Steven C. Early 2017-07-17 12:06:19
how business continuity planning goes beyond emergency response “Three things are certain: death, taxes and you don’t have an OSHA-compliant emergency action plan.” Facility managers are accustomed to adapting customized solutions to client’s facility requirements, making them innately well-suited to a crucial role within emergency and business continuity planning. And as the nature of business is to remain in a constant state of flux, FMs are also adept at taking on the role of change agent — sometimes unofficially. Ensuring normal business resumes quickly after a critical event and taking responsibility for the life safety of facility occupants is another area in which FMs “sometimes unofficially” find themselves. The workplace is susceptible to a range of threats and risks. Without a formal recovery strategy or someone authorized to lead it, businesses could face further catastrophes. One of the worst mistakes an organization can make is to settle for a simplified solution to the complex necessity of business continuity planning. The tendency to downplay business resilience following an emergency nurtures a dangerous denial, encouraging impromptu responses to unpredictable events. In their article, “The Five Things You Need to Know About Business Resilience Planning,” Maureen Roskoski and Steven Clawson of Facility Engineering Associates (FEA) note, “an emergency response plan is not enough — an effective business continuity plan is the cornerstone of effective planning efforts, and will frame your ability to respond, resume and recover.”2 The Business Continuity Institute (BCI) Horizon Scan Report, an essential resource for business continuity, risk and resilience, identified cyberattacks as the No. 1 threat in 2016 and 2017.3 In the 2017 report, adverse weather moved up three places from last year to enter the top five. And don’t overlook risks within risks — a snapshot poll conducted by an identity and access management solutions company revealed that “bored and distracted employees could be the biggest data security risk.”4 Due to the human element in the workplace, businesses must be vigilant in meeting regulatory and compliance requirements. Facility managers are used to operating within the legislative framework, placing FMs in a unique position to not only act as change agents for improving preparedness and response procedures; but also, officially leading them. Turn to page 57 to read more about the 2017 BCI Horizon Scan Report and measures FMs should consider to prepare for disruption. IN CASE OF EMERGENCY, BREAK GLASS Many organizations are not in compliance with the law, let alone actually prepared for an emergency.1 Regulatory and compliance burdens with respect to emergency planning vary by geographic location and industry; but organizations in the United States must meet certain basic Occupational Safety and Health Administration (OSHA) standards, regardless of size, location or industry. Companies in countries outside the U.S. are bound by similar requirements that they too fail to achieve. The authors of “Soft Targets and Crisis Management: What Emergency Planners and Security Professionals Need to Know,” Drs. Michael J. Fagel and Jennifer L. Hesterman reveal, “Responsibility for security is often passed on to owners and operators who have no training and few resources. In military terms, we are leaving our flank exposed.”6 Those of us responsible for a company and its assets have an ethical duty to protect the people in our charge. Failing to successfully fulfill what, in American legal parlance might be termed “affirmative duty of care,” can result in civil, personal and criminal prosecution. U.S. regulatory bodies have become more stringent. Over the past several years, 11 CEOs have been indicted — eight imprisoned — on charges related to negligence during an emergency that resulted in harm or death. FM IS THE NEXUS As the nexus between the built environment and all other areas of the business — finance, information technology, human resources, C-suite — FMs are positioned to assess threats throughout the organization, integrating them into a cohesive business continuity plan. Disaster recovery experts Al Berman and Anthony Pizzitola write, “For a facility to maintain business continuity, it must be inspected with risks being identified, controlled and corrected.”8 However, business resilience initiatives need the full support of senior leadership, and the cooperation of your counterparts in connected services. Without allies, even the most comprehensive plan to safeguard life and property will come to naught. Bo Mitchell, a nationally recognized expert in the field of emergency management and preparation, agrees that the first step any facility manager should take toward emergency preparedness is to perform a thorough threat assessment; but cautions that devoid of a coalition of internal stakeholders in support of a business resilience plan, the facility manager is unlikely to break through the denial that such a plan is necessary. According to Mitchell, “If the expertise and drive existed within the organization to properly develop a plan, they would likely have already done so.” MAINTAIN FOCUS, MANAGE RISK, INTEGRATE PROCESSES Emergencies affect everyone; so everyone, regardless of position, should be thoroughly prepared to take appropriate action. Yet, emergency response plans on their own are not enough to ensure that people navigate and resolve the crisis safely. The plan should include organization-wide communication, mandatory training and periodic drills. Rapid, practiced response to emergencies is especially necessary in larger facilities and complexes. In addition to careful study of applicable standards, facility managers can look to established best practices as guides in crafting an emergency preparedness communication and training plan. Adopting field-tested tools and practices for your own needs is part of the art and science of facility management. This may also entail “cooperative activity,”9 wherein similar or neighboring facilities come to an agreement on collaborative roles supporting functions such as emergency planning. In a case study on business resilience, “Equipping You for Success: An ISO 22301 Case Study,” FEA notes that: “Certification can add value; but more importantly, adopting and leveraging standards can contribute to improved performance in most cases. By simply adopting standards, even without certification, organizations realize value in three areas: maintain focus, manage risk and integrate processes.”10 The global economy requires organizations to safeguard supply chains to the extent stakeholders and customers are assured successful delivery on the promise of product. Standards such as ISO 2230111 and NFPA 160012 coupled with certifications establish standardized business continuity practices, in turn allowing businesses to select supply partners based on adherence to said standards. LEADERSHIP, HONESTY AND COMPASSION Effective response to crisis dramatically mitigates the loss of life and curbs company stock valuation loss commonly associated with critical events. This is due to stakeholder confidence. Organizations must perform a comprehensive analysis of standards to find the right fit. Companies must also examine key performance areas and what might impact them through a business impact analysis. What works for one organization may be ill-suited for another, so it is important to take the necessary time and effort to build specific plans for long-term success based on the organizational mission. Facility professionals need to carefully analyze the requirements of stakeholders, and fully invest in education on business continuity practices, standards and certifications. One of the most compelling resources garnering interest in business resilience planning among senior management is a report by Rory Knight and Deborah Petty. The authors advise that “firms are more likely to experience efficient value recovery if they demonstrate strong leadership, honesty and compassion.”13 Careful study of this report will allow FMs to draw a clear picture of the correlation between company valuation in the face of how well (or how badly) the company handles emergency recovery. FROM TORNADOES TO PAPAL VISITS A growing wealth of online resources can be of great assistance in emergency and business continuity planning. While the following aids are U.S.-based, the core premises can be adapted to other locales: • U.S. Small Business Administration www.preparemybusiness.org • NIMS 100 Course training.fema.gov/is/courseoverview • FEMA NIMS www.ready.gov/severe-weather It is also worthwhile to investigate resources addressing specific scenarios, such as the case study by Emma Paras et al. detailing the layers of emergency planning performed in preparation for a Papal visit to Philadelphia in 2015.14 There is much to be learned from large-scale emergency planning for mass gatherings, especially from a “you never know” perspective. Regardless of the practices you choose to follow or which approach to resilience planning fits your organization best, all FMs should dedicate themselves to preparing their facilities and the people inside fully — ensuring to the greatest degree possible that all in their charge remain safe through the tumult of an emergency and resume business quickly afterward. REFERENCES 1) Mitchell, B. Founder and President, 911 Consulting. (2017, May 20). Personal Communication. (S. Early, Interviewer). 2) Roskoski, M., Clawson, S., FEA. (2017, March). “The Five Things You Need to Know About Business Resilience Planning.” (FEA, Producer) Retrieved May 15, 2017. fmlink.com/articles/five-things-need-know-businessresilience-planning 3) www.thebci.org/index.php/businesscontinuity/cat_view/25-threats-andhorizon-scanning/26-horizon-scanning/168-bci-resources 4) www.continuitycentral.com/index.php/news/technology/2071-boredand-distracted-employees-are-biggest-potential-information-security-risk 5) Roskoski, M. Senior Professional and Corporate Sustainability Officer, FEA. (2017, May 17). Personal Communication. (S. Early, Interviewer). 6) Fagel, M. J., and Hesterman, J. (2016). Soft Targets and Crisis Management: What Emergency Planners and Security Professional Need to Know. Boca Raton, Florida, USA: Taylor & Francis Group, LLC. 7) DeTienne, L., CFM, CFMJ. Vice President, National Catastrophe Restoration Inc. (2009). Are You Disaster-ready? Facility Management Journal. 14-16. community.ifma.org/knowledge_library/m/free_fm_content/1056804 8) Berman, A., Pizzitola, A., CFM. (2012). Sustaining Your Business After a Disaster. Facility Management Journal. 46-49. community.ifma.org/knowledge_library/m/free_fm_content/1056856 9) Matthews, G., Feather, J. (2016). Disaster Management for Libraries and Archives. London: Routledge. 10) Roskoski, M., and FEA. (2017). Facility Asset Management: Business Resilience. (FEA, Producer) Retrieved May 16, 2017. www.feapc.com/services/facility-asset-management/business-resilience; www.feapc.com/wp-content/uploads/2017/05/FEA-Certification-Case-Study.pdf 11) “ISO 22301:2012 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.” The International Organization for Standardization. (2012, June 14). ISO 22301:2012. (ISO, Producer) Retrieved May 18, 2017. www.iso.org/standard/50038.html 12) The NFPA 1600 standard “was adopted by the U.S. Department of Homeland Security as a voluntary consensus standard for emergency preparedness, and the National Commission on Terrorist Attacks Upon the United States (the 9/11 Commission) recognized NFPA 1600 as our National Preparedness Standard.” National Fire Protection Association. (2016). NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity/Continuity of Operations Program. (NFPA. org, Producer) Retrieved May 17, 2017. http://catalog.nfpa.org/NFPA-1600-Standard-on-DisasterEmergency-Management-and-Business-ContinuityContinuity-of-Operations-Programs-P1438.aspx 13) Knight, R. F., Petty, D. J., and Metrica, O. (2005, May 05). Protecting Value in the Face of Mass Fatality Events. Retrieved May 15, 2017. http://oxfordmetrica.com/public/CMS/Files/601/04RepComKen.pdf 14) Paras, E., Butler, M., Maguire, B. F., and Scarfone, R. (2017, April). Emergency Preparedness for a Mass Gathering: the 2015 Papal Visit to Philadelphia. Disaster Medicine and Public Health Preparedness, 11(2), 267-276. doi.org/10.1017/dmp.2016.12 “Three things are certain: death, taxes and you don’t have an OSHA-compliant emergency action plan.”1 “Most facilities groups are familiar with emergency preparedness, and many probably have some documentation onsite as far as what to do in case of an emergency. But are you truly ready to efficiently resume business after an emergency or a major disruption?”5 “A professional facility manager does not question the possibility of a disaster occurring, but asks: What type of disasters could happen, and when?”7 “A plan that is not communicated to your employees, and not practiced and updated periodically, is merely a plan to fail.”7 “Everyone from every corner of the organization plays a role in business resilience and has something to benefit from the continuity of business-as-usual.”5 “Life safety is a core management responsibility. There are those that believe that is the first responsibility of any employer.”1 CONTRIBUTORS Connect with all three on LinkedIn STEPHEN CLAWSON is a consulting staff professional at Facility Engineering Associates (FEA). He is a graduate of Brigham Young University where he majored in construction and facilities management. His experience at FEA has exposed him to elevated thinking and high-performance FM principles, broadening his perspective of the FM industry to include business resilience and reinforcing his appreciation for the built environment. BO MITCHELL is the founder and president of 911 Consulting. He holds numerous certifications and designations, including: CEM, CPP, CBCP, CAS, CSI-ML, HSEEP, MOAB, CHCM, CHSP, CHS-V, CSSM, CSHM, CFC, CIPS, CSC, CESCO, IAC, TFCT3, CERT, CMC, and CHEP. Mitchell served as Police Commissioner of Wilton, Connecticut, USA, for 16 years. He retired in February 2001 to found 911 Consulting with the mission to protect people at their workplaces during emergencies. MAUREEN ROSKOSKI, CFM, SFP, LEED AP O+M, is a senior professional and the corporate sustainability officer at FEA with 20 years of experience in facility management consulting. She has worked with clients on organizational assessments, FM technology process improvement, sustainability and resilience planning. Roskoski is also FEA’s business continuity lead, managing FEA’s Business Continuity Management System. She led the effort to achieve ISO 22301 Business Continuity Management System certification for FEA’s Fairfax, Virginia, USA, office in January 2016. STEVEN C. EARLY, CFM, FMP, is a professional member of the Capital Chapter of IFMA. For more than eight years he has advocated for hospice and palliative care as operations specialist at the National Hospice and Palliative Care Organization located in Alexandria, Virginia, USA. He holds an undergraduate degree in English with a minor in Business Supply Chain Management from the University of Maryland University College as well as an Associates of Applied Science in automotive technology from Northern Virginia Community College. Connect with Early on LinkedIn www.linkedin.com/in/stevenearly-202b4143 or on Twitter @Steven_C_Early.
Published by International Facility Management Association . View All Articles.
This page can be found at http://fmj.ifma.org/article/Business+As+Usual/2833551/424349/article.html.