Transcript Slide 1

9/11. Katrina. Virginia Tech.
The worst disaster you will see is
the one that happens to
you or your business
The success of your organization relies on the preparedness of
people
Almost 2/3 of companies that
suffered a disaster experienced
lost business
CONTROL CRITICAL SUPPLY CHAINS
TRAIN EMPLOYEES FOR BOTH WORK & HOME
IDENTIFY & MONITOR ALL THREATS & RISKS
CONDUCT EXERCISES & UPDATE PLAN
DEVELOP CRISIS COMMUNICATIONS PLAN
PREDICT. PLAN. PERFORM.
CONTROL CRITICAL SUPPLY CHAINS
TRAIN EMPLOYEES FOR BOTH WORK & HOME

IDENTIFY & MONITOR ALL THREATS & RISKS
CONDUCT EXERCISES AND UPDATE PLAN
DEVELOP CRISIS COMMUNICATIONS PLAN


Identify & Involve
 Critical Suppliers
 Critical Functions
 Critical Employees
What If Exercises
Establish How To:
 Monitor
 Communicate
Virginia Tech was the definitive episode of
Violence in the Workplace
Almost every disaster, incident of
school/workplace violence and act of
terrorism was preceded by warning signals.
 Pastoral setting:
 Physically-intact campus
 Traumatized community
 Media circus
 324 Media outlets
 140 Satellite trucks
 $4 million by major network in first week



Transparency
Framing messages
Controlled accessibility
 Established call center to broker access and
provide information
 Signage on campus buildings when classes
resumed


Metrics
Timeline

Initial shootings in West Amber-Johnston Hall
Lovers’ triangle
 Absence of students to interview


Immediate arrest of ‘suspect’
Boyfriend left “in a hurry”
 Guns found in truck


Norris Hall response

Nine minutes from entry to end of shootings

Time alters our perception of risk

It can’t happen here.

It can’t happen to me.

It won’t be so bad.

I’m smarter and better prepared.
“There cannot be a crisis next week. My
schedule is already full.”
Henry Kissinger


Public Law 110-53, Title IX
Business environment at greater risk
Natural disasters
 Pandemic threat
 Terrorism
 Economy at risk


Governance requirements
Disclosure issues
 Regulatory guidelines
 Sarbanes-Oxley
 Looming litigation

83% OF BUSINESSES WILL LOSE 20% TO 30% OF
THEIR SHAREHOLDER VALUE IN 5 YEARS AS A
RESULT OF A DISASTER OR CRISIS.
80% OF CONTINUITY PLANS HAVE NEVER BEEN
TESTED.
70,000+ DISASTERS OCCUR ANNUALLY IN THE U.S.
40% OF BUSINESSES STRUCK BY A DISASTER
NEVER REOPEN, AND 25% OF THOSE THAT
REOPEN CLOSE IN TWO YEARS.
PREPARE AND PLAN
MONITOR AND TAKE ACTION
MANAGE AND
MITIGATE
RETURN TO
‘NORMAL’
PRE
IMMINENT
DURING
RECOVERY
EVERYTHING
IS
FORESEEABLE
ANYONE MAY BE FOUND
ACCOUNTABLE

Business environment is less forgiving

Risk management is usually internal, but
external risks have not been addressed

Systemic risks have not been a focus – how to
survive a major industry-wide event
Earthquakes Extreme Heat Fires Floods Global Warming Hazardous
Materials Hurricanes Landslides Multi-Hazard Nuclear Pandemic
Power Outages Terrorism Thunderstorms Tornadoes Tsunamis
Wildfires
Extreme Heat
Hurricanes
Winter Storms Workplace Violence Dam Safety Earthquakes
Fires
Landslides
Floods
Nuclear
Thunderstorms Tornadoes Tsunamis
Earthquakes Fires
Nuclear
Floods
Pandemic
Hazardous Materials
Pandemic Power Outages Terrorism
Global Warming
Volcanoes
Wildfires
Global Warming
Power Outages
Terrorism
Winter Storms
Hurricanes Landslides
Thunderstorms
IMPACT
WARNING
DANGER
HIGH IMPACT / LOW
CERTAINTY
HIGH IMPACT / HIGH
CERTAINTY
AWARENESS & CONTINGENCY
PLANNING
CORPORATE GOVERNANCE &
PREACTION PLAN
NORMAL
LOW IMPACT/ LOW
CERTAINTY
OPERATIONS
LOW IMPACT / HIGH
CERTAINTY
CERTAINTY
Work &
School
Stake
holders
Family &
Friends
YOUR
COMPANY/
Customers
CLIENTS Critical
Employees
Suppliers
DISASTER
• FINANCIAL
• STRATEGIC
PROCESSES
PROCESSES
WITHIN EACH
ENTITY
THAT MOVE
IN & OUT
OF ENTITIES
FRAMEWORK
IMPACTS
TO MITIGATE
EXPOSURES &
OPTIMIZE
RECOVERY
OF CRISIS
ON
BUSINESS &
PEOPLE
• OPERATIONAL
• EXTERNAL
FAILURE TO PLAN
GOVERNANCE
INSURANCE
NEGLIGENCE
LEGAL
OSHA
MEDICAL
PRIVACY
HR
BENEFITS
DISCRIMINATION
FORCE
MAJEURE

SYSTEMS DO NOT PROTECT PEOPLE

SERVERS CANNOT INITIATE ACTION

NETWORKS WILL NOT BE HELD ACCOUNTABLE

NO PEOPLE → NO RECOVERY
Every Crisis is a Human Crisis.
Every Crisis is a Human Crisis.
Disasters result in high absenteeism:
Train 3 employees for each critical task
2+ backups for
• Critical tasks and
business functions
• Software and data
exchange
File a written
record of each
backup’s contact
and access data
Documentation
should be
updated every 6
months
PREDICT
PLAN
PERFORM
• Who is the audience?
• What are their concerns?
• Tailor message, messenger, and media
• Format to the stakeholder
• Focus on the 3 key messages
Easily
transmitted
human to
human
Lack of
human
immunity
Highly
virulent
organism
 Contact Transmission
Direct Contact
P1
Indirect Contact
P1
P2
P3
 Droplet Transmission
P1
P2
 Airborne Transmission
P1
P2
44
3 hour Flight; Hong Kong to Beijing, March 15, 2003
18 Cases
4 Deaths
Index Case
Crew Member
Probable
Case
“Preparedness is not a luxury; it is a
cost of doing business.”




Public Law 110-53, Title IX
Situation in Mexico
Bio-terrorism
Workplace Violence
In the “Implementing the Recommendations of the
9/11 Commission Act of 2007” (the 9/11 Act), Congress
mandated the Department of Homeland Security (DHS)
to provide “voluntary” preparedness certification and
“develop guidance or recommendations and identify
best practices to assist or foster action by the private
sector” across a wide range of business continuity
practices.
U.S. security no match for Mexican drug cartels
The Obama administration
announced this week it is sending
hundreds of federal agents and
crime-fighting equipment to the
Mexican border to try to make sure
violence from Mexican drug cartels
doesn't spill over into the U.S. –CNN,
March 27,2009
Bio-terrorism – Al Qaida and the Plague
The story began with a Jan. 6
newspaper Echorouk that a
of the plague in one of
Tizi Ouzou. Another
En-Nahar,
report in the Algerian
number of terrorists had died
al-Qaida training camps in
Algerian newspaper
affirmed that 50
terrorists have been diagnosed with
the plague, 40 of whom have already died.

Businesses are bracing for more crimes
committed by both external and internal
perpetrators in a rough economy:
 The worry is that poor market conditions will result in
more burglaries, and
 Company layoffs could increase cases of
embezzlement, theft and workplace violence by
disgruntled workers
 Domestic violence is moving to the workplace
Any physical assault, threatening behavior, or verbal
abuse occurring the work setting. It includes, but is not
limited to:
 Psychological




Intimidating presence
Harassment (being followed, sworn at, or shouted at)
Obscene phone calls
Threats
 Physical





Beatings
Rapes
Shootings
Stabbings
Suicides
70% of workplaces have no formal workplace violence
program, despite findings that there are thousands threats
of violence every workday
 43% of those threatened and 24% of those attacked at
work do not report the incident
 Workplace violence myth: most incidents come out of the
blue.
 “These incidents don’t just happen spontaneously. People
work through a process—there is a pathway that people
will pursue toward ultimately committing violence.“

Source: John Lane, VP of Crisis and Security Consulting
Control Risks
ASIS 54th Seminar, 2008





A collection of negligence theories, including negligent hiring (the failure
to properly screen job applicants, particularly for sensitive positions
involving a high degree of interaction with the public); negligent
supervision (the failure to supervise employees and to discipline violators
of anti-violence rules)
Negligent retention (the failure to terminate employees who have
engaged in behavior in violation of company policies).
Premises liability (the duty of a property owner to take responsible steps
to guard against reasonably foreseeable violence)
Respondeat superior (an employer’s indirect liability for the wrongful acts
of an employee committed within the course and scope of employment)
Sexual and other forms of harassment prohibited under discrimination
laws (when threats or violence are motivated by a victim’s protected
status); and
OSHA
 section 5(a)(1) of the OSH Act, often referred to as the General Duty
Clause, requires employers to "furnish to each of their employees
employment and a place of employment which are free from
recognized hazards that are causing or are likely to cause death or
serious physical harm to his employees".
 section 5(a)(2) requires employers to "comply with occupational safety
and health standards promulgated under this Act".
 1970’s-present: incidents of workplace violence
have tripled
 Major contributors include:




Aggressive employees
Domestic violence brought into the workplace
Employers not taking recurring threats seriously
Ethnic differences among workers
 LLayoffs and company downsizing
 Negligent hiring, supervision, or retention of aggressive
employees
 Poor handling of employee termination
 Substance abuse
 Estimated cost to business $120 billion




Recognize behavior
What to do/who to call
How to deal with potentially violent individuals
Individual responsibility in following procedures;





Get to cover
Flee
Defend yourself
Utilize available communications
Procedures training
 Front desk, reception, panic alarm training

Practice all protocols/procedures



People need to know how to protect themselves
and others
The drive to connect and reconnect is great; plan
on families and others coming to the scene
Prepare for communication among crisis
responders, develop plan for working with
media, etc




A catastrophic event is often the first of many
crises that will be faced
Recovery is a non-linear process that leads to a
new normal
Individuals will need to reconcile to a new
worldview that accepts the awareness of
vulnerability
Connection, communication, and perceived
intentions of others become acutely significant
Almost every disaster, incident of
school/workplace violence and act of
terrorism was preceded by warning signals.
What Me Worry?
I don’t know what to do
 It will take too much time
 I can’t afford it
 What’s the point


Tends toward response and recovery during
and after a disaster.

Firestorm remains focused on establishing
nation-wide readiness before disaster strikes.

Goal: Build strong Disaster Ready People and
Disaster Ready Businesses.
Firestorm’s PREDICT. PLAN. PERFORM.™ model
optimizes client outcomes in a disaster:
PREDICT. Vulnerability analysis and threat assessment
PLAN. Business continuity, pandemic, security and crisis
communications planning
PERFORM.
Crisis management and mitigation
Unparalleled Knowledge Base
 In-house team of legal, risk management, human resources, technology,
engineering, security and research professionals
 Expert Council
Planning , Training & Exercises
 Enterprise Risk Management (ERM), Business Continuity Plan (BCP),
Continuity of Operations Plan (COOP), Emergency Response Plan, Disaster
Recovery Plan, Crisis Communications Plan, Crisis Management Plan,
Incident Red Flag Plan (identity Protection), Title IX DHS Certification,
Security, Workplace Violence, and Pandemic Plan.
Crisis Management Response Services
 24/7 crisis response, including onsite deployment of crisis incident response
team
 Threat assessment

Brings subject matter knowledge and expertise to
Firestorm clients

Generates unique insights and develops the best
solutions to complex problems

Provides an independent perspective and produces
faster, more accurate results

Utilizes specialists from various disciplines,
professions and industries
A recent study of 1200 CFOs in 79
countries indicated:
62% of businesses with over $5 billion in
revenue encountered a major risk event
42% of these businesses were not prepared
If you had to respond now,
are you ready?
PREDICT. PLAN. PERFORM. ™
PREDICT.
PLAN.
PERFORM.