Principles of Incident Response and Disaster Recovery - PowerPoint PPT Presentation

1 / 70
About This Presentation
Title:

Principles of Incident Response and Disaster Recovery

Description:

Title: Chapter 11 Created Date: 9/27/2002 11:29:22 PM Document presentation format: On-screen Show (4:3) Other titles: Times New Roman Arial Default Design 1_Default ... – PowerPoint PPT presentation

Number of Views:301
Avg rating:3.0/5.0
Slides: 71
Provided by: isaEduGr
Category:

less

Transcript and Presenter's Notes

Title: Principles of Incident Response and Disaster Recovery


1
Principles of Incident Response and Disaster
Recovery
  • Crisis Management and Human Factors

2
Objectives
  • Understand the role of crisis management in the
    typical organization
  • Guide the creation of a plan preparing for crisis
    management
  • Understand and deal with post-crisis trauma
  • Work toward getting people back to work after a
    crisis
  • Know the impact of the decisions regarding law
    enforcement involvement

3
Objectives (continued)
  • Manage a crisis communications process
  • Prepare for the ultimate crisis in an
    organization through succession planning

4
Introduction
  • Reactions to a crisis are typically focused on
    technical issues and economic priorities
  • The most critical assets the people are often
    overlooked
  • People cannot be readily replaced

5
Crisis Management in the Organization
  • Crises are inevitable, whether the organization
    is prepared or not
  • Crisis management brings its own terminology, and
    a host of myths

6
Crisis Terms and Definitions
  • Crisis a significant business disruption that
    stimulates extensive news media coverage
  • Crises are typically caused by
  • Acts of nature (storms, earthquakes, volcanic
    activity, etc.)
  • Mechanical problems (ruptured pipes, metal
    fatigue, etc.)
  • Human errors (wrong valve opened,
    miscommunications, etc.)
  • Management decisions and indecisions (ignoring a
    problem, hiding a problem, etc.)

7
Crisis Terms and Definitions (continued)
  • Crises can be categorized into two types
  • Sudden crisis
  • Smoldering crisis
  • Sudden crisis a disruption in the companys
    business that
  • Occurs without warning
  • Is likely to generate news coverage
  • May adversely impact employees, investors,
    customers, suppliers, and other stakeholders

8
Crisis Terms and Definitions (continued)
  • A sudden crisis may be
  • A business-related accident resulting in
    significant property damage that disrupts normal
    business operations
  • Death or serious illness or injury of management,
    employees, contractors, customers, visitors,
    etc., as the result of a business-related
    accident
  • Sudden death or incapacitation of a key executive
  • Discharge of hazardous chemicals or other
    materials into the environment
  • Accidents that cause disruption of telephone or
    utility service

9
Crisis Terms and Definitions (continued)
  • A sudden crisis may be (continued)
  • Significant reduction in utilities or vital
    services needed to conduct business
  • Any natural disaster that disrupts operations or
    endangers employees
  • Unexpected job action or labor disruption
  • Workplace violence involving employees, family
    members, or customers
  • Smoldering crisis any serious business problem
    not generally known within or without the
    company, which may generate negative news
    coverage if or when it goes public

10
Crisis Terms and Definitions (continued)
  • Examples of smoldering crises
  • Sting operations by a news organization or
    government agency
  • OHSA or EPA violations that could result in fines
    or legal action
  • Customer allegations of overcharging or other
    improper conduct
  • Investigation by a federal, state, or local
    government agency
  • Action by a disgruntled employee such as serious
    threats or whistle-blowing

11
Crisis Terms and Definitions (continued)
  • Examples of smoldering crises (continued)
  • Indications of significant legal, judicial, or
    regulatory action against the business
  • Discovery of serious internal problems that will
    have to be disclosed to employees, investors,
    customers, vendors, and/or government officials
  • Crisis management (CM) those actions taken by an
    organization in response to a an emergency
    situation in an effort to minimize injury or loss
    of life

12
Crisis Terms and Definitions (continued)
  • Emergency response all activities related to
    safely managing the immediate physical, health,
    and environmental impacts of an incident
  • Crisis communications the public relations
    aspect of crisis management, including both
    internal and external communications
  • Humanitarian assistance efforts designed to
    address the psychological and emotional impact on
    the workforce

13
Crisis Misconceptions
  • Myth 1 The majority of business crises are
    sudden crises
  • Fact There are more smoldering crises than
    sudden crises
  • Myth 2 Crises are most commonly the result of
    employee mistakes or acts of nature
  • Fact Crises resulting from management actions,
    inactions, or decisions are more prevalent

14
Preparing for Crisis Management
  • Organizations must prepare for crisis management
  • Crises may be small and innocuous, or large and
    catastrophic
  • The most effective executives have learned to
    deal successfully with crises
  • Goal is to keep crises well managed and out of
    the media when possible

15
General Preparation Guidelines
  • Preparation tips
  • Prepare contingency plans in advance
  • Immediately and clearly announce internally that
    only the crisis team members should speak about
    the crisis to the outside world
  • Move quickly the first hours after the crisis
    breaks are when the media will jump on it
  • Use crisis management consultants
  • Give accurate and correct information trying to
    manipulate information will backfire
  • Consider both short-term and long-term effects
    when making decisions about actions

16
General Preparation Guidelines (continued)
  • Excuses frequently offered by companies in
    crisis
  • Denial It cant happen to us.
  • Deferral or low prioritization Weve got more
    important issues to handle.
  • Ignorance Risk? What risk?
  • Inattention to warning signs I didnt see it
    coming.
  • Ineffective or insufficient planning I thought
    we were ready!

17
Organizing the Crisis Management Team
  • Crisis management planning committee
  • Group charged with analyzing vulnerabilities,
    evaluating existing plans, and developing and
    implementing a comprehensive crisis management
    program
  • Should include representatives of all appropriate
    departments
  • May include an outside consultant
  • Crisis management team responsible for handling
    the response to an actual crisis situation

18
Organizing the Crisis Management Team (continued)
  • CM team
  • May consist of only a few individuals
  • Usually relatively devoid of technical
    proficiency
  • Primary focus is the command and coordination of
    human resources in an emergency
  • Crisis management focuses on the physical,
    mental, and emotional health and well-being of
    the people in the organization

19
Organizing the Crisis Management Team (continued)
  • CM team members typically include
  • Team leader responsible for overseeing the
    actions of the CM team usually a senior HR
    executive
  • Communications coordinator manages all
    communications between CM team, management,
    employees, and the public, including media and
    government
  • Emergency services coordinator responsible for
    contacting and managing all interactions between
    the organization and any emergency services,
    including utilities
  • Other members as needed

20
Organizing the Crisis Management Team (continued)
  • Head count
  • Physical accountability of all personnel
    essential in determining the whereabouts of
    employees during an emergency
  • Usually the responsibility of the first-line
    supervisor, with reporting to the next level of
    management
  • Top of the chain of command aggregates the totals
    to ensure all employees are accounted for
  • Crisis management planning team is responsible
    for developing the CM plan

21
Organizing the Crisis Management Team (continued)
  • Questions in preparation
  • What kind of notification system do we have or
    need? Automated or manual? How long does it take?
  • Is there an existing crisis management plan? How
    old is it? When was it last used or tested?
  • What internal operations must be kept
    confidential to prevent embarrassment or damage
    to the organization? How are we currently
    protecting that information?
  • Is there an official spokesperson? Who is the
    alternate?

22
Organizing the Crisis Management Team (continued)
  • Questions in preparation (continued)
  • What information should be shared with the media?
    With our employees?
  • What crises have we faced in the past? What
    crises have other organizations in our region
    faced? Have we changed how we operate as a result
    of those crises?
  • CM Planning team should also use the BIA and IR,
    DR, and BC scenarios with best-case, worst-case,
    and most likely outcomes to provide insight

23
Crisis Management Critical Success Factors
  • Critical success factors those few things that
    must go well to ensure success for a manager or
    organization
  • Crisis management critical success factors
  • Leadership
  • Speed of response
  • A robust plan
  • Adequate resources
  • Funding
  • Caring and compassionate response
  • Excellent communications

24
Crisis Management Critical Success Factors
(continued)
  • Leadership
  • Provides purpose, direction, and motivation to
    others
  • Leaders need not be managers
  • Important leadership skills
  • Multitasking
  • Rational under pressure
  • Empathy
  • Quick, effective decision making
  • Delegation
  • Communications
  • Prioritization

25
Crisis Management Critical Success Factors
(continued)
  • Golden hour in medical terms, the first hour
    after an injury if treated within this period,
    there is the highest probability of recovery
  • Speed of response
  • Handle as much as possible in the first hour to
    ensure the highest probability of minimizing
    crisis impact
  • A robust plan
  • Plan is the heart of the CM response
  • Plan must be clearly defined, rehearsed, and
    managed

26
Crisis Management Critical Success Factors
(continued)
  • Adequate resources
  • The right resources at the right place
  • Some critical resources include
  • Access to funds, especially cash
  • Communications management
  • Transportation to and/or away from the crisis
    area
  • Legal advice
  • Insurance advice and support
  • Moral and emotional support
  • Media management
  • Effective operations center

27
Crisis Management Critical Success Factors
(continued)
  • Funding
  • Dont be cheap spend what is needed when it is
    needed
  • Cutting corners may lead to legal fees and
    punitive damages later
  • Expenses may include
  • Employee assistance programs, including
    counseling
  • Travel expenses, including lodging
  • Employee overtime for hourly staff
  • Replacement of lost, damaged, or destroyed
    property for employees
  • Compensation for those who were injured

28
Crisis Management Critical Success Factors
(continued)
  • Caring and compassionate response
  • At some point it has to be people concerned about
    people
  • CM team and management must have good people
    skills, be able to demonstrate they understand
    the personal issues their employees are facing
  • Excellent communications
  • Fear of the unknown is the worst fear of all
  • Keep employees, the community, and the media
    informed of events and the organizations efforts

29
Crisis Management Critical Success Factors
(continued)
  • Communications items to consider in planning
  • Have key personnel undergo media training
  • Know your stakeholders and keep them apprised
  • Tell it all, tell it fast, and tell the truth
  • Have information ready to distribute, either
    verbally or in writing
  • Express pity, praise, and promise

30
Developing the Crisis Management Plan
  • Crisis management plan
  • Developed by the CM planning team
  • Specifies the roles and responsibilities of
    individuals during a crisis
  • Provides instruction to the CM team and to
    individual employees
  • Can serve as both policy and plan

31
Developing the Crisis Management Plan (continued)
  • Typical CM plan has these sections (continued)
  • Purpose
  • Crisis management planning committee
  • Crisis types
  • Crisis management team structure
  • Responsibility and control
  • Implementation
  • Crisis management protocols
  • Crisis management plan priorities
  • Appendices

32
Developing the Crisis Management Plan (continued)
  • Purpose
  • Overview of the purpose
  • Identifies the individuals to whom this plan
    applies
  • Crisis management planning committee
  • Identifies the CM planning committee
  • Distinguishes the planning committee from the
    operating team
  • May also specify the frequency and location of
    the planning committee meetings

33
Developing the Crisis Management Plan (continued)
  • Crisis types
  • Groups crises into 3 or 4 categories with
    corresponding level of response required
  • Examples
  • Category 1 Minor damage to physical faculties or
    minor injury to personnel addressable with
    on-site resources or limited off-site assistance
  • Category 2 Major damage to physical facilities
    or injury to personnel requiring considerable
    off-site assistance
  • Category 3 Organization-wide crisis requiring
    evacuation of facilities

34
Developing the Crisis Management Plan (continued)
  • Crisis management team structure
  • Identifies CM team and responsibilities by names
    or titles
  • Responsibility and control
  • Defines the level of authority granted to the CM
    team leader during a crisis
  • Chain of command list of officials from an
    individual to the top level executive
  • Executive-in-charge the ranking executive on
    site when the crisis occurs

35
Developing the Crisis Management Plan (continued)
  • Implementation
  • Details on implementation, including
    contingencies
  • Should handle optimal and suboptimal situations
    with reduced services
  • Key tasks include communications to emergency
    services, management, and employees
  • Crisis management protocols
  • Notification protocols for individuals based on
    typical crisis or emergency events

36
Developing the Crisis Management Plan (continued)
  • Typical protocols include
  • Medical emergency epidemic or poisoning
  • Violent crime or behavior robbery, murder,
    suicide, personal injury (existing or potential),
    etc.
  • Political situations riots, demonstrations, etc.
  • Off-campus incidents or accidents involving
    employees
  • Environmental or natural disasters fires,
    earthquakes, floods, chemical spills or leaks,
    explosions, etc.
  • Bomb threats

37
Developing the Crisis Management Plan (continued)
  • Crisis management plan priorities
  • Defines priorities of effort for the CM team and
    other responsible individuals
  • Requires the establishment of general priorities,
    each with a number of subordinate priorities
  • Details the objectives for each priority level
  • Appendices
  • Critical phone numbers (communications roster)
  • Building layouts or floor plans
  • Planning checklists

38
Developing the Crisis Management Plan (continued)
  • Assembly area (AA) an area where individuals
    should gather to facilitate a quick head count
  • Sample CM plan is included in Appendix C

39
Crisis Management Training and Testing
  • Includes desk check, talk-throughs,
    walk-throughs, simulation, and other exercises on
    a regular basis
  • Training exercises unique to CM include
  • Emergency roster test (notification test or alert
    roster test) seeks to determine the ability of
    the employees to respond to a notification system
  • Tabletop exercises scenario-driven talk-through
  • Simulation allows employees to practice their
    responses to the simulated situation may be done
    in concert with fire or emergency services

40
Crisis Management Training and Testing (continued)
  • First aid training
  • Advisable for first responders
  • Should include first aid and CPR training
  • May include heart defibrillators

41
Other Crisis Management Preparations
  • Emergency kits containing
  • Laminated checklist of steps in CM plan
  • Map with assembly areas and shelters
  • Laminated card with emergency services numbers
  • Flashlight, batteries, and reflective vests
  • Warning triangle markers and caution tape
  • First aid kit with disposable gloves
  • Clipboard, notepad, and pens
  • Permanent markers
  • Spray paint or other high-visibility markers

42
Other Crisis Management Preparations (continued)
  • ID cards
  • Contain employee personal information plus
    emergency information
  • Must protect employee privacy, however
  • Medical alert tags and bracelets
  • Recommended for all employees with allergies,
    diabetes, or other special medical conditions

43
Post Crisis Trauma
  • Post-traumatic stress disorder can affect anyone
    who has experienced a severe traumatic episode
  • The organization must look out for the well-being
    of its employees
  • Effects of trauma may not show up for some time

44
Post-Traumatic Stress Disorder
  • Post-traumatic stress disorder (PTSD)
  • A psychiatric disorder that can occur following
    the experience or witnessing of life-threatening
    events such as military combat, natural
    disasters, terrorist incidents, serious
    accidents, or violent personal assaults like rape
  • Often manifests as nightmares and flashbacks
  • Symptoms include difficulty sleeping, detachment
  • Requires outside expert assistance

45
Employee Assistance Programs
  • Employee assistance program (EAP)
  • Provide a variety of counseling services
  • May include
  • Counselors
  • Legal aides
  • Medical professionals
  • Interpreters
  • May be part of health benefits program

46
Immediately After the Crisis
  • Use assembly areas to gather employees, conduct
    head counts, and assess injuries and needs
  • Hold an information briefing to provide employees
    with an overview of the situation and what the
    course of action will be
  • Advise employees not to speak with the media
  • Be prepared to deal with family members
  • May need outside expert assistance
  • Follow up with employees receiving medical care
  • Personal visits to injured employees or grieving
    families is advised

47
Getting People Back to Work
  • Start with an information briefing to all
    employees to squelch the rumor mill
  • Include the facts, managements response, impact
    on the organization, and plans to recover, plus
    timetables if available
  • Vital to use skilled crisis management
    professionals to monitor and follow up on
    employees as needed

48
Dealing with Loss
  • Employees may leave the organization through
  • Death
  • Serious injury
  • Unwillingness to return after a crisis
  • Vital skills and organizational knowledge may be
    lost when employees leave
  • Techniques to prepare for loss of skills and
    knowledge include
  • Cross-training
  • Job and task rotation
  • Redundancy

49
Dealing with Loss (continued)
  • Cross-training
  • Ensuring that every employee is trained to
    perform at least part of the job of another
    employee
  • Usually occurs as on-the-job training and
    one-on-one coaching
  • Must ensure that employees do not feel they are
    being prepared for termination
  • Job and task rotation
  • Job rotation moves employees from one position to
    another
  • Can use vertical and horizontal job rotation

50
Dealing with Loss (continued)
  • Vertical job rotation rotating an employee
    through jobs in the same functional area from
    lowest to highest (through progression and
    promotion)
  • Horizontal job rotation movement of employees
    between positions at the same organizational
    level
  • Task rotation involves the rotation of a portion
    of a job rather than the entire position
  • Personnel redundancy hiring more individuals
    than the minimum number required to perform the
    function

51
Law Enforcement Involvement
  • Do not hesitate to contact law enforcement during
    a crisis
  • Law enforcement have skills geared to crisis
    management
  • Crowd control
  • First aid
  • Search and rescue
  • Physical security
  • Involvement may escalate from local to state to
    federal agents and officers

52
Managing Crisis Communications
  • Managing internal and external communications
    during and after a crisis is an essential factor
    in keeping the organization together and
    functioning
  • Some communications can be managed some cannot
    be easily managed, such as those with
  • Law enforcement
  • Emergency services
  • The media

53
Crisis Communications
  • 11 steps of crisis communications
  • Step 1 Identify your crisis communications team
  • Step 2 Identify spokespersons
  • Step 3 Spokesperson training
  • Step 4 Establish communications protocols
  • Step 5 Identify and know your stakeholders
  • Step 6 Decide on communications methods
  • Step 7 Anticipate crises
  • Step 8 Develop holding statements to be used
    immediately after a crisis breaks

54
Crisis Communications (continued)
  • 11 steps of crisis communications (continued)
  • Step 9 Assess the crisis situation
  • Step 10 Identify key messages for stakeholders
  • Step 11 Riding out the storm

55
Avoiding Unnecessary Blame
  • Regardless of the cause of the crisis, the media
    seeks to assign responsibility, especially if
    there were casualties
  • Difference between fault and blame
  • Fault occurs when management could have done
    something in line with due diligence or due care
    to prepare for or react to a crisis
  • Blame occurs as a human response to deal with
    inexplicable travesty associated with loss
  • If the organization believes it is not at fault,
    it should take steps to avoid being blamed

56
Avoiding Unnecessary Blame (continued)
  • Examine vulnerabilities that could escalate to
    crises
  • Is there more that could be done to prevent or
    prepare for this event?
  • Will the planned reaction create further risk to
    employees or others?
  • If the CM plan goes as expected, will you be
    proud to be on the news?

57
Avoiding Unnecessary Blame (continued)
  • Manage outrage to defuse blame
  • Be prepared to demonstrate how prepared you were
    for the emergency
  • Seek and accept responsibility where appropriate
  • Consider the Johnson Johnson response to the
    Tylenol poisoning in 1982

58
Avoiding Unnecessary Blame (continued)
  • Questions to help avoid blame
  • Should we have foreseen this and taken
    precautions to prevent it?
  • Were we unprepared to respond effectively?
  • Did management do anything intentionally that
    caused this or made it more severe?
  • Were we unjustified in actions leading up to and
    following the incident?
  • Is there any type of scandal or cover-up related
    to our involvement in the incident?

59
Succession Planning
  • It is extremely difficult for individuals to
    function following a loss of life of someone they
    know or if they witnessed the death
  • When an organization's chain of command is
    broken, post-traumatic stress among the survivors
    may hamper action
  • Succession planning (SP) process that enables an
    organization to cope with any loss of personnel
    with a minimum degree of disruption

60
Elements of Succession Planning
  • Succession planning is an essential
    executive-level function
  • Six-step model directs what management should do
  • Assure an alignment between the organizations
    strategic plan and the intent of the SP process
  • Identify key positions that should be protected
    by SP
  • Seek out current and future candidates for key
    positions from among members of the organization
  • Develop training programs to ready potential
    successors

61
Elements of Succession Planning (continued)
  • Six-step model (continued)
  • Integrate the SP process into the culture of the
    organization
  • Ensure that the SP process is complementary to
    the staff development programs throughout HR
    functions
  • Alignment with strategy
  • SP process should be created to meet the current
    and future needs of the organizations strategic
    plan

62
Elements of Succession Planning (continued)
  • Identifying positions
  • Positions to include in the SP are those where
    the loss of an incumbent will cause great
    economic loss, result in significant disruption
    of operations, or create a significant risk to
    secure operations of critical system
  • Must define thresholds for economic loss, degree
    of disruption, or increased risk
  • Identify the critical competencies and skills for
    each position

63
Elements of Succession Planning (continued)
  • Identifying candidates
  • Use performance appraisals, validated
    psychological assessments
  • Remember that managers tend to seek out and
    advance those who are similar to themselves
  • Developing successors
  • In addition to expected training and development
    activities, candidates should receive mentoring
    and other organizational real-time learning
    opportunities

64
Elements of Succession Planning (continued)
  • Integration with routine processes
  • SP process must be operated by the line managers
    that form the core of the broad executive team,
    not HR staff
  • Balancing SP and operations
  • SP must have the same level of importance as
    other planning organizing, leading and
    controlling activities common to managers
    everywhere

65
Succession Planning Approaches for Crisis
Management
  • All CM plans must have provisions for dealing
    with losses in key positions
  • SP plan must indicate the degree of visibility or
    transparency that will accompany the SP process
  • Two degrees of transparency
  • Operationally integrated succession planning
    fully visible approach that is well known to
    incumbents and potential successors
  • Crisis-activated succession planning concealed
    approach in which succession is unknown until
    implemented

66
Succession Planning Approaches for Crisis
Management (continued)
  • If using crisis-activated SP, the SP mechanisms
    must become part of the crisis management
    operational plan

67
Summary
  • Crisis a significant business disruption that
    stimulates extensive news media coverage and
    could have legal, financial, and governmental
    impact
  • Crises can be caused by acts of nature,
    mechanical problems, human errors, or management
    decisions and indecisions
  • Two types of crises based on rate of occurrence
    and warning time sudden crisis and smoldering
    crisis
  • Sudden crisis occurs without warning
  • Smoldering crisis is any problem not generally
    known within or without the company

68
Summary (continued)
  • Crisis management actions take by an
    organization in response to an emergency
    situation to minimize injury or loss of life
  • Crisis planning committee should have
    representatives from all appropriate business
    departments and disciplines
  • Crisis management team includes individuals
    responsible for handing the response to an actual
    crisis situation
  • Core assets to be protected are people, finances,
    and reputation

69
Summary (continued)
  • Critical success factors for crisis management
    are leadership, speed of response, a robust plan,
    adequate resources, funding, caring and
    compassionate response, and excellent
    communications
  • Training for CM is similar to that for IR, DR,
    and BC
  • During a crisis, provide employees with the
    facts, managements response, impact on the
    organization, and plans to recover
  • Use cross-training, job and task rotation, and
    job redundancy to mitigate loss of critical staff

70
Summary (continued)
  • Do not hesitate to contact law enforcement if
    needed
  • Critical US federal agencies include DHS, FEMA,
    Secret Service, FBI, and federal hazardous
    materials agencies
  • Communications are essential to keeping the
    organization together and functioning during a
    crisis
  • Succession planning is used to enable an
    organization to deal with the loss of key
    personnel
Write a Comment
User Comments (0)
About PowerShow.com