Potentially harmful contingency is in fact harmful nghĩa là gì năm 2024
Although there is some recognition of the importance of contingency planning, far too few firms have anything beyond a contingency plan that sits on a shelf in the CEO’s office. Even in those companies with crisis management teams (CMTs), the members often do not meet to plan or even discuss how the team would function in an actual situation. Show The most progressive firms offer the team members, fire brigades, and employees an opportunity to preplan (contingency planning) through mock exercises that replicate industrial disasters, explosions, fires, or tornado alerts. The end result is a better-prepared team of employees ready to respond to any contingency. Unfortunately, many firms have not gone this far. Contingency planning may not have been a traditional security process, but in today’s global business environment the security organization is assuming a much greater role and responsibility for its implementation. Even prior to the events of September 11, 2001, many organizations were becoming more conscious of the need to have contingency plans. A complete contingency planning program has three major elements:
Emergency response activities involve responding to an incident, crisis or disaster and managing that incident at the scene. Should an incident escalate to the crisis or disaster stage, a CMT should take over managing the crisis to its conclusion. If the crisis or disaster does cause damage to a company building, facility or operation, the CMT should hand over to a business continuity team the responsibility of recovery and resumption. After a disaster, it is critical that the business recovers and resumes normal (pre-event) operations as soon as possible. Customers, shareholders and stakeholders expect nothing less. Executive management has the obligation to ensure contingency planning is properly considered and addressed within their company. The consequences of not planning for contingencies can be catastrophic with numerous liability issues. Keywords: Contingency planning, emergency response, crisis management, business continuity, business recovery, disaster recovery, business resumption, crisis management teams, business interruption mitigation, pandemics, hazards, planning and training IntroductionNo facility protection program is complete without clear, well-defined policies, and programs confronting the possible threat of fire or any other natural or human-made disaster. While planning for such contingencies is the responsibility of top management, in most situations the task of carrying out emergency response falls specifically on the security management team; specifically those resources dedicated to incident management response now considered boutique specialty in many multinational companies. This is primarily due to the essence of the security mission—that is, to observe and report. In the best of all possible worlds the responsibility is a shared responsibility among security, fire, and safety departments. Regardless of the functional placement of responsibility, security, fire, and safety personnel must work together when they are confronted with preparing for and responding to disasters. According to a 2006 IOMA Safety & Security Reports briefing, 39% of US companies lack a basic crisis plan and 56% have not conducted crisis drills or simulation in the last year. Follow up research in 2017 reveals not much has changed regarding general readiness for many companies. In fact, some companies consider crisis planning and drill exercise a bit of a nuisance and do so at their own peril. Under an amendment to a 9/11 bill passed by the House, the Department of Homeland Security and the American National Standards Institute established a set of “best practices” for disaster preparedness. This includes a certification process to verify compliance . According to Dr. Dennis F. Sigwart, Emeritus Professor, Western Illinois University, current and future security professionals should be aware of the absolute necessity of disaster planning and preparedness as a viable component of the many facets (fire, earthquake, explosions, flooding, and so forth) of which they will have to perform as a practitioner. Those assigned disaster preparedness tasks must continually play the “what happens if” game . Said another way, drill scenario and testing is akin to being a player on a practice field. Practice often makes perfect, builds confidence and comradery among players and streamlines the incident management response process. Drill scenario testing on a frequent basis cannot be overemphasized enough. Firesafety (discussed in Chapter 12, Fire Prevention and Protection), and emergency (contingency) planning is designed to anticipate what might happen to endanger people, physical assets, and information (thus causing damage and interruption to normal business) and to take the necessary preventive measures and make provision—through the use of appropriate hardware and/or personnel response—for prompt and effective action when an emergency does occur. While the emphasis in this chapter (as in most actual practice) is on physical safeguards, it is important to emphasize the human aspect. Disastrous losses often occur not from the failure or absence of physical safeguards, but from human error—the failure to close a fire door, to maintain existing protection systems in good working condition, to inspect or to report hazards, and, at the management level, to ensure through continuous employee education and training that the organization remains prepared at any time for any emergency. The Occupational Safety and Health Administration (OSHA), National Fire Protection Association (NFPA), and Life Safety Codes dictate certain safety requirements for all businesses. Contingency PlanningThe Association of Contingency Planners (ACP), which is an association dedicated to the evolution of business continuity, describes contingency planning in the following way: “Business continuity planning integrates knowledge from related disciplines such as information technology, emergency response, and crisis communications to create a strategy that ensures a business will remain resilient in the face of adversity.” The purpose of contingency planning is simple. Essentially, contingency planners work to prepare their business, organization, or institution to be better able to mitigate any disruption to normal business activities. As an example, if a natural occurrence (e.g., hurricane, fire, or earthquake) disrupts normal business activities, having plans in place for responding to and recovering from such an occurrence will allow for a faster resumption of business, thus reducing the amount of time the business is disrupted. For our purposes, we will discuss contingency planning in the construct of four major components: emergency response, crisis management, business recovery, and business resumption. The fundamental elements of each component and the need for an effective integrated contingency planning process will be addressed. Furthermore, categories and types of crises, along with basic preparation and awareness needs, will be discussed. You will note that emergency response, crisis management, business recovery, and business resumption processes have much in common (e.g., communications requirements); however, each is handled as a standalone process. Security and the Contingency Planning ProcessThe traditional role of security in the contingency planning process has been to develop emergency evacuation plans for the business and to respond to emergency or crisis situations. Acting as the eyes and ears for an organization, business, or facility and maintaining a 24 hours a day, 7 days a week presence, the security organization is best positioned to respond to an emergency and manage a crisis through the concept of C3: command, communication, and control. As crises escalate, they are best managed by a multidisciplined team. Due to the ever-ready posture of many security organizations and the increased emphasis on emergency preparedness and contingency planning following the tragic events of September 11, 2001, in New York City, Arlington County Virginia, and Pennsylvania, many security departments have expanded their contingency planning capabilities to include the following components: emergency response, crisis management, business recovery, and business resumption. Depending upon the scope of the effort, a contingency planning program can take into consideration many activities, events, conditions, and processes. Depending upon the size and complexity of a business the process of contingency planning can be quite extensive. Planning for a contingency generally means assessing and understanding all aspects of the business, particularly the business critical processes and supporting information systems. To do this effectively requires the participation of many people from different disciplines, including management, employees, suppliers, and sometimes even customers. It may also include representatives from external organizations such as representatives of an insurance underwriter or the local fire departments. Having a variety of knowledgeable people involved from different functional disciplines calls for establishing common parameters. To be effective, everyone involved must have a common understanding of the elements and objectives of the contingency planning program and all must have a common understanding of the process. The first consideration in establishing common parameters is to develop a set of common definitions of terms. When discussing any aspect of contingency planning it is essential that all parties have a common understanding of what is being discussed. Just what does someone mean when he or she refers to the incident management, business recovery, or any other elements of the contingency planning process? Below are a set of contingency planning terms defined in such a way as to be useful for any organization in establishing a common baseline, points of reference, and common jargon for the end to end contingency planning process. Definition of terms must be part of the organization’s formal or institutionalized contingency planning process to ensure continuity of planning and success in achieving common preparedness objectives.
Contingency Planning ProgramThe purpose for contingency planning is to better enable a business or organization to mitigate disruption to the enterprise. Should disruptions occur, and they do all too often, the enterprise must be able to resume normal business activities as quickly as possible. The inability to restore normal operations will have an adverse economic impact on the enterprise. The extent of the impact will correspond to the extent of the disruption or damage. If the damage is severe and the mitigation of such damage has not been properly planned for, the effect could be catastrophic, even to the extent of failure of the business. Essentially, contingencies fall into three categories:
Contingency planning is a continuous process. It is not something that can be done once and put away only to be retrieved when needed. It is a continuous process requiring periodic updates and revisions as appropriate to, and consistent with, changing business conditions. It also involves implementing and maintaining awareness and training elements. Those personnel with contingency planning responsibilities require periodic familiarization with plans and processes and training on new techniques and methods. The process of contingency planning should be designed to achieve the following:
Throughout the remaining sections of this chapter, elements of the contingency planning process and program (Fig. 11.1) are presented and explained. ![An external file that holds a picture, illustration, etc. Object name is f11-01-9780128053102.jpg](https://i0.wp.com/www.ncbi.nlm.nih.gov/pmc/articles/PMC7149346/bin/f11-01-9780128053102.jpg) Elements of a business continuity planning program. Contingency PlansContingency plans formally establish the processes and procedures to protect employees, core business elements, critical processes, information systems and the environment in the event of an emergency, business disruption, or disaster. These plans should be developed and designed to consider specific categories and types of emergencies and disasters and address the mitigation, preparedness, and response actions to be taken by employees, management, and the organizations charged with specific response and recovery tasks. These plans should contain basic guidance, direction, responsibilities, and administrative information and must include the following elements:
Emergency ResponseWhen an emergency occurs, and unfortunately emergencies occur at even the most prepared businesses, being able to effectively respond is critical. Respond in this context means to call up the necessary incident response team regardless of the time of day or weekend and even holiday. As such accessibility of responding incident management team decision makers are paramount. The type and nature of emergencies that can occur vary widely. From a medical emergency in which an employee becomes injured or sick, to a natural or person-made disaster causing extensive damage to buildings and equipment, being prepared to respond will usually lessen the damage or impact of the event. Preparedness takes many forms. Being prepared to respond to a medical emergency is different from being prepared to respond to a natural disaster. The medical emergency may only require applying first aid to a victim or it may require the assistance and services of medical professionals. A natural disaster may require support from emergency medical services along with law enforcement, fire departments, search and rescue operations, and hazardous material crews. When planning for emergencies, types of emergencies should be grouped into like categories so that planning is accomplished for only categories of emergencies, as opposed to each and every possible emergency occurrence. This strategy recognizes the similarities of different types of emergencies and is efficient in terms of creating fewer and flexible plans. The purpose of preparing an emergency response plan is to document the planning accomplished in preparation for an emergency. This documentation provides the ground rules for emergency response activities. It also provides a reference for all who need to know how the process works. The plan will identify general and specific responsibilities for emergency response personnel and for all employees, both management and nonmanagement. Having a plan in place will assist emergency response personnel in their effort to return the business to normal operations. However, it is important to remember that the plan should be easily accessible, streamlined, and ready for action. A plan too burdensome in the number of pages and instructions will only serve to hamper the incident management response process.
Crisis or Incident ManagementEmergencies, contingencies, business interruptions, and other unplanned events happen. Sometimes the event itself is a crisis, such as a fire burning a building or facility. In other cases, an incident not responded to or managed properly at the scene may turn into a crisis. For example, failing to respond promptly to that small fire may allow for it to turn into a large fire. Incident management is the process of managing events of a crisis to a condition of stability. Emergency response personnel at the scene of an incident manage the incident. If the incident escalates, becoming a crisis, it is then necessary to have a different group take charge. Ideally, a CMT, consisting of experienced personnel from multiple disciplines, would come together to manage the incidents that develop beyond the capability and decision authority of emergency response personnel. Essentially, the CMT manages the crisis to closure. After emergency response planning, crisis management planning is the next step in the continuum of the contingency planning process. A crisis management plan should address the following activities and concerns:
Business ContinuityEarlier in this chapter, we defined business continuity as the effort to minimize business interruption or disruption caused by different contingencies. When contingencies occur, business recovery and resumption needs to happen as rapidly as possible. In essence, business must continue. Business disruptions can be costly and even catastrophic. Customers, shareholders and stakeholders demand the business remain viable. Preparation to deal with contingencies is a critical component of keeping the business going and maintaining the viability of the enterprise. Business continuity is a two-stage process. Business recovery is the first stage. Business resumption is the second. The recovery effort is the process of getting the business up and running again but only in a minimal acceptable condition. It is not a recovery to a preevent condition, but rather a recovery to produce product, make deliveries to customers and accomplish the basic activities to keep the business going. The business resumption stage is the effort to recover from a contingency and resume business in a preevent condition. This is not to say that all critical processes and other processes will be exactly the same as they were preevent. Resumption planning may call for new or modified processes. The intent is to resume business operations to a level similar to the preevent operations level, but not necessarily exactly the same. A business continuity team should be established to provide oversight of the development of business resumption plans. Representation from each of the major business functions should be part of this team. Manufacturing, business management, finance, engineering, information technology, human resources, legal and others major areas, and disciplines within the business, depending upon the nature of the business, need to participate. Business resumption teams lead the effort and planning process to ensure the business is prepared to recover from contingencies and resume full business operations. In some cases it may be necessary to have a major supplier or customer participate as a member of this team. Business recovery and resumption planning have common elements. The difference is the stage of recovery and the time necessary to get there. Following are common elements of the processes for business recovery and resumption:
Business RecoveryThe previous section addressed areas and issues common to resumption and recovery aspects of the total contingency planning process. This section will discuss areas specific to recovery and the short-term process of resuming normal business operations. Recovery plans focus on getting the business up and running—in essence, the actions that need to be taken within the first 30–60 days to restore critical processes and resume operations. These should be the most critical processes focused on infrastructure, product delivery, and keeping damage or loss to an absolute minimum. As difficult as it may be, people need to be part of this equation. For example, should a natural disaster occur, causing severe damage to a building or facility, there is a good chance that some key employees may have experienced something similar. Some may be preoccupied with their own issues of recovery and restoration and may not be able to support the company. Generally, you can expect this to be limited to a few, but it could be a critical few. Part of the critical process planning should take this into consideration and identify alternatives. Vital records recovery is very much part of the recovery process. Being able to access off-site records storage, hard copy, and electronic, is critical to expediently moving this process forward. Many companies use outsource providers to handle, store and, retrieve their vital records. This process allows for separate storage, away from company facilities, and reduces the possibility of damage or destruction to these records. There are many capable and reliable companies throughout the world who perform vital records handling, storage, and recovery. Business ResumptionIssues and areas of focus and concern that are common with recovery and resumption were addressed earlier. This section discusses areas specific to resumption and the long-term process of resuming normal business. Long-term priorities are addressed in business resumption plans with the intention of restoring operations to a preevent condition. Restoration to a preevent condition does not necessarily mean that all is the same or equal to the conditions prior to contingency occurrence, crisis, or disaster. During the process of recovery and restoration it may be learned or discovered that the implementation of a critical process or other processes can be accomplished differently, in the sense that improvements can make the process more efficient and more cost effective. Consequently, changes can and should be made. Furthermore, it may be learned that some processes can be eliminated altogether. Recovery and resumption in many ways are similar to a reengineering process. Process owners are usually the best source for ideas and as they participate in resumption they may develop new approaches and methods to implement and execute their process. If the process is simple, changes can be implemented quickly with little or no additional review from management or the business continuity team. If the process is complex, affecting, or dependent on other processes, a cost-benefit analysis is warranted to accurately assess the impact of any proposed changes. PandemicsDefined, “a pandemic is a global disease outbreak.” (end-note WebMD). This has driven governments and private organizations to take mitigating steps to address the pandemic threat. Pandemic preparedness continues to receive much attention most recently the middle east respiratory syndrome (MERS), the H5N1 Avian Flu and the H1N1 Swine Flu viruses remain active in various parts of the world, with the H5N1 being active mostly in Asia . Pandemics are not new, having been with us since humankind’s earliest time. They don’t occur frequently but when they do, the effects can be devastating. The last devastating pandemic occurred in 1918, when the Spanish flu affected more than 30% of the population, killing between 50 and 100 million people worldwide and disrupting the normal lives of societies around the globe . Planning for a pandemic requires an emphasis on people. The focus is on planning to keep employees, and their families, healthy and in the workplace where they can be productive. Pandemics affect people, not infrastructure, although without people operating an infrastructure is at best difficult, and may be nearly impossible. Consider running the air transportation infrastructure without people. With a 30% reduction in the number of air traffic controllers, pilots and maintenance personnel, would this system work effectively, or would it even work at all? How would your business be affected if air transportation was limited or shut down for operating for 30 days? The Center for Disease Control and Prevention (CDC) has created a Pandemic Severity Index to assist local and state governments in assessing the severity of a viral outbreak. The level will help officials determine the extent of school closure, quarantines, and work-from-home assignments.
SummaryWithin this chapter, the authors have attempted to provide the reader with a framework for understanding the complexities of contingency planning and the development of contingency plans. A particular point we attempt to make lies with the importance of planning for categories of contingencies. It is a daunting task to attempt to plan for each and every possible contingency. However, contingencies can be grouped into categories and planned for accordingly. This allows for consistency in preparedness and best utilization of resources. Types of contingencies develop and change over time as societies and organizations change and progress. Prior to the 20th century, nuclear contamination was not a concern, but today countries with nuclear power generation capabilities have in place extensive contingency plans that are regularly tested. More common hazards such as severe weather and other natural events have caused enough damage to drive organizations to better preparedness. State and local governments along with private enterprises in states like California and Mississippi spend large sums of money to prepare to mitigate the effects of earthquakes and flooding. Contingency planning may not have been a traditional security process, but in today’s global business environment the security organization is assuming a much greater role and responsibility for its implementation. Even prior to the events of September 11, 2001, many organizations were becoming more conscious of the need to have contingency plans. A complete contingency planning program has three major elements:
Emergency response activities involve responding to an incident, crisis, or disaster and managing that incident at the scene. Should an incident escalate to the crisis or disaster stage, a CMT should take over managing the crisis to its conclusion. If the crisis or disaster does cause damage to a company building, facility, or operation, the CMT should hand over to a business continuity team the responsibility of recovery and resumption. After a disaster, it is critical that the business recovers and resumes normal (preevent) operations as soon as possible. Customers, shareholders, and stakeholders expect nothing less. Executive management has the obligation to ensure contingency planning is properly considered and addressed within their company. The consequences of not planning for contingencies can be catastrophic, with numerous liability issues Critical ThinkingCan a business be successful without having contingency plans? Review Questions
References1. R. Block, Pushing disaster preparedness the lieberman way, Wall St J Online 02/09/2007 and ANAB Accreditation for Private Sector Preparedness Voluntary Certification. |