Fischbein Insurance

  • About
  • Comm. Insurance
  • Comm. Property
  • Apt. Owners
  • Newsletter
  • Contact
You are here: Home / Archives for Theme 38

July 15, 2014 By admin Leave a Comment

IN: Disaster Preparedness For Your Business: Part 2

Dear Valued Customer,

In this issue of “—————-” we focus on planning for and protecting your business from a disaster.

This, the second eNewsletter in a 2-part series, provides testing and exercises that you can conduct to prepare your team. It also provides ideas and suggestions for program improvement in order that you can take corrective action where necessary. There is also a business continuity planning suite including numerous, informative videos that will help you and your team prepare and recover; in the event you are faced with a disaster scenario.

Please read on for vital planning information, and do call us for the professional guidance you will need to assess your personal or business needs. We appreciate your continued business and look forward to serving you.

Kind regards,

Filed Under: Business, Disaster, Theme 38

July 15, 2014 By admin Leave a Comment

Testing & Exercises

Misc_MazeAtoBYou should conduct testing and exercises to evaluate the effectiveness of your preparedness program, make sure employees know what to do and find any missing parts. There are many benefits to testing and exercises:

  • Train personnel; clarify roles and responsibilities
  • Reinforce knowledge of procedures, facilities, systems and equipment
  • Improve individual performance as well as organizational coordination and communications
  • Evaluate policies, plans, procedures and the knowledge and skills of team members
  • Reveal weaknesses and resource gaps
  • Comply with local laws, codes and regulations
  • Gain recognition for the emergency management and business continuity program

Testing the Plan

When you hear the word “testing,” you probably think about a pass/fail evaluation. You may find that there are parts of your preparedness program that will not work in practice. Consider a recovery strategy that requires relocating to another facility and configuring equipment at that facility. Can equipment at the alternate facility be configured in time to meet the planned recovery time objective? Can alarm systems be heard and understood throughout the building to warn all employees to take protective action? Can members of emergency response or business continuity teams be alerted to respond in the middle of the night? Testing is necessary to determine whether or not the various parts of the preparedness program will work.

Exercises

When you think about exercises, physical fitness to improve strength, flexibility and overall health comes to mind. Exercising the preparedness program helps to improve the overall strength of the preparedness program and the ability of team members to perform their roles and to carry out their responsibilities. There are several different types of exercises that can help you to evaluate your program and its capability to protect your employees, facilities, business operations, and the environment.

TESTING

Tests should be conducted to validate that business continuity recovery strategies will work. Tests should also be conducted to verify that systems and equipment perform as designed. Tests can take several forms, including the following:

Component – Individual hardware or software components or groups of related components that are part of protective systems or critical to the operation of the organization are tested.

System – A complete system test is conducted to evaluate the system’s compliance with specified requirements. A system test should also include an examination of all processes or procedures related to the system being tested.

Comprehensive – All systems and components that support the plan are tested. An example of a comprehensive test is confirming that IT operations can be restored at a backup site in the event of an extended power failure at the primary site.

Tests of information technology systems and recovery strategies should be conducted in a manner that resembles the everyday work environment. If feasible, an actual test of the components or systems used should be employed. Since tests can potentially be disruptive, tests may be performed on systems that mimic the actual operational conditions.

Inspection, testing and maintenance of building protection systems including fire detection, alarm, warning, communication, employee notification, emergency power supplies, life safety, fire suppression, pollution containment and others should be conducted in accordance with manufacturers’ instructions and regulatory requirements. If a critical warning system or protection system fails, the consequences could be significant.

A test schedule should be developed in accordance with applicable regulations, standards and best practices and designed to meet performance objectives. Records should be maintained.

Guidance on evaluating the need for testing; creating a test plan; and designing, developing, conducting and evaluating tests is provided in the Resources for Testing.

Resources for Testing
  • Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities – Recommendations of the National Institute of Standards and Technology, Special Publication 800-84
  • IT Standards, Guidelines, and Tools and Techniques for Audit and Assurance and Control Professionals – Information Systems Audit and Control Association (ISACA)
  • Fire Code – National Fire Protection Association (NFPA) 1
  • Recommended Practice on Commissioning and Integrated Testing of Fire Protection and Life Safety Systems -NFPA 3
  • Standard for the Inspection, Testing, and Maintenance of Water-Based Fire Protection Systems – NFPA 25
  • National Fire Alarm and Signaling Code – NFPA 72
  • Standard for Emergency and Standby Power Systems – NFPA 110
  • Standard on Stored Electrical Energy Emergency and Standby Power Systems – NFPA 111

EXERCISES

Post-incident critiques often confirm that experience gained during exercises was the best way to prepare teams to respond effectively to an emergency. Exercises should be designed to engage team members and get them working together to manage the response to a hypothetical incident. Exercises enhance knowledge of plans, allow members to improve their own performance and identify opportunities to improve capabilities to respond to real events.

Exercises are a great method to:

  • Evaluate the preparedness program
  • Identify planning and procedural deficiencies
  • Test or validate recently changed procedures or plans
  • Clarify roles and responsibilities
  • Obtain participant feedback and recommendations for program improvement
  • Measure improvement compared to performance objectives
  • Improve coordination between internal and external teams, organizations and entities
  • Validate training and education
  • Increase awareness and understanding of hazards and the potential impacts of hazards.
  • Assess the capabilities of existing resources and identify needed resources

TYPES OF EXERCISES

There are different types of exercises that can be used to evaluate program plans, procedures and capabilities.

  • Walkthroughs, workshops or orientation seminars
  • Tabletop exercises
  • Functional exercises
  • Full-scale exercises

Walkthroughs, workshops and orientation seminars are basic training for team members. They are designed to familiarize team members with emergency response, business continuity and crisis communications plans and their roles and responsibilities as defined in the plans.

Tabletop exercises are discussion-based sessions where team members meet in an informal, classroom setting to discuss their roles during an emergency and their responses to a particular emergency situation. A facilitator guides participants through a discussion of one or more scenarios. The duration of a tabletop exercise depends on the audience, the topic being exercised and the exercise objectives. Many tabletop exercises can be conducted in a few hours, so they are cost-effective tools to validate plans and capabilities.

Functional exercises allow personnel to validate plans and readiness by performing their duties in a simulated operational environment. Activities for a functional exercise are scenario-driven, such as the failure of a critical business function or a specific hazard scenario. Functional exercises are designed to exercise specific team members, procedures and resources (e.g. communications, warning, notifications and equipment set-up).

A full-scale exercise is as close to the real thing as possible. It is a lengthy exercise which takes place on location using, as much as possible, the equipment and personnel that would be called upon in a real event. Full-scale exercises are conducted by public agencies. They often include participation from local businesses.

DEVELOPING AN EXERCISE PROGRAM

Develop an exercise program beginning with an assessment of needs and current capabilities. Review the risk assessment and program performance objectives. Conduct a walkthrough or orientation session to familiarize team members with the preparedness plans. Review roles and responsibilities and ensure everyone is familiar with incident management. Identify probable scenarios for emergencies and business disruption. Use these scenarios as the basis for tabletop exercises. As the program matures, consider holding a functional exercise. Contact local emergency management officials to determine if there is an opportunity to participate in a full-scale exercise within your community.

Exercises should be evaluated to determine whether exercise objectives were met and to identify opportunities for program improvement. A facilitated “hot wash” discussion held at the end of an exercise is a great way to solicit feedback and identify suggestions for improvement. Evaluation forms are another way for participants to provide comments and suggestions. An after-action report that documents suggestions for improvement should be compiled following the exercise and copies should be distributed to management and others. Suggestions for improvement should be addressed through the organization’s corrective action program.

Resources for Exercises:
  • Emergency Planning Exercises for Your Organization – Federal Emergency Management Agency
  • Homeland Security Exercise, and Evaluation Program – U.S. Department of Homeland Security
  • IS-139 Exercise Design – Emergency Management Institute Independent Study Program
  • A Guide for the Conduct of Emergency Management Tabletop Activities – Oak Ridge Institute for Science and Education
  • Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities – Recommendations of the National Institute of Standards and Technology, Special Publication 800-84

Source: FEMA, “Testing & Exercises” http://www.ready.gov website. Accessed July 15, 2014. http://www.ready.gov/business/program/corrective

© Copyright 2014. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented. Read more.

Filed Under: Business, Disaster, Theme 38

July 15, 2014 By admin Leave a Comment

Program Improvement

Misc_ThumbsUpThere are opportunities for program improvement following an actual incident. A critique should be conducted to assess the response to the incident. Lessons learned from incidents that occur within the community, within the business’ industry or nationally can identify needs for preparedness program changes. Best practices and instructional guidance published by trade associations, professional societies, newsletters and government website can be resources to evaluate and improve your preparedness program.

Gaps and deficiencies identified during reviews should be recorded and addressed through a corrective action program. Reviews, evaluations and improvements should be documented and maintained on file.

PROGRAM REVIEWS

Businesses should improve the effectiveness of their preparedness programs through review of policies, performance objectives, program implementation and changes resulting from preventive and corrective actions.

TRIGGERS FOR PROGRAM REVIEWS

Reviews of the preparedness program should be conducted periodically and whenever the effectiveness of the program is questioned. The goal of program reviews is to provide assurance that the program meets the needs of the business and complies with regulations. Changes that should trigger a review of the program include the following:

  • Regulatory changes
  • New or changed processes
  • New hazards identified; vulnerability to hazards changes
  • Tests, drills or exercises identify weaknesses
  • Post incident critiques identify issues
  • Funding or budget level changes
  • New product or service launched or withdrawn
  • Company, division or business unit acquired, integrated or divested
  • Significant changes to critical suppliers or supply chain
  • Significant increase in the workforce population on-site
  • Significant changes to site, buildings or layouts
  • Changes to surrounding infrastructure

If any of these changes or triggers occurs, the program coordinator should initiate the appropriate program review.

SCOPE OF PROGRAM REVIEWS

Program reviews should assess compliance with policies; determine whether performance objectives are being met; assess the adequacy of program implementation; and determine whether preventive and corrective actions have been taken on previously identified deficiencies.

The following should also be reviewed:

  • Plans and procedures have been reviewed and are up-to-date
  • Team rosters have been updated to ensure membership is current
  • Contact information for team members, public agency contacts, contractors, vendors and suppliers
  • Resources (e.g., systems, equipment, and supplies) are in place and properly maintained
Resources for Program Reviews
  • Lessons Learned Information Sharing – U. S. Department of Homeland Security
  • U. S. Chemical Safety and Hazard Investigation Board – The CSB is an independent federal agency charged with investigating industrial chemical accidents. The CSB website provides reports on current and completed investigations as well as videos.
  • Technical Report Series – U.S. Fire Administration
  • OSHA Compliance Assistance: Success Stories and Case Studies – U.S. Occupational Safety & health Administration
  • Fatality Assessment and Control Evaluation (FACE) Program – National Institute for Occupational Safety and Health, Division of Safety Research

CORRECTIVE ACTION

Gaps and deficiencies identified during program reviews should be recorded and addressed through a corrective action program. Gaps or deficiencies in the program may be identified during training, drills, exercises, post-incident critiques, regulatory compliance audits, insurance surveys and from lessons learned.

CORRECTIVE ACTION PROGRAM

The corrective action program should document information on deficiencies. A table similar to the one on this page can be used. Include a full description of the deficiency; the action that should be taken; the resources required to address the deficiency; and justification for the need to correct the deficiency. Action on deficiencies should be assigned to the person or department best able to address the issue. A due date should be assigned and the corrective action database reviewed regularly to track progress. The status column should be updated until the deficiency has been addressed.

All program gaps or deficiencies are not equally important. Prioritization of corrective actions is helpful because funding and time are usually limited. Prioritization can also identify significant deficiencies that should be reported to management and corrected as quickly as possible. Criteria or categories for corrective action may include the following:

  • Hazards to health and safety
  • Regulatory compliance
  • Hazards to property, operations, the environment or the entity (e.g., image or reputation)
  • Conformity to national standards
  • Following industry best practices

MANAGEMENT REPORTING

Significant deficiencies should be reported to management along with appropriate information to explain the problem, how to correct it and the reasons it needs to be addressed in order to gain management support for action. Management should also be periodically informed of the status of corrective actions until deficiencies have been resolved.

Source: FEMA, “Program Improvement” http://www.ready.gov website. Accessed July 15, 2014. http://www.ready.gov/business/program/corrective

© Copyright 2014. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented. Read more.

Filed Under: Business, Disaster, Theme 38

July 15, 2014 By admin Leave a Comment

Business Continuity

Digital_LaptopEmailIf you need more help getting a business or organization prepared, please use the new Business Continuity Planning Suite developed by DHS’ National Protection and Programs Directorate and FEMA.

This software was created for any business with the need to create, improve, or update its business continuity plan. The Suite is scalable for optimal use by organizations of any size and consists of a business continuity plan (BCP) training, automated BCP and disaster recovery plan (DRP) generators, and a self-directed exercise for testing an implemented BCP. Businesses can utilize this solution to maintain normal operations and provide resilience during a disruption.

Learn about the Tools

The BCP training component of the Suite is a 30 minute video-based course, which examines the importance of BCP, provides an overview on BCP, and prepares users to write their own plans. It is broken into three segments:

  1. What is business continuity planning?
  2. Why is business continuity planning important?
  3. What is the business continuity planning process?

Upon completion of the training, users should possess a basic understanding of BCP, the process of completing a BCP, and the motivation to complete their own plan using the Suite’s BCP Generator.

The Suite’s BCP and DRP Generators, developed to guide businesses through writing BCP and DRP plans, possess an overall functionality similar to automated tax preparation tools. The BCP Generator builds a plan that guides a company through any disruption to normal operations, while the DRP Generator focuses on developing a plan specific to recovery of information technology systems. A Save and Exit option in both Generators enables users to complete their plans in increments, and a Print option enables users to produce and save hard copies.

The final component of the BCP Suite, a self-directed exercise for testing an implemented BCP, allows users to test their newly implemented business continuity and disaster recovery plans. This Homeland Security Exercise and Evaluation Program compliant table top exercise focuses on a business’ recovery efforts following selected business disruptions intended to represent a broad spectrum of threats including hurricane, earthquake, ice storm, and blackout. The goal of the exercise is to improve a business’ overall recovery capabilities and actions and the collective decision making process. It is designed to be an open, thought-provoking exchange of ideas to help develop and expand existing knowledge of policies and procedures within the framework of an organization’s BCP implementation.

Go here for Business Continuity Video Training.

Source: FEMA, “Business Continuity” http://www.ready.gov website. Accessed July 15, 2014. http://www.ready.gov/business-continuity-planning-suite

© Copyright 2014. All rights reserved. This content is strictly for informational purposes and although experts have prepared it, the reader should not substitute this information for professional insurance advice. If you have any questions, please consult your insurance professional before acting on any information presented. Read more.

Filed Under: Business, Disaster, Theme 38

[footer_backtotop]

Copyright © 2023 Fischbein Insurance Services · All Rights Reserved · SITE DESIGN BY INTOUCH ·