A comprehensive business continuity management system (BCMS) consists of several operational components, all of which must be in place in some form to enable an organization to respond effectively to an incident. EMS Solutions provides consulting, support and training in all of the key areas listed below.
In order for any institution to recover rapidly from an unplanned event resulting in a major disruption of day-to-day operations, i.e., a crisis, the management team must have a well-designed and practiced set of response procedures and processes. Crisis Management procedures and processes must be tightly integrated with emergency response, disaster recovery, business continuity and crisis communications programs to respond effectively and in a timely basis. As disaster events over the past few years have tragically illustrated, companies need Crisis Management plans and teams that are robust, exercised well ahead of the event and ready for implementation.
An organization must fully prepare itself for such events. It must spend thoughtful time in advance determining strategies for senior management, key employees and departments that will enable them to assess the incident impact, respond to the needs of its employees and customers, and recover its time-sensitive activities in a timely manner.
Do you have a crisis management or business continuity plan that has not been exercised? How do you know if the plan will be effective in a crisis? There are really only two ways to find out. One is to have a crisis, the other is to conduct an exercise. The latter is more productive and certainly less stressful! EMS Solutions designs over 100 exercises a year and is an expert in design and facilitation. Let us help you create a powerful training experience.
The SARS-COV2 (COVID-19) pandemic has necessitated that the world as we know it migrate to a virtual way of working. Conducting crisis exercises are no different. We are now using two different platforms to deliver a powerful virtual experience – it all depends on your preference. Let us create a highly interactive and engaging exercise with your team members all working from their remote locations. After all, we are likely to be working this way well into 2021 and maybe much longer.
SARS-COV2 (COVID-19) Pandemic Support
Many organizations have required periodic or ongoing assistance since the beginning of the pandemic to continually adjust or tweak their organizations response. We are available to assist you with periodic questions or more detailed planning efforts on how to re-enter the workplace and protect employees and customers in this new and challenging pandemic work environment.
A pandemic event has characteristics that force significant changes to the organization’s response strategy. Specifically, unlike many other threats, a pandemic entails no direct physical damage to facilities, technology infrastructure, or regional transportation and communications systems. Rather, the risks associated with a pandemic event lie exclusively with people: the organization’s employees, customers, and suppliers. Additionally, the duration of a pandemic event will often be measured over several months or years, whereas many disruptive incidents end within a matter of days or weeks. These factors require the organization to develop a specialized plan that addresses the unique planning and response efforts specific to a pandemic event.
The ability to communicate quickly and effectively to key internal and external audiences often becomes the hallmark of a successful response effort. The Crisis Communication Plan articulates the organization’s communication strategies, roles and responsibilities specific to the task, target audience groups and the individuals accountable for maintaining appropriate communications with each, and templates designed to accelerate the process of creating key messages. The Crisis Communication Plan will also specify the authorities of the communications staff and the management relationship they will have with the corporate Incident Management Team.
Joint Information Center (JIC) Plan and Training
The Joint Information Center (JIC) Plan provides a framework for achieving the twin goals of timeliness and accuracy during disruptive situations. The JIC relies on a structured mechanism for organizing, integrating and coordinating information during a crisis event through an information hub called the Joint Information Center. This plan documents how the JIC helps facilitate management of communications during responses to disruptive incidents and other situations in which an organization needs to provide coordinated, timely, useful and accurate information to internal and external stakeholders, including the media.
Following such standards as ISO 22301, NFPA1600 (National Fire Protection Association Standard on Disaster/Emergency Management and Business Continuity Programs), and BCI (Business Continuity Institute) good practice guidelines, EMS Solutions can provide the objective BCMS assessment you need to uncover any program gaps, inconsistencies, single-points-of-failure, or conflicting interdependencies in your plans. An assessment may be tailored to address specific needs or areas of concern, but will typically include:
- Assessment of program-level policies, goals and objectives, roles, responsibilities and authorities, management oversight processes, and continuous improvement protocols.
- Review of all operational elements of the program
- Evaluation of program validation procedures (e.g. testing and training).
Program Governance defines the business continuity program from the perspective of corporate policy, fundamental program goals and objectives, responsibilities and authorities of various roles within the program, and other subjects that define how the program will be administered.
A Business Continuity Plan (BCP) contains the detailed information necessary to implement identified business process recovery strategies. The typical BCP focuses on a department (or other work group, as may be identified by the organization) that has operational responsibility for one or more business processes that must be recovered in the aftermath of a disruptive event. The BCP will contain, at minimum, the resources needed to recover business processes within their identified Recovery Time Objectives (as documented in the Business Impact Analysis) and the procedures to be used in executing that recovery.
The essential purpose of the Business Impact Analysis (BIA) is to identify all business processes that the organization executes to accomplish its goals, and evaluate them as to the impacts that would be incurred over time in the event of their disruption. The result of this analysis yields a Recovery Time Objective (RTO) for each process, the time within which the process must resume execution to prevent an unacceptable loss to the organization. The BIA is a primary planning document for the operational elements of the business continuity program because it frames, in aggregate, the priorities and timelines for all business process recovery activities.
The Risk Assessment identifies all threats the organization faces and the relatively priority of those threats against one another based on the likelihood and potential impact of each threat. While the Risk Assessment does not have a direct bearing on the operational aspects of the business continuity program, it is essential as a mechanism for driving the organization’s risk prevention and mitigation activities, designed to prevent disruptive incidents from occurring in the first place. The Risk Assessment effectively extends the scope of the BCMS from tactical “response and recovery” to the broader notion of “organizational resiliency.”
Employees and internal first responders such as floor wardens must know what to do during an emergency. Your plans must include clear, simple and easy to follow instructions for the emergencies that are likely after reviewing your hazard risk analysis.
We are proud of the interesting and challenging work that we have been doing since 1982. Our clients run the gamut from large multinational corporations to smaller not-for-profit organizations, and on four continents. We are committed to provide a highquality product and to meet the needs of our diverse client population. We strongly believe in knowledge transfer, knowing that sharing our deep knowledge and processes will make our clients more resilient and ready should the time arise for them to respond to an untoward event.
These projects showcase some examples of our work. Please review them below and reach out to us if you have any questions.