Industry Insight

Disaster Management 101

IN our post-9/11 climate, today more than ever, security professionals are being asked to take the lead on disaster management programs, as well as business continuity plan development and implementation. A recent Internet search shows more than 34 million hits on disaster management and 23 million hits on business continuity planning.

Some of these sites charge for a step-by-step plan. Others provide detailed check lists and flow charts that map out what should be done during the disaster, recovery and business continuity phases. Keeping the process as simple as possible is key to ensuring your plan gets approved and implemented. The Department of Homeland Security and National Fire Protection Association provide complimentary publications on disaster management that guide you through the basics of developing a disaster management program.

After endless meetings and intensive specialized training, senior management finally agrees that your company requires a disaster management plan that includes business continuity. As a newly appointed "expert" in disaster management, what should you deliberate on as you put together the disaster plan?

Having managed disaster management plans for a nuclear power plant, as well as corporate America, my recommendations outline the importance of creating a detailed plan.

Logistical Overview
Many disaster management programs have secondary sites selected for continued business operations. You likely will have two locations to protect with limited budgetary considerations.

Have you surveyed the prospective secondary site? What are your challenges in keeping the employees safe while still protecting the assets of the company in both places? This process should have started long before or in concurrence with your disaster management program.

Furthermore, as you prepare to upgrade your security technology (cameras, digital video, access control and door alarms), consideration should be given to not only the security plan, but the disaster management program, as well.

Do your systems have an open structure such that you can add or move at will? Are you able to remotely monitor your video? Is there room on your system to add cameras? Does your electronics supplier carry these items in stock? Do they have a loaner program or a buy back program? Are they willing to sign a contingency contract which will guarantee delivery within your plan time frames?

Hazard Identification, Risk Assessment/Impact Analysis

As a security professional, I can engage enough security personnel to repel a small army, but how do I know what the production team requires to keep running or the data group to keep data processing? Since no one person can be the expert in so many divergent areas, it's vital that a multi-disciplined team be assembled.

When all the hazards identified, implement a strategy to eliminate hazards and mitigate the effects of hazards that cannot be eliminated. Consider the following:

1. The use of applicable building construction standards.

2. Hazard avoidance through appropriate land-use practices.

3. Relocation, retrofitting or removal of structures at risk.

4. Removal or elimination of the hazard.

5. Segregation of the hazard from that which is to be protected.

6. Reduction or limitation of the amount or size of the hazard.

7. Modification of the basic characteristics of the hazard.

8. Control of the rate of release of the hazard.

9. Provision of protective systems or equipment for both cyber or physical risks.

10. Establishment of hazard warning and communication procedures.

11. Redundancy or duplication of essential personnel, critical systems, equipment, information, operations or materials.

Plan Development
With so many audiences and different types of actions to be taken, different plans, including a strategic plan, an emergency operations/response plan, a mitigation plan, a recovery plan and a continuity plan should all be develop.

A disaster management plan should feature the following elements:

Strategic plan. This defines the vision, mission, goals and objectives of the disaster management program.

Emergency operations/response plan. This plan assigns responsibilities to organizations and individuals for carrying out specific actions at projected times.

Mitigation plan. This establishes interim and long-term actions to eliminate hazards.

Recovery plan. This plan is developed to identify short-term and long-term priorities, processes, vital resources and time frames for restoration of the business.

Continuity plan. This plan identifies the critical and time-sensitive applications, vital records, processes and functions that need to be maintained, and identifies the necessary personnel and processes.

you prepare plans, identify hazards, the likelihood of their occurrence and the vulnerability of people, property, the environment and the business itself to those hazards. At a minimum, consider: natural hazards (geological, meteorological, and biological) and human-caused events (accidental and intentional).

Determine the resources needed to address other remaining hazards. When developing resource management objectives, consider: personnel, equipment, training, facilities, funding, expert knowledge, materials and the time-frames within which they will be needed. Also consider quantity, response time, capability, limitations, cost and liability connected with using the involved resources.

Communications and Evaluations
A communication system and procedure needs to be developed to ensure the notification of personnel, as well as a method to alert emergency response personnel. This system also needs to be periodically tested to ensure program compliance.

Develop and implement a training program that creates awareness for everyone that may be affected by the program. Remember to maintain accurate training records and conduct exercises to test the entire plan. Be sure that corrective action is taken on any deficiency identified during the exercise.

Post-9/11 Reality
Since 9/11, our industry has gone through a significant increase in awareness of security issues. Technological advancements have given us better tools that take care of the day-to-day operations and can be used in a proactive manner to ensure the continued safety of employees after a significant event occurs.

Keeping to the basics, taking the time to develop comprehensive plans and then communicating those plans via policies, procedures, announcements, and actually conducting exercises are the necessary activities that will ensure the health and safety of your employees and emergency responders.

Featured

  • Secure Your Home During the Holidays

    The most wonderful time of the year can easily transform into a nightmare. Being vigilant, while still enjoying the holiday season, is possible. The holiday season is the perfect time to start implementing security measures to protect one’s home and ensure security while out and about. Read Now

  • Five Cybersecurity Trends Predictions for 2024

    According to Cybersixgill, threat research experts, AI’s evolution will continually improve both organizations’ cyber defense efforts and cybercriminal activities. At the same time, increasingly complex regulatory requirements, continued consolidation of cybersecurity tools, a widening attack surface, and heightened global geopolitical issues will all play a significant role in driving the direction of cybersecurity. Read Now

  • AI on the Edge

    Discussions about the merits (or misgivings) around AI (artificial intelligence) are everywhere. In fact, you’d be hard-pressed to find an article or product literature without mention of it in our industry. If you’re not using AI by now in some capacity, congratulations may be in order since most people are using it in some form daily even without realizing it. Read Now

  • NSA Report Focuses on How to Protect Against Evolving Phishing Attacks

    The National Security Agency (NSA) and U.S. partners have released a new report describing the latest techniques in phishing attacks and the defenses organizations can deploy against them. Read Now

Featured Cybersecurity

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • ComNet CNGE6FX2TX4PoE

    The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3