"A disaster plan is a set of promises that a company makes" to employees, stakeholders, and the community, writes William Lokey, program director for James Lee Witt Associates. His 2009 Security Management article, Don't Let the Plan be the Disaster, compares how several companies responded to Hurricane Katrina. In some instances, the company's emergency management plan left them unprepared to provide even basic necessities for their employees. Others activated their plans and not only survived but also helped nearby businesses resume operations.

The variable, then, was not the plan but how it was put into action.

If your emergency management plan is collecting dust, now is the time to revisit its content since September is National Preparedness Month (NPM) in the United StatesASIS resources provide inspiration to revisit existing emergency management plans and refresh the content based on the probability that a natural or manmade disaster could bring a company to its knees.

Still need an incentive? Embrace the NPM theme: Don't Wait. Communicate. Make Your Emergency Plan today!

» View Past Security Spotlight Topics

 Free Resources (login required)

Security and Emergency Preparedness
Recorded Webinar, March 2013

Effective Crisis Management
Seminar Session 2012

Evacuations: Where Is Everybody?
Seminar Session 2012

Free Resources

Security and Emergency Preparedness
Recorded Webinar, March 2013
Sponsored by the ASIS International Commercial Real Estate Council and BOMA International

Speakers: Carlos Villarreal, CSP, senior vice president, SecurAmerica, LLC, Commercial Real Estate;
LaNile Dalcour, security director, Brookfield Properties.

The speakers explore how two types of emergencies affect a business and its employees: workplace violence, specifically active shooter incidents, and natural disasters, specifically Hurricane Sandy.

Noting that there had been twenty mass shootings per year between 1976 and 2011 and in light of recent high-profile incidents, the speakers presented a five-step response plan that employees should follow when coping with an active shooter situation, including “take note of the two nearest exits in any building,” and “if you are in an office, stay there and secure the door.” They also discussed how a weather emergency can affect all phases of a business, including its revenue, reputation, and vendors as well as its employees and their families.

A key factor in both types of incidents is a business continuity plan that focuses on the company’s access control system, which must be up to date to account for employees during an emergency. Villarreal and Dalcour recommend the following access control best practices:

  • Conduct internal audits monthly to ensure that the system is functioning to the manufacturer’s specifications.
  • Audit card numbers monthly to look for duplicates.
  • Distribute quarterly employee rosters to tenants for updating.
  • Purge the database quarterly.

Effective Crisis Management
Seminar Session 2012

Speaker: Lawrence Berenson, CPP, Senior Security Advisor

After defining just what constitutes a “crisis,” Berenson explains how to develop a crisis management plan in five steps:

  • Risk Assessment, or what could go wrong?
  • Impact analysis, or how will the risk affect the business?
  • Identify strategies to mitigate the risk and write the plan.
  • Test the plan.
  • Sell the plan.

When working through the second step, Berenson suggest using an impact analysis matrix that charts various risks depending on their high or low probability and high or low business disruption. Based on these results, appropriate security strategies can be implemented to mitigate the most probable and the most disruptive risks to the business. He spends the last portion of the session discussing how to sell the plan to executives, including citing “near misses” a similar business encountered, identifying the cost of a disaster with the help of corporate finance, and finding a champion for crisis management testing within the C-suite.

Evacuations: Where Is Everybody?
Seminar Session 2012

Speakers: Mark Theisen, CPP, director corporate security & business resilience, Thrivent Financial;
Randy Rickert, manager, security operations, Thrivent Financial.

The speakers detail how they developed an automated approach to account for employees during an emergency evacuation. The mandate for change came from the company’s executives who had been involved in two previous disasters: the 9/11 terrorist attacks and the 1-35 bridge collapse. While supportive of the company’s emergency programs, they also issued a directive: improve the process for accounting for employees. The speakers evaluated the current evacuation plan and revised the process over 18 months with the following results:

  • With multiple buildings and sites in two states, the original evacuation plan took 45 minutes to complete, moving all employees to parking lots with managers accounting for their employees.
  • Noting the many flaws in that process, the two men created a vision: an integrated system for mass communication and a simple way to account for people using existing access control cards.
  • After testing and evaluating through five phases, the new system enabled 1,429 employees to clear the buildings and be checked in 7 minutes, and be back in the building in 14 minutes.


Members-Only Resources

Emerging Crisis Management Trends: The Risks and Controls
of the Future

Seminar Session 2014

Speaker: Bruce Blythe, chairman, Crisis Management International.

Recent surveys of CEOs and corporate board members ranked risk to the company’s reputation as their number one concern. These results have a major implication for security, says Blythe. If emergency plans focus on protecting the company’s reputation, security directors will get the attention of their corporate executives. Predicting which risks might affect a company’s future requires looking at prerequisites or patterns and dealing with a crisis from a strategic, not tactical, point of view. Before outlining 19 potential crises, Blythe advocates an enterprise risk management philosophy that security leaders need to address:

  • Core assets: what assets—people, reputation, intellectual property—are at risk?
  • Impacted stakeholders: how will employees, investors, competitors or others be affected?
  • Anticipation: where are the patterns leading, is the response integrated, and is the focus on the right crisis?

Learning from an Area-Wide Crisis: The Boston Blackout
Seminar Session 2013

Speakers: Alan Snow, CPP, director, safety and security, Boston Properties;
Paul Caruso, district manager, AlliedBarton Security Services

Using a detailed timeline and graphic videos to underscore the shock and chaos that ensued during the three-day power outage, the speakers provided first-hand accounts of how they coped with this crisis. While the scope of emergency was unprecedented, the two speakers underscored the fragility the nation’s electrical grid, 70 percent of which is more than 25 years old. Both men assumed huge responsibilities during the crisis: Snow oversaw Prudential Center Boston, which accommodated 60,000 people per day. Caruso dealt with client crises as well as the compromise of the company’s regional headquarters. Explaining how the crisis unfolded in phases and lessons learned, the speakers focused on several challenges for security:

  • The nature of the crisis changed over time, from a HAZMAT event to a power outage.
  • Communication sources were unreliable but critical to executing the emergency management plan.
  • Securing buildings to prevent unauthorized pedestrians from getting in was as important as issuing shelter in place messages to employees and then evacuating them.

Sources of Information on Preparedness
ASIS IRC Reference Guide

A comprehensive review of the Standards and Guidelines, books, Security Management articles, recorded Webinars, and recorded Annual Seminar Educational Sessions available through ASIS that can assist security professionals as they prepare for and respond to emergencies in their companies and communities.