Preparedness Bulletins

Resilience is not a finish line, rather it is a continuous process that engages safety, security, HR, facilities, operations, engineering, supply chain, IT, risk management, and others. The process identifies risks to, and vulnerabilities of, critical assets. Enhanced resilience results from the protection of those assets and the establishment of capabilities to foresee or promptly detect risks and execute response, continuity, and recovery capabilities to mitigate impacts.   

Planning for emergencies, continuity and recovery of operations, and the protection of an organization’s reputation and relationships with stakeholders requires teams at all levels to work together. Coordinated development and implementation of overlapping program elements can reap significant benefits including an enhanced understanding and treatment of risks, enhanced response, better outcomes, and reduced costs.

Will your preparedness program safeguard lives if there is a fire or active shooter? Will business continuity strategies enable you to continue priority operations when your building can’t be reoccupied? Will your communications plan enable you to quickly and effectively communicate with customers and stakeholders as social media reacts? Auditing is the best means of assessing capabilities and identifying opportunities for improvement.

A risk assessment identifies hazards that could cause injury, property damage, business interruption, environmental contamination, and damage to an organization's image and reputation. Potential impacts are determined by the location and magnitude of the hazard and vulnerabilities of the site, buildings, operations, systems, equipment, and people. A risk assessment informs prevention, mitigation, response, continuity, and crisis management programs.

A BIA identifies the potential impacts of business interruption and their escalation over time. Loss of revenue, loss of market share, increased expenses, regulatory fines, and contractual penalties (or loss of incentive bonuses) can be estimated. Impacts on relationships with customers, regulators, and other stakeholders are also considered. The BIA prioritizes recovery and informs recovery strategies by identifying resource requirements.

Suppliers fail as a result of many causes, and the impacts to business operations can be significant. Analysis of supplier risk should begin with a business impact analysis that prioritizes the recovery of products and services, and identifies the supplies required for their production and their supply chain. Risk surveys should be developed, and critical suppliers—especially sole and single source—assessed to determine their resilience.

The first priority of emergency operations is to safeguard life. Other objectives include protection of property, the environment, and the organization’s reputation. Emergency operations plans should consider “all-hazards,” be risk-based, make best use of available internal and external resources, and be actionable by an organization with defined roles and responsibilities.

An incident management system (IMS) is an essential capability to execute plans to protect lives, property, business operations, the environment, reputations, and stakeholder relationships. An IMS can and should be used for all incidents planned, forecast, or occurring that require activation of emergency operations, business continuity, IT disaster recovery, and crisis management plans.

Emergency plans should include actions to protect life safety. Protective actions include evacuation when there is a hazard inside, lockdown for a security threat inside, and shelter-in-place for hazards outside. Active shooter/hostile events require each individual to continually assess whether and when to “run,” “hide,” or “fight.” Training and drills should be provided.

Active shooter, homegrown violent extremist, lone wolf, and “run, hide, fight” are relatively new to our vocabulary as the concern over acts of violence has grown. Planning for active shooter and other “hostile events” should be a part of every preparedness plan. In this bulletin, acts of violence are defined; statistics provided; and guidance for the prevention and mitigation of, response to, and recovery from, these incidents are presented.

Riots have plagued the United States for decades and 2020 saw months-long protests and violence. This bulletin provides guidance on recognizing civil unrest, understanding perpetrators' weapons and tactics, and how to conduct a security and vulnerability risk assessment. It lists actions for physical and operational security, life safety, preparedness for demonstrations, and response to civil unrest.

Thunderstorms bring lightning, heavy rainfall, hail, and tornadoes. Resulting fatalities, property damage, and losses from business interruption are significant. Natural hazards can’t be prevented, but mitigation can reduce property damage, emergency management can protect life, and business continuity planning can reduce operational impacts and speed recovery.

Hurricane season begins each year on June 1. No matter the forecast number of storms, major hurricanes, and land-falling hurricanes, it only takes one to cause many deaths and billions in damages. Planning for hurricanes should include risk assessment, risk mitigation efforts including insurance, and preparedness planning to accomplish readiness well before landfall.

Melting snow combined with rain in the winter and early spring; severe thunderstorms with heavy rain in the spring and summer; and tropical cyclones can bring intense rainfall to the coastal plain and inland areas. Flash floods occur within six hours of a rain event, after a dam or levee failure, or following a sudden release of water held by an ice or debris jam. Risk assessment and preparedness planning is essential.

Before heavy snow warnings are broadcast and the frigid blasts of arctic weather arrive, it’s important to prepare your facility and your employees. Preparations before the severe weather can save costly damage to equipment and facilities and maintain important fire and life safety systems. Plans should also include actions to be taken if power or other utilities are interrupted.