Principles of Incident Response and Disaster Recovery

1
Principles of Incident Response and Disaster
Recovery

• Crisis Management and Human Factors

2
Objectives

• Understand the role of crisis management in the
  typical organization
• Guide the creation of a plan preparing for crisis
  management
• Understand and deal with post-crisis trauma
• Work toward getting people back to work after a
  crisis
• Know the impact of the decisions regarding law
  enforcement involvement

3
Objectives (continued)

• Manage a crisis communications process
• Prepare for the ultimate crisis in an
  organization through succession planning

4
Introduction

• Reactions to a crisis are typically focused on
  technical issues and economic priorities
• The most critical assets the people are often
  overlooked
• People cannot be readily replaced

5
Crisis Management in the Organization

• Crises are inevitable, whether the organization
  is prepared or not
• Crisis management brings its own terminology, and
  a host of myths

6
Crisis Terms and Definitions

• Crisis a significant business disruption that
  stimulates extensive news media coverage
• Crises are typically caused by
• Acts of nature (storms, earthquakes, volcanic
  activity, etc.)
• Mechanical problems (ruptured pipes, metal
  fatigue, etc.)
• Human errors (wrong valve opened,
  miscommunications, etc.)
• Management decisions and indecisions (ignoring a
  problem, hiding a problem, etc.)

7
Crisis Terms and Definitions (continued)

• Crises can be categorized into two types
• Sudden crisis
• Smoldering crisis
• Sudden crisis a disruption in the companys
  business that
• Occurs without warning
• Is likely to generate news coverage
• May adversely impact employees, investors,
  customers, suppliers, and other stakeholders

8
Crisis Terms and Definitions (continued)

• A sudden crisis may be
• A business-related accident resulting in
  significant property damage that disrupts normal
  business operations
• Death or serious illness or injury of management,
  employees, contractors, customers, visitors,
  etc., as the result of a business-related
  accident
• Sudden death or incapacitation of a key executive
• Discharge of hazardous chemicals or other
  materials into the environment
• Accidents that cause disruption of telephone or
  utility service

9
Crisis Terms and Definitions (continued)

• A sudden crisis may be (continued)
• Significant reduction in utilities or vital
  services needed to conduct business
• Any natural disaster that disrupts operations or
  endangers employees
• Unexpected job action or labor disruption
• Workplace violence involving employees, family
  members, or customers
• Smoldering crisis any serious business problem
  not generally known within or without the
  company, which may generate negative news
  coverage if or when it goes public

10
Crisis Terms and Definitions (continued)

• Examples of smoldering crises
• Sting operations by a news organization or
  government agency
• OHSA or EPA violations that could result in fines
  or legal action
• Customer allegations of overcharging or other
  improper conduct
• Investigation by a federal, state, or local
  government agency
• Action by a disgruntled employee such as serious
  threats or whistle-blowing

11
Crisis Terms and Definitions (continued)

• Examples of smoldering crises (continued)
• Indications of significant legal, judicial, or
  regulatory action against the business
• Discovery of serious internal problems that will
  have to be disclosed to employees, investors,
  customers, vendors, and/or government officials
• Crisis management (CM) those actions taken by an
  organization in response to a an emergency
  situation in an effort to minimize injury or loss
  of life

12
Crisis Terms and Definitions (continued)

• Emergency response all activities related to
  safely managing the immediate physical, health,
  and environmental impacts of an incident
• Crisis communications the public relations
  aspect of crisis management, including both
  internal and external communications
• Humanitarian assistance efforts designed to
  address the psychological and emotional impact on
  the workforce

13
Crisis Misconceptions

• Myth 1 The majority of business crises are
  sudden crises
• Fact There are more smoldering crises than
  sudden crises
• Myth 2 Crises are most commonly the result of
  employee mistakes or acts of nature
• Fact Crises resulting from management actions,
  inactions, or decisions are more prevalent

14
Preparing for Crisis Management

• Organizations must prepare for crisis management
• Crises may be small and innocuous, or large and
  catastrophic
• The most effective executives have learned to
  deal successfully with crises
• Goal is to keep crises well managed and out of
  the media when possible

15
General Preparation Guidelines

• Preparation tips
• Prepare contingency plans in advance
• Immediately and clearly announce internally that
  only the crisis team members should speak about
  the crisis to the outside world
• Move quickly the first hours after the crisis
  breaks are when the media will jump on it
• Use crisis management consultants
• Give accurate and correct information trying to
  manipulate information will backfire
• Consider both short-term and long-term effects
  when making decisions about actions

16
General Preparation Guidelines (continued)

• Excuses frequently offered by companies in
  crisis
• Denial It cant happen to us.
• Deferral or low prioritization Weve got more
  important issues to handle.
• Ignorance Risk? What risk?
• Inattention to warning signs I didnt see it
  coming.
• Ineffective or insufficient planning I thought
  we were ready!

17
Organizing the Crisis Management Team

• Crisis management planning committee
• Group charged with analyzing vulnerabilities,
  evaluating existing plans, and developing and
  implementing a comprehensive crisis management
  program
• Should include representatives of all appropriate
  departments
• May include an outside consultant
• Crisis management team responsible for handling
  the response to an actual crisis situation

18
Organizing the Crisis Management Team (continued)

• CM team
• May consist of only a few individuals
• Usually relatively devoid of technical
  proficiency
• Primary focus is the command and coordination of
  human resources in an emergency
• Crisis management focuses on the physical,
  mental, and emotional health and well-being of
  the people in the organization

19
Organizing the Crisis Management Team (continued)

• CM team members typically include
• Team leader responsible for overseeing the
  actions of the CM team usually a senior HR
  executive
• Communications coordinator manages all
  communications between CM team, management,
  employees, and the public, including media and
  government
• Emergency services coordinator responsible for
  contacting and managing all interactions between
  the organization and any emergency services,
  including utilities
• Other members as needed

20
Organizing the Crisis Management Team (continued)

• Head count
• Physical accountability of all personnel
  essential in determining the whereabouts of
  employees during an emergency
• Usually the responsibility of the first-line
  supervisor, with reporting to the next level of
  management
• Top of the chain of command aggregates the totals
  to ensure all employees are accounted for
• Crisis management planning team is responsible
  for developing the CM plan

21
Organizing the Crisis Management Team (continued)

• Questions in preparation
• What kind of notification system do we have or
  need? Automated or manual? How long does it take?
• Is there an existing crisis management plan? How
  old is it? When was it last used or tested?
• What internal operations must be kept
  confidential to prevent embarrassment or damage
  to the organization? How are we currently
  protecting that information?
• Is there an official spokesperson? Who is the
  alternate?

22
Organizing the Crisis Management Team (continued)

• Questions in preparation (continued)
• What information should be shared with the media?
  With our employees?
• What crises have we faced in the past? What
  crises have other organizations in our region
  faced? Have we changed how we operate as a result
  of those crises?
• CM Planning team should also use the BIA and IR,
  DR, and BC scenarios with best-case, worst-case,
  and most likely outcomes to provide insight

23
Crisis Management Critical Success Factors

• Critical success factors those few things that
  must go well to ensure success for a manager or
  organization
• Crisis management critical success factors
• Leadership
• Speed of response
• A robust plan
• Adequate resources
• Funding
• Caring and compassionate response
• Excellent communications

24
Crisis Management Critical Success Factors
(continued)

• Leadership
• Provides purpose, direction, and motivation to
  others
• Leaders need not be managers
• Important leadership skills
• Multitasking
• Rational under pressure
• Empathy
• Quick, effective decision making
• Delegation
• Communications
• Prioritization

25
Crisis Management Critical Success Factors
(continued)

• Golden hour in medical terms, the first hour
  after an injury if treated within this period,
  there is the highest probability of recovery
• Speed of response
• Handle as much as possible in the first hour to
  ensure the highest probability of minimizing
  crisis impact
• A robust plan
• Plan is the heart of the CM response
• Plan must be clearly defined, rehearsed, and
  managed

26
Crisis Management Critical Success Factors
(continued)

• Adequate resources
• The right resources at the right place
• Some critical resources include
• Access to funds, especially cash
• Communications management
• Transportation to and/or away from the crisis
  area
• Legal advice
• Insurance advice and support
• Moral and emotional support
• Media management
• Effective operations center

27
Crisis Management Critical Success Factors
(continued)

• Funding
• Dont be cheap spend what is needed when it is
  needed
• Cutting corners may lead to legal fees and
  punitive damages later
• Expenses may include
• Employee assistance programs, including
  counseling
• Travel expenses, including lodging
• Employee overtime for hourly staff
• Replacement of lost, damaged, or destroyed
  property for employees
• Compensation for those who were injured

28
Crisis Management Critical Success Factors
(continued)

• Caring and compassionate response
• At some point it has to be people concerned about
  people
• CM team and management must have good people
  skills, be able to demonstrate they understand
  the personal issues their employees are facing
• Excellent communications
• Fear of the unknown is the worst fear of all
• Keep employees, the community, and the media
  informed of events and the organizations efforts

29
Crisis Management Critical Success Factors
(continued)

• Communications items to consider in planning
• Have key personnel undergo media training
• Know your stakeholders and keep them apprised
• Tell it all, tell it fast, and tell the truth
• Have information ready to distribute, either
  verbally or in writing
• Express pity, praise, and promise

30
Developing the Crisis Management Plan

• Crisis management plan
• Developed by the CM planning team
• Specifies the roles and responsibilities of
  individuals during a crisis
• Provides instruction to the CM team and to
  individual employees
• Can serve as both policy and plan

31
Developing the Crisis Management Plan (continued)

• Typical CM plan has these sections (continued)
• Purpose
• Crisis management planning committee
• Crisis types
• Crisis management team structure
• Responsibility and control
• Implementation
• Crisis management protocols
• Crisis management plan priorities
• Appendices

32
Developing the Crisis Management Plan (continued)

• Purpose
• Overview of the purpose
• Identifies the individuals to whom this plan
  applies
• Crisis management planning committee
• Identifies the CM planning committee
• Distinguishes the planning committee from the
  operating team
• May also specify the frequency and location of
  the planning committee meetings

33
Developing the Crisis Management Plan (continued)

• Crisis types
• Groups crises into 3 or 4 categories with
  corresponding level of response required
• Examples
• Category 1 Minor damage to physical faculties or
  minor injury to personnel addressable with
  on-site resources or limited off-site assistance
• Category 2 Major damage to physical facilities
  or injury to personnel requiring considerable
  off-site assistance
• Category 3 Organization-wide crisis requiring
  evacuation of facilities

34
Developing the Crisis Management Plan (continued)

• Crisis management team structure
• Identifies CM team and responsibilities by names
  or titles
• Responsibility and control
• Defines the level of authority granted to the CM
  team leader during a crisis
• Chain of command list of officials from an
  individual to the top level executive
• Executive-in-charge the ranking executive on
  site when the crisis occurs

35
Developing the Crisis Management Plan (continued)

• Implementation
• Details on implementation, including
  contingencies
• Should handle optimal and suboptimal situations
  with reduced services
• Key tasks include communications to emergency
  services, management, and employees
• Crisis management protocols
• Notification protocols for individuals based on
  typical crisis or emergency events

36
Developing the Crisis Management Plan (continued)

• Typical protocols include
• Medical emergency epidemic or poisoning
• Violent crime or behavior robbery, murder,
  suicide, personal injury (existing or potential),
  etc.
• Political situations riots, demonstrations, etc.
• Off-campus incidents or accidents involving
  employees
• Environmental or natural disasters fires,
  earthquakes, floods, chemical spills or leaks,
  explosions, etc.
• Bomb threats

37
Developing the Crisis Management Plan (continued)

• Crisis management plan priorities
• Defines priorities of effort for the CM team and
  other responsible individuals
• Requires the establishment of general priorities,
  each with a number of subordinate priorities
• Details the objectives for each priority level
• Appendices
• Critical phone numbers (communications roster)
• Building layouts or floor plans
• Planning checklists

38
Developing the Crisis Management Plan (continued)

• Assembly area (AA) an area where individuals
  should gather to facilitate a quick head count
• Sample CM plan is included in Appendix C

39
Crisis Management Training and Testing

• Includes desk check, talk-throughs,
  walk-throughs, simulation, and other exercises on
  a regular basis
• Training exercises unique to CM include
• Emergency roster test (notification test or alert
  roster test) seeks to determine the ability of
  the employees to respond to a notification system
• Tabletop exercises scenario-driven talk-through
• Simulation allows employees to practice their
  responses to the simulated situation may be done
  in concert with fire or emergency services

40
Crisis Management Training and Testing (continued)

• First aid training
• Advisable for first responders
• Should include first aid and CPR training
• May include heart defibrillators

41
Other Crisis Management Preparations

• Emergency kits containing
• Laminated checklist of steps in CM plan
• Map with assembly areas and shelters
• Laminated card with emergency services numbers
• Flashlight, batteries, and reflective vests
• Warning triangle markers and caution tape
• First aid kit with disposable gloves
• Clipboard, notepad, and pens
• Permanent markers
• Spray paint or other high-visibility markers

42
Other Crisis Management Preparations (continued)

• ID cards
• Contain employee personal information plus
  emergency information
• Must protect employee privacy, however
• Medical alert tags and bracelets
• Recommended for all employees with allergies,
  diabetes, or other special medical conditions

43
Post Crisis Trauma

• Post-traumatic stress disorder can affect anyone
  who has experienced a severe traumatic episode
• The organization must look out for the well-being
  of its employees
• Effects of trauma may not show up for some time

44
Post-Traumatic Stress Disorder

• Post-traumatic stress disorder (PTSD)
• A psychiatric disorder that can occur following
  the experience or witnessing of life-threatening
  events such as military combat, natural
  disasters, terrorist incidents, serious
  accidents, or violent personal assaults like rape
• Often manifests as nightmares and flashbacks
• Symptoms include difficulty sleeping, detachment
• Requires outside expert assistance

45
Employee Assistance Programs

• Employee assistance program (EAP)
• Provide a variety of counseling services
• May include
• Counselors
• Legal aides
• Medical professionals
• Interpreters
• May be part of health benefits program

46
Immediately After the Crisis

• Use assembly areas to gather employees, conduct
  head counts, and assess injuries and needs
• Hold an information briefing to provide employees
  with an overview of the situation and what the
  course of action will be
• Advise employees not to speak with the media
• Be prepared to deal with family members
• May need outside expert assistance
• Follow up with employees receiving medical care
• Personal visits to injured employees or grieving
  families is advised

47
Getting People Back to Work

• Start with an information briefing to all
  employees to squelch the rumor mill
• Include the facts, managements response, impact
  on the organization, and plans to recover, plus
  timetables if available
• Vital to use skilled crisis management
  professionals to monitor and follow up on
  employees as needed

48
Dealing with Loss

• Employees may leave the organization through
• Death
• Serious injury
• Unwillingness to return after a crisis
• Vital skills and organizational knowledge may be
  lost when employees leave
• Techniques to prepare for loss of skills and
  knowledge include
• Cross-training
• Job and task rotation
• Redundancy

49
Dealing with Loss (continued)

• Cross-training
• Ensuring that every employee is trained to
  perform at least part of the job of another
  employee
• Usually occurs as on-the-job training and
  one-on-one coaching
• Must ensure that employees do not feel they are
  being prepared for termination
• Job and task rotation
• Job rotation moves employees from one position to
  another
• Can use vertical and horizontal job rotation

50
Dealing with Loss (continued)

• Vertical job rotation rotating an employee
  through jobs in the same functional area from
  lowest to highest (through progression and
  promotion)
• Horizontal job rotation movement of employees
  between positions at the same organizational
  level
• Task rotation involves the rotation of a portion
  of a job rather than the entire position
• Personnel redundancy hiring more individuals
  than the minimum number required to perform the
  function

51
Law Enforcement Involvement

• Do not hesitate to contact law enforcement during
  a crisis
• Law enforcement have skills geared to crisis
  management
• Crowd control
• First aid
• Search and rescue
• Physical security
• Involvement may escalate from local to state to
  federal agents and officers

52
Managing Crisis Communications

• Managing internal and external communications
  during and after a crisis is an essential factor
  in keeping the organization together and
  functioning
• Some communications can be managed some cannot
  be easily managed, such as those with
• Law enforcement
• Emergency services
• The media

53
Crisis Communications

• 11 steps of crisis communications
• Step 1 Identify your crisis communications team
• Step 2 Identify spokespersons
• Step 3 Spokesperson training
• Step 4 Establish communications protocols
• Step 5 Identify and know your stakeholders
• Step 6 Decide on communications methods
• Step 7 Anticipate crises
• Step 8 Develop holding statements to be used
  immediately after a crisis breaks

54
Crisis Communications (continued)

• 11 steps of crisis communications (continued)
• Step 9 Assess the crisis situation
• Step 10 Identify key messages for stakeholders
• Step 11 Riding out the storm

55
Avoiding Unnecessary Blame

• Regardless of the cause of the crisis, the media
  seeks to assign responsibility, especially if
  there were casualties
• Difference between fault and blame
• Fault occurs when management could have done
  something in line with due diligence or due care
  to prepare for or react to a crisis
• Blame occurs as a human response to deal with
  inexplicable travesty associated with loss
• If the organization believes it is not at fault,
  it should take steps to avoid being blamed

56
Avoiding Unnecessary Blame (continued)

• Examine vulnerabilities that could escalate to
  crises
• Is there more that could be done to prevent or
  prepare for this event?
• Will the planned reaction create further risk to
  employees or others?
• If the CM plan goes as expected, will you be
  proud to be on the news?

57
Avoiding Unnecessary Blame (continued)

• Manage outrage to defuse blame
• Be prepared to demonstrate how prepared you were
  for the emergency
• Seek and accept responsibility where appropriate
• Consider the Johnson Johnson response to the
  Tylenol poisoning in 1982

58
Avoiding Unnecessary Blame (continued)

• Questions to help avoid blame
• Should we have foreseen this and taken
  precautions to prevent it?
• Were we unprepared to respond effectively?
• Did management do anything intentionally that
  caused this or made it more severe?
• Were we unjustified in actions leading up to and
  following the incident?
• Is there any type of scandal or cover-up related
  to our involvement in the incident?

59
Succession Planning

• It is extremely difficult for individuals to
  function following a loss of life of someone they
  know or if they witnessed the death
• When an organization's chain of command is
  broken, post-traumatic stress among the survivors
  may hamper action
• Succession planning (SP) process that enables an
  organization to cope with any loss of personnel
  with a minimum degree of disruption

60
Elements of Succession Planning

• Succession planning is an essential
  executive-level function
• Six-step model directs what management should do
• Assure an alignment between the organizations
  strategic plan and the intent of the SP process
• Identify key positions that should be protected
  by SP
• Seek out current and future candidates for key
  positions from among members of the organization
• Develop training programs to ready potential
  successors

61
Elements of Succession Planning (continued)

• Six-step model (continued)
• Integrate the SP process into the culture of the
  organization
• Ensure that the SP process is complementary to
  the staff development programs throughout HR
  functions
• Alignment with strategy
• SP process should be created to meet the current
  and future needs of the organizations strategic
  plan

62
Elements of Succession Planning (continued)

• Identifying positions
• Positions to include in the SP are those where
  the loss of an incumbent will cause great
  economic loss, result in significant disruption
  of operations, or create a significant risk to
  secure operations of critical system
• Must define thresholds for economic loss, degree
  of disruption, or increased risk
• Identify the critical competencies and skills for
  each position

63
Elements of Succession Planning (continued)

• Identifying candidates
• Use performance appraisals, validated
  psychological assessments
• Remember that managers tend to seek out and
  advance those who are similar to themselves
• Developing successors
• In addition to expected training and development
  activities, candidates should receive mentoring
  and other organizational real-time learning
  opportunities

64
Elements of Succession Planning (continued)

• Integration with routine processes
• SP process must be operated by the line managers
  that form the core of the broad executive team,
  not HR staff
• Balancing SP and operations
• SP must have the same level of importance as
  other planning organizing, leading and
  controlling activities common to managers
  everywhere

65
Succession Planning Approaches for Crisis
Management

• All CM plans must have provisions for dealing
  with losses in key positions
• SP plan must indicate the degree of visibility or
  transparency that will accompany the SP process
• Two degrees of transparency
• Operationally integrated succession planning
  fully visible approach that is well known to
  incumbents and potential successors
• Crisis-activated succession planning concealed
  approach in which succession is unknown until
  implemented

66
Succession Planning Approaches for Crisis
Management (continued)

• If using crisis-activated SP, the SP mechanisms
  must become part of the crisis management
  operational plan

67
Summary

• Crisis a significant business disruption that
  stimulates extensive news media coverage and
  could have legal, financial, and governmental
  impact
• Crises can be caused by acts of nature,
  mechanical problems, human errors, or management
  decisions and indecisions
• Two types of crises based on rate of occurrence
  and warning time sudden crisis and smoldering
  crisis
• Sudden crisis occurs without warning
• Smoldering crisis is any problem not generally
  known within or without the company

68
Summary (continued)

• Crisis management actions take by an
  organization in response to an emergency
  situation to minimize injury or loss of life
• Crisis planning committee should have
  representatives from all appropriate business
  departments and disciplines
• Crisis management team includes individuals
  responsible for handing the response to an actual
  crisis situation
• Core assets to be protected are people, finances,
  and reputation

69
Summary (continued)

• Critical success factors for crisis management
  are leadership, speed of response, a robust plan,
  adequate resources, funding, caring and
  compassionate response, and excellent
  communications
• Training for CM is similar to that for IR, DR,
  and BC
• During a crisis, provide employees with the
  facts, managements response, impact on the
  organization, and plans to recover
• Use cross-training, job and task rotation, and
  job redundancy to mitigate loss of critical staff

70
Summary (continued)

• Do not hesitate to contact law enforcement if
  needed
• Critical US federal agencies include DHS, FEMA,
  Secret Service, FBI, and federal hazardous
  materials agencies
• Communications are essential to keeping the
  organization together and functioning during a
  crisis
• Succession planning is used to enable an
  organization to deal with the loss of key
  personnel