The Worst Crises are the Ones You Never See Coming
“Predictable Surprises” – Almost every disaster, incident of school/workplace violence and act of terrorism was preceded by warning signals.
The grim statistics of violence in the workplace are sobering to every organization:
Over 3.5 million workplace-site threats were reported last year.
- Three people a day are murdered at work.
- Murder is the #1 cause of death at work for women.
- Murder ranks 2nd only to industrial accidents for workplace deaths among men.
There is no denying the random, unexpected nature of workplace violence, or underestimating the potential losses that can stem from unauthorized access to a corporation’s facilities. But, a security plan must include more than an outline of safety procedures.
Firestorm’s security plans are integrated with the all of your business critical plans and programs. Our approach to security planning mandates regular testing and updating of plan procedures. We make sure that your plan’s safety and access control protocols provide the foundation of a secure environment for your business.
Security Assessment / Risk Assessment / Vulnerability Analysis
A careful assessment of building infrastructures and management systems is an important part of an overall business continuity program. Firestorm evaluates existing the physical security structure (facilities, systems, and processes) and assess how well an organization is protecting its people and property against likely threats. This site inspection is led by a member of the Firestorm team with subject matter expertise in security related issues.
Firestorm evaluates the facility grounds, building, and existing physical security systems and processes to determine how well key assets are being protected. Firestorm also assesses the ability to determine how well prepared an organization is to detect, assess, and respond to incidents. Systems and processes evaluated during the safety and security program evaluation may include:
- Monitoring Access: Employee, guest, and vehicle access points (Guard gates, check-in procedures)
- Video Surveillance: Cameras, lighting, analytics, etc.
- Building Systems: Electronic access control and metal detectors
- Environmental Health & Safety: OSHA regulations (Hazardous materials procedures, etc.)
- Life/Safety Systems: Incident detection, assessment, and response (Fire protection systems, signage and specialized plans for evacuations, fire drills, etc.)
- Space Management: Work areas and working conditions (Lighting, ergonomics and floor layout).
Risk Assessment / Vulnerability Analysis
A formal risk assessment is needed to properly understand a company’s risks and how those risks could be better addressed through additional controls. Knowing the threats your company faces will enable the organization to manage the results, and respond effectively. The analysis also results in the identification of specific enhancements for: leadership requirements, decision processes, command and control operations, emergency response, employee procedures, streamlined communication techniques and facility/equipment upgrades.
Firestorm’s process determines the risks (events or surroundings) that can adversely affect the organization and its resources (examples include: people, facilities, technologies) due to business interruption. The process will also determine the potential loss such events can cause, and the controls needed to avoid or mitigate the effects of those risks.
Firestorm’s risk assessment evaluates the threats that are specific to your organization and environment. The evaluation of threats will include natural/biological hazards and technological/human-induced hazards. For natural threats, historical data concerning frequency of occurrence for given natural disasters such as tornadoes, hurricanes, floods, fire, or earthquakes is used to determine the credibility of the given threat. Using this information, an overall risk ranking will then be assigned to each type of threat. The overall risk rating is a subjective rating that considers each threat’s severity, likelihood, and controls, and supports ability to prioritize threats and identify risk control measures.
- Previous incidents are analyzed and potential threats or events identified, beginning with the obvious, and working toward the less likely.
- A hazard vulnerability analysis tool (Hazard Impact Matrix) is used to evaluate your company’s level of preparedness.
- Risk factors are categorized as to their disruption to the company in high, moderate, or low classification.
- Human, property, and business impacts is evaluated and ranked from negligible to severe.
Prioritization of hazards is used to evaluate and determine a score below which no action is necessary.
- The most effective triggers are identified in order to have an efficient and effective response to an incident, should one occur.
Plan Audit/Review (Benchmark/Gap Analysis)
Firestorm conducts a benchmark/gap analysis of an organization’s existing plans/processes/procedures related to business continuity and emergency response. The analysis identifies where content must be developed to create comprehensive business continuity and emergency response plans for the company. Firestorm’s benchmark/gap analysis focuses on the organizational structure, employees, operations and risks. The analysis is from an emergency response, security, systems, facilities, workplace violence, and communications perspective.
The analysis consists of the following data gathering techniques:
- Comprehensive Site Assessment
Firestorm evaluates an organization’s existing physical security structure (its facilities, systems, and processes), and assess how well key assets are being protected against likely threats. Firestorm also assesses the company’s ability to determine how well prepared it is to detect, assess, and respond to incidents. This site inspection is led by a member of the Firestorm team with subject matter expertise in security related issues.
- Plan/Document Review
Firestorm conducts reviews of existing documentation for identification of current policies and documents that can be used in addressing principles and core elements of the organization’s overall business continuity program. Firestorm analyzes security, natural and man-made disasters, terrorism, and communicable illness exposures, along with the company’s current disaster plans, insurance and Human Resource policies and communication strategies.
- Surveys of Targeted Employees
A predetermined number of employees are included in our customized survey that analyzes employees’ knowledge of the company’s emergency response procedures. Critical vendor resiliency surveys may also be considered, to determine the disaster preparedness level of the company’s most critical vendors.
- One-on-one Interviews with Management/Senior Leadership
Personal interviews are conducted during the site inspection to further determine the company’s level of disaster preparedness among senior leadership.
The results of the benchmark/gap analysis are documented in a written analysis with follow-up recommendations.
Upon completion of the benchmark/gap analysis, Firestorm will be better positioned to understand the current state of a company’s existing environment, and is able to present a comprehensive findings report of the organization’s current level of preparedness. Thereafter, if necessary, Firestorm will propose a process to address performance levels and plan enhancement/development, as well as an implementation strategy.
Together, we will create a comprehensive Business Continuity Program that includes an Enterprise Level Plan, Business Unit Template Plans, and Facility Level Templates, as necessary. Firestorm will also identify strategic advantages relative to your competition and leverage potential revenue opportunities.
Monitoring and Threat Assessment
Unforeseen events can have a devastating effect on businesses. The rising number of natural disasters, communicable illnesses, and terrorist-related events has accentuated the need that businesses must be prepared to continue their critical business processes – under any circumstances.
Disasters, risks, and threats are increasingly a global concern. Disasters and actions in one region can have an immediate impact on risks in another. Despite growing understanding and acceptance of the importance of risk mitigation and increased disaster response capacities, disasters and in particular the identification, monitoring, and management continue to pose challenges to most organizations.
The best time to respond to a disaster is before it happens. Every physical area in the world is or will be subject to some type of disaster or hazard. Even though an area has never been damaged before, there is no guarantee that it will not happen tomorrow. It is a governance responsibility to identify the kinds of hazards and their impact that could affect your company both internally and externally before they occur.
The starting point for reducing disaster risk and for promoting a culture of disaster resilience lies in the assessment of the threats and vulnerabilities that most businesses face.
Once the potential risks have been identified, there is a need for methodology to monitor geographic or natural exposures, communicable illnesses, man-made disasters, or other risks. Knowing what needs to be monitored and how often is critical.
While some vulnerabilities and potential disasters are easy to monitor, such as winter storms, others can only to be measured with less direct methods, such as a pandemic or communicable illness. Predetermined triggers must be established to activate plans. For example, in the case of a pandemic, specific data to be monitored must be identified that can be utilized to create an imminent phase trigger. The advantage of identifying an imminent phase is to allow for a period of time to position operations, employees, and the organization for an emerging pandemic.
Early warning systems must be people centered. Warnings must be timely and understandable to those at risk, including guidance on how to act upon warnings, and support effective operations.