Principles of incident response and disaster recovery
Download
1 / 80

Principles of Incident Response and Disaster Recovery - PowerPoint PPT Presentation


  • 437 Views
  • Updated On :

Principles of Incident Response and Disaster Recovery. Chapter 11 Crisis Management and Human Factors. Objectives. Understand the role of crisis management in the typical organization Guide the creation of a plan preparing for crisis management Understand and deal with post-crisis trauma

Related searches for Principles of Incident Response and Disaster Recovery

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Principles of Incident Response and Disaster Recovery' - idalee


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Principles of incident response and disaster recovery

Principles of Incident Response and Disaster Recovery

Chapter 11

Crisis Management and Human Factors


Objectives
Objectives

  • Understand the role of crisis management in the typical organization

  • Guide the creation of a plan preparing for crisis management

  • Understand and deal with post-crisis trauma

  • Work toward getting people back to work after a crisis

  • Know the impact of the decisions regarding law enforcement involvement

Principles of Incident Response and Disaster Recovery


Objectives continued
Objectives (continued)

  • Manage a crisis communications process

  • Prepare for the ultimate crisis in an organization through succession planning

Principles of Incident Response and Disaster Recovery


Introduction
Introduction

  • Reactions to a crisis are typically focused on technical issues and economic priorities

  • The most critical assets – the people – are often overlooked

  • People cannot be readily replaced

Principles of Incident Response and Disaster Recovery


Crisis management in the organization
Crisis Management in the Organization

  • Crises are inevitable, whether the organization is prepared or not

  • Crisis management brings its own terminology, and a host of myths

Principles of Incident Response and Disaster Recovery


Crisis terms and definitions
Crisis Terms and Definitions

  • Crisis: a significant business disruption that stimulates extensive news media coverage

  • Crises are typically caused by:

    • Acts of nature (storms, earthquakes, volcanic activity, etc.)

    • Mechanical problems (ruptured pipes, metal fatigue, etc.)

    • Human errors (wrong valve opened, miscommunications, etc.)

    • Management decisions and indecisions (ignoring a problem, hiding a problem, etc.)

Principles of Incident Response and Disaster Recovery


Principles of incident response and disaster recovery

Crisis Terms and Definitions (continued)

  • Crises can be categorized into two types:

    • Sudden crisis

    • Smoldering crisis

  • Sudden crisis: a disruption in the company’s business that:

    • Occurs without warning

    • Is likely to generate news coverage

    • May adversely impact employees, investors, customers, suppliers, and other stakeholders

Principles of Incident Response and Disaster Recovery


Crisis terms and definitions continued
Crisis Terms and Definitions (continued)

  • A sudden crisis may be:

    • A business-related accident resulting in significant property damage that disrupts normal business operations

    • Death or serious illness or injury of management, employees, contractors, customers, visitors, etc., as the result of a business-related accident

    • Sudden death or incapacitation of a key executive

    • Discharge of hazardous chemicals or other materials into the environment

    • Accidents that cause disruption of telephone or utility service

Principles of Incident Response and Disaster Recovery


Principles of incident response and disaster recovery

Crisis Terms and Definitions (continued)

  • A sudden crisis may be (continued):

    • Significant reduction in utilities or vital services needed to conduct business

    • Any natural disaster that disrupts operations or endangers employees

    • Unexpected job action or labor disruption

    • Workplace violence involving employees, family members, or customers

  • Smoldering crisis: any serious business problem not generally known within or without the company, which may generate negative news coverage if or when it goes public

Principles of Incident Response and Disaster Recovery


Crisis terms and definitions continued1
Crisis Terms and Definitions (continued)

  • Examples of smoldering crises:

    • Sting operations by a news organization or government agency

    • OHSA or EPA violations that could result in fines or legal action

    • Customer allegations of overcharging or other improper conduct

    • Investigation by a federal, state, or local government agency

    • Action by a disgruntled employee such as serious threats or whistle-blowing

Principles of Incident Response and Disaster Recovery


Crisis terms and definitions continued2
Crisis Terms and Definitions (continued)

  • Examples of smoldering crises (continued):

    • Indications of significant legal, judicial, or regulatory action against the business

    • Discovery of serious internal problems that will have to be disclosed to employees, investors, customers, vendors, and/or government officials

  • Crisis management (CM): those actions taken by an organization in response to a an emergency situation in an effort to minimize injury or loss of life

Principles of Incident Response and Disaster Recovery


Principles of incident response and disaster recovery

Crisis Terms and Definitions (continued)

  • Emergency response: all activities related to safely managing the immediate physical, health, and environmental impacts of an incident

  • Crisis communications: the public relations aspect of crisis management, including both internal and external communications

  • Humanitarian assistance: efforts designed to address the psychological and emotional impact on the workforce

Principles of Incident Response and Disaster Recovery


Crisis misconceptions
Crisis Misconceptions

  • Myth #1: The majority of business crises are sudden crises

    • Fact: There are more smoldering crises than sudden crises

  • Myth #2: Crises are most commonly the result of employee mistakes or acts of nature

    • Fact: Crises resulting from management actions, inactions, or decisions are more prevalent

Principles of Incident Response and Disaster Recovery


Principles of incident response and disaster recovery

Crisis Misconceptions (continued)

Principles of Incident Response and Disaster Recovery


Crisis misconceptions continued
Crisis Misconceptions (continued)

Principles of Incident Response and Disaster Recovery


Preparing for crisis management
Preparing for Crisis Management

  • Organizations must prepare for crisis management

  • Crises may be small and innocuous, or large and catastrophic

  • The most effective executives have learned to deal successfully with crises

  • Goal is to keep crises well managed and out of the media when possible

Principles of Incident Response and Disaster Recovery


General preparation guidelines
General Preparation Guidelines

  • Preparation tips:

    • Prepare contingency plans in advance

    • Immediately and clearly announce internally that only the crisis team members should speak about the crisis to the outside world

    • Move quickly: the first hours after the crisis breaks are when the media will jump on it

    • Use crisis management consultants

    • Give accurate and correct information; trying to manipulate information will backfire

    • Consider both short-term and long-term effects when making decisions about actions

Principles of Incident Response and Disaster Recovery


Principles of incident response and disaster recovery

General Preparation Guidelines (continued)

  • Excuses frequently offered by companies in crisis:

    • Denial: “It can’t happen to us.”

    • Deferral or low prioritization: “We’ve got more important issues to handle.”

    • Ignorance: “Risk? What risk?”

    • Inattention to warning signs: “I didn’t see it coming.”

    • Ineffective or insufficient planning: “I thought we were ready!”

Principles of Incident Response and Disaster Recovery


Organizing the crisis management team
Organizing the Crisis Management Team

  • Crisis management planning committee:

    • Group charged with analyzing vulnerabilities, evaluating existing plans, and developing and implementing a comprehensive crisis management program

    • Should include representatives of all appropriate departments

    • May include an outside consultant

  • Crisis management team: responsible for handling the response to an actual crisis situation

Principles of Incident Response and Disaster Recovery


Organizing the crisis management team continued
Organizing the Crisis Management Team (continued)

  • CM team:

    • May consist of only a few individuals

    • Usually relatively devoid of technical proficiency

    • Primary focus is the command and coordination of human resources in an emergency

  • Crisis management focuses on the physical, mental, and emotional health and well-being of the people in the organization

Principles of Incident Response and Disaster Recovery


Principles of incident response and disaster recovery

Organizing the Crisis Management Team (continued)

  • CM team members typically include:

    • Team leader: responsible for overseeing the actions of the CM team; usually a senior HR executive

    • Communications coordinator: manages all communications between CM team, management, employees, and the public, including media and government

    • Emergency services coordinator: responsible for contacting and managing all interactions between the organization and any emergency services, including utilities

    • Other members as needed

Principles of Incident Response and Disaster Recovery


Organizing the crisis management team continued1
Organizing the Crisis Management Team (continued)

  • Head count:

    • Physical accountability of all personnel; essential in determining the whereabouts of employees during an emergency

    • Usually the responsibility of the first-line supervisor, with reporting to the next level of management

    • Top of the chain of command aggregates the totals to ensure all employees are accounted for

  • Crisis management planning team is responsible for developing the CM plan

Principles of Incident Response and Disaster Recovery


Organizing the crisis management team continued2
Organizing the Crisis Management Team (continued)

  • Questions in preparation:

    • What kind of notification system do we have or need? Automated or manual? How long does it take?

    • Is there an existing crisis management plan? How old is it? When was it last used or tested?

    • What internal operations must be kept confidential to prevent embarrassment or damage to the organization? How are we currently protecting that information?

    • Is there an official spokesperson? Who is the alternate?

Principles of Incident Response and Disaster Recovery


Organizing the crisis management team continued3
Organizing the Crisis Management Team (continued)

  • Questions in preparation (continued):

    • What information should be shared with the media? With our employees?

    • What crises have we faced in the past? What crises have other organizations in our region faced? Have we changed how we operate as a result of those crises?

  • CM Planning team should also use the BIA and IR, DR, and BC scenarios with best-case, worst-case, and most likely outcomes to provide insight

Principles of Incident Response and Disaster Recovery


Crisis management critical success factors
Crisis Management Critical Success Factors

  • Critical success factors: those few things that must go well to ensure success for a manager or organization

  • Crisis management critical success factors:

    • Leadership

    • Speed of response

    • A robust plan

    • Adequate resources

    • Funding

    • Caring and compassionate response

    • Excellent communications

Principles of Incident Response and Disaster Recovery


Crisis management critical success factors continued
Crisis Management Critical Success Factors (continued)

  • Leadership:

    • Provides purpose, direction, and motivation to others

    • Leaders need not be managers

  • Important leadership skills:

    • Multitasking

    • Rational under pressure

    • Empathy

    • Quick, effective decision making

    • Delegation

    • Communications

    • Prioritization

Principles of Incident Response and Disaster Recovery


Principles of incident response and disaster recovery

Crisis Management Critical Success Factors (continued)

  • Golden hour: in medical terms, the first hour after an injury; if treated within this period, there is the highest probability of recovery

  • Speed of response:

    • Handle as much as possible in the first hour to ensure the highest probability of minimizing crisis impact

  • A robust plan:

    • Plan is the heart of the CM response

    • Plan must be clearly defined, rehearsed, and managed

Principles of Incident Response and Disaster Recovery


Principles of incident response and disaster recovery

Crisis Management Critical Success Factors (continued)

  • Adequate resources:

    • The right resources at the right place

    • Some critical resources include:

      • Access to funds, especially cash

      • Communications management

      • Transportation to and/or away from the crisis area

      • Legal advice

      • Insurance advice and support

      • Moral and emotional support

      • Media management

      • Effective operations center

Principles of Incident Response and Disaster Recovery


Principles of incident response and disaster recovery

Crisis Management Critical Success Factors (continued)

  • Funding:

    • Don’t be cheap; spend what is needed when it is needed

    • Cutting corners may lead to legal fees and punitive damages later

    • Expenses may include:

      • Employee assistance programs, including counseling

      • Travel expenses, including lodging

      • Employee overtime for hourly staff

      • Replacement of lost, damaged, or destroyed property for employees

      • Compensation for those who were injured

Principles of Incident Response and Disaster Recovery


Crisis management critical success factors continued1
Crisis Management Critical Success Factors (continued)

  • Caring and compassionate response:

    • At some point it has to be people concerned about people

    • CM team and management must have good people skills, be able to demonstrate they understand the personal issues their employees are facing

  • Excellent communications:

    • Fear of the unknown is the worst fear of all

    • Keep employees, the community, and the media informed of events and the organization’s efforts

Principles of Incident Response and Disaster Recovery


Crisis management critical success factors continued2
Crisis Management Critical Success Factors (continued)

  • Communications items to consider in planning:

    • Have key personnel undergo media training

    • Know your stakeholders and keep them apprised

    • Tell it all, tell it fast, and tell the truth

    • Have information ready to distribute, either verbally or in writing

    • Express pity, praise, and promise

Principles of Incident Response and Disaster Recovery


Developing the crisis management plan
Developing the Crisis Management Plan

  • Crisis management plan:

    • Developed by the CM planning team

    • Specifies the roles and responsibilities of individuals during a crisis

    • Provides instruction to the CM team and to individual employees

    • Can serve as both policy and plan

Principles of Incident Response and Disaster Recovery


Developing the crisis management plan continued
Developing the Crisis Management Plan (continued)

  • Typical CM plan has these sections (continued):

    • Purpose

    • Crisis management planning committee

    • Crisis types

    • Crisis management team structure

    • Responsibility and control

    • Implementation

    • Crisis management protocols

    • Crisis management plan priorities

    • Appendices

Principles of Incident Response and Disaster Recovery


Developing the crisis management plan continued1
Developing the Crisis Management Plan (continued)

  • Purpose:

    • Overview of the purpose

    • Identifies the individuals to whom this plan applies

  • Crisis management planning committee:

    • Identifies the CM planning committee

    • Distinguishes the planning committee from the operating team

    • May also specify the frequency and location of the planning committee meetings

Principles of Incident Response and Disaster Recovery


Developing the crisis management plan continued2
Developing the Crisis Management Plan (continued)

  • Crisis types:

    • Groups crises into 3 or 4 categories with corresponding level of response required

    • Examples:

      • Category 1: Minor damage to physical faculties or minor injury to personnel addressable with on-site resources or limited off-site assistance

      • Category 2: Major damage to physical facilities or injury to personnel requiring considerable off-site assistance

      • Category 3: Organization-wide crisis requiring evacuation of facilities

Principles of Incident Response and Disaster Recovery


Developing the crisis management plan continued3
Developing the Crisis Management Plan (continued)

  • Crisis management team structure:

    • Identifies CM team and responsibilities by names or titles

  • Responsibility and control:

    • Defines the level of authority granted to the CM team leader during a crisis

    • Chain of command: list of officials from an individual to the top level executive

    • Executive-in-charge: the ranking executive on site when the crisis occurs

Principles of Incident Response and Disaster Recovery


Developing the crisis management plan continued4
Developing the Crisis Management Plan (continued)

  • Implementation:

    • Details on implementation, including contingencies

    • Should handle optimal and suboptimal situations with reduced services

    • Key tasks include communications to emergency services, management, and employees

  • Crisis management protocols:

    • Notification protocols for individuals based on typical crisis or emergency events

Principles of Incident Response and Disaster Recovery


Principles of incident response and disaster recovery

Developing the Crisis Management Plan (continued)

  • Typical protocols include:

    • Medical emergency: epidemic or poisoning

    • Violent crime or behavior: robbery, murder, suicide, personal injury (existing or potential), etc.

    • Political situations: riots, demonstrations, etc.

    • Off-campus incidents or accidents involving employees

    • Environmental or natural disasters: fires, earthquakes, floods, chemical spills or leaks, explosions, etc.

    • Bomb threats

Principles of Incident Response and Disaster Recovery


Developing the crisis management plan continued5
Developing the Crisis Management Plan (continued)

  • Crisis management plan priorities:

    • Defines priorities of effort for the CM team and other responsible individuals

    • Requires the establishment of general priorities, each with a number of subordinate priorities

    • Details the objectives for each priority level

  • Appendices:

    • Critical phone numbers (communications roster)

    • Building layouts or floor plans

    • Planning checklists

Principles of Incident Response and Disaster Recovery


Principles of incident response and disaster recovery

Developing the Crisis Management Plan (continued)

  • Assembly area (AA): an area where individuals should gather to facilitate a quick head count

  • Sample CM plan is included in Appendix C

Principles of Incident Response and Disaster Recovery


Crisis management training and testing
Crisis Management Training and Testing

  • Training for CM is similar to that for IR, DR, and BC

  • Includes desk check, talk-throughs, walk-throughs, simulation, and other exercises on a regular basis

  • Training exercises unique to CM include:

    • Emergency roster test (notification test or alert roster test): seeks to determine the ability of the employees to respond to a notification system

    • Tabletop exercises: scenario-driven talk-through

    • Simulation: allows employees to practice their responses to the simulated situation; may be done in concert with fire or emergency services

Principles of Incident Response and Disaster Recovery


Crisis management training and testing continued
Crisis Management Training and Testing (continued)

  • First aid training:

    • Advisable for first responders

    • Should include first aid and CPR training

    • May include heart defibrillators

Principles of Incident Response and Disaster Recovery


Other crisis management preparations
Other Crisis Management Preparations

  • Emergency kits containing:

    • Copies of DR, BC, and CM plans

    • Laminated checklist of steps in CM plan

    • Map with assembly areas and shelters

    • Laminated card with emergency services numbers

    • Flashlight, batteries, and reflective vests

    • Warning triangle markers and caution tape

    • First aid kit with disposable gloves

    • Clipboard, notepad, and pens

    • Permanent markers

    • Spray paint or other high-visibility markers

Principles of Incident Response and Disaster Recovery


Principles of incident response and disaster recovery

Other Crisis Management Preparations (continued)

  • ID cards:

    • Contain employee personal information plus emergency information

    • Must protect employee privacy, however

  • Medical alert tags and bracelets

    • Recommended for all employees with allergies, diabetes, or other special medical conditions

Principles of Incident Response and Disaster Recovery


Other crisis management preparations continued
Other Crisis Management Preparations (continued)

Principles of Incident Response and Disaster Recovery


Principles of incident response and disaster recovery

Post Crisis Trauma

  • Post-traumatic stress disorder can affect anyone who has experienced a severe traumatic episode

  • The organization must look out for the well-being of its employees

  • Effects of trauma may not show up for some time

Principles of Incident Response and Disaster Recovery


Post traumatic stress disorder
Post-Traumatic Stress Disorder

  • Post-traumatic stress disorder (PTSD):

    • A psychiatric disorder that can occur following the experience or witnessing of life-threatening events such as military combat, natural disasters, terrorist incidents, serious accidents, or violent personal assaults like rape

    • Often manifests as nightmares and flashbacks

    • Symptoms include difficulty sleeping, detachment

    • Requires outside expert assistance

Principles of Incident Response and Disaster Recovery


Principles of incident response and disaster recovery

Employee Assistance Programs

  • Employee assistance program (EAP):

    • Provide a variety of counseling services

    • May include

      • Counselors

      • Legal aides

      • Medical professionals

      • Interpreters

    • May be part of health benefits program

Principles of Incident Response and Disaster Recovery


Immediately after the crisis
Immediately After the Crisis

  • Use assembly areas to gather employees, conduct head counts, and assess injuries and needs

  • Hold an information briefing to provide employees with an overview of the situation and what the course of action will be

  • Advise employees not to speak with the media

  • Be prepared to deal with family members:

    • May need outside expert assistance

    • Follow up with employees receiving medical care

    • Personal visits to injured employees or grieving families is advised

Principles of Incident Response and Disaster Recovery


Getting people back to work
Getting People Back to Work

  • Start with an information briefing to all employees to squelch the rumor mill

  • Include the facts, management’s response, impact on the organization, and plans to recover, plus timetables if available

  • Vital to use skilled crisis management professionals to monitor and follow up on employees as needed

Principles of Incident Response and Disaster Recovery


Dealing with loss
Dealing with Loss

  • Employees may leave the organization through:

    • Death

    • Serious injury

    • Unwillingness to return after a crisis

  • Vital skills and organizational knowledge may be lost when employees leave

  • Techniques to prepare for loss of skills and knowledge include:

    • Cross-training

    • Job and task rotation

    • Redundancy

Principles of Incident Response and Disaster Recovery


Dealing with loss continued
Dealing with Loss (continued)

  • Cross-training:

    • Ensuring that every employee is trained to perform at least part of the job of another employee

    • Usually occurs as on-the-job training and one-on-one coaching

    • Must ensure that employees do not feel they are being prepared for termination

  • Job and task rotation:

    • Job rotation moves employees from one position to another

    • Can use vertical and horizontal job rotation

Principles of Incident Response and Disaster Recovery


Dealing with loss continued1
Dealing with Loss (continued)

  • Vertical job rotation: rotating an employee through jobs in the same functional area from lowest to highest (through progression and promotion)

  • Horizontal job rotation: movement of employees between positions at the same organizational level

  • Task rotation: involves the rotation of a portion of a job rather than the entire position

  • Personnel redundancy: hiring more individuals than the minimum number required to perform the function

Principles of Incident Response and Disaster Recovery


Law enforcement involvement
Law Enforcement Involvement

  • Do not hesitate to contact law enforcement during a crisis

  • Law enforcement have skills geared to crisis management:

    • Crowd control

    • First aid

    • Search and rescue

    • Physical security

  • Involvement may escalate from local to state to federal agents and officers

Principles of Incident Response and Disaster Recovery


Federal agencies
Federal Agencies

  • Key federal agencies that might be involved:

    • Dept. of Homeland Security (DHS)

    • Federal Emergency Management Agency (FEMA)

    • U.S. Secret Service

    • Federal Bureau of Investigation (FBI)

    • Federal hazardous materials agencies

Principles of Incident Response and Disaster Recovery


Federal agencies continued
Federal Agencies (continued)

  • Dept. of Homeland Security (DHS):

    • Organized to handle crises, especially those involving threats to safety of citizens and potential danger to the U.S. infrastructure

    • Sponsors a public education Internet site on preparing for crises: Ready.gov

  • Federal Emergency Management Agency (FEMA):

    • Focus is on preparing for, mitigating against, responding to, and helping individuals and communities recover from natural and man-made disasters

Principles of Incident Response and Disaster Recovery


Federal agencies continued1
Federal Agencies (continued)

  • U.S. Secret Service:

    • Protects high-level politicians

    • Investigates crimes related to financial securities, identity theft, computer fraud, and computer-based attacks on U.S. financial, banking, and telecommunications infrastructure

  • Federal Bureau of Investigation (FBI):

    • Has jurisdiction over counterterrorism, counterintelligence, cybercrime, public corruption, civil rights violations, organized crime, major thefts, and violent crimes

Principles of Incident Response and Disaster Recovery


Federal agencies continued2
Federal Agencies (continued)

  • Federal hazardous materials agencies:

    • Hazardous material (HAZMAT) agencies deal with radiological, biological, or chemical threats

    • Incidents resulting from transportation accidents are handled by Dept. of Transportation

    • Terrorist or criminal acts are handled by DHS and/or FBI

    • If radioactive materials are involved, Dept. of Energy’s Nuclear Incident Response Team is responsible

Principles of Incident Response and Disaster Recovery


Principles of incident response and disaster recovery

State Agencies

  • Organizations are more likely to interact with state agencies than with federal agencies

  • State agencies will work with trade associations, individual businesses, and local governments in emergency preparations and crisis management:

    • State emergency management agency

    • State investigative services

    • State hazardous materials agency

Principles of Incident Response and Disaster Recovery


State agencies continued
State Agencies (continued)

  • State emergency management agency:

    • State’s point of interaction with federal DHS and FEMA

  • State investigative services:

    • Usually a state bureau of investigation

    • May be associated with the state highway patrol

  • State hazardous materials agency:

    • State transportation dept. may handle emergency spills

Principles of Incident Response and Disaster Recovery


Principles of incident response and disaster recovery

Local Agencies

  • Local law enforcement:

    • Capable of processing crime scenes and handling most common criminal activities

  • Police special weapons units

    • Also known as SWAT teams

    • Trained in special weapons and tactics

    • Handle hostage, sniper, terrorist, and other high-risk situations

  • Bomb detection and removal

    • Trained to deal with incendiary, explosive, or contaminating devices

Principles of Incident Response and Disaster Recovery


Managing crisis communications
Managing Crisis Communications

  • Managing internal and external communications during and after a crisis is an essential factor in keeping the organization together and functioning

  • Some communications can be managed; some cannot be easily managed, such as those with:

    • Law enforcement

    • Emergency services

    • The media

Principles of Incident Response and Disaster Recovery


Crisis communications
Crisis Communications

  • 11 steps of crisis communications:

    • Step 1: Identify your crisis communications team

    • Step 2: Identify spokespersons

    • Step 3: Spokesperson training

    • Step 4: Establish communications protocols

    • Step 5: Identify and know your stakeholders

    • Step 6: Decide on communications methods

    • Step 7: Anticipate crises

    • Step 8: Develop holding statements to be used immediately after a crisis breaks

Principles of Incident Response and Disaster Recovery


Crisis communications continued
Crisis Communications (continued)

  • 11 steps of crisis communications (continued):

    • Step 9: Assess the crisis situation

    • Step 10: Identify key messages for stakeholders

    • Step 11: Riding out the storm

Principles of Incident Response and Disaster Recovery


Principles of incident response and disaster recovery

Avoiding Unnecessary Blame

  • Regardless of the cause of the crisis, the media seeks to assign responsibility, especially if there were casualties

  • Difference between fault and blame:

    • Fault: occurs when management could have done something in line with due diligence or due care to prepare for or react to a crisis

    • Blame: occurs as a human response to deal with inexplicable travesty associated with loss

  • If the organization believes it is not at fault, it should take steps to avoid being blamed

Principles of Incident Response and Disaster Recovery


Avoiding unnecessary blame continued
Avoiding Unnecessary Blame (continued)

  • Examine vulnerabilities that could escalate to crises:

    • Is there more that could be done to prevent or prepare for this event?

    • Will the planned reaction create further risk to employees or others?

    • If the CM plan goes as expected, will you be proud to be on the news?

Principles of Incident Response and Disaster Recovery


Avoiding unnecessary blame continued1
Avoiding Unnecessary Blame (continued)

  • Manage outrage to defuse blame:

    • Be prepared to demonstrate how prepared you were for the emergency

    • Seek and accept responsibility where appropriate

    • Consider the Johnson & Johnson response to the Tylenol poisoning in 1982

Principles of Incident Response and Disaster Recovery


Avoiding unnecessary blame continued2
Avoiding Unnecessary Blame (continued)

  • Questions to help avoid blame:

    • Should we have foreseen this and taken precautions to prevent it?

    • Were we unprepared to respond effectively?

    • Did management do anything intentionally that caused this or made it more severe?

    • Were we unjustified in actions leading up to and following the incident?

    • Is there any type of scandal or cover-up related to our involvement in the incident?

Principles of Incident Response and Disaster Recovery


Succession planning
Succession Planning

  • It is extremely difficult for individuals to function following a loss of life of someone they know or if they witnessed the death

  • When an organization's chain of command is broken, post-traumatic stress among the survivors may hamper action

  • Succession planning (SP): process that enables an organization to cope with any loss of personnel with a minimum degree of disruption

Principles of Incident Response and Disaster Recovery


Elements of succession planning
Elements of Succession Planning

  • Succession planning is an essential executive-level function

  • Six-step model directs what management should do:

    • Assure an alignment between the organization’s strategic plan and the intent of the SP process

    • Identify key positions that should be protected by SP

    • Seek out current and future candidates for key positions from among members of the organization

    • Develop training programs to ready potential successors

Principles of Incident Response and Disaster Recovery


Elements of succession planning continued
Elements of Succession Planning (continued)

  • Six-step model (continued):

    • Integrate the SP process into the culture of the organization

    • Ensure that the SP process is complementary to the staff development programs throughout HR functions

  • Alignment with strategy:

    • SP process should be created to meet the current and future needs of the organization’s strategic plan

Principles of Incident Response and Disaster Recovery


Elements of succession planning continued1
Elements of Succession Planning (continued)

  • Identifying positions:

    • Positions to include in the SP are those where the loss of an incumbent will cause great economic loss, result in significant disruption of operations, or create a significant risk to secure operations of critical system

    • Must define thresholds for economic loss, degree of disruption, or increased risk

    • Identify the critical competencies and skills for each position

Principles of Incident Response and Disaster Recovery


Elements of succession planning continued2
Elements of Succession Planning (continued)

  • Identifying candidates:

    • Use performance appraisals, validated psychological assessments

    • Remember that managers tend to seek out and advance those who are similar to themselves

  • Developing successors:

    • In addition to expected training and development activities, candidates should receive mentoring and other organizational real-time learning opportunities

Principles of Incident Response and Disaster Recovery


Elements of succession planning continued3
Elements of Succession Planning (continued)

  • Integration with routine processes

    • SP process must be operated by the line managers that form the core of the broad executive team, not HR staff

  • Balancing SP and operations:

    • SP must have the same level of importance as other planning organizing, leading and controlling activities common to managers everywhere

Principles of Incident Response and Disaster Recovery


Succession planning approaches for crisis management
Succession Planning Approaches for Crisis Management

  • All CM plans must have provisions for dealing with losses in key positions

  • SP plan must indicate the degree of visibility or transparency that will accompany the SP process

  • Two degrees of transparency:

    • Operationally integrated succession planning: fully visible approach that is well known to incumbents and potential successors

    • Crisis-activated succession planning: concealed approach in which succession is unknown until implemented

Principles of Incident Response and Disaster Recovery


Succession planning approaches for crisis management continued
Succession Planning Approaches for Crisis Management (continued)

  • If using crisis-activated SP, the SP mechanisms must become part of the crisis management operational plan

Principles of Incident Response and Disaster Recovery


Summary
Summary (continued)

  • Crisis: a significant business disruption that stimulates extensive news media coverage and could have legal, financial, and governmental impact

  • Crises can be caused by acts of nature, mechanical problems, human errors, or management decisions and indecisions

  • Two types of crises based on rate of occurrence and warning time: sudden crisis and smoldering crisis

  • Sudden crisis occurs without warning

  • Smoldering crisis is any problem not generally known within or without the company

Principles of Incident Response and Disaster Recovery


Summary continued
Summary (continued) (continued)

  • Crisis management: actions take by an organization in response to an emergency situation to minimize injury or loss of life

  • Crisis planning committee should have representatives from all appropriate business departments and disciplines

  • Crisis management team includes individuals responsible for handing the response to an actual crisis situation

  • Core assets to be protected are people, finances, and reputation

Principles of Incident Response and Disaster Recovery


Summary continued1
Summary (continued) (continued)

  • Critical success factors for crisis management are leadership, speed of response, a robust plan, adequate resources, funding, caring and compassionate response, and excellent communications

  • Training for CM is similar to that for IR, DR, and BC

  • During a crisis, provide employees with the facts, management’s response, impact on the organization, and plans to recover

  • Use cross-training, job and task rotation, and job redundancy to mitigate loss of critical staff

Principles of Incident Response and Disaster Recovery


Summary continued2
Summary (continued) (continued)

  • Do not hesitate to contact law enforcement if needed

  • Critical US federal agencies include DHS, FEMA, Secret Service, FBI, and federal hazardous materials agencies

  • Communications are essential to keeping the organization together and functioning during a crisis

  • Succession planning is used to enable an organization to deal with the loss of key personnel

Principles of Incident Response and Disaster Recovery