Would businesses be prepared for a second 7/7?
Have the lessons of 7/7 been learnt?
The Management of Health and Safety at Work Regulations 1999 require employers to develop procedures to deal appropriately with serious and imminent danger, and to nominate sufficient numbers of competent persons to activate those procedures. Employers should consider all potential dangers, e.g. fire, public disorder etc.
This should therefore include terrorism, bomb threats and electronic attack, such as computer viruses. All emergency procedures have to be written down and effectively communicated to all personnel on the premises. The person who has been designated as the competent person responsible for procedures should be clearly identified and his or her role, responsibilities and authority detailed.
In the event of an incident work should not resume while a serious danger remains, and expert advice from authorities should be obtained if in doubt.
However, these regulations don't address what employers need to do in the event that people are denied getting to work, or making a decision to release employees from a secure building into a potentially hazardous environment.
They don't really help though in answering practical questions:
should employers arrange for accommodation tonight so that key staff do not have to commute tomorrow?
Should employers fund it, and if so, on what basis?
Should they allow workers not to come to work tomorrow, and again, if they do, how should they differentiate between who should - and who should not - have to come to work?
These are all questions that many London employers had to face when the bombs went off last year. So are employers any clearer on the answers to these questions?
A study by the British Chamber of Commerce found that despite an initial flurry of interest in improving contingency plans immediately following the bombings on July 7 businesses have again grown complacent. The Business Continuity Management Survey, conducted by the Chartered Management Institute (CMI) and supported by the Cabinet Office, uncovers a worrying gap between perception and reality. Less than half (49%) of those businesses questioned say their organisation has a business continuity plan in place. Organisations that do have one are often guilty of failing to rehearse these plans as often as they should - only 37% of those with plans test them at least once a year, compared to 52% in 2005.
This is made more worrying by the fact that where rehearsals have taken place, the majority (79%) have revealed shortcomings in their plans. The joint CBI and KPMG London Business Survey, published in May, suggested that only 47% of companies with less than £5m turnover - over 98% of the capital's businesses - have a contingency plan. Measured by employee numbers, 58% of firms with fewer than 250 employees (about 98% of firms in the capital) have a contingency plan, rising to 79% of businesses with more staff.
This complacency could be explained by the fact that only 45% of the businesses asked in the CMI survey actually perceived something like terrorist damage as a major threat to their business. It would seem that many businesses have an “it won't happen to me mentality. This is despite one third of organisations experiencing disruption after the 7/7 bombings.
Businesses are often reluctant to create contingency plans because of the perceived cost that may be involved. However, often the cost of not doing something is far outstripped by the cost when something does happen. Even with minor incidents small companies lose on average two days business at a cost of up to £10,000. Many businesses in London on 7 July 2005 found themselves facing circumstances they'd likely never considered.
For many employers, the scenario didn't fit the traditional emergency procedure they'd practiced and prepared for. This is because employers weren't just facing a fire in their building, or the IT system crashing, they were faced with the emotional response of their employees. On that day London employers learnt that dealing with emergencies is, above all else, about HR practicalities. Because of this there has been much more awareness of the need to include 'people aspects' in business continuity since 7/7.
However despite this the CMI survey found that the inanimate objects in the business still dominate business continuity management (IT is covered by 67% of plans) despite organisations admitting a fear of losing people and skills. For example, almost all (92%) believe they would suffer disruption caused by higher levels of absenteeism and illness in the even of an influenza pandemic, yet the majority (83%) do not have robust plans to cope with this absence.
Speaking at a recent London seminar about how 7 July had affected organisations and employees, corporate psychologist Kate Nowlan commented that businesses are still not paying enough attention to 'people aspects' when it comes to planning for disaster.
Nowlan said that some organisations had placed greater emphasis on contingency plans and implemented trading programmes addressing the psychological effects of emergencies. "There is heightened awareness of risks to employees, particularly those who use public transport in central London, and companies are seriously taking on board the need to prepare their staff for emergencies." However, she said that, for the most part, companies had been lacklustre about putting people aspects at the top of the agenda. She urged companies to revisit their contingency plans and to make sure they pay particular emphasis to the 'people aspect'of those plans.
Businesses are not only still failing to cover people aspects in their plans they are also failing to share these plans with other people. The CMI survey found that only one in ten businesses with plans share these with suppliers and shareholders, while just one in five communicate this information to customers - despite being cited as key drivers for creating continuity plans. And only 7% require all suppliers to have a plan with one third (37%) of organisations requiring only business-critical suppliers to have plans. As well as sharing plans with suppliers and customers businesses should also be sharing these plans with neighbouring businesses too.
According to CitySafe, a provider of web-based emergency planning tools, continuity plans should not be considered in isolation. Businesses need to look beyond their own organisations and take responsibility for those around them, says Plans that are developed and tested in isolation run the risk of failing and, more worryingly, disrupting the plans of other businesses within close proximity, especially in high density areas such as London.
Businesses should talk to others on adjacent sites. A plan may work on paper but it may not be compatible with your neighbours'plans. For example, it's crucial the capacity of evacuation routes and rendezvous sites be assessed collaboratively. Businesses that are in multi-tenanted buildings should appoint one business to coordinate the plans of all tenants. Normally this will be the business managing the facility in many cases.
If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599.