Without Incident
Techniques to more effectively cope with emergencies
- By Roni Zehavi
- Aug 01, 2008
Incident management is a process that includes an
organization’s ability to detect, identify, verify, analyze,
respond to and control incidents, events and hazards,
while coordinating resources. Defined as occurrences
that have or might have a negative impact on the
continuity of routine operations, incidents may occur in
any organization, public facility or business entity.
Therefore, incident management must minimize the disruption
of operations and restore normal procedures as
quickly as possible, allowing seamless operational continuity
and minimum practical and reputational damage.
Incidents comprise a variety of events, whether manmade,
natural phenomena or a failure of various systems.
The nature of their causes could be quite diverse:
from security, such as terrorist attacks and bomb threats;
civilian and criminal threats, such as burglar intrusion,
theft or riots; engineering and facility management
threats, such as fire, burst water pipes and electricity
problems; and the threats of natural disasters, such as
earthquakes and floods.
Information Overload
Today’s command and control centers are overwhelmed
with information from a plethora of sensors and devices.
The challenge facing an organization both in routine
operation and in times of emergency is how to rapidly
and efficiently process enormous amounts of data from
a wide variety of sources, allowing immediate assessment
of action and effective decision-making. It is
important to reduce information overload on security
and safety management personnel by getting the right
information to the right person at the right time.
The ability to regain operational continuity following
a crisis or an incident, either locally or at the corporate
level, depends strongly on the preparation and readiness
of key staff. Incident management must successfully
incorporate four essential phases:
• Planning—constructing emergency and recovery
plans and optimizing deployment of sensors, based
on realistic simulations of threat scenarios
• Training—ensuring that all staff, whether executives
or employees, know how to carry out the appropriate
emergency plan
• Responding—identifying emergency situations and
carrying out the correct response, according to
rehearsed plans
• Debriefing—learning from the real-time response
what improvements to procedures and equipment are
required.
Planning Phase
Each organization should clearly define security and
safety requirements. It should optimally deploy the various
necessary devices, such as sensors and cameras, in
the most efficient and optimal way, ensuring maximum
coverage of each device while saving unnecessary procurement
costs.
Analyzing security gaps and evaluating the quality of
security layouts is a complicated task. Today, most planning
is done manually, without the benefit of computer
technology. However, using a 3-D, GIS model of the
organization’s site, Rontal’s SimGuard incident management
system, for example, allows virtual installation of
numerous kinds of sensors and provides a vulnerability
assessment, as well as an ability to conduct various
advanced simulations.
Organizational preparation for handling emergencies
begins with a threat and behavioral analysis, during
which it is necessary to map and analyze relevant potential
threats. In addition, possible responses should be
planned, building a complete spectrum of scenarios
around various threats and their impacts. Organization
managers and CEOs, who are responsible for the security
and safety of employees and for business continuity,
must have confidence that the emergency event is managed
coherently and cohesively according to emergency
procedures. These managers also must stay informed as
to the key strategic decision points of the response and
their major consequences.
The plans should address occurrences of various incidents
involving security, safety and facility management,
as well as natural disasters and production system
failures, and should include recovery. For example, in a
case where evacuation is required, the planner should
define preferred evacuation routes for different threats,
identify areas with high bottleneck potential, project the
length of each evacuation method and evaluate them
empirically. SimGuard enables planners to conduct a
variety of simulations to build the best recovery plan.
Using realistic 3-D modeling combined with advanced
algorithms for the analysis of crowd behavior, planners
receive essential data for better results, such as data
regarding crowd behavior, time calculations and areas with high risks of bottlenecks.
Training Phase
The main aim of training is to achieve a
high level of preparedness and relevant
knowledge among executives and
employees to ensure that planned procedures
are executed correctly in emergencies.
Training sessions and drills should
be held frequently. The organization
must conduct mission rehearsals, which
increase the productivity of drills.
Organizations usually face two main
problems: first, conducting those drills
often requires both time and resources.
Second, to be truly effective in emergency
situations, security managers
must train in the same area and conditions
as a real-time emergency event.
Training based on simulations of reallife
experiences is the critical factor for
establishing a high level of expertise and
organizational preparedness for incidents.
The executive staff is trained to
assess emergency situations and make the
most efficient decisions to ensure business
continuity. In complex organizations,
it is essential for the management
to track the qualification level of all personnel,
from security managers to security
controllers and floor marshals. A
methodology that monitors the performance
level of all trainees based on computer-
based tools is highly desirable.
In SimGuard, for example, the training
phase includes a series of simulated
incidents using 3-D models, allowing
both security teams and staff to gain an
early understanding of security and safety
situations and how they might develop
before they occur. SimGuard allows
online drills for controllers and offline
mission rehearsals for staff training. In
addition, the supervisors get a periodical
report on the actual level of knowledge
and performance of the trainees.
Real-time Events
Emerging technologies over the past few
years have increased the complexity of
command and control centers. Operators
are overwhelmed with information from
an array of sensing devices. The human
mind cannot possibly process all the information
appearing on banks of monitors;
furthermore, it cannot always comprehend
the implication of several events happening
simultaneously.
When an incident occurs, the organization
must first ascertain that it is a real
incident and not a false alarm. The number
of false alarms should be kept to a
minimum. The relevant executives should
immediately achieve a high level of situational
awareness, and an assessment of
the immediate consequences of the incident
should be made.
To enable precise and immediate situation
awareness, the multiple security and
safety systems should be connected to a
single unified situation monitoring system,
allowing decision-makers to receive
a complete picture from all available sensors
and systems. Each sensor covers a
narrow area, and a comprehensive situational
picture requires a combined display
based on the different outputs of the
various devices.
Operators should immediately determine
the threat level and have a clear orientation of the threat location. They also
should identify the correlation between
discrete events and understand the impact
of each threat on specific areas and people.
During incidents, decision-makers
should know the location of the response
teams and key personnel relative to the
zone of interest. They also must be able to
provide situational awareness to the field
person in charge. A common language
between the security and safety manager
and the mobile forces is critical for efficient
and effective intervention. In
SimGuard, for example, this is accomplished
using a PDA-based handheld
extension to the main system. SimGuard
gathers information from all available
sensors, fusing and presenting it on one
3-D display of the site. This display
enables the operator to understand rapidly
the implications of an incident, identify
the relevant scenario from the scenario
library and predict the potential impact
on site operations.
When managing an emergency event,
remember that the first few minutes are
the most critical. The response time
should be very short, preventing the
problem from escalating.
Debriefing Phase
In-depth debriefing of security and safety
incidents, including the distribution of
findings throughout the organization,
greatly enhances preparedness.
Debriefing is essential to strengthen
an organization’s response to subsequent
incidents. It allows the organization to
study the actual response versus the
planned response and, where necessary,
revise emergency plans. Thus, an effective
debriefing process would be one that
is supported by recordings of the incident
that provide reliable information.
Learning from real-time incidents
can dramatically enhance the organization’s
potential for improved response.
Recording actual incidents while they
are unfolding makes it possible to
improve security and safety management
by retrospectively creating a timeline
of events. The response could then
be analyzed from a multilevel perspective,
from management to security staff
and external forces.
Naturally, using data already generated
by the system as part of an incident
response is more affordable than traditional
methods for evaluating such
plans. Digital event logs can be used to
detect patterns and similarities in security
breaches, such as thefts occurring in
the same area. Debriefing also provides
an ideal opportunity to evaluate and
demonstrate continuous enhancement
methodology at the corporate level.
The debriefing mode of Rontal’s
SimGuard incident management system,
for example, allows safety and
security management personnel to learn
from real time incidents and other
events by providing digital feedback
and analysis of the
reactions by security
teams.