How Crisis Management connects all areas of resilience.

By Jose Miguel Sobrn 2012

(Feel free to reproduce, copy or use in public performance of this work, it has no restrictions for research purposes or publication while referring the article and author)

Purpose
The definitions below are meant to describe the response process in response to any event ranging an emergency to any crisis taking place at any Organizational Headquarters. The four basic components of the Organizational Resilience Management System (ORMS) in a non profit international organization are: 1. CRISIS MANAGEMENT (CM) 2. DISASTER RECOVERY (DR) 3. BUSINESS CONTINUITY (BC) 4. EMERGENCY OPERATIONS (ICS) or First Responders: a. Safety and Security b. Medical c. Human Resources d. Building Management e. Victims Support f. Psychological Support

This umbrella covers the majority of the possible areas where events can affect the regular flow of operations within Headquarters. These events are defined within the four areas as:

CRISIS MANAGEMENT (CM): A crisis is an event that affects any Organization as a whole, starting from different areas or a combination of them (Security, Financial, Staff, Public Image, Political, etc). Any emergency can become a crisis, not every emergency is a crisis. CM tries to combine Organizational efforts to overcome a crisis. Crisis Management is related to Senior Managers, Crisis Response is related to Units and first responders, Crisis Support are all the mechanisms supporting both. DISASTER RECOVERY (DR): A critical disruption of ICT services is an event that affects Organizational capabilities to continue or resume the ICT infrastructure. IT DR is the process, policies and procedures related to preparing for recovery or continuation of any technology infrastructure critical disaster. BUSINESS CONTINUITY (BC): BC planning is directed to ensure that critical business functions will continue under all kind of circumstances. A business disruption is an event that affects a part or the whole Organization in its capability to continue their operations as usual. Depending on the magnitude and duration, it could become a crisis. EMERGENCY OPERATIONS (EmOps): An emergency is an event that due to its characteristics is expected to happen regularly. EmOps require specific protocols to deal with these specific situations and are automatically managed by dedicated units alone or in combination (Security, Safety, Evacuation, Medical). When the emergency trespasses a certain magnitude, is catastrophic in nature or is unexpected, then it becomes more than an emergency, it becomes a crisis.

ORMS Phases
The three major phases of an emergency or crisis event are: 1. Preparedness: Preventive actions which can be taken before an event occurs, Indicators to be translated into preparation and mitigation. 2. Response appropriate to the nature of a crisis: a. Pre-Activation (Indications of warning of a potential or actual crisis) and Assessment (of the development current situation, and of its potential or actual implications for the Secretariat and AFPs) b. Activation, (development of recommended response options to guide COG/SEPT decision making) c. Recovery: Recovery from the evolution from the aftermath into the middle term scope to a longer term recovery/relocation after a crisis (if necessary)1 . Planning and execution of COG/SEPT decisions and directives or guidelines. 3. Reconstitution or return to stability.
.

The Business Continuity, Disaster Recovery and any Emergency Response Plans will play a paramount role on these phases.

The flow that enchains the four different ORMS phases follows the chart 1 (below).

The process below is meant to describe at the HQ a crisis escalation process in response to an event ranging a problem to a disaster taking place at HQ.

How crisis management connects all areas of resilience:

Executive Board

Board CMTeam Chief Security

Chief ICS

Chief ICS

911/112 emergency Services in charge

An alert is communicated by any involved organizational unit and will go through an escalation process and a report. An alert can be due to a simple interruption or a major emergency; depending on whether the interruption can be resolved by the respective organizational unit or not, the response will be escalated as per the description above. This process is in line with the ORMSs emergency response framework. It is expected the assumption of the control of the event is taken by the emergency governmental services for an undefined period of time, minimum the first hours.

Definitions
1. PROBLEM A problem is an event that leads to or may lead to a business disruption, a failure, a lost or a limitation of service quality. Problems are usually part of day to day operations and are typically handled as part of Business As Usual (BAU) processes. Events can result in the invocation of the escalation processes and reports mechanisms of Security, IT, or Facilities. An event can also result in the invocation of escalation processes and reports from other organizational units. Protocols are typically in place for the handling of incidents during the normal course of business operations. If the problem cannot be resolved by the respective BAU process, then it is defined as an incident. 2. INCIDENT An incident may be an event which is not part of the standard operation of a service and which causes, or may cause, an interruption to, or a reduction in, the quality of service. An incident could be an outcome of one or more problems, for which the cause might be unknown, but which have a limited impact on business operations. If the interruption can be resolved within the Recovery Time Objective (RTO) of critical functions and by respective BAU processes, then the BAU incident resolution is invoked to restore operations to BAU. If the interruption cannot be resolved within the RTO of critical functions, the Incident Response Team (IRT) meets and determines if the incident is significant enough to activate any plan immediately. If immediate activation of the first response plan is required, then the plans are activated and the focal point of the organizational unit involved communicates to the Chair of the Crisis Management Team (CMT). If the incident does not require an immediate activation of any plan, the IRT (or the higher echelon, depending on severity of the incident) meets and analyses the situation. If the incident cannot be resolved by the respective BAU processes or the first response plans alone then the incident is deemed a crisis. 3. CRISIS A crisis is the consequence of one or more incidents or emergencies, for which the cause might be unknown, but which may have a significant impact on business operations or life, health and property. Crisis events are handled as part of the Crisis Management process. If the incident is not considered significant enough to activate emergency plans, then it is analyzed to see if assembling the CMT and/or Divisions CMT,s is necessary.

If this is not necessary, then the issue is resolved at the current escalation level with existing BAU protocols. o If this is necessary, the CMT or the board meets and analyzes the incident. If the activation of any plan is necessary, the incident is considered a crisis and plans are invoked, activated immediately and communicated by the CMT, the CEO and the Board members. If the Divisions invoke any internal plan, then they communicate the activation of the plans to the CMT. o

4. EMERGENCY OR DISASTER An emergency is a crisis situation for which there may be an immediate threat to life, health and property. Emergencies are usually responded to by pre-defined solutions and mitigation plans (e.g. life safety staff evacuation plans, backup power generation plans, etc.). Emergencies are handled as part of the Crisis Management process. A disaster is a major crisis causing widespread disruption to services, property or similar large scale event that requires immediate and quick response. A disaster is handled as part of the Crisis Management process too. The following plans can be activated: Business Unit Contingency Plans Contingency Planning Sites Emergency Response Plans (first response plans) IT DR Recovery Plans Once these plans are activated, operations are restored at Alternate Recovery Sites. Then business facilities and technology are restored from the recovery stage back to BAU, thus restoring BAU for all operations.

Tempo
From Latin in music: the speed at which a piece or passage of music is meant to be played, usually indicated by a musical direction (tempo marking) or metronome marking. Regarding crises: the tempo is the speed to react or respond to an event meant to be one by the planning but in reality marked by the Crisis Director who combines his response based on both, the impact of the event with the planning and the real capabilities to respond at that specific moment of time. The Crisis Manager is required to be a person whos being thriving in the mud for some time. This cannot be learned or thought, it can be depurated but never invented or created by a coach. It is related with leadership, charisma and innate natural capabilities. We need that person and we need to realize that no assumptions should be made about the fitness of any individuals for crisis management roles, irrespective of their seniority in the organization (PAS 200:2011 Crisis Management-Guidance and Good Practice). The tempo directly connects with the Impact Based Scenarios Methodology that focuses on the impact received and not the event.

Severity Impact Chart

The Severity of Impact Chart has been designed as a basic indicator of the impact of a crisis on staff, operations and assets, for crises environments.

To keep consistency with other UN Risk Assessments the following three main areas were considered: 1) Staff, 2) Operations and 3) Assets with a collateral reference to 4) Tempo

Impact based scenarios (IBS) methodology

The impact based scenarios methodology (IBS) is a tool that provides during crises: 1. An easy to do estimation of the severity of a situation. 2. Open scenarios regardless of the threat and exclusively based in the impact received. 3. A quick and common language by a simple numerical code to identify and easily understand or describe the impact of any event on the three different areas: (Staff, Premises and Operations). e.g. A numerical code (5-3-3) means Extreme or Critical Impact on Staff (5); and relevant (3) impact in both Premises and Operations. Using this methodology a range of 4 flexible scenarios is defined (it could be many other ways too depending on the organization): o Scenario 1: There is limited impact (All are either 1 or 2) in all of the main three areas: staff, premises and operations. E.g. (1-2-2) Scenario 2: There is 2 or more relevant (3) impact in any of the main areas: staff, premises or operations. E.g. (1-3-3), two 3s. Scenario 3: There is minimum 1 severe (4) impact in any of the main three areas: staff, premises or operations. E.g. (4-1-2)

Scenario 4: There is minimum 1 extreme (5) impact in any of the main three areas: staff, premises or operations. E.g. (1-5-2) A detailed description with examples can be found in Annex 10 Impact based scenarios. Every Division is expected to communicate the estimated impact received to the CMT following this model. The CM assessment and analysis will be based on the four degrees of impact based scenarios methodology explained afterwards. The Severity of Impact Chart is intended to be used as a trigger descriptor for the CMT, the CEO and the Board members.

Jose Miguel Sobrn 2012 (Feel free to reproduce, copy or use in public performance of this work, it has no restrictions for research purposes or publication while referring the article and author)