Workplace crises: What to do if the worst happens
While much corporate attention has, over the past several years, been lavished on security - with everything from guards, access control cards and electronic intrusion detection systems now the norm - managing a crisis in the workplace is sometimes neglected.
Even if a plan has been made, it may not have been updated for several years, during which time, staff, equipment and even office layout may have changed. While preventative measures are clearly crucial, say the experts, they by no means guarantee security.
"The World Trade Center was a fortress, so they threw planes at it," says Steven Kuhr, senior-vice president and head of Kroll's Emergency Management Group. "So security only goes so far, and when security fails, you have to have a crisis management programme in place." These days, as companies outsource more tasks, it is not only the company headquarters that needs a plan. If dealers and suppliers are hit by an incident, business operations can be dramatically affected.
The automotive industry is a case in point. Last year's power outage in the US and Canada cost car manufacturers and suppliers an estimated production loss of 35,000 vehicles, the temporary lay-off of more than 100,000 workers and more than $1bn in lost wages and production, according to the Automotive Industry Action Group (AIAG).
Aware of their vulnerability to such incidents, DaimlerChrysler, Ford and General Motors in January announced the creation of a set of crisis management guidelines for their suppliers and dealers.
Developed with the AIAG and auto industry suppliers, the guidelines are to be rolled out across the automotive supply chain and are intended to reduce production losses caused by natural disasters, fires, plant accidents and acts of terrorism.
Whether it is a supplier's factory or a corporate headquarters, careful preparation needs to go into creating a crisis management plan. "The first thing is that it has to be done at board level," says Justin King, founder of C2i International, a UK based security and crisis risk management consultancy. "You need strategic backing from the board, because without that nothing will be taken seriously."
In some cases, less is more.
A risk assessment is essential to highlight the threats to which a company is exposed, depending on its type of business. A cheese producer in rural France, for example, might not need to make provision for terrorist attack but should rather focus on threats such as power cuts.
A company with production sites in certain parts of Asia would consider threats such as hurricanes and typhoons.
Moreover, consultants stress that an overly complex plan, with too many people assigned to the crisis management team, can prove counterproductive. Mr King points out the need for the plan to be written in language familiar to the company.
"The company executives should write the plan themselves. We would train them, but they should write it with their own terminology and using their own processes," he says. "Because in a crisis, one resorts to what one knows best."
Mr Kuhr advocates having a clear framework in place at all times, with a command and control hierarchy that takes an organisational approach to dealing with a crisis. At the top of the two-tier hierarchy he recommends forming a crisis policy group that would include the chief executive, chief financial officer, chief information officer and chief security officer.
"We're also seeing companies starting to appoint directors of crisis management," he says. At the second tier, would be the operations group, managed directly by the chief security officer or business continuity director. "It executes the policies set forth by the executive group and manages the crisis," says Mr Kuhr. "It's like in government - you have an emergency operations centre that takes direction from, for example, the mayor. That works and has years of successful history behind it, and we recommend the same for clients."
But the real challenge for companies, say the experts, is keeping people focused. After a plan has been put in place, the tendency is for staff to relax. One way to keep staff on their toes is to test the plan periodically. This can involve bringing in outsiders such as local public safety officers, the police and fire services.
As a result of those tests, crisis management plans should be reviewed and updated. "You can never say a plan is final," says Mr Kuhr. "I've seen too many crises where, when the dust settles, people go on as before. But we should never forget the events of September 11 and we need to make sure we continue to have the ability to respond."
If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599.