There are three building blocks or pillars to Crisis Management Response. Let’s take a look back for just a moment…in our previous blog “The Capital Gazette Shooting – Security Training – What Worked…What Didn’t” , we discussed some of the causes and possible solutions associated with Active Shooter events. And…while the workspace is plagued by numerous threats…shooting events seem to capture the attention of virtually every organization in today’s global environment…and therein lies the problem!
Organizations have to guard against taking a myopic approach to corporate security…by that I mean, focusing on one challenge at the expense of all others…or…to put that another way… addressing threats in a sequential fashion, as opposed to always seeing the big picture.
Think of the “new shiny toy syndrome” we all experienced as children…we had a tendency to play with the “newest” toy available, often times ignoring the others in our collection until the next shiny toy came along.
Organizations tend to take the same approach with Crisis Management…focusing on the most recent threat in today’s environment…so, in this case, the shiny new toy syndrome translates into focusing exclusively on Active Shooter events, while ignoring other formidable challenges, including things like workplace violence, cyber-attacks, preparing for natural disaster…or any one of a dozen other threats facing corporate America.
Think of an onion…or an artichoke…both vegetables consist of layers protecting a core…this is the same concept organizations should use in developing their crisis response plans.
Resilient organizations understand the need for systemic plans that build on previous knowledge, while keeping an eye on current and future threats.
This is an important concept to master…because while each crisis event is unique in some ways…much like a fingerprint…they also share certain common characteristics.
Every event…regardless of how large or small…is made up of 3 distinct blocks, or phases…those are: Threat Management…Crisis Management…and Consequence Management.
There’s a tendency for organizations to try to “weight” these phases, meaning decide which one is more important or which one is the most important…but it’s very for important for organizations to be adept in all three phases
Let’s take a look at each in a little more detail.
The first phase, Threat Management…consists primarily of planning and training, and happens long before any crisis event.
Threat Management asks questions, including:
- Are you prepared to deal with any type of crisis…natural…man-made…or business related in nature?
- How does your organization define a crisis?
- How will you measure the impact of a crisis?
- Who is on your crisis team…and do you have redundancy if someone is not available?
- Who decides things like escalating the crisis response…or evacuating a building?
The questions above are only a small sample of the questions one needs to ask to prepare for unexpected events.
A sampling of Threat Management tasks would include, but not be limited to things like developing your CM/IM Team:
- Conducting vulnerability assessments
- Identifying essential resources
- Developing your CM plan
- Developing your CM Communications Plan
- Establishing your Incident Command Center…and…
- Conducting ongoing training sessions and tabletop drills
As you might imagine…there are a host of other tasks to be considered in the Threat Management phase as well…which supports the old axiom…if you fail to plan, you can plan to fail.
So…assuming your Threat Management phase is both comprehensive and complete…we now look at the second phase…or Crisis Management Response phase.
The Crisis Management Response phase involves the actual response to an incident…and includes important concepts such as:
- “The Golden Hours,”…the first 0-4 hours of an incident.
- There are numerous important things to be considered in the Golden Hours, including:
- Crisis Management Response also involves understanding the 3 phase of an incident: the Hot Phase, Warm Phase and Cold Phase
- As well as understanding Zone Management, which also includes Hot, Warm and Cold zones…BTW…this is especially true for large-scale events.
The third and final phase of any incident is the Consequence Phase.
The Consequence Phase is focused on recovery, investigation and lessons learned analysis.
It’s during this phase that we look at things like psychological support for associates…the activation of Corporate Care Teams…the implementation of your organization’s Business Continuity Plan…and ultimately, the return to a normal…or pre-incident…level of functioning.
It’s important to keep in mind that we have only touched on these concepts from a 30,000 foot viewpoint.
Under each of the phases above would be a detailed and substantial drop-down list of required tasks to perform.
Crisis Management Response is not easy and not for the faint of heart.
Details count…a friend of mine once said, “If you think something is too small to make a difference…try sleeping in a room with a mosquito!”
We covered a great deal of important ground here in just a few minutes…now it’s time for your homework assignment.
I want you to review your current crisis response plans and see how they measure up to the concepts we just discussed.
- Are you plans up to date?
- Do they include version control?
- Can you identify important gaps that need your attention?
We would love to hear what you think…and equally important…we would love to assist you with polishing your plans to address the complex issues of today’s workspace.
RMA has assisted hundreds of organizations across a diverse cross-section of industries…and we can help you.
Check us out at www.rmaprotect.com…or call us with questions at 781-871-2500.Tags: Consequence Management, Crisis Management Response, Threat Management