Loss Prevention Key To Disaster Planning

NFPA 1600 establishes a common set of criteria to develop, implement and maintain a program for prevention, mitigation, preparation, response and recovery from emergencies.

The standard is not a "how-to" guide with prescriptive requirements but rather provides a framework and establishes the relationship between an integrated emergency management and business continuity program.

GETTING STARTED

The first step is to evaluate any current program including prevention and mitigation, emergency response, business continuity, crisis management, and crisis communications policies and procedures.

Laws and regulations including Occupational Safety and Health Administration standards, fire prevention codes, Homeland Security regulations and industry-specific regulations need to be reviewed, identifying those that apply to the organization. Next, goals and objectives for the program need to be formalized in a policy signed by senior management and distributed throughout the organization.

An advisory committee with representatives from throughout the organization should be established. A program coordinator vested with authority and necessary resources to develop the program needs to be appointed.

o Risk Assessment

Natural and man-made hazards that can injure people, damage property, interrupt business operations, contaminate the environment, or hurt a brand, image or reputation need to be identified.

The vulnerability of facilities, systems, equipment and people from the maximum foreseeable magnitude of identified hazards needs to be assessed, determining possible impacts.

o Prevention & Mitigation

The goal of every emergency management and business continuity program should be prevention and mitigation, and a thorough risk assessment will identify many opportunities.

Develop a plan for the prevention and/or mitigation of hazards with the potential for significant impacts–especially when new products or services are developed, new facilities are located and designed, and existing facilities and processes are changed.

o Resource Management

The emergency management and business continuity program requires a variety of resources. Many people with expert knowledge, skills and training are required to evaluate hazards, implement prevention and mitigation programs, and lead emergency response and business continuity teams.

Warning systems, communications systems and equipment, threat detection systems, and protection systems and equipment are a few examples of the resources your program will require.

Evaluate all resources–both internal and external. Do you have sufficient quantity, and are they available when and where needed?

Consider a medical emergency. Do you have the means to alert trained staff? Can they resuscitate a heart attack victim by administering CPR or using an automated external defibrillator within four to six minutes? If not, can you expect public emergency services to arrive in time?

Provide funding to support the program for the long term. Extraordinary funding may be required to manage an incident and continue critical business operations while facilities are restored.

Establish finance and administrative procedures to fund the program, account for claims and expenses, and ensure compliance with corporate governance standards.

o Emergency Response, Business Continuity and Crisis Communications Plans

Establish plans to protect life safety, stabilize an incident, continue critical business functions, recover facilities and equipment, and communicate with important stakeholders.

Emergency response plans should include procedures for partial, phased, or total building evacuation depending upon the nature and location of the hazard and the type and arrangement of the building or site.

Implement shelter-in-place procedures for a chemical release or terrorism incident involving an exterior hazard. Develop sheltering procedures for severe weather, or even an extended power outage that would prohibit employees from safely leaving the building.

Security threats including workplace violence require procedures for locking down and protecting occupants within a building.

Train staff to supervise building protection and utility systems. Determine the capabilities and response time of public emergency services and coordinate plans with outside agencies. Limited public capabilities or extended response time may warrant an on-site firefighting, medical treatment, rescue, or hazardous materials response capability.

Implement an incident management system and train leaders of the emergency response and business continuity teams to serve as incident commander. Incident commanders must be able to assess a developing situation, conduct incident briefings, and develop an incident action plan for managing an incident.

Communications with stakeholders–part of crisis communications or crisis management plans–is required to ensure those persons impacted or potentially impacted by an incident receive appropriate information from authorized persons.

Every business should have a business continuity plan to continue critical functions–those processes that must be continued after physical damage, interruption, or disruption before irreparable harm is done. Identify the resources needed to continue critical functions and the timeframe when they are needed.

Strategies for continuing business functions and processes should be determined after completion of a business impact analysis. Document procedures for implementation of the recovery strategies in the business continuity plan along with the resources needed to implement each strategy.

o Training, Drills & Exercises

Train everyone to take life-saving protective actions. This includes evacuation drills, shelter in place drills and lockdown training. Members of emergency response and business continuity teams as well as persons responsible for crisis communications need training so they can carry out assigned tasks during an incident.

Leaders of each team must receive a higher level of training, and the training curriculum should include the incident management system.

Conduct exercises to familiarize staff with emergency response and business continuity plans. Begin with a "walk-through" exercise to familiarize team members with the plans. Then conduct tabletop exercises to teach team members to respond to a possible emergency incident.

To maintain the plan, periodically evaluate all facets of an emergency management and business continuity program–evaluating to determine whether personnel, systems, equipment, materials, plans, procedures and training continue to meet the organization's needs.

Donald L. Schmidt is CEO of Sharon, Mass.-based Preparedness, LLC. He also chairs the National Fire Protection Association's technical committee on emergency management and business continuity, which drafted NFPA 1600, as well as the editor and contributing author of "Implementing NFPA 1600," a handbook published by NFPA that can be ordered by calling 800-344-3555.