1 / 80

Principles of Incident Response and Disaster Recovery

Principles of Incident Response and Disaster Recovery. Chapter 11 Crisis Management and Human Factors. Objectives. Understand the role of crisis management in the typical organization Guide the creation of a plan preparing for crisis management Understand and deal with post-crisis trauma

idalee
Download Presentation

Principles of Incident Response and Disaster Recovery

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Principles of Incident Response and Disaster Recovery Chapter 11 Crisis Management and Human Factors

  2. Objectives • Understand the role of crisis management in the typical organization • Guide the creation of a plan preparing for crisis management • Understand and deal with post-crisis trauma • Work toward getting people back to work after a crisis • Know the impact of the decisions regarding law enforcement involvement Principles of Incident Response and Disaster Recovery

  3. Objectives (continued) • Manage a crisis communications process • Prepare for the ultimate crisis in an organization through succession planning Principles of Incident Response and Disaster Recovery

  4. Introduction • Reactions to a crisis are typically focused on technical issues and economic priorities • The most critical assets – the people – are often overlooked • People cannot be readily replaced Principles of Incident Response and Disaster Recovery

  5. Crisis Management in the Organization • Crises are inevitable, whether the organization is prepared or not • Crisis management brings its own terminology, and a host of myths Principles of Incident Response and Disaster Recovery

  6. Crisis Terms and Definitions • Crisis: a significant business disruption that stimulates extensive news media coverage • Crises are typically caused by: • Acts of nature (storms, earthquakes, volcanic activity, etc.) • Mechanical problems (ruptured pipes, metal fatigue, etc.) • Human errors (wrong valve opened, miscommunications, etc.) • Management decisions and indecisions (ignoring a problem, hiding a problem, etc.) Principles of Incident Response and Disaster Recovery

  7. Crisis Terms and Definitions (continued) • Crises can be categorized into two types: • Sudden crisis • Smoldering crisis • Sudden crisis: a disruption in the company’s business that: • Occurs without warning • Is likely to generate news coverage • May adversely impact employees, investors, customers, suppliers, and other stakeholders Principles of Incident Response and Disaster Recovery

  8. Crisis Terms and Definitions (continued) • A sudden crisis may be: • A business-related accident resulting in significant property damage that disrupts normal business operations • Death or serious illness or injury of management, employees, contractors, customers, visitors, etc., as the result of a business-related accident • Sudden death or incapacitation of a key executive • Discharge of hazardous chemicals or other materials into the environment • Accidents that cause disruption of telephone or utility service Principles of Incident Response and Disaster Recovery

  9. Crisis Terms and Definitions (continued) • A sudden crisis may be (continued): • Significant reduction in utilities or vital services needed to conduct business • Any natural disaster that disrupts operations or endangers employees • Unexpected job action or labor disruption • Workplace violence involving employees, family members, or customers • Smoldering crisis: any serious business problem not generally known within or without the company, which may generate negative news coverage if or when it goes public Principles of Incident Response and Disaster Recovery

  10. Crisis Terms and Definitions (continued) • Examples of smoldering crises: • Sting operations by a news organization or government agency • OHSA or EPA violations that could result in fines or legal action • Customer allegations of overcharging or other improper conduct • Investigation by a federal, state, or local government agency • Action by a disgruntled employee such as serious threats or whistle-blowing Principles of Incident Response and Disaster Recovery

  11. Crisis Terms and Definitions (continued) • Examples of smoldering crises (continued): • Indications of significant legal, judicial, or regulatory action against the business • Discovery of serious internal problems that will have to be disclosed to employees, investors, customers, vendors, and/or government officials • Crisis management (CM): those actions taken by an organization in response to a an emergency situation in an effort to minimize injury or loss of life Principles of Incident Response and Disaster Recovery

  12. Crisis Terms and Definitions (continued) • Emergency response: all activities related to safely managing the immediate physical, health, and environmental impacts of an incident • Crisis communications: the public relations aspect of crisis management, including both internal and external communications • Humanitarian assistance: efforts designed to address the psychological and emotional impact on the workforce Principles of Incident Response and Disaster Recovery

  13. Crisis Misconceptions • Myth #1: The majority of business crises are sudden crises • Fact: There are more smoldering crises than sudden crises • Myth #2: Crises are most commonly the result of employee mistakes or acts of nature • Fact: Crises resulting from management actions, inactions, or decisions are more prevalent Principles of Incident Response and Disaster Recovery

  14. Crisis Misconceptions (continued) Principles of Incident Response and Disaster Recovery

  15. Crisis Misconceptions (continued) Principles of Incident Response and Disaster Recovery

  16. Preparing for Crisis Management • Organizations must prepare for crisis management • Crises may be small and innocuous, or large and catastrophic • The most effective executives have learned to deal successfully with crises • Goal is to keep crises well managed and out of the media when possible Principles of Incident Response and Disaster Recovery

  17. General Preparation Guidelines • Preparation tips: • Prepare contingency plans in advance • Immediately and clearly announce internally that only the crisis team members should speak about the crisis to the outside world • Move quickly: the first hours after the crisis breaks are when the media will jump on it • Use crisis management consultants • Give accurate and correct information; trying to manipulate information will backfire • Consider both short-term and long-term effects when making decisions about actions Principles of Incident Response and Disaster Recovery

  18. General Preparation Guidelines (continued) • Excuses frequently offered by companies in crisis: • Denial: “It can’t happen to us.” • Deferral or low prioritization: “We’ve got more important issues to handle.” • Ignorance: “Risk? What risk?” • Inattention to warning signs: “I didn’t see it coming.” • Ineffective or insufficient planning: “I thought we were ready!” Principles of Incident Response and Disaster Recovery

  19. Organizing the Crisis Management Team • Crisis management planning committee: • Group charged with analyzing vulnerabilities, evaluating existing plans, and developing and implementing a comprehensive crisis management program • Should include representatives of all appropriate departments • May include an outside consultant • Crisis management team: responsible for handling the response to an actual crisis situation Principles of Incident Response and Disaster Recovery

  20. Organizing the Crisis Management Team (continued) • CM team: • May consist of only a few individuals • Usually relatively devoid of technical proficiency • Primary focus is the command and coordination of human resources in an emergency • Crisis management focuses on the physical, mental, and emotional health and well-being of the people in the organization Principles of Incident Response and Disaster Recovery

  21. Organizing the Crisis Management Team (continued) • CM team members typically include: • Team leader: responsible for overseeing the actions of the CM team; usually a senior HR executive • Communications coordinator: manages all communications between CM team, management, employees, and the public, including media and government • Emergency services coordinator: responsible for contacting and managing all interactions between the organization and any emergency services, including utilities • Other members as needed Principles of Incident Response and Disaster Recovery

  22. Organizing the Crisis Management Team (continued) • Head count: • Physical accountability of all personnel; essential in determining the whereabouts of employees during an emergency • Usually the responsibility of the first-line supervisor, with reporting to the next level of management • Top of the chain of command aggregates the totals to ensure all employees are accounted for • Crisis management planning team is responsible for developing the CM plan Principles of Incident Response and Disaster Recovery

  23. Organizing the Crisis Management Team (continued) • Questions in preparation: • What kind of notification system do we have or need? Automated or manual? How long does it take? • Is there an existing crisis management plan? How old is it? When was it last used or tested? • What internal operations must be kept confidential to prevent embarrassment or damage to the organization? How are we currently protecting that information? • Is there an official spokesperson? Who is the alternate? Principles of Incident Response and Disaster Recovery

  24. Organizing the Crisis Management Team (continued) • Questions in preparation (continued): • What information should be shared with the media? With our employees? • What crises have we faced in the past? What crises have other organizations in our region faced? Have we changed how we operate as a result of those crises? • CM Planning team should also use the BIA and IR, DR, and BC scenarios with best-case, worst-case, and most likely outcomes to provide insight Principles of Incident Response and Disaster Recovery

  25. Crisis Management Critical Success Factors • Critical success factors: those few things that must go well to ensure success for a manager or organization • Crisis management critical success factors: • Leadership • Speed of response • A robust plan • Adequate resources • Funding • Caring and compassionate response • Excellent communications Principles of Incident Response and Disaster Recovery

  26. Crisis Management Critical Success Factors (continued) • Leadership: • Provides purpose, direction, and motivation to others • Leaders need not be managers • Important leadership skills: • Multitasking • Rational under pressure • Empathy • Quick, effective decision making • Delegation • Communications • Prioritization Principles of Incident Response and Disaster Recovery

  27. Crisis Management Critical Success Factors (continued) • Golden hour: in medical terms, the first hour after an injury; if treated within this period, there is the highest probability of recovery • Speed of response: • Handle as much as possible in the first hour to ensure the highest probability of minimizing crisis impact • A robust plan: • Plan is the heart of the CM response • Plan must be clearly defined, rehearsed, and managed Principles of Incident Response and Disaster Recovery

  28. Crisis Management Critical Success Factors (continued) • Adequate resources: • The right resources at the right place • Some critical resources include: • Access to funds, especially cash • Communications management • Transportation to and/or away from the crisis area • Legal advice • Insurance advice and support • Moral and emotional support • Media management • Effective operations center Principles of Incident Response and Disaster Recovery

  29. Crisis Management Critical Success Factors (continued) • Funding: • Don’t be cheap; spend what is needed when it is needed • Cutting corners may lead to legal fees and punitive damages later • Expenses may include: • Employee assistance programs, including counseling • Travel expenses, including lodging • Employee overtime for hourly staff • Replacement of lost, damaged, or destroyed property for employees • Compensation for those who were injured Principles of Incident Response and Disaster Recovery

  30. Crisis Management Critical Success Factors (continued) • Caring and compassionate response: • At some point it has to be people concerned about people • CM team and management must have good people skills, be able to demonstrate they understand the personal issues their employees are facing • Excellent communications: • Fear of the unknown is the worst fear of all • Keep employees, the community, and the media informed of events and the organization’s efforts Principles of Incident Response and Disaster Recovery

  31. Crisis Management Critical Success Factors (continued) • Communications items to consider in planning: • Have key personnel undergo media training • Know your stakeholders and keep them apprised • Tell it all, tell it fast, and tell the truth • Have information ready to distribute, either verbally or in writing • Express pity, praise, and promise Principles of Incident Response and Disaster Recovery

  32. Developing the Crisis Management Plan • Crisis management plan: • Developed by the CM planning team • Specifies the roles and responsibilities of individuals during a crisis • Provides instruction to the CM team and to individual employees • Can serve as both policy and plan Principles of Incident Response and Disaster Recovery

  33. Developing the Crisis Management Plan (continued) • Typical CM plan has these sections (continued): • Purpose • Crisis management planning committee • Crisis types • Crisis management team structure • Responsibility and control • Implementation • Crisis management protocols • Crisis management plan priorities • Appendices Principles of Incident Response and Disaster Recovery

  34. Developing the Crisis Management Plan (continued) • Purpose: • Overview of the purpose • Identifies the individuals to whom this plan applies • Crisis management planning committee: • Identifies the CM planning committee • Distinguishes the planning committee from the operating team • May also specify the frequency and location of the planning committee meetings Principles of Incident Response and Disaster Recovery

  35. Developing the Crisis Management Plan (continued) • Crisis types: • Groups crises into 3 or 4 categories with corresponding level of response required • Examples: • Category 1: Minor damage to physical faculties or minor injury to personnel addressable with on-site resources or limited off-site assistance • Category 2: Major damage to physical facilities or injury to personnel requiring considerable off-site assistance • Category 3: Organization-wide crisis requiring evacuation of facilities Principles of Incident Response and Disaster Recovery

  36. Developing the Crisis Management Plan (continued) • Crisis management team structure: • Identifies CM team and responsibilities by names or titles • Responsibility and control: • Defines the level of authority granted to the CM team leader during a crisis • Chain of command: list of officials from an individual to the top level executive • Executive-in-charge: the ranking executive on site when the crisis occurs Principles of Incident Response and Disaster Recovery

  37. Developing the Crisis Management Plan (continued) • Implementation: • Details on implementation, including contingencies • Should handle optimal and suboptimal situations with reduced services • Key tasks include communications to emergency services, management, and employees • Crisis management protocols: • Notification protocols for individuals based on typical crisis or emergency events Principles of Incident Response and Disaster Recovery

  38. Developing the Crisis Management Plan (continued) • Typical protocols include: • Medical emergency: epidemic or poisoning • Violent crime or behavior: robbery, murder, suicide, personal injury (existing or potential), etc. • Political situations: riots, demonstrations, etc. • Off-campus incidents or accidents involving employees • Environmental or natural disasters: fires, earthquakes, floods, chemical spills or leaks, explosions, etc. • Bomb threats Principles of Incident Response and Disaster Recovery

  39. Developing the Crisis Management Plan (continued) • Crisis management plan priorities: • Defines priorities of effort for the CM team and other responsible individuals • Requires the establishment of general priorities, each with a number of subordinate priorities • Details the objectives for each priority level • Appendices: • Critical phone numbers (communications roster) • Building layouts or floor plans • Planning checklists Principles of Incident Response and Disaster Recovery

  40. Developing the Crisis Management Plan (continued) • Assembly area (AA): an area where individuals should gather to facilitate a quick head count • Sample CM plan is included in Appendix C Principles of Incident Response and Disaster Recovery

  41. Crisis Management Training and Testing • Training for CM is similar to that for IR, DR, and BC • Includes desk check, talk-throughs, walk-throughs, simulation, and other exercises on a regular basis • Training exercises unique to CM include: • Emergency roster test (notification test or alert roster test): seeks to determine the ability of the employees to respond to a notification system • Tabletop exercises: scenario-driven talk-through • Simulation: allows employees to practice their responses to the simulated situation; may be done in concert with fire or emergency services Principles of Incident Response and Disaster Recovery

  42. Crisis Management Training and Testing (continued) • First aid training: • Advisable for first responders • Should include first aid and CPR training • May include heart defibrillators Principles of Incident Response and Disaster Recovery

  43. Other Crisis Management Preparations • Emergency kits containing: • Copies of DR, BC, and CM plans • Laminated checklist of steps in CM plan • Map with assembly areas and shelters • Laminated card with emergency services numbers • Flashlight, batteries, and reflective vests • Warning triangle markers and caution tape • First aid kit with disposable gloves • Clipboard, notepad, and pens • Permanent markers • Spray paint or other high-visibility markers Principles of Incident Response and Disaster Recovery

  44. Other Crisis Management Preparations (continued) • ID cards: • Contain employee personal information plus emergency information • Must protect employee privacy, however • Medical alert tags and bracelets • Recommended for all employees with allergies, diabetes, or other special medical conditions Principles of Incident Response and Disaster Recovery

  45. Other Crisis Management Preparations (continued) Principles of Incident Response and Disaster Recovery

  46. Post Crisis Trauma • Post-traumatic stress disorder can affect anyone who has experienced a severe traumatic episode • The organization must look out for the well-being of its employees • Effects of trauma may not show up for some time Principles of Incident Response and Disaster Recovery

  47. Post-Traumatic Stress Disorder • Post-traumatic stress disorder (PTSD): • A psychiatric disorder that can occur following the experience or witnessing of life-threatening events such as military combat, natural disasters, terrorist incidents, serious accidents, or violent personal assaults like rape • Often manifests as nightmares and flashbacks • Symptoms include difficulty sleeping, detachment • Requires outside expert assistance Principles of Incident Response and Disaster Recovery

  48. Employee Assistance Programs • Employee assistance program (EAP): • Provide a variety of counseling services • May include • Counselors • Legal aides • Medical professionals • Interpreters • May be part of health benefits program Principles of Incident Response and Disaster Recovery

  49. Immediately After the Crisis • Use assembly areas to gather employees, conduct head counts, and assess injuries and needs • Hold an information briefing to provide employees with an overview of the situation and what the course of action will be • Advise employees not to speak with the media • Be prepared to deal with family members: • May need outside expert assistance • Follow up with employees receiving medical care • Personal visits to injured employees or grieving families is advised Principles of Incident Response and Disaster Recovery

  50. Getting People Back to Work • Start with an information briefing to all employees to squelch the rumor mill • Include the facts, management’s response, impact on the organization, and plans to recover, plus timetables if available • Vital to use skilled crisis management professionals to monitor and follow up on employees as needed Principles of Incident Response and Disaster Recovery

More Related