Disaster Planning is a subject that most of us undertake on a routine basis. I suspect that every Chief Security Officer, Director of Security and every Security service provider has a crisis management plan on their shelf — ready to use at a moment’s notice. I would hope that these plans cover all of the possible contingencies that might occur and have a well thought out plan for how to minimize the impact of the particular event that might be happening, as well as how to recover from that event to get the operation back to normal as soon as possible.
If you don’t feel that you have an adequate Disaster Plan I would recommend that you download a copy of the ASIS Disaster Preparation Guide (www.asisonline.org), which will give you an excellent checklist to see if you have covered all the aspects of the plan. Additionally, you should review the “Business Continuity Guideline: A Practical Approach for Emergency Preparedness, Crisis Management, and Disaster Recovery,” downloadable at www.asisonline.org/guidelines/inprogress_published.htm.
I believe there is an aspect of Crisis Management that many of us have not considered or planned for. It happens once the situation is already contained —management, politicians, or the media begin to assess the damage and immediately look to point their finger at the person or entity that is at fault for allowing the disaster to happen in the first place — especially if it is a man-made disaster. It seems to me that when a major disaster happens, if it can not be easily and quickly determined who is to blame, then there seems to be an immediate frenzy to pin the blame somewhere — whether justified or not.
A case in point would be the Sept. 11 attacks. As an aftermath of those horrific events, directors of security lost their jobs, security companies lost work, and even worse, there were individuals and companies that were publicly blamed for allowing the attacks to occur. The most notable of these were Frank Argenbright Jr., and the company he previously owned, Argenbright Security. That’s correct, previously owned. Argenbright may have had sold his company almost a year before the Sept. 11 attacks, and at the time of the attacks he was no longer involved in its management — yet he was still “fired” on national TV from the position of CEO.
Since Argenbright Security had passenger screening contracts for many airports around the world, and specifically at Boston’s Logan Airport, they were ceremoniously removed from those contracts in very short order.
I wonder how the aftermath of the Sept. 11 attacks would have changed if the companies involved had a fully developed plan for dealing with the issue of being blamed for a disaster. Of course, most of us have included in our plans that someone in the organization — typically the communications department — is responsible for communicating with employees, clients, the media, etc., following a disaster, but have these professional communicators actually developed the proper plan for this scenario?
We all know that it can be a losing battle when you are put into the position of having to defend yourself when things go wrong — even when it wasn’t a failure on your part. So what if Argenbright Security had had a prepared plan of what to say to the press immediately following such an event. After all, if you are responsible for passenger screening at an airport or multiple airports, you should assume that at some point there will be an incident that occurs which would suggest that your screeners did not do an adequate job. So, before everyone else started pointing fingers and putting them on the defensive, what if they released a statement demonstrating that they would immediately begin working with authorities in an attempt to determine if the weapons had been brought on through the screening process or whether they had been placed on the planes in some other way — which would have introduced the concept that they might not have been at fault?
Instead of being in a defensive posture, they would have been in an offensive position; and they might have saved themselves and the other companies that lost that work from being dismissed.
I would recommend that anyone involved in crisis management planning considers taking the process one step further to determine what potential disasters might occur that either you or your company could be blamed for and predetermine a course of action that addresses how you would respond to such an occurrence. This would be most helpful in dealing with man-made disasters that have an effect on the public, but you might also consider this for emergency situations which are completely internal to your company. You might even want to consider hiring a professional that is outside of your company to help you draft several versions of release statements relative to your own situation. The same recommendation holds true for your company’s statements as well.
I believe the best approach to this issue is to develop several scenarios of what might go wrong — which you probably already have in your crisis management plan — and then get a professional publicist to write some boiler plate statements which could easily be adapted to the exact situation that is being addressed. Yes I know it just sounds like C.Y.A. thinking, but in the real world, if you aren’t prepared to cover your A, you will probably get it kicked!
Timothy Giles, CPP, PSP, is the president of Risk/Security Management and Consulting. Prior to going into business for himself, Mr. Giles was the director of security for the Woodruff Arts Center in Atlanta, managing director of security services for Kroll Associates, and director of security, North America, for IBM.