Crisis on Campus

How Kennesaw State united technology, business continuity and risk strategies to build a holistic crisis management infrastructure

Additional mass communications systems include fire alarm and fire panel notification interfaces. Fire annunciators now include a voice speaker that allows for a message to be sent throughout the entire facility on the same annunciator that alerts to evacuation procedure. This is a new part of NFPA 72, called the emergency voice alarm communications network —and it is a major change that allows sounds other than the tone to be sent for fire alarm evacuation. Some fire panels also include the ability to use a microphone to make announcements.

Of course, crisis management goes beyond technology. A critical layer of the onion is your relationship with local, state and even federal law enforcement — those who will ultimately assist you in your emergency response. Being introduced to the local police chief, sheriff or federal emergency management agency head at the time of an incident is not ideal. The relationship should be cultivated and pre-agreements made to ensure that their response plans fit into your plan of operations and emergency notifications. Of course, since many incidents are dynamic in nature, exact procedures need to be flexible in order to meet the ever-changing demands once different organizations are involved in an incident.


Organizational Survival: Ensuring Business Continuity

The baseline crisis management plan covers immediate response, and it must be accomplished prior to any discussion or movement into the business continuity and enterprise risk management areas of crisis management. Let’s face it, if you don’t know how to mitigate a crisis situation on your campus, you probably won’t know which critical systems and processes need to be immediately resumed in order to survive the catastrophe.

Business continuity, once called continuity of operations plans (COOP), are designed to identify those operations that are critical to your organization’s survival. A good example of this was the pandemic planning phase initiated some years back in order to ensure enough people were available to maintain operations during periods where many are sick. This effort actually revealed vulnerabilities with data systems, storage and retrieval systems, as well as the threat of cyber-attack on individual networks.

Our business continuity efforts at Kennesaw State began by contacting individual campus departments and entities to determine their critical components and vulnerabilities in sustaining operations. Critical components may include financial and payroll distribution, internal database systems and supply chain disruption issues—of course it depends on the individual situation.

Once the critical components and the personnel assigned to them are identified, plans should be put in place to ensure at least two others are trained to operate those systems, if necessary. Since business continuity is an ongoing effort, the ability to track and maintain up-to-date information is critical, and there is different software that can be used. One of the main benefits of the software is the ability to cross reference individual efforts and personnel to ensure proper conflict/crisis resolution. The software can also prompt users to update any changes in personnel or their function as related to the business continuity plan.

At Kennesaw State, we use an application called BOLD Solutions to analyze previous business continuity information requests from 2006, 2009 and the present effort. This solution included training for personnel inputting the original data, as well as system administration training for the security personnel in the Strategic Security and Safety Department.


Bringing it all Together: Enterprise Risk Management

So how does enterprise risk management and its processes integrate with the overall emergency, crisis management and business continuity plan? A logical approach will ensure the identification of risk and continuity of operations. The diagram on the right depicts this concept at Kennesaw State. It illustrates the basic plans and procedures (at the bottom) and then moves up into the enterprise risk management directive, were all risks are identified and pushed up to the appropriate management level for a decision on mitigation or acceptance.

The process begins by identifying every department or entity on campus, potential off-site locations and any area that can affect campus operations. At Kennesaw State, this number represented approximately 200 individual units (called the Working Group). Many of the same people who were involved in the business continuity effort also became members of the enterprise risk management initiative.