occurs as on-the-job training and
one-on-one coaching - Must ensure that employees do not feel they are
being prepared for termination - Job and task rotation
- Job rotation moves employees from one position to
another - Can use vertical and horizontal job rotation
50Dealing with Loss (continued)
- Vertical job rotation rotating an employee
through jobs in the same functional area from
lowest to highest (through progression and
promotion) - Horizontal job rotation movement of employees
between positions at the same organizational
level - Task rotation involves the rotation of a portion
of a job rather than the entire position - Personnel redundancy hiring more individuals
than the minimum number required to perform the
function
51Law Enforcement Involvement
- Do not hesitate to contact law enforcement during
a crisis - Law enforcement have skills geared to crisis
management - Crowd control
- First aid
- Search and rescue
- Physical security
- Involvement may escalate from local to state to
federal agents and officers
52Managing Crisis Communications
- Managing internal and external communications
during and after a crisis is an essential factor
in keeping the organization together and
functioning - Some communications can be managed some cannot
be easily managed, such as those with - Law enforcement
- Emergency services
- The media
53Crisis Communications
- 11 steps of crisis communications
- Step 1 Identify your crisis communications team
- Step 2 Identify spokespersons
- Step 3 Spokesperson training
- Step 4 Establish communications protocols
- Step 5 Identify and know your stakeholders
- Step 6 Decide on communications methods
- Step 7 Anticipate crises
- Step 8 Develop holding statements to be used
immediately after a crisis breaks
54Crisis Communications (continued)
- 11 steps of crisis communications (continued)
- Step 9 Assess the crisis situation
- Step 10 Identify key messages for stakeholders
- Step 11 Riding out the storm
55Avoiding Unnecessary Blame
- Regardless of the cause of the crisis, the media
seeks to assign responsibility, especially if
there were casualties - Difference between fault and blame
- Fault occurs when management could have done
something in line with due diligence or due care
to prepare for or react to a crisis - Blame occurs as a human response to deal with
inexplicable travesty associated with loss - If the organization believes it is not at fault,
it should take steps to avoid being blamed
56Avoiding Unnecessary Blame (continued)
- Examine vulnerabilities that could escalate to
crises - Is there more that could be done to prevent or
prepare for this event? - Will the planned reaction create further risk to
employees or others? - If the CM plan goes as expected, will you be
proud to be on the news?
57Avoiding Unnecessary Blame (continued)
- Manage outrage to defuse blame
- Be prepared to demonstrate how prepared you were
for the emergency - Seek and accept responsibility where appropriate
- Consider the Johnson Johnson response to the
Tylenol poisoning in 1982
58Avoiding Unnecessary Blame (continued)
- Questions to help avoid blame
- Should we have foreseen this and taken
precautions to prevent it? - Were we unprepared to respond effectively?
- Did management do anything intentionally that
caused this or made it more severe? - Were we unjustified in actions leading up to and
following the incident? - Is there any type of scandal or cover-up related
to our involvement in the incident?
59Succession Planning
- It is extremely difficult for individuals to
function following a loss of life of someone they
know or if they witnessed the death - When an organization's chain of command is
broken, post-traumatic stress among the survivors
may hamper action - Succession planning (SP) process that enables an
organization to cope with any loss of personnel
with a minimum degree of disruption
60Elements of Succession Planning
- Succession planning is an essential
executive-level function - Six-step model directs what management should do
- Assure an alignment between the organizations
strategic plan and the intent of the SP process - Identify key positions that should be protected
by SP - Seek out current and future candidates for key
positions from among members of the organization - Develop training programs to ready potential
successors
61Elements of Succession Planning (continued)
- Six-step model (continued)
- Integrate the SP process into the culture of the
organization - Ensure that the SP process is complementary to
the staff development programs throughout HR
functions - Alignment with strategy
- SP process should be created to meet the current
and future needs of the organizations strategic
plan
62Elements of Succession Planning (continued)
- Identifying positions
- Positions to include in the SP are those where
the loss of an incumbent will cause great
economic loss, result in significant disruption
of operations, or create a significant risk to
secure operations of critical system - Must define thresholds for economic loss, degree
of disruption, or increased risk - Identify the critical competencies and skills for
each position
63Elements of Succession Planning (continued)
- Identifying candidates
- Use performance appraisals, validated
psychological assessments - Remember that managers tend to seek out and
advance those who are similar to themselves - Developing successors
- In addition to expected training and development
activities, candidates should receive mentoring
and other organizational real-time learning
opportunities
64Elements of Succession Planning (continued)
- Integration with routine processes
- SP process must be operated by the line managers
that form the core of the broad executive team,
not HR staff - Balancing SP and operations
- SP must have the same level of importance as
other planning organizing, leading and
controlling activities common to managers
everywhere
65Succession Planning Approaches for Crisis
Management
- All CM plans must have provisions for dealing
with losses in key positions - SP plan must indicate the degree of visibility or
transparency that will accompany the SP process - Two degrees of transparency
- Operationally integrated succession planning
fully visible approach that is well known to
incumbents and potential successors - Crisis-activated succession planning concealed
approach in which succession is unknown until
implemented
66Succession Planning Approaches for Crisis
Management (continued)
- If using crisis-activated SP, the SP mechanisms
must become part of the crisis management
operational plan
67Summary
- Crisis a significant business disruption that
stimulates extensive news media coverage and
could have legal, financial, and governmental
impact - Crises can be caused by acts of nature,
mechanical problems, human errors, or management
decisions and indecisions - Two types of crises based on rate of occurrence
and warning time sudden crisis and smoldering
crisis - Sudden crisis occurs without warning
- Smoldering crisis is any problem not generally
known within or without the company
68Summary (continued)
- Crisis management actions take by an
organization in response to an emergency
situation to minimize injury or loss of life - Crisis planning committee should have
representatives from all appropriate business
departments and disciplines - Crisis management team includes individuals
responsible for handing the response to an actual
crisis situation - Core assets to be protected are people, finances,
and reputation
69Summary (continued)
- Critical success factors for crisis management
are leadership, speed of response, a robust plan,
adequate resources, funding, caring and
compassionate response, and excellent
communications - Training for CM is similar to that for IR, DR,
and BC - During a crisis, provide employees with the
facts, managements response, impact on the
organization, and plans to recover - Use cross-training, job and task rotation, and
job redundancy to mitigate loss of critical staff
70Summary (continued)
- Do not hesitate to contact law enforcement if
needed - Critical US federal agencies include DHS, FEMA,
Secret Service, FBI, and federal hazardous
materials agencies - Communications are essential to keeping the
organization together and functioning during a
crisis - Succession planning is used to enable an
organization to deal with the loss of key
personnel