"Emergency response is a product of preparedness."
- The 9/11 Commission Report
If one asks the question, "What is the first step in the process to develop an emergency preparedness plan?," many will answer "threat assessment" and cite the need for vulnerability and risk evaluations. In truth, the planning process must begin well before a risk assessment is performed. This article provides an overview of the emergency preparedness planning process.
Building the Foundation:
Gain program priority
The first step in any organizational process, whether it is preparedness planning or developing a new product, is to gain the support of the "stakeholders" of the organization. In most cases, the stakeholders are senior management who have the budgetary authority. In other cases, stakeholders may be clients, constituents or stockholders who signal priorities via their consumption or voting patterns. In either case, it is the stakeholders who will ultimately set (or cue) preferences and dedicate resources. Even before an emergency preparedness planning process is developed, a strategy to get emergency preparedness on the agenda and past the initial discussions must be devised.
In our second article, we discussed the requirement to articulate specific needs prior to hiring an emergency preparedness planner. The same principle applies to garnering program support from corporate leadership.
The first step is to conduct a needs (or requirements) assessment. What does your organization need? A response plan? A preparedness strategy? A continuity plan? An existing plan review? Why have you chosen to undertake this process? Local regulations? Client concerns? Because it's the "right thing to do?" How do you plan on accomplishing the program? In house? With a facilitator? What do you see as the final product? A corporate preparedness plan? Increased employee confidence and awareness? Improved client cooperation? While the initial needs assessment can be general, (as it will likely become more cogent as the process ensues), there must be initial answers to the questions of what, why and by whom. The "how" is the process itself.
But how does the corporate security director get the attention of the senior management? Certainly, and especially in today's world, there is sufficient sensitivity to the need for emergency preparedness. Many discussions, which often follow a seminar on emergency preparedness or a real-world incident, tend to fade away after a few weeks as organizations tend to return to the status quo of solving the daily dilemmas. Often, it is not the issue of getting the issue on the leadership's agenda, rather it is the challenge of sustaining the interest in emergency preparedness. Understandably, many senior company officials do not understand the elements of emergency preparedness. Because the organization has completed a risk assessment and has a physical security plan in place, they feel little need to provide any further attention to emergency preparedness. In far too many cases, the corporate emperors remain unclothed.
How do you maintain the topic of emergency preparedness on the corporate agenda? A "rhetorical question" technique, in the form of a quiz asking simple but unanswerable questions, might work. For example, "If we have a suspicious package incident, where does the corporate leadership gather?" Another technique might be the "customer concern" approach. Here, perceptions generated by clients, tenants, and/or the constituent stakeholder population are posed: "You know, sir, some of the tenants/employees have been asking me about this year's corporate emergency preparedness program and where they fit in. I'm comfortable with the immediate security aspects of our plan, but would like to talk more about a broader all-hazards corporate strategy." Whatever your strategy to get their attention, the most important part of the process has just begun: there is still sufficient work to be done to articulate the organization's needs and procure appropriate resources.