1. Successful Policy PreparationTen Point Checklist
Create a Company Risk Profile
List the hazards – short and long termList the Controls for each hazardAnalyse the gaps in risk managementBenchmark policies of similar corporationsCheck all legislative requirementsCreate Commitment Process for the BoardDevelop and test draft policy statementsCommunicate the policy to stakeholdersReview crisis poli cy after incidents
Components of successful poli cy statement contents may
include:Commitment at the highest levelPeoplePropertyBusiness Continuity EnvironmentCompany philosophyTop goals
Short Cuts to Policy Preparation:Know the hazards and risk profile, build the policy to achieve
goals that are sustainable and based on realistic measure of company capability.
2. Planning for Crisis ManagementThree Questions for aspiring crisis managers:
t
t
Are you planning for local, national, transnational orglobal crisis managementCan you build the plan on a functional and operationalanalysis of the company that bases the crisis managementon roles and functions rather than using specific persons
Do you have have a communications systems that cansuccessful ly operationalise the plan in a crisis
t
t
t
t
t
t
t
t
t
t
tttttt
t
t
t
t
t
t
t
t
t
If yes –create an organic functional planIf no - create a formal crisis plan that isdependanton high availabil ity of specific persons.
t
1 Daily Risk Management2 Risk Noti fication – Emergency, Stand-by or Warning3 Crisis Plan Initiated4 Loss Assessment5 Documents and forensic data secured6 Stand-Down of Crisis7 Hot Debriefing8 Immediate Recovery Plan implemented9 Crisis Plan Reviewed in Cold Debriefings
10 Rehabilitation of business, people and the environment
Ten Step Plan:
Safety Audit- A REGULAR BULLETIN ON RISK, DISASTERS, BUSINESS CONTINUITY PLANNING -
Dr SALLY LEIVESLEY PhD Lond, FRSA, MACE FEBRUARY, 2002
8/3/2019 Feb Audit
http://slidepdf.com/reader/full/feb-audit 2/4
Page 2
3. Crisis Management RolesAn example of a corporate team for a major threat:
Short Cut Notes :Ensure that the roles cover all stages of the Crisis Plan from risk monitoring to Recovery. Appoint and train personnel and any number of deputised persons that are required to
give 24 hour cover during normal operations and twelve hour shift cover during crisis operations.
Documentation of Roles
ManualsChecklistsAction CardsEmergency Boxes/manualsHot and Cold SitesOn-Line Plans available to laptopsTechnical Information
t
t
t
t
t
t
t
4. Command and Control – Lines of AuthorityFormal Organisational plans devolve authority down the line ofcontrol Reporting Lines generally follow normal reportingwithin the business
Functional RolesExamples of operational roles are:
Crisis Operations Team LeaderRisk Moni toring covering safety, security and businesscontinuityCommunications Coordinator
HR Team leaderCrisis Team Administrator
t
t
t
t
t
An example of an operation team for a major threat at a locallevel:
ManagerHR RepresentativeRisk/Safety/Securi ty RepresentativeTeam Leader from the business
t
t
t
t
Chief Executive and executive assistantSenior Management Team or lead role by senior managerof the area that is disruptedCorporate SecretaryMedia Advisers
HR ManagerInformation Technology ManagerEmergency Communications SupportRisk/Safety/Securi ty management RepresentationBoard Director
t
t
t
t
t
t
t
t
t
t Allows management to keep track of Key Personnel, assessand report on their exposure to risk and protectionmeasures implemented. The risk level indicator runs fromHigh to Low.
Allows management at local, national, global levels tocover ri sks to production and provide a report on thecurrent risk analysis to national or global levels of thecorporation
t
1.RiskMan Risk management (RiskMan)– daily ri sk
Organic plans create self-activated responses by individuals orteams at any location or at any level of the organisation.Reporting follows crisis requirements and is basedon training of individuals and systems available to them forcommunicating within the corporation.Forms if authorisation may be covered by some regulations –identify these
Emergency access or movement within controlled perimetersmay require authorisations in conjunction with emergencyservices
5. in-Country Management and Global Management of a Crisis – SystemsHAZMAN, Hazard Management System, an On-Line Package forcrisis management.The on-line package is tailored to meet the corporation’s crisismanagement at the local, national, regional or global levels.
The crisis management plans are operated for local disasters,health and safety incidents, major incidents and extreme eventsthat threaten life and business continuity at local, national orglobal operations of a corporation.
Short Cut Notes:Provide authority in advance to cover critical functions of managing crisis financial needs for mitigation, immediate recovery, and personnel
emergency funding,evacuation and emergency accommodation
Provide authority or advice in advance to cover basic structure and contents of statements for the media, shareholders or clients
2 EvacMan Evacuation Manager (EvacMan) -Plans, manages and records all aspects of emergency evacuationin case of fi re, storm, terrorist attack etc. Produces a tailoredplanned response to incidents including plans of buildings.
3.CrisisMan Crisis management –Activation of the Crisis Plan, crisis roles, communicationscontacts
8/3/2019 Feb Audit
http://slidepdf.com/reader/full/feb-audit 3/4
Page 3
Short-Cut Notes:Leadership training at the operational level
can be advanced by forward command training exercises using floor models of
sites or business operations or computer assisted simulation exercises.
7. Audit, Evaluation andInternal Review
1 How is the crisis management programme documented2 How well is the programme integrated within daily
operations3 Who reports and how?4 Has the Crisis Management Team Leader personal ly
exercised the team5 Does the programme meet regulatory requirements6 Is there a documented risk assessment7 Does the programme cover response to all identified
hazards8 What are the regular audit requirements9 What is the status of the crisis management procedures10 Is there a record of each individual’s participation in
training,exercising and crisis response
Ten steps in Evaluation: (anexample)
Short-Cut Notes:
Evaluation of programmes is essential and additional to regular auditing functions.Evaluation tests the programme against current risks and
responses and capabilities and produces recommendations to maintain the readiness and effectiveness of the programme.
Checklist of Options for Training :Tabletop ExerciseFloor Model ExerciseComputer assisted SimulationExerciseCommunications ExerciseWalk through Exercise
Modular ExerciseField ExerciseIn-situ work based team trainingOn-Line TrainingTraditional training lectures
t
t
t
t
t
t
t
t
t
t
4.CasMan Casual ty Management –Records details and provides first line management of casualties,handles all workplace injuries and incident descriptions, witnessstatements and injury details.
5.NOK Next of Kin Management –in the event of serious injury involving hospitalisation
6. TRITON Database –electronically updated information and analysis of currentterrorist threat for all countriesAlso in the package are: forensic management, logging for crisisinformation and tailored reports for each level of thecorporation.Reference Source: www.hazmansol.com
6. Training in Leadership and Emergency Management
Organic plans are designed to enable each individual andbusiness operation to manage risk as an ongoing activity.A comparison of an organic plan to a traditional contingencyplan would be like comparing a neural net to a radio channel.An organic approach is like a neural net where an intricatepattern of signs and responses by individuals come together in amatrix in comparison to a single channel of transmission.
Traditional plans utilise formal lines of information to
transmit communications about risk and crisis response whereasorganic plans utilise all the information that is available in theenvironment to stimulate the crisis response.
8/3/2019 Feb Audit
http://slidepdf.com/reader/full/feb-audit 4/4
Page 4
Short Cut Notes in Conclusion:The challenge for managers is to create operational responses
that not only look effective, but actually work in a crisis.Organic crisis plans will use all available information from security, risk, safety and business continuity management to create a seamless crisis management operation at the local, national, regional or global level.
8. Creating a Flexible and Organic Plan to Manage Emergencies
The Author:Dr Sally Leivesley read for a PhD at the University ofLondon based on researchinto major loss events. She has trained with the HomeOffice as a Scientific Adviser in nuclear,chemical and conventional explosions and in advanced
radiobiology. She has specialised in risk,business continuity and extreme events. Operationscovering ri sk and business continui ty inindustries since 1976 include: banking and financialservices; media; bulk storage; shipping; rail ;retail; coal, gas and fuel- oil power stations;petrochemicals; gas; underground and open-cut mines;pharmaceuticals and food manufacturing. She has workedextensively with media teams inexercising extreme events and news coverage. Assessmentshave been made of the ChannelTunnel, the Thames Barrier, and reports havebeenprepared following Chernobyl and Three MileIsland. She provided a workshop on the Twin Towersattacks to CompSec2001 on the TwinTowers. In 1997 she exercised an American multinationalmanufacturer on loss of globalheadquarters from a 727 flying into a tower building andin the past five years has undertakenanthrax and chemical exercises with critical facilities andcompanies.
Organic plans are designed to enable each individual andbusiness operation to manage risks as an ongoing activity.A comparison of an organic plan to a traditional contingencyplan would like comparing a neural net to a radio channel. Anorganic approach is like a neural net where an inticate patternof signs and responses by individuals come together in a matrixin comparison to a single channel of transmission.
The characteristics of an organic plan are:
Measurement of risks in the environment are ongoingRisk perception of the individual is applied to thesituationResponses are pre-conditioned by exercising and trainingCommand, Control and Coordination are throughdispersed networks rather than lineoperationsTeam leadership is crucial to protection of people at thelocal levelIndividual plans for self protection, business protectionand response to incidents areIntegrated into the corporate business continuity
