By Gary D. Sabol, APR
Published in the January 2007 issue of Today’s Facility Manager
creative director, Group C.
Earlier this year (January 3), the Department of Homeland Security released a report on disaster preparedness and only gave top ratings to six of the 75 cities evaluated. (Best ratings went to the Washington, DC area, San Diego, Minneapolis-St. Paul, Columbus, OH, Sioux Falls, SD, and Laramie County, WY; the lowest scores went to Chicago, Cleveland, Baton Rouge, LA, Mandan, ND, and American Samoa.) In light of this report, cities across the country will more than likely begin to take action. Meanwhile, disaster planning has become a highly publicized subject for businesses, particularly after the 9/11 terrorist attacks and Hurricane Katrina. But in reality, how prepared are individual facilities when it comes to disaster planning?
Many businesses have plans in place, but more often than not, these plans are developed and then sit in a three ring binder or out-of-date manual until an event occurs. But by then it’s too late, and it’s a little difficult to test a plan during the chaos of an emergency. Safety experts highly recommend that facilities test their disaster programs frequently to ensure they will work as prescribed during an incident.
Ray O’Hara, senior vice president of the Oakton, VA-based security firm Vance, says most businesses are prepared to some extent. “There is a percentage of industry that pays a lot of attention to disaster planning, because it is in the type of business where disasters are likely to happen. Other businesses talk about disaster planning but never actually do it and become overly reactive when a disaster occurs.”
One company that takes disaster planning seriously is Weyerhaeuser of Federal Way, WA, one of the world’s largest integrated forest products companies. With 55,000 employees and 500 locations throughout the world, the organization can’t afford a disjointed or uncertain approach to emergency preparedness.
Weyerhaeuser has tested disaster plans for everything from forest fires and earthquakes to network outages and virus attacks. Most recently, the company completed planning for a pandemic flu outbreak. Weyerhaeuser’s Corporate Security Director Ron Dowbysh says, “Many companies are now planning for this type of disaster; it’s generally across the board with major corporations.”
Dowbysh says a great deal of effort goes into planning for this kind of risk. He notes that during a pandemic, perhaps 40% of the workforce could be impacted.
The company has a contingency plan in place to allow people to work from home during an outbreak. However, Dowbysh worries that the public Internet networks will not be able to handle the bandwidth if so many people are telecommuting.
“A pandemic is not like a natural disaster where a facility or equipment is impacted,” he says. “It really has to do with people, and you have to look at a company’s critical functions and see if any job sharing or cross training can occur to keep these functions operating.” Where a company is located or where it operates can play a big part in disaster planning. If a company is located on the East Coast, severe weather may be a major consideration. A global company may have offices in countries that encounter civil unrest, and disaster planning there may look very different from that of a domestic company. Also, cultural differences in other countries and regions may play a role in how plans are developed.
No matter how large or small a company is, disaster planning is a necessity. Tim Lyle, director of security analysis and planning at Triple Canopy security company of Herndon, VA, says, “Every company, no matter the size, needs to have a contingency plan for responding, recovering, and continuing operations.”
Designing And Testing A Plan
In order for a disaster plan to work effectively, there needs to be buy-in from top management. “It’s a fact of life that spending money and resources on something that doesn’t give a tangible, immediate return on investment is always a tough decision,” says Lyle. But support from upper management is crucial in order to secure the time and resources to develop and test a plan.
Effective disaster planning involves many different departments in a company. These can include security, risk management, human resources, information technology, corporate communications, and others.
Smaller companies and facilities may have only a few departments that participate in the process. However, the most important part of disaster planning is bringing these divergent departments to the table so everyone can provide input as to their specific needs when a plan is developed. Today’s technology can help a team create, easily update, and distribute its disaster plan. Printed manuals can contain a lot of information, but the data can become outdated quickly.
Many times, when plan updates occur or there are changes in the facility, these updates don’t make their way into the manuals. Also, should an emergency occur in the area where the documents are stored, a facility manager wouldn’t be able to access the actual paperwork.
One possible solution to the problem is a computer-based Crisis Management System (CMS). A CMS stores disaster plans and other crucial data, such as contact information, digital photographs, floor plans, and preplans that would be needed during an emergency.
Since a CMS is a database, updates to a disaster plan can happen in real time or even during an emergency. Also, a CMS can be accessed over the Internet or reside on any mobile or fixed computer, so it’s available in multiple locations-should the incident occur in a critical area of the company.
Other technological advances include off site storage of data. This can be invaluable should a disaster occur at a facility. Geographically disparate placement of data outside of the city or even the state can help stakeholders get a facility up and running as soon as possible to minimize business interruption.
One of the most important parts of disaster planning is testing the program once it has been developed. Facility managers are very busy people, and it’s not always easy to get all of the members of the team together to test these strategies. However, this step is crucial to the success of effective disaster plans.
Either through tabletop exercises or a mock scenario at a facility, the program needs to be tested to expose the flaws and any areas that may have been overlooked in the planning process. The team should gather afterward to review the plan to see how well it worked. Any updates should be made at this time.
It’s difficult to say how often emergency plans should be updated and tested. Follow-up will inevitably depend on what types of contingencies are being planned for and where a facility is located.
Weyerhaeuser’s Dowbysh concludes, “It takes a significant amount of time and effort to develop and test a disaster plan, and you hope you never have to use it, but it will be time and money well spent if anything happens.”
Facility managers must look to protect the most crucial vulnerabilities related to business operation continuity. Testing disaster plans is a key to success and may mean the difference between a protracted compromise of a facility or a minimal disruption of business.
Sabol is the public relations manager for Prepared Response, Inc., a company that develops crisis management planning and response systems.