Industry Insight

Disaster Management 101

IN our post-9/11 climate, today more than ever, security professionals are being asked to take the lead on disaster management programs, as well as business continuity plan development and implementation. A recent Internet search shows more than 34 million hits on disaster management and 23 million hits on business continuity planning.

Some of these sites charge for a step-by-step plan. Others provide detailed check lists and flow charts that map out what should be done during the disaster, recovery and business continuity phases. Keeping the process as simple as possible is key to ensuring your plan gets approved and implemented. The Department of Homeland Security and National Fire Protection Association provide complimentary publications on disaster management that guide you through the basics of developing a disaster management program.

After endless meetings and intensive specialized training, senior management finally agrees that your company requires a disaster management plan that includes business continuity. As a newly appointed "expert" in disaster management, what should you deliberate on as you put together the disaster plan?

Having managed disaster management plans for a nuclear power plant, as well as corporate America, my recommendations outline the importance of creating a detailed plan.

Logistical Overview
Many disaster management programs have secondary sites selected for continued business operations. You likely will have two locations to protect with limited budgetary considerations.

Have you surveyed the prospective secondary site? What are your challenges in keeping the employees safe while still protecting the assets of the company in both places? This process should have started long before or in concurrence with your disaster management program.

Furthermore, as you prepare to upgrade your security technology (cameras, digital video, access control and door alarms), consideration should be given to not only the security plan, but the disaster management program, as well.

Do your systems have an open structure such that you can add or move at will? Are you able to remotely monitor your video? Is there room on your system to add cameras? Does your electronics supplier carry these items in stock? Do they have a loaner program or a buy back program? Are they willing to sign a contingency contract which will guarantee delivery within your plan time frames?

Hazard Identification, Risk Assessment/Impact Analysis

As a security professional, I can engage enough security personnel to repel a small army, but how do I know what the production team requires to keep running or the data group to keep data processing? Since no one person can be the expert in so many divergent areas, it's vital that a multi-disciplined team be assembled.

When all the hazards identified, implement a strategy to eliminate hazards and mitigate the effects of hazards that cannot be eliminated. Consider the following:

1. The use of applicable building construction standards.

2. Hazard avoidance through appropriate land-use practices.

3. Relocation, retrofitting or removal of structures at risk.

4. Removal or elimination of the hazard.

5. Segregation of the hazard from that which is to be protected.

6. Reduction or limitation of the amount or size of the hazard.

7. Modification of the basic characteristics of the hazard.

8. Control of the rate of release of the hazard.

9. Provision of protective systems or equipment for both cyber or physical risks.

10. Establishment of hazard warning and communication procedures.

11. Redundancy or duplication of essential personnel, critical systems, equipment, information, operations or materials.

Plan Development
With so many audiences and different types of actions to be taken, different plans, including a strategic plan, an emergency operations/response plan, a mitigation plan, a recovery plan and a continuity plan should all be develop.

A disaster management plan should feature the following elements:

Strategic plan. This defines the vision, mission, goals and objectives of the disaster management program.

Emergency operations/response plan. This plan assigns responsibilities to organizations and individuals for carrying out specific actions at projected times.

Mitigation plan. This establishes interim and long-term actions to eliminate hazards.

Recovery plan. This plan is developed to identify short-term and long-term priorities, processes, vital resources and time frames for restoration of the business.

Continuity plan. This plan identifies the critical and time-sensitive applications, vital records, processes and functions that need to be maintained, and identifies the necessary personnel and processes.

you prepare plans, identify hazards, the likelihood of their occurrence and the vulnerability of people, property, the environment and the business itself to those hazards. At a minimum, consider: natural hazards (geological, meteorological, and biological) and human-caused events (accidental and intentional).

Determine the resources needed to address other remaining hazards. When developing resource management objectives, consider: personnel, equipment, training, facilities, funding, expert knowledge, materials and the time-frames within which they will be needed. Also consider quantity, response time, capability, limitations, cost and liability connected with using the involved resources.

Communications and Evaluations
A communication system and procedure needs to be developed to ensure the notification of personnel, as well as a method to alert emergency response personnel. This system also needs to be periodically tested to ensure program compliance.

Develop and implement a training program that creates awareness for everyone that may be affected by the program. Remember to maintain accurate training records and conduct exercises to test the entire plan. Be sure that corrective action is taken on any deficiency identified during the exercise.

Post-9/11 Reality
Since 9/11, our industry has gone through a significant increase in awareness of security issues. Technological advancements have given us better tools that take care of the day-to-day operations and can be used in a proactive manner to ensure the continued safety of employees after a significant event occurs.

Keeping to the basics, taking the time to develop comprehensive plans and then communicating those plans via policies, procedures, announcements, and actually conducting exercises are the necessary activities that will ensure the health and safety of your employees and emergency responders.

Featured

  • Video Surveillance Trends to Watch

    With more organizations adding newer capabilities to their surveillance systems, it’s always important to remember the “basics” of system configuration and deployment, as well as the topline benefits of continually emerging technologies like AI and the cloud. Read Now

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.