These are not the worst disasters you will see

9/11. Katrina. Virginia Tech.

The worst disaster you will see is the one that happens to

you or your business

EVERY CRISIS IS A HUMAN CRISIS

The success of your organization relies on the preparedness of

people

DISASTER EXPOSURE

Almost 2/3 of companies that suffered a disaster experienced lost business

FIVE MOST COMMON FAILURES

CONTROL CRITICAL SUPPLY CHAINSTRAIN EMPLOYEES FOR BOTH WORK & HOME IDENTIFY & MONITOR ALL THREATS & RISKSCONDUCT EXERCISES & UPDATE PLAN DEVELOP CRISIS COMMUNICATIONS PLAN

ACTION ITEMS

PREDICT. PLAN. PERFORM.

Identify & Involve Critical Suppliers Critical Functions Critical Employees

What If Exercises Establish How To:

Monitor Communicate

CONTROL CRITICAL SUPPLY CHAINS

TRAIN EMPLOYEES FOR BOTH WORK & HOME IDENTIFY & MONITOR ALL THREATS & RISKS

CONDUCT EXERCISES AND UPDATE PLAN

DEVELOP CRISIS COMMUNICATIONS PLAN

LESSONS LEARNED

Virginia Tech was the definitive episode of

Violence in the Workplace

TIMING

NORTHERN ILLINOIS UNIVERSITY

Almost every disaster, incident of school/workplace violence and act of

terrorism was preceded by warning signals.

“PREDICTABLE SURPRISES”

CRISIS MANAGEMENT: FIRST RESPONSE

Pastoral setting: Physically-intact campus Traumatized community

Media circus 324 Media outlets 140 Satellite trucks $4 million by major network in first week

CRISIS COMMUNICATIONS RESPONSE

Transparency Framing messages Controlled accessibility

Established call center to broker access and provide information

Signage on campus buildings when classes resumed

Metrics Timeline

CRISIS MANAGEMENT: THE MEDIA

TIMELINE

Initial shootings in West Amber-Johnston Hall Lovers’ triangle Absence of students to interview

Immediate arrest of ‘suspect’ Boyfriend left “in a hurry” Guns found in truck

Norris Hall response Nine minutes from entry to end of shootings

THE FIRST 24 HOURS

WRONG

Time alters our perception of risk It can’t happen here. It can’t happen to me. It won’t be so bad. I’m smarter and better prepared.

WHY WE DISCOUNT RISK

DISASTER DENIAL

“There cannot be a crisis next week. My schedule is already full.”

Henry Kissinger

WHY CONTINUITY PLANNING?

Public Law 110-53, Title IX Business environment at greater risk

Natural disasters Pandemic threat Terrorism Economy at risk

Governance requirements Disclosure issues Regulatory guidelines Sarbanes-Oxley Looming litigation

STATISTICS OF FAILURE

OF BUSINESSES WILL LOSE TO OF THEIR SHAREHOLDER VALUE IN 5 YEARS AS A RESULT OF A DISASTER OR CRISIS.

OF CONTINUITY PLANS HAVE NEVER BEEN TESTED.

DISASTERS OCCUR ANNUALLY IN THE U.S.

OF BUSINESSES STRUCK BY A DISASTER NEVER REOPEN, AND OF THOSE THAT REOPEN CLOSE IN TWO YEARS.

83% 20% 30%

80%

70,000+

40%25%

OPPORTUNITY TIMELINE

PREPARE AND PLAN

MONITOR AND TAKE ACTION

RETURN TO ‘NORMAL’

PRE IMMINENT DURING RECOVERY

MANAGE AND

MITIGATE

DISASTER DENIAL

TODAY

EVERYTHING IS FORESEEABLE

WHY NOW?

Business environment is less forgiving

Risk management is usually internal, but external risks have not been addressed

Systemic risks have not been a focus – how to survive a major industry-wide event

VULNERABILITIES Extreme Heat Fires Floods Global Warming Hazardous Materials

Hurricanes Landslides Multi-Hazard Nuclear

EarthquakesPandemic

Power Outages Thunderstorms

Wildfires Winter Storms Workplace Violence Dam Safety Earthquakes

Terrorism TsunamisTornadoes

Extreme Heat Floods Global Warming Hazardous Materials

Hurricanes Nuclear Pandemic Terrorism

FiresPower OutagesLandslides

Thunderstorms Tsunamis Volcanoes Winter Storms

Earthquakes Fires Global Warming Landslides

Tornadoes

FloodsWildfires

Pandemic Power Outages ThunderstormsTerrorism

Hurricanes

Nuclear

VULNERABILITY ANALYSIS

WARNINGHIGH IMPACT / LOW

CERTAINTY

DANGER HIGH IMPACT / HIGH

CERTAINTY

NORMAL OPERATIONS

AWARENESS & CONTINGENCY PLANNING

CORPORATE GOVERNANCE & PREACTION PLAN

CERTAINTY

IMPACT

THE DISASTER ENVIRONMENT

YOUR COMPANY/

CLIENTS

Employees

Family & Friends

Work & School

Critical Suppliers

Customers

Stakeholders

DISASTER

DISASTER

IN/OUT/ACROSS ANALYSIS• FINANCIAL • OPERATIONAL

• EXTERNAL• STRATEGIC

PROCESSES WITHIN

EACH ENTITY

PROCESSES THAT

MOVE IN & OUT OF ENTITIES

LIABILITIES

LEGAL

OSHA MEDICAL PRIVACY

HR BENEFITS

DISCRIMINATION

FORCE MAJEUR

E

FAILURE TO PLAN

GOVERNANCE

INSURANCE

NEGLIGENCE

IT’S MORE THAN AN IT ISSUE

Every Crisis is a Human Crisis.

SYSTEMS DO NOT PROTECT PEOPLE

SERVERS CANNOT INITIATE ACTION

NETWORKS WILL NOT BE HELD

ACCOUNTABLE

NO PEOPLE → NO RECOVERYEvery Crisis is a Human Crisis.

RULE 1, 2, 3

2+ backups for • Critical tasks

and business functions

• Software and data exchange

File a written record of each

backup’s contact and access data

Documentation should be updated

every 6 months

Disasters result in high absenteeism: Train 3 employees for each critical task

CRISIS COMMUNICATIONS

PREDICT • Who is the audience?• What are their concerns?

PLAN

• Tailor message, messenger, and media

• Format to the stakeholder

PERFORM • Focus on the 3 key messages

WHAT CONSTITUTES A PANDEMIC?

Highly virulent

organism

Lack of human

immunity

Easily transmitted human to human

MODES OF TRANSMISSION

Contact TransmissionDirect Contact

Indirect Contact

Droplet Transmission

Airborne Transmission

P 1 P 2

P 1 P 3

P 1 P 2

P 1 P 2

45

Index Case

ODYSSEY OF SARS TRANSMISSION

3 hour Flight; Hong Kong to Beijing, March 15, 200318 Cases4 Deaths

Crew Member

Probable Case

THE 9/11 COMMISSION

“Preparedness is not a luxury; it is a cost of doing business.”

UPDATE: WHAT’S CHANGED

Public Law 110-53, Title IX Situation in Mexico Bio-terrorism Workplace Violence

PUBLIC LAW 110-53, TITLE IX

In the “Implementing the Recommendations of the 9/11 Commission Act of 2007” (the 9/11 Act), Congress mandated the Department of Homeland Security (DHS) to provide “voluntary” preparedness certification and “develop guidance or recommendations and identify best practices to assist or foster action by the private sector” across a wide range of business continuity practices.

MEXICO: WILL THE VIOLENCE SPILL OVER TO THE U.S?

U.S. security no match for Mexican drug cartels

The Obama administration announced this week it is sending hundreds of federal agents and crime-fighting equipment to the Mexican border to try to make sure violence from Mexican drug cartels doesn't spill over into the U.S. –CNN, March 27,2009

BIO-TERRORISM

Bio-terrorism – Al Qaida and the Plague

The story began with a Jan. 6 report in the Algerian newspaper Echorouk that a number of terrorists had died of the plague in one of al-Qaida training camps in Tizi Ouzou. Another Algerian newspaper En-Nahar, affirmed that 50

terrorists have been diagnosed with

the plague, 40 of whom have already died.

WORKPLACE VIOLENCE: ON THE RISE?

Businesses are bracing for more crimes committed by both external and internal perpetrators in a rough economy: The worry is that poor market conditions will result in

more burglaries, and Company layoffs could increase cases of

embezzlement, theft and workplace violence by disgruntled workers

Domestic violence is moving to the workplace

Any physical assault, threatening behavior, or verbal abuse occurring the work setting. It includes, but is not limited to: Psychological

Intimidating presence Harassment (being followed, sworn at, or shouted at) Obscene phone calls Threats

Physical Beatings Rapes Shootings Stabbings Suicides

WHAT CONSTITUTES WORKPLACE VIOLENCE?

CURRENT ENVIRONMENT 70% of workplaces have no formal workplace violence

program, despite findings that there are thousands threats of violence every workday

43% of those threatened and 24% of those attacked at work do not report the incident

Workplace violence myth: most incidents come out of the blue.

“These incidents don’t just happen spontaneously. People work through a process—there is a pathway that people will pursue toward ultimately committing violence.“

Source: John Lane, VP of Crisis and Security Consulting Control RisksASIS 54th Seminar, 2008

OSHA & STATE STATUTES

Employer owes a ‘‘general duty’’ to protect employees against ‘‘recognized hazards’’ that are likely to cause serious injury or death. Workplace violence has been identified as one of those hazards, and both federal and state OSHA agencies have issued citations to employers under the Act’s general duty clause for failure to protect employees against workplace violence

Employer’s obligation to maintain a safe place to work also arises from the legal principles that exist in most states under common law. Legal principles most commonly discussed in litigated cases involving workplace violence include:

A collection of negligence theories, including negligent hiring (the failure to properly screen job applicants, particularly for sensitive positions involving a high degree of interaction with the public); negligent supervision (the failure to supervise employees and to discipline violators of anti-violence rules)

Negligent retention (the failure to terminate employees who have engaged in behavior in violation of company policies).

Premises liability (the duty of a property owner to take responsible steps to guard against reasonably foreseeable violence)

Respondeat superior (an employer’s indirect liability for the wrongful acts of an employee committed within the course and scope of employment)

Sexual and other forms of harassment prohibited under discrimination laws (when threats or violence are motivated by a victim’s protected status); and

COMPANY RESPONSIBILITY

OSHA section 5(a)(1) of the OSH Act, often referred to as the General Duty

Clause, requires employers to "furnish to each of their employees employment and a place of employment which are free from recognized hazards that are causing or are likely to cause death or serious physical harm to his employees".

section 5(a)(2) requires employers to "comply with occupational safety and health standards promulgated under this Act".

L

BACKGROUND STATISTICS

1970’s-present: incidents of workplace violence have tripled Major contributors include:

Aggressive employees Domestic violence brought into the workplace Employers not taking recurring threats seriously Ethnic differences among workers

Negligent hiring, supervision, or retention of aggressive employees

Substance abuse

Layoffs and company downsizing

Poor handling of employee termination

Estimated cost to business $120 billion

ACTIONS Recognize behavior What to do/who to call How to deal with potentially violent individuals Individual responsibility in following procedures;

Get to cover Flee Defend yourself Utilize available communications

Procedures training Front desk, reception, panic alarm training

Practice all protocols/procedures

DURING THE EVENT

People need to know how to protect themselves and others

The drive to connect and reconnect is great; plan on families and others coming to the scene

Prepare for communication among crisis responders, develop plan for working with media, etc

AFTER THE CRITICAL EVENT IS RESOLVED

A catastrophic event is often the first of many crises that will be faced

Recovery is a non-linear process that leads to a new normal

Individuals will need to reconcile to a new worldview that accepts the awareness of vulnerability

Connection, communication, and perceived intentions of others become acutely significant

Almost every disaster, incident of school/workplace violence and act of

terrorism was preceded by warning signals.

“PREDICTABLE SURPRISES”

DISASTER READY PEOPLE FOR A DISASTER READY AMERICA

What Me Worry?

I don’t know what to do It will take too much time I can’t afford it What’s the point

DISASTER DUE DILIGENCE NEWSLETTER

THIS COUNTRY’S EMERGENCY MANAGEMENT FOCUS

Tends toward response and recovery during and after a disaster.

Firestorm remains focused on establishing

nation-wide readiness before disaster strikes. Goal: Build strong Disaster Ready People and

Disaster Ready Businesses.

FIRESTORM SOLUTIONS, LLC.

Firestorm’s PREDICT. PLAN. PERFORM.™ model optimizes client outcomes in a disaster:

PREDICT. Vulnerability analysis and threat assessment

PLAN. Business continuity, pandemic, security and crisis communications planning

PERFORM. Crisis management and mitigation

UNIQUE CAPABILITIESUnparalleled Knowledge Base

In-house team of legal, risk management, human resources, technology, engineering, security and research professionals

Expert Council

Planning , Training & Exercises Enterprise Risk Management (ERM), Business Continuity Plan (BCP), Continuity

of Operations Plan (COOP), Emergency Response Plan, Disaster Recovery Plan, Crisis Communications Plan, Crisis Management Plan, Incident Red Flag Plan (identity Protection), Title IX DHS Certification, Security, Workplace Violence, and Pandemic Plan.

Crisis Management Response Services 24/7 crisis response, including onsite deployment of crisis incident response

team Threat assessment

EXPERT COUNCIL

Brings subject matter knowledge and expertise to Firestorm clients

Generates unique insights and develops the best solutions to complex problems

Provides an independent perspective and produces faster, more accurate results

Utilizes specialists from various disciplines, professions and industries

DISASTER DUE DILIGENCE

A recent study of 1200 CFOs in 79 countries indicated:

62% of businesses with over $5 billion in revenue encountered a major risk event

42% of these businesses were not prepared

DISASTER DUE DILIGENCE

If you had to respond now, are you ready?

PREDICT. PLAN. PERFORM. ™

QUESTIONS AND ANSWERS

PREDICT. PLAN. PERFORM.