The recent tragic events in Belgium, while still fresh in our minds, and sitting densely knotted in the pit of our stomachs, have woken many of us from the prosaic slumber of our daily routines. Some of us may have taken extra care to survey our surroundings during our morning commute, or taken an extra moment to reflect on life. The reality is, however, that after the shock wears off, and the media coverage all but disappears, many of us will fall back into the false security of thinking that this type of tragedy is a distant, remote threat.
Unfortunately, it is this mindset that leaves many unprepared in the event of a disaster; be it natural or human caused. Creating and maintaining a disaster recovery plan can prove critical to the well-being of your employees, customers, (and business). By planning ahead, you will be compelled to think through the best course of action for a variety of emergencies from the pre-event stage, through post- event stage, with a clarity of mind not present in the midst of chaos.
Disaster Recovery Plan
Some basics for creating a disaster recovery plan include:
- Determine conditions under which the plan would be implemented, or the disasters that could potentially occur in your area. Identify backups for essential operations, supply chains, personnel, business functions, data processes, and communication channels.
- Outline the steps that individuals will take in the event of different types of events (fire, severe weather, hazardous chemical spill, workplace violence etc). For example, during a severe weather or fire emergency, a headcount will take place in a previously agreed upon location.
- Establish a clear chain of command, and designate tasks, such as who will take head counts and who those counts will be reported to.
- Designate an emergency coordinator, who will be responsible during the initial phase of an emergency (generally this stage is defined by: discovery, activating the alarm, evacuation, employee accounting, initial response by off-site emergency services, etc.)
- Maintain a 911 notification system, or method that is to be used in the event of an emergency to call outside services, such as police, fire, or EMS.
- Maintain an emergency alarm or notification system, as a means by which to notify personnel on the premises of an emergency.
- Create evacuation routes and maps, as well as a means by which to take accounting for personnel in the event of an evacuation. (This is one reason why having visitors sign in is important!) Be proactive with personnel who may have disabilities that may impair their ability to evacuate, and discuss with them ahead of time arrangements for evacuation. If you have non-English speaking employees, have the plans and procedures available in their language.
- Discuss with and train employees on emergency procedures. This involves more than just handing them a booklet to read. Safety meetings, and emergency drills are critical to your employees and visitors safety in the event of an emergency.
- Revise and update your disaster recovery plan regularly.
While this is just a brass tacks outline of the contents of a disaster recovery plan, thinking about these elements and collaboratively putting them to paper with your management team is a good place to start. Assessment of exposure to disasters and what such exposures entail is one of the most critical elements of disaster preparedness and recovery plan efficacy.
Terror Threat Assessment
Due to the nature of this morning’s event, I will now outline in greater detail how to assess for exposures to a terror attack, to keep in mind during the creation of your disaster prevention and recovery procedures.
Most attacks are not directed at a single business or individual, therefore, it is important to be aware of the general characteristics of terror-related incidents. The Department of Homeland Security and the University of Maryland recently released the latest statistics on the types of terrorist attacks that occur most often.
- Bombings and explosions: 54 percent
- Armed assault: 23 percent
- Facility and infrastructure attacks: 7 percent
Because the most common types of terrorist attacks have the potential to devastate the infrastructure within a large area, it’s important to take structural vulnerability into consideration. Additionally, effective risk assessment must also take into consideration not only the safety of employees and customers, but also nearby pedestrians.
The first step is a general assessment. During your initial assessment, you should determine the standoff distance around the entire perimeter of your facility. This is the distance at which you can prevent an unscreened person or vehicle from approaching your business, and it is determined by the effectiveness of your facilities, employees and security procedures.
Once you have completed your general assessment, you can use the information you gathered to determine the potential impact of an attack on your business to help you focus your resources on preventing or mitigating the damage of an attack. There are three key exposures or areas of vulnerability to bear in mind when conducting your assessment:
- Structural stability: Analyze how various locations around your facility could be damaged by an explosion or bomb. Remember to consider explosions that originate from both inside and outside the building.
- Personnel vulnerability: Consider where your employees and customers are usually located in and around your business. If they are all centrally located, they will be much more vulnerable during a terrorist attack. Make sure that everyone in the building has easy access to multiple exits in the event of an attack.
- Operational continuity: Consider the vulnerability of any key equipment or other vital materials. An attack could cripple your operations if important equipment or data is lost. If possible, don’t keep all of your resources in just one area, and make sure that all of your records are backed up at a separate location.
Using the information gathered through your initial and risk assessments, you will be able to create a set of procedures to include in your disaster recovery plan in the event of a terrorist attack. While we hope that such a plan will never have to be used, having one in place can make all the difference!
Hope Still is a Risk Management Specialist, and author of the Risk Management and Loss Control Blog, at Marshall & Sterling Insurance.