Principles of Incident Response and Disaster Recovery

Principles of Incident Response and

Disaster Recovery

Crisis Management and Human Factors

Principles of Incident Response and Disaster Recovery 2

Objectives

• Understand the role of crisis management in the typical organization

• Guide the creation of a plan preparing for crisis management

• Understand and deal with post-crisis trauma

• Work toward getting people back to work after a crisis

• Know the impact of the decisions regarding law enforcement involvement


Objectives (continued)

• Manage a crisis communications process• Prepare for the ultimate crisis in an organization

through succession planning


Introduction

• Reactions to a crisis are typically focused on technical issues and economic priorities

• The most critical assets – the people – are often overlooked

• People cannot be readily replaced


Crisis Management in the Organization

• Crises are inevitable, whether the organization is prepared or not

• Crisis management brings its own terminology, and a host of myths


Crisis Terms and Definitions

• Crisis: a significant business disruption that stimulates extensive news media coverage

• Crises are typically caused by:– Acts of nature (storms, earthquakes, volcanic activity,

etc.)– Mechanical problems (ruptured pipes, metal fatigue,

etc.)– Human errors (wrong valve opened,

miscommunications, etc.)– Management decisions and indecisions (ignoring a

problem, hiding a problem, etc.)


Crisis Terms and Definitions (continued)

• Crises can be categorized into two types:– Sudden crisis– Smoldering crisis

• Sudden crisis: a disruption in the company’s business that: – Occurs without warning – Is likely to generate news coverage– May adversely impact employees, investors,

customers, suppliers, and other stakeholders



• A sudden crisis may be:– A business-related accident resulting in significant

property damage that disrupts normal business operations

– Death or serious illness or injury of management, employees, contractors, customers, visitors, etc., as the result of a business-related accident

– Sudden death or incapacitation of a key executive– Discharge of hazardous chemicals or other materials

into the environment– Accidents that cause disruption of telephone or utility

service



• A sudden crisis may be (continued):– Significant reduction in utilities or vital services

needed to conduct business– Any natural disaster that disrupts operations or

endangers employees– Unexpected job action or labor disruption– Workplace violence involving employees, family

members, or customers• Smoldering crisis: any serious business problem

not generally known within or without the company, which may generate negative news coverage if or when it goes public



• Examples of smoldering crises:– Sting operations by a news organization or

government agency– OHSA or EPA violations that could result in fines or

legal action– Customer allegations of overcharging or other

improper conduct– Investigation by a federal, state, or local government

agency– Action by a disgruntled employee such as serious

threats or whistle-blowing



• Examples of smoldering crises (continued):– Indications of significant legal, judicial, or regulatory

action against the business– Discovery of serious internal problems that will have

to be disclosed to employees, investors, customers, vendors, and/or government officials

• Crisis management (CM): those actions taken by an organization in response to a an emergency situation in an effort to minimize injury or loss of life



• Emergency response: all activities related to safely managing the immediate physical, health, and environmental impacts of an incident

• Crisis communications: the public relations aspect of crisis management, including both internal and external communications

• Humanitarian assistance: efforts designed to address the psychological and emotional impact on the workforce


Crisis Misconceptions

• Myth #1: The majority of business crises are sudden crises– Fact: There are more smoldering crises than sudden

crises

• Myth #2: Crises are most commonly the result of employee mistakes or acts of nature– Fact: Crises resulting from management actions,

inactions, or decisions are more prevalent


Preparing for Crisis Management

• Organizations must prepare for crisis management• Crises may be small and innocuous, or large and

catastrophic• The most effective executives have learned to deal

successfully with crises• Goal is to keep crises well managed and out of the

media when possible


General Preparation Guidelines

• Preparation tips:– Prepare contingency plans in advance– Immediately and clearly announce internally that only

the crisis team members should speak about the crisis to the outside world

– Move quickly: the first hours after the crisis breaks are when the media will jump on it

– Use crisis management consultants– Give accurate and correct information; trying to

manipulate information will backfire– Consider both short-term and long-term effects when

making decisions about actions


General Preparation Guidelines (continued)

• Excuses frequently offered by companies in crisis:– Denial: “It can’t happen to us.”– Deferral or low prioritization: “We’ve got more

important issues to handle.”– Ignorance: “Risk? What risk?”– Inattention to warning signs: “I didn’t see it coming.”– Ineffective or insufficient planning: “I thought we were

ready!”


Organizing the Crisis Management Team

• Crisis management planning committee: – Group charged with analyzing vulnerabilities,

evaluating existing plans, and developing and implementing a comprehensive crisis management program

– Should include representatives of all appropriate departments

– May include an outside consultant

• Crisis management team: responsible for handling the response to an actual crisis situation


Organizing the Crisis Management Team (continued)

• CM team:– May consist of only a few individuals– Usually relatively devoid of technical proficiency– Primary focus is the command and coordination of

human resources in an emergency• Crisis management focuses on the physical,

mental, and emotional health and well-being of the people in the organization



• CM team members typically include:– Team leader: responsible for overseeing the actions

of the CM team; usually a senior HR executive– Communications coordinator: manages all

communications between CM team, management, employees, and the public, including media and government

– Emergency services coordinator: responsible for contacting and managing all interactions between the organization and any emergency services, including utilities

– Other members as needed



• Head count: – Physical accountability of all personnel; essential in

determining the whereabouts of employees during an emergency

– Usually the responsibility of the first-line supervisor, with reporting to the next level of management

– Top of the chain of command aggregates the totals to ensure all employees are accounted for

• Crisis management planning team is responsible for developing the CM plan



• Questions in preparation:– What kind of notification system do we have or need?

Automated or manual? How long does it take?– Is there an existing crisis management plan? How old

is it? When was it last used or tested?– What internal operations must be kept confidential to

prevent embarrassment or damage to the organization? How are we currently protecting that information?

– Is there an official spokesperson? Who is the alternate?



• Questions in preparation (continued):– What information should be shared with the media?

With our employees?– What crises have we faced in the past? What crises

have other organizations in our region faced? Have we changed how we operate as a result of those crises?

• CM Planning team should also use the BIA and IR, DR, and BC scenarios with best-case, worst-case, and most likely outcomes to provide insight


Crisis Management Critical Success Factors

• Critical success factors: those few things that must go well to ensure success for a manager or organization

• Crisis management critical success factors:– Leadership– Speed of response– A robust plan– Adequate resources– Funding– Caring and compassionate response– Excellent communications


Crisis Management Critical Success Factors (continued)

• Leadership:– Provides purpose, direction, and motivation to others– Leaders need not be managers

• Important leadership skills:– Multitasking– Rational under pressure– Empathy– Quick, effective decision making– Delegation– Communications– Prioritization



• Golden hour: in medical terms, the first hour after an injury; if treated within this period, there is the highest probability of recovery

• Speed of response:– Handle as much as possible in the first hour to

ensure the highest probability of minimizing crisis impact

• A robust plan:– Plan is the heart of the CM response– Plan must be clearly defined, rehearsed, and

managed



• Adequate resources:– The right resources at the right place– Some critical resources include:

• Access to funds, especially cash• Communications management• Transportation to and/or away from the crisis area• Legal advice• Insurance advice and support• Moral and emotional support• Media management• Effective operations center



• Funding:– Don’t be cheap; spend what is needed when it is

needed– Cutting corners may lead to legal fees and punitive

damages later– Expenses may include:

• Employee assistance programs, including counseling• Travel expenses, including lodging• Employee overtime for hourly staff• Replacement of lost, damaged, or destroyed property

for employees• Compensation for those who were injured



• Caring and compassionate response:– At some point it has to be people concerned about

people– CM team and management must have good people

skills, be able to demonstrate they understand the personal issues their employees are facing

• Excellent communications:– Fear of the unknown is the worst fear of all– Keep employees, the community, and the media

informed of events and the organization’s efforts



• Communications items to consider in planning:– Have key personnel undergo media training– Know your stakeholders and keep them apprised– Tell it all, tell it fast, and tell the truth– Have information ready to distribute, either verbally or

in writing– Express pity, praise, and promise


Developing the Crisis Management Plan

• Crisis management plan:– Developed by the CM planning team– Specifies the roles and responsibilities of individuals

during a crisis– Provides instruction to the CM team and to individual

employees– Can serve as both policy and plan


Developing the Crisis Management Plan (continued)

• Typical CM plan has these sections (continued):– Purpose– Crisis management planning committee– Crisis types– Crisis management team structure– Responsibility and control– Implementation– Crisis management protocols– Crisis management plan priorities– Appendices



• Purpose:– Overview of the purpose– Identifies the individuals to whom this plan applies

• Crisis management planning committee:– Identifies the CM planning committee– Distinguishes the planning committee from the

operating team– May also specify the frequency and location of the

planning committee meetings



• Crisis types:– Groups crises into 3 or 4 categories with

corresponding level of response required– Examples:

• Category 1: Minor damage to physical faculties or minor injury to personnel addressable with on-site resources or limited off-site assistance

• Category 2: Major damage to physical facilities or injury to personnel requiring considerable off-site assistance

• Category 3: Organization-wide crisis requiring evacuation of facilities



• Crisis management team structure:– Identifies CM team and responsibilities by names or

titles

• Responsibility and control:– Defines the level of authority granted to the CM team

leader during a crisis– Chain of command: list of officials from an individual

to the top level executive– Executive-in-charge: the ranking executive on site

when the crisis occurs



• Implementation:– Details on implementation, including contingencies– Should handle optimal and suboptimal situations with

reduced services– Key tasks include communications to emergency

services, management, and employees• Crisis management protocols:

– Notification protocols for individuals based on typical crisis or emergency events



• Typical protocols include:– Medical emergency: epidemic or poisoning– Violent crime or behavior: robbery, murder, suicide,

personal injury (existing or potential), etc.– Political situations: riots, demonstrations, etc.– Off-campus incidents or accidents involving

employees– Environmental or natural disasters: fires, earthquakes,

floods, chemical spills or leaks, explosions, etc.– Bomb threats



• Crisis management plan priorities:– Defines priorities of effort for the CM team and other

responsible individuals– Requires the establishment of general priorities, each

with a number of subordinate priorities– Details the objectives for each priority level

• Appendices:– Critical phone numbers (communications roster)– Building layouts or floor plans– Planning checklists



• Assembly area (AA): an area where individuals should gather to facilitate a quick head count

• Sample CM plan is included in Appendix C


Crisis Management Training and Testing

• Includes desk check, talk-throughs, walk-throughs, simulation, and other exercises on a regular basis

• Training exercises unique to CM include:– Emergency roster test (notification test or alert roster

test): seeks to determine the ability of the employees to respond to a notification system

– Tabletop exercises: scenario-driven talk-through– Simulation: allows employees to practice their

responses to the simulated situation; may be done in concert with fire or emergency services


Crisis Management Training and Testing (continued)

• First aid training:– Advisable for first responders– Should include first aid and CPR training– May include heart defibrillators


Other Crisis Management Preparations

• Emergency kits containing:– Laminated checklist of steps in CM plan– Map with assembly areas and shelters– Laminated card with emergency services numbers– Flashlight, batteries, and reflective vests– Warning triangle markers and caution tape– First aid kit with disposable gloves– Clipboard, notepad, and pens– Permanent markers– Spray paint or other high-visibility markers


Other Crisis Management Preparations (continued)

• ID cards:– Contain employee personal information plus

emergency information– Must protect employee privacy, however

• Medical alert tags and bracelets– Recommended for all employees with allergies,

diabetes, or other special medical conditions


Post Crisis Trauma

• Post-traumatic stress disorder can affect anyone who has experienced a severe traumatic episode

• The organization must look out for the well-being of its employees

• Effects of trauma may not show up for some time


Post-Traumatic Stress Disorder

• Post-traumatic stress disorder (PTSD):– A psychiatric disorder that can occur following the

experience or witnessing of life-threatening events such as military combat, natural disasters, terrorist incidents, serious accidents, or violent personal assaults like rape

– Often manifests as nightmares and flashbacks– Symptoms include difficulty sleeping, detachment– Requires outside expert assistance


Employee Assistance Programs

• Employee assistance program (EAP):– Provide a variety of counseling services– May include

• Counselors• Legal aides• Medical professionals• Interpreters

– May be part of health benefits program


Immediately After the Crisis

• Use assembly areas to gather employees, conduct head counts, and assess injuries and needs

• Hold an information briefing to provide employees with an overview of the situation and what the course of action will be

• Advise employees not to speak with the media• Be prepared to deal with family members:

– May need outside expert assistance– Follow up with employees receiving medical care– Personal visits to injured employees or grieving

families is advised


Getting People Back to Work

• Start with an information briefing to all employees to squelch the rumor mill

• Include the facts, management’s response, impact on the organization, and plans to recover, plus timetables if available

• Vital to use skilled crisis management professionals to monitor and follow up on employees as needed


Dealing with Loss

• Employees may leave the organization through:– Death– Serious injury– Unwillingness to return after a crisis

• Vital skills and organizational knowledge may be lost when employees leave

• Techniques to prepare for loss of skills and knowledge include:– Cross-training– Job and task rotation– Redundancy


Dealing with Loss (continued)

• Cross-training:– Ensuring that every employee is trained to perform at

least part of the job of another employee– Usually occurs as on-the-job training and one-on-one

coaching– Must ensure that employees do not feel they are

being prepared for termination• Job and task rotation:

– Job rotation moves employees from one position to another

– Can use vertical and horizontal job rotation


Dealing with Loss (continued)

• Vertical job rotation: rotating an employee through jobs in the same functional area from lowest to highest (through progression and promotion)

• Horizontal job rotation: movement of employees between positions at the same organizational level

• Task rotation: involves the rotation of a portion of a job rather than the entire position

• Personnel redundancy: hiring more individuals than the minimum number required to perform the function


Law Enforcement Involvement

• Do not hesitate to contact law enforcement during a crisis

• Law enforcement have skills geared to crisis management:– Crowd control– First aid– Search and rescue– Physical security

• Involvement may escalate from local to state to federal agents and officers


Managing Crisis Communications

• Managing internal and external communications during and after a crisis is an essential factor in keeping the organization together and functioning

• Some communications can be managed; some cannot be easily managed, such as those with:– Law enforcement– Emergency services– The media


Crisis Communications

• 11 steps of crisis communications:– Step 1: Identify your crisis communications team– Step 2: Identify spokespersons– Step 3: Spokesperson training– Step 4: Establish communications protocols– Step 5: Identify and know your stakeholders– Step 6: Decide on communications methods– Step 7: Anticipate crises– Step 8: Develop holding statements to be used

immediately after a crisis breaks


Crisis Communications (continued)

• 11 steps of crisis communications (continued):– Step 9: Assess the crisis situation– Step 10: Identify key messages for stakeholders– Step 11: Riding out the storm


Avoiding Unnecessary Blame

• Regardless of the cause of the crisis, the media seeks to assign responsibility, especially if there were casualties

• Difference between fault and blame:– Fault: occurs when management could have done

something in line with due diligence or due care to prepare for or react to a crisis

– Blame: occurs as a human response to deal with inexplicable travesty associated with loss

• If the organization believes it is not at fault, it should take steps to avoid being blamed


Avoiding Unnecessary Blame (continued)

• Examine vulnerabilities that could escalate to crises:– Is there more that could be done to prevent or

prepare for this event?– Will the planned reaction create further risk to

employees or others?– If the CM plan goes as expected, will you be proud

to be on the news?



• Manage outrage to defuse blame:– Be prepared to demonstrate how prepared you were

for the emergency– Seek and accept responsibility where appropriate– Consider the Johnson & Johnson response to the

Tylenol poisoning in 1982



• Questions to help avoid blame:– Should we have foreseen this and taken precautions

to prevent it?– Were we unprepared to respond effectively?– Did management do anything intentionally that

caused this or made it more severe?– Were we unjustified in actions leading up to and

following the incident?– Is there any type of scandal or cover-up related to

our involvement in the incident?


Succession Planning

• It is extremely difficult for individuals to function following a loss of life of someone they know or if they witnessed the death

• When an organization's chain of command is broken, post-traumatic stress among the survivors may hamper action

• Succession planning (SP): process that enables an organization to cope with any loss of personnel with a minimum degree of disruption


Elements of Succession Planning

• Succession planning is an essential executive-level function

• Six-step model directs what management should do:– Assure an alignment between the organization’s

strategic plan and the intent of the SP process– Identify key positions that should be protected by SP– Seek out current and future candidates for key

positions from among members of the organization– Develop training programs to ready potential

successors


Elements of Succession Planning (continued)

• Six-step model (continued):– Integrate the SP process into the culture of the

organization– Ensure that the SP process is complementary to the

staff development programs throughout HR functions

• Alignment with strategy:– SP process should be created to meet the current

and future needs of the organization’s strategic plan



• Identifying positions:– Positions to include in the SP are those where the

loss of an incumbent will cause great economic loss, result in significant disruption of operations, or create a significant risk to secure operations of critical system

– Must define thresholds for economic loss, degree of disruption, or increased risk

– Identify the critical competencies and skills for each position



• Identifying candidates:– Use performance appraisals, validated psychological

assessments– Remember that managers tend to seek out and

advance those who are similar to themselves

• Developing successors:– In addition to expected training and development

activities, candidates should receive mentoring and other organizational real-time learning opportunities



• Integration with routine processes– SP process must be operated by the line managers

that form the core of the broad executive team, not HR staff

• Balancing SP and operations:– SP must have the same level of importance as other

planning organizing, leading and controlling activities common to managers everywhere


Succession Planning Approaches for Crisis Management

• All CM plans must have provisions for dealing with losses in key positions

• SP plan must indicate the degree of visibility or transparency that will accompany the SP process

• Two degrees of transparency:– Operationally integrated succession planning: fully

visible approach that is well known to incumbents and potential successors

– Crisis-activated succession planning: concealed approach in which succession is unknown until implemented


Succession Planning Approaches for Crisis Management (continued)

• If using crisis-activated SP, the SP mechanisms must become part of the crisis management operational plan


Summary• Crisis: a significant business disruption that

stimulates extensive news media coverage and could have legal, financial, and governmental impact

• Crises can be caused by acts of nature, mechanical problems, human errors, or management decisions and indecisions

• Two types of crises based on rate of occurrence and warning time: sudden crisis and smoldering crisis

• Sudden crisis occurs without warning• Smoldering crisis is any problem not generally

known within or without the company


Summary (continued)

• Crisis management: actions take by an organization in response to an emergency situation to minimize injury or loss of life

• Crisis planning committee should have representatives from all appropriate business departments and disciplines

• Crisis management team includes individuals responsible for handing the response to an actual crisis situation

• Core assets to be protected are people, finances, and reputation


Summary (continued)

• Critical success factors for crisis management are leadership, speed of response, a robust plan, adequate resources, funding, caring and compassionate response, and excellent communications

• Training for CM is similar to that for IR, DR, and BC

• During a crisis, provide employees with the facts, management’s response, impact on the organization, and plans to recover

• Use cross-training, job and task rotation, and job redundancy to mitigate loss of critical staff


Summary (continued)

• Do not hesitate to contact law enforcement if needed

• Critical US federal agencies include DHS, FEMA, Secret Service, FBI, and federal hazardous materials agencies

• Communications are essential to keeping the organization together and functioning during a crisis

• Succession planning is used to enable an organization to deal with the loss of key personnel

Documents

Principles of Incident Response and Disaster Recovery