Crisis Emergencies Require Different Capabilities
Earlier this month, Regina Phelps, (@ReginaPhelps), Founder of Emergency Management and Safety Solutions, joined Everbridge for a deep dive into the four elements of effective crisis management and crisis communications. During the webinar, Regina provided information organizations need to help create an effective crisis management team and crisis management process that can help you successfully manage incidents, both large and small. If you missed the webinar, read the transcript below or watch the on-demand recording. Routine vs. Crisis Emergencies According to Regina, there are two types of emergencies organizations need to distinguish between – routine and crisis. It is important to understand that “routine” does not mean “easy.” These are the emergencies that you have likely thought about what to plan for and what is needed, and you’ve trained for and done exercises for them. On the other hand, crisis emergencies are distinguished by significant elements of novelty, Regina says:
- Threats never encountered before.
- A familiar event occurring at unprecedented speed.
- A confluence of forces, which, while not new, in combination pose unique challenges.
For crisis emergencies, plans and behaviors that work during routine events are generally inadequate and, in some cases, counterproductive. The Four Essentials of Effective Crisis Management Organizations looking to have effective crisis management, must consider the following four elements laid out by Regina in the webinar:
- Know their roles and responsibilities.
- Have a clear incident assessment process, team and escalation strategy.
- Know how to develop an incident action plan.
- Issue effective and timely communications.
To learn more, watch the on-demand recording and download the slides. The transcript is also available below so you can read along! Webinar Transcript Regina Phelps
Today I’ll be talking about the four elements of effective crisis management. Now I don’t know about you but I am really fascinated with crises and [00:02:30] disasters of all kinds. I suppose if you’ve ever heard me speak before, you probably already know that about me.
I wonder how is it possible that some companies can have a major incident and they seem to sail through it, others not so much. There are many aspects to effective crisis management but there are four absolutely essential elements that must be present for an effective response. If they aren’t there then an initial moment of the crisis it will likely be a long [00:03:00] and painful response and recovery. Let’s take a quick look at my agenda if you will.
What I will be talking about today is I’m going to start briefly by talking about the definitions of the types of emergencies. I’ll talk about routine and crisis emergencies and then I’m going to really spend the majority of my time talking about the four essential elements – team structure, incident assessment process and team, talk about action planning and we’ll talk about effective [00:03:30] communications.
Let’s dig into this. What I want to start with first of all is actually the definition of a routine and crisis emergency. Now these aren’t my definitions, they’re actually definitions by the University Harvard and the professors that teach the crisis management program there, which I had the privilege to take several years ago. It’s a nice context to frame our conversation here today.
Routine emergency, what the heck is that? It’s really all of us on this call do for a living. [00:04:00] by that I mean I’m not saying that it’s an easy emergency, but I’m saying it’s something that’s relatively predictable. It’s in your risk profile. It’s something that allows us to have advanced preparation and you can actually take advantage of experience from previous activations or from somebody else who’s had something like that.
What that means is that as planners we’ve thought about this before, we’ve planned for it, we probably dream for it and we also have done exercises. [00:04:30] It’s something that we are expecting. I contrast that to a crisis emergency, which is different. What makes it different as far as the definition is concerned is novelty. Let me give you some examples of what I’m saying there.
For example, going back to 9/11, two planes hitting the Trade Center. That had never happened before. It was beyond on wildest dreams. If I’d ever suggested that for an exercise for my clients who resided in the Trade [00:05:00] Center, they would’ve thought I was nuts. It could be some event that’s familiar but it’s happening at unprecedented speeds. Think of Hurricane Sandy. New York was prepared and expecting a hurricane but it happened so rapidly and so quickly and the flooding was so significant that it basically flooded a lot of the southern tip of Manhattan and it created a crisis.
It could be something like a confluence of forces. It’s not something new but it’s a combination of things. Think of Hurricane Katrina. A [00:05:30] major hurricane followed immediately by a levee failure. Those two things in combination made it very difficult for them to respond. Because of that novelty, the plans and the behaviors and things that we practice just don’t work. In some cases, they might even be counterproductive. Now how do you distinguish between the crisis and the routine? That sometimes actually our job as actual emergency or business continuity professionals [00:06:00] is we have to first of all diagnose the elements of novelty. many times the people that are managing the event have their head way down into the weeds and they’re working hard to manage and they don’t notice that things have started to change or are different. That might be one of your tasks.
When we begin to understand that something is novel that we actually then have to improvise, which means many of our plans, our processes, our training is not going to be adequate. We have to literally redefine ourselves and we have to cope with [00:06:30] all new possibilities. That means our response has to be creative and adaptable as we go through and we execute on these plans. Those are things to keep in mind as I talk through this really the four essential elements of a crisis. Now when I talk to that I want to start first of all by what I call the six Cs. This sounds probably like a mathematical question and on Pi Day I suppose that’s a good idea. I think that the four elements are critical because it’s going to get you the six Cs.
What does that mean? For a crisis [00:07:00] to be able to be effectively managed you need to have these six things present. First of all, you got to have command and control. Ultimately, that’s what we need in order to move the organization, our team, the crisis foreword. Thirdly, we need to actually collaborate and we need to collaborate often not just with our own internal partners that people outside of our organization and possibly people in our business but they are external to. We need to coordinate all of our activities so that we are not doubling up on some [00:07:30] things and some things we’re completely missing. We have to be effective at communication, again, to all of our key stakeholders because ultimately what we’re looking for in this response and what people expect from us frankly is consistency.
Those six Cs are really important. The way we get those six Cs in my definition is about the four essentials. I’m going to talk about these in rank. In fact, I could talk about any one of these for an hour plus so I’m going to condense everything into [00:08:00] a very short period of time today. You have to know what the team structure is and the roles and responsibilities. You have to have a very clear incident assessment process. You have to have a team in place and an escalation strategy. You need to know how to develop an action plan. Lastly, you have to issue effective and timely communications.
Let’s first of all talk about team structure roles and responsibilities. This is an important one people really don’t think much about it and it’s critical stop and think about how you’re going to be [00:08:30] structured and what it’s going to look like. Many of our clients, most of our clients are very large multinational corporations and they almost always have a tactical team and a strategic team. If your organization is small, less than 500 employees, very likely you’ll have one team that does both activities.
Most large companies is represented by the key department. You will imagine who those folks are. Things like technology and facilities and security and the key lines of business and [00:09:00] HR and communications and legal and finance and so on. Those people are going to tactically manage our response. Then there needs to be also a strategic team and that’s usually where you’re going to find executives because their role at time of crisis is very different than the tactician’s. I’ll talk about that in a moment. Understanding first of all we’ll probably have two teams for most organizations. Again, a smaller one will have them both combined.
Question how you structure this big group of people. Is it [00:09:30] your usual reporting structure meaning is your normal organization chart or do you consider something like the incident command system? I’ll talk about that in a second. Are you going to use something else? For the purpose of our conversation today, I’m really going to talk about two formats. I’m going to talk about doing it as usual. I’ll also talk about the incident command system.
What’s the cost of doing it as you always do, having your organization structured as it always is? That’s what you know. That’s good [00:10:00] but there are a lot of downsides to it actually. The first one might be span of control. if somebody’s in charge of this big team, just stop and think about how many people they have to talk to to figure out what the heck is going on with the business, and with the response, and with the communications and so on. The average reporting structure in an emergency should be somewhere between four to seven people, no more. if you use your usual reporting structure you might have 15, [00:10:30] 20 people that are person in charge, I’m going to use the term incident commander, has to talk to in order to find out what the heck is going on. The span of control is way too big.
There also could be lots of silos of responsibility because many times people will be doubling down and teams will be doing the same thing. That’s because again there’s not a clear structure that’s going to help manage that. There’re also going to be duplication of effort of things you miss completely and, again, because of these big silos that we have. [00:11:00] You also ultimately don’t have a lot of clear authority because everybody’s running your department like they normally do.
What we always ask our clients to do is to reconsider how they structure their teams. We’re trying to optimize on the best efficiencies we can possibly get and what our feeling is is the best way you can do that is to have a more organized emergency response. I’m a huge fan of the incident command system and if you’ve ever heard me speak before I implemented [00:11:30] in probably the vast majority of our clients. It’s actually been around since the 1970s, came out of my fair state, California.
It’s now used by public and private sectors across the world. I taught it in four continents and it’s required since 2005 in every city, state, federal, county in United States. Anybody that responds to you like police and fire, FBI, et cetera, they’re all using ICS. It’s something that’s convenient and familiar [00:12:00] and that’s important especially if you’re dealing with the initial emergency response event.
An ICF structure kind of looks like this. I’m going to quickly talk about this and I would say to you if you don’t want to use ICS frankly you can use a very similar structure to organize your team. The box at the top is what we call the command box. That’s we’re our own civic commander is. You might call them a variety of things but that’s what it’s called in ICS.
Then right below that you’ll see the communications box where all of our communicators dealing with traditional [00:12:30] and social media and other forms of communication trying to outbound information and receive information from our key stakeholders. Below that you’re going to see essentially four boxes. The operations box is a tactical and response in a corporation that’s very likely going to be facility’s, security and technology. If you have things like environmental health and safety they might also be there.
What you think about is really the recovery of your business and it’s the operations to do that. You need a building, [00:13:00] you need security, you need safety and you need technology. You have those things, you’re good to go. Logistics in a corporate model is one’s commonly human resources dealing with the human related aspects of the emergency.
In public sector environment it will also be procurement. We found that it works better actually for procurement to live in finance in a corporate setting. It’s up to how you organize your team. Planning intelligence is actually the key lines of business. Depending [00:13:30] on what your company is those key lines as well as the legal maybe corporate compliance, those types of individuals.
Then lastly, finance. How you pay your bills, AP/AR, treasury operations, general ledger. Then that’s how we’re structured in many of my clients. You can do the same thing and not call it ICS. If you think about how you’d be logically grouped together and how do you manage the span of control is by the fact [00:14:00] that every one of those boxes has a team leader who basically aggregates all the information and reports it up to the incident commander.
We actually have a more effective management tool both at the box level, if you will, and then all the way up to the incident commander. Some of you might be saying to yourself what’s that strategic team doing, those pesky executives. They have basically in our view four roles, and they’re very different than the technicians.The first thing you’re going [00:14:30] to do is provide strategic and policy oversight. They’re thinking about the big picture issues. They’re also dealing with approving the large expenditure of funds. Our incident management team at the tactical level probably has an approval to spend a certain amount of money and then beyond that, they need to ask permission and that’s where that comes in.
A key role is acting as a senior stakes person to all stakeholders. Whether that’s your board of directors, major customers, government people, [00:15:00] all those are critical. Then lastly, they might be asked to be the media spokesperson if the situation warrants it. A good example of that is active shooter situations the CEO is often the media spokesperson.
Once you have that, then what you need to do is you need to make sure you have a plan so we understand structure [00:15:30] is critical. Now, we need to talk about who’s in charge at all the levels, what the roles and responsibilities are and we want to make sure that everybody that’s part of the team actually has a checklist. We know exactly what they’re doing.
Your plans and checklist should basically fit your risk profile. Go back to your routine emergency. What’s that? It’s it an earthquake, a fire, a hurricane, a severe winter storm like they’re having in the East? Make sure your checklists and clans fit the routine emergencies. Figure [00:16:00] out the structure, figure out who’s going to do what, and then then make sure everybody knows.
The second is really important and I will tell you of all the things that we talk about in the four elements, this is the one I find missing the most. It’s almost as if many company plans actually in the process of the incident or crisis management notice that we’re going to have an issue and then all of a sudden the plan’s activated. You wonder what happened [00:16:30] between the emergency and the client activation. Who came together? Who made the decision that we were going to activate?
Many times that is completely missing. Let’s talk about how you can do that. What we recommend, first of all, is that you have an incident assessment team. The incident assessment team is critically important. First of all, who can be on this team? Now when you think about it, [00:17:00] it’s most common who is on this team is where the emergencies come from. Think about your organization. Where do most of your disasters or crises come from? Facilities? Security? Technology? Sometimes HR?
You want to think about who should be on this team and those individuals should be basically very well trained, understanding their role and responsibilities. They get a call in the middle of night they’re told to jump on a bridge. [00:17:30] They actually come on a call and they actually access the event. Determine first of all who should be on the team. Most of our clients that includes the incident commander, facilities, security technology. Sometimes it will include a charter. The this is that you keep in mind is you want the team to be relatively small. If you need to add more people based on the incident, you simply do that.
The team has very clear responsibility. They’re supposed to conduct initial assessment. They find out what’s going on and then they’re going to make some decisions. [00:18:00] They go through the criteria and the escalation strategies for plan activation and then they call the question as we call it. They decide whether or not they’re going to activate the plan. Our belief is that any of the member should be able to activate the plan. It’s shouldn’t be like three out of four or all four or seven. It’s whoever shows up based on the emergency.
Communication for this team is critically important. If you utilize an emergency notification system, it’s a [00:18:30] great way to have prebuilt templates for your IAT. That goes out, you’re asked to join the bridge and they come together. We always figure out the virtual communication but also a physical one. For some reason maybe after an earthquake. You lost technology and you’re not able to communicate electronically. You want to make sure that you actually have a physical place where you can actually meet as well.
The first thing this team does is really important and one that a lot of people haven’t quite figured out which is how do you get situational awareness. [00:19:00] What does that mean? How do you know what’s going on and where are you getting that information from? That’s the first task this team has. Now very likely the person who reports up this story or this issue will be the one that has some information. Other people may know a lot as well.
What do you know? What’s impacted? Is it just your facility? Is it your employees? Is it your visitors? Impacts to your business? What about the impact to the facility reputation? [00:19:30] What’s the overall effect of the incident? Are the people injured or killed? Is the building available? Is your technology down? Tell us more. Then once you know all of that what we also ask people to do is look at broadly what kind of event this is. Is it local just you? If it’s just you then that even puts sometimes more pressure on you because no one else has had any problem and so they don’t know why you’re not answering your phone.
If it’s regional like this today in [00:20:00] the East with this snowstorm, the more people know about it. It also means that more people aren’t available to help you. International event or maybe only a few places in the country are impacted like 9/11. Maybe even an international event like a tsunami or floods or typhoons. Think of the Madrid train bombing several years ago or think of the big fire in the hotel in Bombay.
Any of those kind of events result in potentially an impact to your company. What type of ? Then [00:20:30] what we do is we ask our folks to talk about five things. Now we used to build really complex criteria and we’ve realized you don’t need to do that. I think one of the only thing you need to talk about is five things in order to know whether you have to activate your plan.
The first thing you want to talk about is people. Are lives in danger? Is there a business, is there a life safety issue? Is there an impact to employees or visitors? Always you start with emergency response. [00:21:00] You always talk about life safety. Second, what’s happening with our facilities? What’s happening with our critical infrastructure? That could be things such as our computer system, our phones, our buildings.
What’s going on with that stuff and we tie in that technology pieces. Is there are disrupted of our technology services? Is there an information security issue? In the cyber world now that we live in, that becomes even a bigger problem. Fourth, is there an impact to our mission critical business activities, [00:21:30] our time sensitive issues? Does this impact our ability of our company to do business. Is there some financial impact as well?
The first four are very subjective, or excuse me, they’re very clear. The fourth one is simply a subjective and that’s because the fact do we have potential if we don’t handle this even in a good manner that we could actually have a brand or reputational impact to our business. Five [00:22:00] really simply thing to talk about. When we ran initial assessment teams, the team gets on the phone. The first thing happens is we talk about the situational awareness. Everybody shares what they know. Then what we do is we discuss the five issues, people, faculties, technology, business. Is there a possible impact to our reputation brand? We also want to know is it just us, is it regional, is it national, is it international.
Then, we actually plot this out. [00:22:30] You look at this overall matrix; we literally do this on the call. Then what we do is we ask the next question is what’s the severity level. Your company might have its own severity level so for many of our clients there’s security levels of one through three or one through four, one being minor, three or four being the most severe. We ask them to label it, so that way they go okay this is in level two or a level three. We know [00:23:00] it’s a level two or three then automatically you’re beginning to think of the kind of response that you need to do.
Then what we do is we call the question. Does this incident meet our activation criteria? If the answer’s yes, then we’re going to activate a plan, we’re activating our emergency operations center. We’re calling all of our folks in. Then we’re going to inform our executives. Conversely, it could be no. but I’ll tell you if it was big enough for you to get on a call you had better monitor [00:23:30] it because things could change.
Just because you don’t activate does not mean that it’s not serious and does not require your attention. Somebody on the call is assigned for the monitoring job and their job is to basically keep us informed about what’s going on. It’s very concise and simple process. I would ask you to look at your plans. Do you have an initial assessment team? Do you have a process in place? Do they know what their job is? Do they know how to come together? [00:24:00] Do they know what kind of criteria you’re going to use?
Those things are so important but if you haven’t figured them out at the very beginning, you’re going to stumble right away. What we find in many of our clients is that when they don’t have that kind of process, what happens is is that they’re slow and they wait too long. Then they’re really behind the eight ball when the crisis begins to worsen and they haven’t yet activated their teams.
[00:24:30] Number three, developing an incident action plan. Now this is not actually the hallmarks of ICS. It’s absolutely essential and yet I find most companies don’t do this. It’s a very simple process. It’s not rocket science at all but it takes practice and a little bit of discipline. if you imagine your team that’s come together and if you are utilizing the incident command system, [00:25:00] our incident commander would call together the four leaders of the boxes, operations, finance, planning intelligence, logistics and then our communications so there’d be five of them.
The incident commander and they’re going to talk through what they need to do to respond. Let me talk about the steps because they’re pretty simple. Every IAP has basically four very simple things. It’s so easy but yet most companies don’t do [00:25:30] it. The first part of the IAP is that you always list and discuss the incident status, any new situation awareness. At the beginning, of course that’s the actual initial information you had to activate the plan. As the situation continues, of course it will change and evolve over time.
Then what you’re going to do is you’re going to have very specific strategic objectives that are going to be written by our team leaders of those [00:26:00] five boxes to actually respond to this situation. We’re going to make sure that every single thing is assigned and we’re also going to make sure that we determine what the operational period is. An operational period is how long do you work on those objectives before you come back together and you actually assess that as one more situational awareness and then revisit those objectives very likely. This is really simple process but most people don’t discipline [00:26:30] themselves to do it. What happens then is in the response many people go in many different directions.
All IAP should be written for a lot of reason of course. It provides for less confusion and miscommunication. It’s something also that can easily be shared. I wanted to give you an example. Some of our clients in the East Coast today had already done their actually assessment team meetings yesterday and then in some cases they started it the day before.
Why? [00:27:00] Because we knew the storm was coming to the East. They met on either face to face or by phone. They went through the situational orders, which of course is what’s going on with the weather service. They made some additional plans. They looked at issues that might be happening in their building and they began to check and make some decisions about strategies, how are we’re going to communicate, do people come to work, all of that stuff.
Really simple. Then as that plan continues they’re able to go the next stage. They look and see if there’s any changes, they modify the plan. Then when the actual [00:27:30] event occurs as of today, in some communities the snow isn’t as bad or the weather’s not as severe. Maybe they’re adjusting their plans on the fly. The good thing about doing all of this is it allows you to then print the IAP, the incident action plan. You can PDF it, you can send it to anybody or everybody. You can send it to your executives. You can send it to other key departments so everyone knows what’s going on it’s not a surprise. It’s not rocket science but people don’t often do it.
Very simple steps. You want [00:28:00] to make sure that first of all you’ve got their situation assessed. How do you do that? I’m not being pejorative to sit up but there’s many ways you can get information. Are you only relying on the news? Are you listening to what’s happening on social media? Are you following traditional media? Are you talking to vendors, employees, government officials, contractors? How do you get your information and then what do you do with it? How do you display it? How do you save it? How do you make sure everybody on the team knows about it?
[00:28:30] That sounds simple, it’s not so easy. You want to make sure that you actually have all the ways to bring all this information together so that it’s helpful. Then you want to write your objectives. You want to make sure that you got obviously the resources available to complete those tasks. We’re very picky about writing objectives I know this sounds completely crazy but we are. because one things I’ve learned after doing this for many years is that if the objective is well written everybody knows what you’re telling them to do. If it’s perfectly written, people are [00:29:00] kind of clueless.
The way we write objectives are very simple. It’s a short simple sentence but the first word of every objective starts with an action-oriented verb. An example of an objective might be something such as assess information technology impacts, contact emergency responders, develop response plans, activate business continuity plans, [00:29:30] determine impacts to facilities. All of those first words tell the person who got the objective given to them what the heck they’re supposed to do.
It’s worth spending a little time making sure that they’re written well and most of our clients actually have a list of pre-written objectives and they look through them and they actually make them and drop them into their plans without having to think on the fly. You want to assign all the objectives either to a particular team or to a person. That allows [00:30:00] us to have less confusion, less duplication of effort or having things that are completely not being done, especially in the beginning of a crisis everybody wants to focus on one or two things and many times they’re being covered by other teams but no one knows that and everybody focuses on those small items when we should be looking at a broader spectrum. Then you want to determine when the operational period is which is when you meet again. In a beginning part [00:30:30] of an emergency it might be short, it might be an hour. Then as the emergency goes longer, has legs, it’s a longer period of time, four, six, either hours and so on. The crisis happens in the middle of an operational period you can meet everybody and talk again but otherwise you’re going to stay with that schedule.
Now that we have a plan we can actually talk to all the identified key stakeholders which could be key customers. It could be obviously your executive, it might be other locations of your business. [00:31:00] Now you can tell people what you’re doing an