For smaller organizations, Call Trees, sometimes called Phone Trees, can work.  We're talking small organizations of say 100 or 200 people with 20 to 40 people to be contacted immediately for a role to play in an emergency, with the remaining staff to be contacted up to a few hours later.

But for larger organizations, or situations where you want to contact over a 100 people immediately, it's important to set expectations with senior management around Call Trees.  I was talking to a Business Continuity Manager in a mid-sized company and we were discussing the use of their Call Tree.  I asked the question, "What if it doesn't work well, what if there is a break in the tree?"  I wanted to see if he was prepared for problems and what he had told senior management regarding Call Tree performance.

Murphy's Law

 He hesitated, and then said it worked OK in the last test.  When I pointed out that in a real emergency, key managers in an organization, are usually the ones at the front end of the Call Tree, and they're the ones moving around the office floor to talk to other managers in adjacent offices, they're not at their desks, and probably on their cell phones fielding the first calls coming in prior to the initiation of the Call Tree.  So if they don't receive the phone call to execute their branch of the Call Tree because they are busy, or they become distracted, or have other immediate priorities -- then the entire Call Tree process gets delayed.

So I asked if the manager had set expectations with executive management that Call Tree performance in an Emergency will probably be significantly less than in a test.  The answer was no -- so he's in a situation where executive management may be in for a surprise during a real emergency.

 In the short term, he had no choice but to continue to use a Call Tree so I offered a checklist he could use to help mitigate the problems associated with Call Trees.  The checklist provides a list of problem areas, and what the Call Tree initator should look for.

 But in an emergency, what can go wrong might go wrong, so it's important to set realistic expectations on what a Call Tree process will and won't do.  You really don't want company executives expecting you to execute robust, predictable Call Tree process they can depend upon in an emergency.  There are just too many people factors involved in the chain, sometimes including executives.

Derek Hemington

ERMS

ERMS is a Emergency Notification provider specializing in helping organizations manage vital emergency processes -- enabling effective communications and response to crisis situations and incidents.  ERMS goes beyond notification, addressing risk mitigation, preparedness, in-crisis response and recovery.

For information about ERMS, check out www.ermscorp.com

Stress caused by an event that has resulted in destruction, serious injuries and death can inflict anyone. No one is immune regardless of their position, title, age, sex or experience. Every person deals with stress differently, from mild anxiety to complete loss of responsive behaviour. For this reason alone, an organization should not rely on the decision making authority or capability of a single individual. The Crisis Response Team (as defined in Part D) must function on a ‘majority rules' decision making basis. You can't gamble the lives of people simply because of someone's title!

However, a significant number of organizations believe that their in-crisis decision making process should be modelled after our public authorities; whereby a single individual has the decision making authority.

For public agencies, such as; police, fire fighters, EMS, the Armed Forces, etc., there is no question operational command and control ultimately rests with a single person, a commander responsible for the event in which they are responding. However; this type of command structure does not work for 99% of organizations; those not providing ‘public emergency response services'.

Public service ‘commanders' are full-time professionals, continually trained, disciplined and qualified in ground-zero decision making; the rest of us are not. They are emotionally and politically detached from the event and its impact on your organization. Most companies' Crisis Management Organizations are comprised of volunteers, people from various operating areas of the organization. To most, Crisis Management is a part-time, add-on responsibility.

It is simply not fair or effective to place such a stressful and potentially traumatic responsibility on a single individual within your organization; nor is it healthy or politically wise for a single individual to accept such responsibility.

The Impact of Stress and Trauma

Day-to-day stress, whether personal or professional, is inconsequential to the level of stress and anxiety that will result from a major crisis. Imagine the prospect of a catastrophic event (earthquake, terrorist attack, hurricane or explosion) where destruction, death and mass confusion encapsulates everything you must do as a member of your organization's Crisis Response Team.

We all deal with stress and trauma differently; a few effectively, but for most, our focus and reasoning will be lost. A person that makes billion dollar decisions on a daily basis has refined that skill through training and experience. That ability does not mean they can withstand the stress and trauma of in-crisis decision making. While many people believe they are invincible and would gladly say ‘sure, I'll take the job', be very careful. Your organization should not be looking for a volunteer to be your in-crisis decision maker; unless of course you are simply looking for someone to blame when things go horribly wrong!

In a crisis, virtually every employee, regardless of position and role will have four personal priorities. To think or expect differently is simply wishful thinking. These are:

1. Their own personal safety,
2. The safety and well-being of their families,
3. The safety of close friends / fellow employees,
4. Their employer and their in-crisis role.

The event, its impact, resulting stress and actions based on the above could eliminate anyone's availability or effectiveness. The risk associated with a reliance on a single individual becomes an immediate single point of failure.

Team Decision Making

A large number of action steps will be required in a crisis; performed by multiple functions / departments and influenced by an even larger number of people. The challenge is to quickly and accurately determine which decisions and actions must be the focus of the CRT discussions. Actions that will be discussed, considered, approved, discarded or postponed will include:

• Actions which must be taken now.
• Actions which require the approval of the Crisis Management Team; therefore pending.
• Action alternatives which are dependent on the outcome of other actions.
• Actions which are performed external to the organization where you have little or no influence as to their outcome.
• Actions which will be taken, but you are unsure as to when.
• Actions that may be taken depending on how the event or threat unfolds.

Should all in-crisis decisions really be made by a `team` of people? The answer is definitely NO. Part D of this Information Series discussed the most competent makeup of a Crisis Response Team; each member representing a critical response group (department) that for the most part exist in the majority of organizations.

These team members are experts in their respective fields (i.e. Security, Human Resources, Public Affairs, etc.). As such, the Crisis Response Team (CRT) will rely on their individual knowledge, skills and experience to determine what actions their area of responsibility must take in a crisis situation.

Perhaps a short dissertation on the in-crisis process will better illustrate in-crisis decision making, the role of the CRT and where and how ‘majority rules decision making' comes into play.

1. Once an event has occurred or a threat is imminent, your Crisis Response Team will meet either by way of a conference call or a meeting in the Crisis Command Centre.

At this time, the priority is to conduct a ‘situational assessment':

• collect facts on the event that has occurred or the imminent threat,
• review the actions taken to-date by each of the ‘utility' groups and external agencies,
• assess any current impact on employees,
• assess any current impact on the organization's Brand image,
• assess any current impact on general operations of the organization,
• assess the probability of the event escalating or deescalating in the short term.

Based on the above assessment the Crisis Response Team must first decide, by majority vote, whether or not the situation will be declared as a ‘crisis' and therefore under the management and control of the Crisis Response Team or; the situation will be classified as an ‘incident' and as such, the response coordinated by the respective ‘utility groups'. Determining whether or not a threat or event is an actual crisis is obviously a vital process and a great candidate for future discussion.

2. In our scenario let's assume the CRT did declare the situation a ‘crisis'. The focus now becomes ‘what actions must be taken, by whom and when'; as well as communicating the ‘situational assessment' and immediate action plan to various Stakeholders within the organization, including; the Crisis Management Team (executive management), business leaders, general management and appropriate information to employees. Review Part D for a further understanding of CRT / CMT in-crisis roles and responsibilities.

Of importance during the in-crisis process is the role of the CRT Team Leader. He or she, like all other members of the team, has one vote when voting situations occur. The role of Team Leader is one of coordination, time management, ensuring operational compliance with in-crisis policies and standards and functioning as the primary interface to the CMT.

3. Focusing on next actions steps, each CRT member will provide what they believe the next steps will be from their operational perspective. Any Team member can question any recommendation being made to ensure it is well understood and in-line with the mandate and priorities of the Crisis Management Program; those being life safety, protection of the brand image and minimizing operational disruption.

Generally speaking, the CRT members only ‘vote' on recommendations being put forward by each member of the Team when there is disagreement within the Team. The approved actions are incorporated into an Event Status Report for subsequent distribution to team members and key Stakeholders.

4. As the event unfolds, the CRT will conduct regular meetings to reassess the situation, its impact, actions taken and next steps; regularly issuing Event Status Reports to ensure all Stakeholders are equally in receipt of current information. This iterative process will continue until the CRT declares the crisis has ended.

While the above represents a summary of what would be an ‘in-crisis process', it does highlight the fact that ‘majority rules decision making' is a tool available to the CRT as and when required to ensure all required actions are taken and poor or untimely decision are averted.

Benefits of Majority Rules Decision Making:

• a safeguard against emotionally driven or politically motivated actions on the part of individuals,
• ensures complete compliance with the priority of Crisis Management (life safety of employees, contractors and on-site guests),
• eliminates the unpredictability of actions caused by individual stress and trauma,
• draws on the knowledge and experience of many, versus limited reasoning capability of an individual,
• strength in numbers allows the `team` to suppress well-intentioned political interference,
• ensures the `team` remains focused on the evolving and changing impact of a threat or event,
• acts as a counter-balance to the antics of `bullies` intent on forcing their views and opinions on others,
• under the auspices of the Authority To Act (see Part B of this series) no individual can be held responsible or liable for the decisions and actions of the `team`.

Operational Considerations & Success Factors

In-crisis Decision Making can be extremely challenging. Below are several points that reinforce why `Team, Majority Rules Decision Making` should be the preferred approach.

• Let's first make it perfectly clear that a Crisis Management Program does not change your organization's first responders' responsibilities in a crisis. When something goes wrong various functions / departments respond accordingly. Corporate Security, Facilities Management, Public Affairs, Human Resources and others will all respond to an event as defined by their role, their operational mandate. As an example; if a disgruntled employee returns to the office with an automatic weapon, kills eight employees and holds several others hostage; obviously the police are called and your Corporate Security department will cordon-off the immediate area and probably evacuate the event floor. The immediate actions taken by Corporate Security are what is expected of them; they understand that role and they will react accordingly. Under no circumstance would Corporate Security in this scenario first go to the Crisis Response Team for approval of their initial actions.

• It is the role of the CRT to determine what actions are required, by whom and when they will be performed. The CRT collectively does not act on the decisions made. As an example, the CRT may determine that it is necessary to issue an ‘employee communications' informing them of the event, its impact on operations and possibly short term instructions. The CRT does not write or approve the actual communications; it ensures that the Public Affairs member on the Team and their department have the most current information on which to base the content, write and issue the communications.

• As human beings we function in a serial mode, one thought at a time. In quiet times it appears we are capable of more, of multi-tasking, even though we are not. In a stressful situation where a great deal is happening around us, our thought processing changes. Resulting confusion and delays in processing information can result in errors in analysis and decision making. A simple but effective example is when you are driving your car; you hit an icy patch on the highway, your vehicle begins to slide and you immediately slam on the brakes. That action causes the vehicle to spin uncontrollably, often resulting in personal injury and damage. In hindsight we know we should not have slammed on the brakes, but by then it is too late. In-crisis decision making parallels this example quite well; too much information being thrown at us in rapid succession cannot be effectively processed; errors in judgement and decision making can result.

• All members of the CRT will view an event or threat differently; from their perspective (which is based on their individual area of responsibility, experience and background). It is vital to evaluate every opinion or suggestion; each has merit and value. If you had a single decision maker your actions would be based on the opinion of only one person. You also have an obligation to voice your opinion. Nonetheless, every person on the team is there because they have specific `expertise` that will be required. It is necessary to listen to the experts in a given field. As an example; if the Human Resources` member of the team recommends that trauma counselling begin immediately, you probably should not strongly debate the issue even if you personally do not understand the need.

• 90% of actions to be taken will be somewhat obvious, requiring very little discussion or debate. It is the other 10% of decisions that must be managed and concluded in a timely manner. Discuss debate and even argue if necessary, but limit the time allocated before a vote is taken and proceed accordingly. If a vote is tied or even close, it would imply further discussion should ensue. Alternatively, the decision can be left to the Crisis Management Team or in a life-threatening situation; the CRT Team Leader can cast the deciding vote (however reluctant they are to do so).

• While the CRT (under the Authority To Act) has the authority to take any action necessary in a life-threatening situation, the Crisis Management Team (CMT) in reality is the highest level decision making authority and can amend, reverse or approve the recommendations / action plan of the CRT. The CMT will, in virtually all situations, recognize the expertise of the CRT and approve its decisions. Further, your organization's most senior executive (your CEO) will always retain the ultimate decision making authority (over the CRT and CMT), but will rarely if ever apply it. Awareness and training are the critical success factors for executive management.

Majority Rules Decision Making can be summed up very simply. If six of the eight people on your Crisis Response Team believe the organization should ‘turn right', one isn't sure and one believes you should ‘turn left'; you had better ‘turn right'. Now, if the sole person who said ‘turn left' is the highest titled person on the team, should he or she have the authority to over-ride the recommendation of the team's majority. The answer is a simple ‘no'.

Risk Management techniques teach us to mitigate risk; attempt where possible to prevent events or actions that can have severe consequences to people and the organization. In-crisis decision making is such a risk and can only be mitigated through team and majority rules decision making.

Finale: Part E is the final chapter in the CRPC Information Series - `In-crisis Decision Making`. We trust the information has been of value to you and your organization. This series is but a small component of the CRPC Crisis Management methodology, a model on which to base a formal Crisis Management Program; one that must to varying degrees be customized to every organization. CRPC has received a number of comments, questions and requests for additional information; all of which will be responded to over the next week or two.

Dennis C. Hamilton, FBCI Hon, is the President of Crisis Response Planning Corporation (www.crpccrisismanagement.com), an internationally recognized Crisis Management consulting services company. For over 20 years Dennis has been dedicated to the discipline of Crisis Management, earning the recognition and reputation as one of North America's foremost practitioners and advisors to businesses in all primary industries. Dennis can be reached at 416-500-5517 or dennis.hamilton@crpccrisismanagement.com.

Crisis Management Critical Success Factor:

Let's start this discussion by painting a crisis scenario. An event has occurred; your building is partially destroyed; there are several employees dead; many more seriously injured; countless unaccounted for and for those who escaped the carnage, they have scattered in a hundred different directions, getting as far away from the site as possible. The event itself is unimportant at this point in time; whether it be a terrorist attack, bombing by a disgruntled employee, an earthquake or a gas main explosion.

Unfortunately, this is also the moment in time when far too often organizations start on their road to Crisis Management ‘hell'. Let's first explore some real life experiences and some of the more common mistakes organizations make:

• Immediately a conference bridge is opened; 20, 30 and possibly 60 or more people are invited to join; and of course, several dozen more join-in uninvited. I don't think I have to explain the upheaval and confusion that will immediately follow; very little will be accomplished and most will wonder ‘why'.
• The person that runs the initial meeting or conference call is the most senior person present, whether it is the President, SVP or a Director. While well-intentioned, it is unlikely that he or she has any ‘current' expertise in Crisis Management; their title simply gives them the authority. This is not the time to teach or learn a new discipline.
• In conference calls or meetings inevitably, the people representing the ‘business' side of life will far outnumber everyone else; thereby influencing the discussion around the business and related business continuity issues; versus the Crisis Management priorities of life safety and protection of the Brand image. Your Risk Manager should be fuming!
• In the absence of coordination and anyone else making decisions, most well-intentioned executives will do so (even when they are not qualified). The real problem is that there will be multiple executives independently making decisions and public statements that will invariably be in conflict. Katrina ring a bell?
• Rumours and speculation are quickly established as ‘facts' in the minds of most and will inevitably result in panic, anxiety and stress; all of which will alter the organization's focus, as well as drive over-reaction and political interference; all based on the organization's internally perceived failures and problems.
• Negative public and media response to the perceived inaction or questionable actions on the part of the organization actually create a crisis within a crisis; one that could generate as much anxiety and stress as the event itself. Unfortunately, far too much focus will be applied to the ‘CYA' objective of some senior management; further complicating response and control of the crisis itself.

Clearly the things that could go wrong; including those listed above, can be avoided, but not through wishful thinking or a belief that your organization is unique. These pitfalls can only be avoided if your policies, standards and in-crisis processes prevent them from occurring.

Crisis Management is not terribly complex. Perhaps the events and threats you must deal with create complexity, but the Crisis Management Program itself is based on a foundation of knowledge, skills and experience that you probably already have. Its success is solely based on a clear delineation of roles and responsibilities, as well as the unwavering authority to do what is necessary to mitigate the impact of a crisis.

The Enterprise Structure

Before we get into the specifics of Crisis Management, I want to present an ‘enterprise' structure of what crisis preparedness could or should look like in the majority of organizations. I like to refer to this high-level structure as the ‘Crisis Preparedness Program' (CPP).

A CPP is comprised of four independent and when required, operationally integrated emergency response functions. Each has a mandate, a role to play, decisions to make and have specific operational owners. These are:

1. Incident Response - An Incident Response Plan represents the actions that will be taken in response to ‘specific' events (incidents) and are developed, maintained and executed by the operational (utility) group most qualified to do so. These would include plans for; violence-in-the-workplace - the responsibility of Human Resources; technology virus detection and eradication - the responsibility of Information Technologies; air / water contamination - the responsibility of Facilities Management; suspicious package - the responsibility of Corporate Security; bad press - the responsibility of Public Affairs and building evacuation - the responsibility of Safety. This list is actually quite extensive, with the number of plans easily reaching many dozen within a mid-size organization. An ‘incident' will not necessarily become a ‘crisis'; that decision is made by the Crisis Response Team and dependent on the impact of the event. As an example; receiving a bomb threat is an ‘incident' and only becomes a crisis if ignited.
2. Business Continuity Management - Business Continuity Management (BCM) is just what the name implies; plans developed to minimize operational disruption to the business (with a focus on critical business functions). Business Continuity Management is typically comprised of two response-oriented sets of plans: i) Contingency Plans which provide an alternate / temporary means of providing key aspects of the service until the full service can be restored and, ii) Recovery Plans, that provide the methods and processes to return to a full operational status once the business environment has been restored. Responsibility for Business Continuity Management must rest with those most qualified, Business Leadership and Business Continuity Planners.
3. Technology Continuity Management - Technology Continuity Management (TCM), often referred to (for some archaic reason) as Disaster Recovery, again is actually comprised of two response-oriented sets of plans: i) Contingency Plans which provide alternate technology and computing services and facilities and ii) Recovery Plans, representing the processes implemented to restore technology based services. Technology Continuity Management must always be in direct synchronization to Business Continuity Management to ensure the organization's business priorities are being satisfied. Responsibility for Technology Continuity Management in the organization is Information Technology and those assigned to the role of Technology Continuity Planners.
4. Crisis Management - Unlike the previous three Crisis Preparedness Program components, Crisis Management has multiple roles in situations that are classified as ‘crises' to an organization. The mandate of Crisis Management is primarily response and control of a situation that threatens life safety, brand image and other assets of the organization. This also represents the absolute priorities of Crisis Management and, by far, the number one priority is ‘life safety', followed by protection of the brand image. Simply put, Crisis Management must never, not even for a moment, consider an event's impact on the business until such time as the first two priorities are fully addressed. While general responsibility for direction and development of a Crisis Management Program most often resides with Corporate Security, the process of response and control is shared amongst the organization's utility groups.

This alignment of roles and responsibilities provides the framework for the most competent people in their respective area to do the job they are most qualified to do; to use the skills and expertise they possess to make decisions based on information they are provided. Put another way; would you want someone from Corporate Security deciding when Business Continuity Plans should be activated or someone from Human Resources interacting with the local police on what actions are required or someone from Health & Safety driving your technology recovery efforts; of course not, it is simply ensuring the right people are assigned the most appropriate roles.

Back to the topic at hand.....

Having provided a general framework for responding to any event or threat, let's now refocus on Crisis Management and specifically the Crisis Management Organization. I believe there are two separate teams within a Crisis Management Organization; each having a specific membership, mandate and in-crisis role. These are:

• A Crisis Management Team (CMT) should be comprised of the most senior executive and all and only his / her direct reports. The Crisis Management Team is the highest level in-crisis decision making authority; after-all making decisions are what they do best. Why should it change just because you are in a state of crisis? The only thing that is different is that, instead of their own direct reports collecting and assessing information and making recommendations for their approval, it will be a Crisis Response Team that will be collecting the facts, performing the assessment and making recommendations for their approval.
• A Crisis Response Team (CRT) should be comprised of a location's ‘utility' groups, with a single representative and at least one designated backup from the following; Corporate Security, Safety, Employee Relations / Human Resources, Corporate Affairs and Communications, Facilities Management / Real Estate, Medical Services, Information Technologies and Business Continuity Management. The Crisis Response Team is operationally responsible for all aspects of the organization's response to a crisis situation and management of that event throughout its duration.

Alignment of Role to Qualifications

Every action and every decision requires knowledge, experience, skill and a great deal of discipline. Having the wrong persons making life-safety decisions is risk mitigation in reverse! Are you willing to gamble the lives or safety of your employees for the sake of an outdated approach to in-crisis decision making.

Previously I stated that for most organization's the Crisis Response Team should be comprised of up to eight people representing key ‘utility' functions The reasons are very simple:

1. These functional groups collectively are responsible on a day-to-day basis for all emergencies, problems and crises across the organization - they possess the knowledge, skills and experience to manage a crisis - they already know what to do, when and how, should a crisis occur.
2. They represent every aspect of an organization's Crisis Preparedness Program. While it will be the Crisis Response Team that determines what in-crisis actions should be taken, it is their individual departments that have what it takes to follow through on those decisions.
3. Adopting this team structure and membership will ensure that absolutely every key internal and external stakeholder will be provided the in-crisis information they require in a consistent and timely manner.

The CRT is your SWAT Team; they are your first responders; they are the only ones that can do what needs to be done. If they need advice or additional help, let it be the CRT who determines who and when. At some point in a crisis, there may be business, financial or legal issues, but wait until there are before engaging those groups. Do not have anyone on your CRT that is not currently engaged in some aspect of your organization's Crisis Preparedness Program.

For clarity, I am not saying an organization that is in a state of crisis should ignore the ‘business'; it is most definitely critical, just not a priority of Crisis Management. It is and should be a priority of Business Leadership and the Business Continuity / Technology Continuity Management teams. Your Crisis Response Team, by way of the BCM and TCM members, will ensure Business and Technology Leadership are kept current with the status and actions being taken by the organization.

When we talk about in-crisis decision making, it is equally important to discuss in-crisis roles and responsibilities; decision making and role are often entwined.

Crisis Management Team - In-crisis Responsibilities

• highest level decision making authority for recommendations and / or alternatives provided by the CRT,
• support the mandate, role and responsibilities of the CRT across the enterprise,
• news media spokesperson / media relations,
• represent organization to families of dead or injured,
• moral support and inspiration for employees,
• deflecting well intentioned political interference away from the CRT,
• interface to Board of Directors and Shareholders,
• interface to Collective Bargaining Units,
• interface to regulatory bodies and agencies,
• address all legal and financial issues and requirements,
• address any liability issues that may arise from an event,
• interface with ‘key' customers in terms of status and actions being taken.

Crisis Response Team - In-crisis Responsibilities

• take necessary actions at the onset of a crisis,
• collect facts while dispelling rumours and speculation,
• determine if it is an ‘incident' to be responded to or a ‘crisis' to be managed, 
• continuous situational assessment as the crisis unfolds,
• determine a course of action for all response functions and groups,
• Interface to all external authorities,
• coordination of all response actions and plans,
• disseminate accurate and consistent status information,
• only provider of status information to all key stakeholders,
• enterprise-wide response and control of the threat or event,
• communicate, communicate, communicate!

Managing a crisis in some respects is similar to managing any aspect of your business. An organization goes to great extents to ensure it is organized to deliver on its corporate mandate or purpose for being. You put experience, skills and knowledge together to ensure success. In a crisis, it is no different; you must put the right experience, skills and knowledge together in order to make the best in-crisis decision you can.

Your organization has the knowledge, skills and experience necessary to manage a crisis. Make certain that those individuals make-up your Crisis Response Team and they are given the authority, responsibility and tools necessary to ensure Crisis Management will succeed.

Let them do their job - you will be amazed!

Stay tuned: Part E of the ‘In-crisis Decision Making' Series, entitled ‘Can The Majority Be Wrong?' establishes the rationale behind one of the most important in-crisis operating standards - majority rules decision making!

Dennis C. Hamilton, FBCI Hon, is the President of Crisis Response Planning Corporation (http://www.crpccrisismanagement.com/), an internationally recognized emergency management consulting services company. For over 20 years Dennis has been dedicated to the discipline of Crisis Management, earning the recognition and reputation as one of North America's foremost practitioners and advisors to businesses in all primary industries. Dennis can be reached at 416-500-5517 or dennis.hamilton@crpccrisismanagement.com This e-mail address is being protected from spam bots, you need JavaScript enabled to view it .

Crisis Management Critical Success Factor:

A Crisis Response Team (characterized in Part A), adopting a structured in-crisis process, can make effective decisions, however; if it cannot communicate those decisions and resulting actions to those who need to know, it will have the same impact as not making a decision to begin with.  Whether providing information or instructions to employees, countering rumours or issuing proactive communications to external stakeholders (i.e. customers, the media, critical service providers) the need to issue time-sensitive communications at the outset, during and after a crisis situation is the operational foundation of Crisis Management.  Every decision has a consequence and will always result in a response on the part of others.  In the absence of vital information, internal and external stakeholders will apply their own assumptions and readily make decisions; usually with an unfavourable outcome.

In-crisis Communications can be defined as: ‘The dissemination of information or instructions to internal and external stakeholders whose actions or inaction will have a measurable impact on the organization's ability to effectively manage a crisis situation.'

Role of In-crisis Communications

• Provide executive and line management with information necessary to make strategic and tactical operational decisions.
• Provide threat and event status information relevant to internal and external stakeholders.
• Manage rumours, speculation, perception and the application of assumptions as facts.
• Mitigate real-time operational risks.
• Demonstrate that proactive corporate due-diligence was applied at the onset of and during a life threatening situation.
• Provide action or no-action instructions to targeted stakeholders.
• Provide time-sensitive information to ensure the safety and well-being of employees.
• Satisfy regulatory or mandated reporting requirements.
• Keep the organization's first responders and various emergency response teams, business continuity and recovery teams focused on their response roles by sharing information and assistance to balance their commitments to the organization and obligations to their families.

The Requirement

Communication requirements in a crisis can be summed up very simply:

• Communicate to possibly thousands or even tens of thousands of stakeholders,
• Utilize multiple communication channels (telephone, email, cell phone, PDA, text messaging, fax) to ensure contact will be made,
• Reach stakeholders within minutes or very few hours.

Technological advancements in mass communications has created wide-spread and permanent expectations on the part of employees and other stakeholders; expectations that are founded on the belief that the organization possesses the capability to provide timely and vital information.

A fully automated communications / notification capability is no longer an operational nicety; the era of manual call-trees is over.  A previous CRPC article entitled ‘Call Trees - A Solution or Wishful Thinking' is probably a good read if you still rely on manual call-trees as a component of your communications strategy.

This capability can be effectively satisfied through an internally provided communications facility or through a commercially provided service.  In most cases, organizations have determined that the lower cost and well-maintained capabilities of commercially provided services far outweigh any advantages of an internally developed and maintained solution.  For organizations in search of a commercially provided solution, there may be value in reviewing the CRPC white-paper entitled ‘Emergency Notification - Service Selection Guide'.

A word of advice - don't justify the use of an automated solution solely based on your in-crisis requirements; there are countless non-emergency uses lying in wait for a solution.  Organize and facilitate a planning workshop with business leaders throughout the organization to identify uses of a communications tool; the number of justifying applications will astound you!

Consequence of Failed Communications

Executive management, Board of Directors and regulatory agencies have or will have in a crisis, expectations that your organization possesses a communications capability and that you can effectively and in a timely manner provide required information and instructions to all stakeholders in a crisis situation.

If you cannot meet these expectations, ensure the most senior executive of your organization has categorically stated and documented the decision that the organization will assume all risks and consequences of failed communications.  Those risks include;

• Loss of life or serious injuries due to the slow provision of critical life-safety information and instructions,
• Liability of executive management, Board of Directors and senior management due to failure in the provision of adequate protection and care of employees,
• Negative media reactions based on rumours, innuendo and the absence of fact-based information,
• Loss of employee trust in management that the organization will in fact provide adequate care and protection to employees while at work,
• Unfavourable market reaction by Customers and Shareholders,
• Random and conflicting decision-making by various managers having misguided, but good intent,
• Failure to satisfy regulatory requirements,
• Costly delays in response by the organizations first responders and business leaders,
• Failure to meet the legal and operational requirements of corporate due diligence,
• A permanent change in the organization's highly valued culture; which in turn affects productivity, loyalty, work ethic and long terms success or failure of the organization.

Of course if you have already implemented an automated communications solution, that is a great start.  Ensure it is designed to support what could be complex in-crisis requirements and processes of Crisis Management and all other emergency response practices of your Crisis Preparedness Program.

Stay tuned:     Part D of the ‘In-crisis Decision Making' Series, entitled ‘Let Them Do Their Job` will clearly demonstrate that you already have the knowledge and skills required to effectively manage a crisis; you simply may not be using them!

Crisis Management Critical Success Factor:

‘Providing an unconditional Authority to Act to your Crisis Response Team'.

When your organization is impacted or threatened by an event that could result in serious injuries or loss of life, critically important decisions must be made within minutes.  There is little time for debate, no time to work your way through the corporate hierarchy for approval and most certainly no time to write a report on which to gain approval.  The Crisis Response Team must have this unconditional and dictatorial authority to take what ever actions are necessary to ensure the life safety of employees.

This operational ‘Authority to Act' is at the heart of all in-crisis decision making and the cornerstone to success.

Authority To Act is a safety-net defined as; ‘The unencumbered authority given to the operational Crisis Response Team to make and act on any decisions the ‘team' believe are necessary to ensure the safety and well-being of employees; without fear of any form of retribution taken against members of the team on the part of the organization should (in hind-site) those decisions not be the most appropriate'.

Structure and Content of the Authority to Act

• This authority is premised on the understanding and acceptance on the part of the Crisis Management Team (Executive Management Team) that they have collectively accepted the responsibility as the ‘highest level in-crisis decision making authority' and are accordingly charged with that obligation.
  
• Members of the Crisis Response Team (as discussed in Issue A of Series 7) understand and accept their collective responsibility and authority as having operational control of all crisis situations, being the first remedial responders to a threat or event, having direct management and control responsibilities on behalf of the organization and having equal authority to the Corporate Crisis Management Team in a life threatening situation.
  
• While the Authority to Act can be a legally obligating commitment on the part of the organization, keep it relatively simple; there can be no qualifying conditions, prerequisites or exceptions.
  
• The ‘authority' is given to the ‘TEAM' not to individuals on the team; therefore team members should not be listed as having individual authority.
  
• It should be signed by the most senior Executive in the organization and, on behalf of the Crisis Response Team, the Corporate Crisis Manager. It should be signed annually to reinforce the organization's support of the Crisis Management Program and specifically, the Crisis Management Organization.
  
• It must be clear that the ‘authority' given is only during a time of crisis and pre-supposes that the Crisis Management Program has a clear method of determining and broadcasting that a state of crisis exists.
  
• The authority should be restricted to decisions where employees' well-being is currently impacted or is imminently threatened by an event.

It is not the legality of the Authority to Act that is important, but the trust demonstrated in the Crisis Response Team to make the best decisions it possibly can during a state of crisis.  The removal of political complications allows the intuitive capabilities of the Crisis Response Team to respond to and manage a crisis to a successful conclusion.

Stay tuned:     Part C of the ‘In-crisis Decision Making' Series, entitled ‘Communicate or Expect the Worse', to be released shortly, will put a whole new meaning to the phrase ‘the word is mightier than the sword'.

Dennis C. Hamilton, FBCI Hon, is the President of Crisis Response Planning Corporation (http://www.crpccrisismanagement.com/), an internationally recognized emergency management consulting services company.  For over 20 years Dennis has been dedicated to the discipline of Crisis Management, earning the recognition and reputation as one of North America's foremost practitioners and advisors to businesses in all primary industries.  Dennis can be reached at 416-500-5517 or dennis.hamilton@crpccrisismanagement.com.

Experience has taught us that ‘in-crisis decision making' has failed its mandate far too often and for the most part, understandably so.  Unless your Crisis Management Teams have actually participated in the response to a real-life crisis, you may simply not know the dangers that lie in-waiting.  Crises will produce:

• Stress, confusion, fear and anxiety amongst all stakeholders.
• Little or no time in which to respond.
• Missing or uncertain information (facts) on which to base decisions.
• Ineffectual interference of well-intentioned executives.
• An unpredictable situation due to an evolving threat or event.
• Inactivity on the part of internal and external stakeholders due to the unknown.
• Rumours and speculation, the number one adversary of Crisis Management.

On their own or entwined, they represent extreme pressure on those given the responsibility of in-crisis decision making.

A successful response to a crisis is first and foremost dependent on a clear recognition of the mandate and priority of Crisis Management; that being ‘the life safety and general well-being of employees and on-site contractors and guests'.  While protection of the brand image and minimizing operational disruption are vitally important, any focus other than life-safety at the outset of a crisis is simply a recipe for failure.

To counter the negative impact of these events, there are four major success factors:

1.         Having the ‘right' team responding to and managing the event.

While the organization's Executive Management Team will have an obvious role to play during a crisis situation (as the Corporate Crisis Management Team), it is operational management and control that is the conduit to a successful response.  This operational Crisis Response Team needs to be comprised of the most qualified and experienced people in emergency management (and no one else).  Senior personnel from the following groups are the only staff you have whose job it is to manage emergencies, problems and crises that impact the organization.  .

- Corporate Security                                     - Health & Safety

- Human Resources                                      - Business Continuity Management

- Public Affairs & Communications                 - Information Technology

- Facilities Management   

This is the ‘right' team to be responsible for Crisis Management response and control.

2.         Applying an in-crisis ‘majority rules' decision making process.

Stress caused by an event that has resulted in destruction, serious injuries and death can impact anyone.  No one is immune regardless of their position, title, age, sex or experience.  Every person deals with stress differently, from mild anxiety to complete loss of responsive behaviour.  For this reason, an organization should not rely on the decision making authority or capability of a single individual.  The Crisis Response Team must function on a ‘majority rules' decision making basis.  You can't gamble the lives' of people simply because of someone's title!

3.         Communicating to Stakeholders in threatening and time-critical situations.

The ‘right' team adopting a structured in-crisis process, can make effective decisions, however; if it cannot communicate those decisions to those who need to know, it will have the same impact as not making a decision to begin with.  Whether providing information or instructions to employees, countering rumours or issuing proactive communications to external stakeholders (i.e. customers, the media, critical service providers) the need to issue time-sensitive communications at the outset, during and after a crisis situation is the operational foundation of Crisis Management.  Every decision has a consequence and will always result in action or inaction on the part of others.  In the absence of information, internal and external stakeholders will apply their own assumptions and readily make their own decisions; usually not in the best interest of the organization as a whole.

4.         Providing the unconditional ‘Authority to Act' to your Crisis Response Team.

When your organization is impacted or threatened by an event that could result in serious injuries or loss of life, critically important decisions must be made within minutes.  There is little time for debate, no time to work your way through the corporate hierarchy for approval and most certainly no time to write a report on which to gain approval.  The Crisis Response Team must have this unconditional and dictatorial authority to take what ever actions are necessary to ensure the life safety of employees.

Managing a crisis to a successful conclusion is burdened with risks and pitfalls.  It can be mercilessly unforgiving, placing stress levels on team members that most can't even imagine.  For the majority of team members, participation on the organization's Crisis Response Team is not part of their job description; they are basically volunteers given the responsibility of saving lives, protecting the brand image and minimizing operational disruption.

To a great extent their success will be dependent on the implementation of Crisis Management policies, standards and processes; including the four critical success factors presented above.

Stay tuned:     These and other success criteria will be explored in detail in subsequent blogs related to this Series (In-crisis Decision Making).

Dennis C. Hamilton, FBCI Hon, is the President of Crisis Response Planning Corporation (http://www.crpccrisismanagement.com/), an internationally recognized emergency management consulting services company.  For over 20 years Dennis has been dedicated to the discipline of Crisis Management, earning the recognition and reputation as one of North America's foremost practitioners and advisors to businesses in all primary industries.  Dennis can be reached at 416-500-5517 or dennis.hamilton@crpccrisismanagement.com.

Written by Ray Ganong, guest blogger

When you're considering a solution to address notification requirements, consider the advantages of a hosted solution provider.  Notification service providers can solve a variety of business problems, some with a clear ROI.  ROI examples include proactive operational communications such as notifying delinquent credit account holders of their outstanding balances.

Other problems solved by notification services are a best practice approach to cost avoidance through the use of notification as insurance.  Examples include notification of stakeholders (including staff) about building closures. Those closures could be the result of man-made or natural events and the notification messages would direct employees to alternate work locations, or to stay at home until further notice.

If you have a need to send voice messages to a large audience consisting of thousands or even tens of thousands of recipients then the capacity of your voice network is a limiting factor.  Dedicated notification providers have purpose-built networks to accommodate the necessary traffic load, which is particularly important in crisis situations. 

Your in-house capacity for message delivery would be severely impacted by a crisis messaging solution that relied on your internal network. Your normal business operations would be degraded, and you still may not have the capacity to meet your crisis messaging requirements.

Also, having a provider that has operations that are geographically remote from your operations delivers a big advantage. You never know what network is going to be out of commission or severely degraded during a crisis. An example of this is the 2003 blackout in the north-east. Having a third-party hosted solution provider allows you to deliver critical messages to all stakeholders even if your organizations network is unavailable or constrained. By trying to send messages via multiple networks and devices, a hosted solution provider increases the probability of delivering messages to recipients.

And, don't underestimate the requirement for handling personal calls during a crisis. You have employees making outbound calls to loved ones, and you have friends and family members making inbound calls to get status updates. These calls consume valuable operational resources that degrade an organizations ability to meet normal obligations. A crisis notification solution that is hosted outside your network, and that handles these personal calls, totally offloads this type of communication from your network.

When I'm talking with people about Crisis Management there are 2 big questions that always seem to come to the surface - What is Crisis Management, really? - And who should be responsible for it in my organization?

I love talking with people about this, after all it's my favourite subject. The first answer is predictable -- it depends. If you're a small organization, Crisis Management probably means a number of things: emergency response, business continuity management, technology recovery, health and safety and a great deal more -- all of it rolled up into a single set of processes, managed by a single person or department (usually someone from IT or Facilities).

This approach may work in small organizations, but there are big-time challenges in a mid-size or large organization. The politics alone can drive this approach to fail. Add in a more complex organizational structure, a large number of employees, multiple sites, industry or government regulations, enterprise risk management requirements, etc. etc. and now you really need some serious structure!

But what does the term Crisis Management really mean?

Crisis Management is a policy driven enterprise program comprised of resources, processes and services that effectively manage an organization's response to an emergency or crisis situation; while being directed by priorities of life safety and employee support, protection of the organization's brand image and minimizing operational disruption.

In a previous blog posting (The Building Blocks of Crisis Management) I discussed in detail the need to have the most qualified people in your company participating and responsible for Crisis Management (the Crisis Response Team). If you go through an assessment in your Company you'll probably find there are a number of functional groups that truly are the most qualified. These include: Corporate Security, Human Resources, Public Affairs, Facilities Management, Safety, Health Services, Business Continuity Management and Information Technology.  I list these groups partly because that's what they do every day -- they manage problems, emergencies and crises of various sizes. If we did not have problems, emergencies and crises we would not need half the people in these functional groups and in some cases, we wouldn't need the department at all.

Please take note that I did NOT list business leadership as members of the Crisis Response Team. Their participation on the Crisis Response Team will redirect valuable time and attention to business issues; while employees and/or the company's brand image could be at risk. Business leadership should focus their attention to Business Continuity Management only.

Now, if those functional groups listed above are the ones who should participate in Crisis Management (your Crisis Response Team), whose responsibility is it to develop the Crisis Management Program, implement it enterprise-wide, secure the required support services and ensure operationally it is compliant with policies and standards?

The answer is easy, Corporate Security. Why you ask?

1. They are the most qualified and best trained in emergency response.


2. They are the most knowledgeable on the most probable of threats and risks (physical events).


3. They typically operate on a 24x7 basis, making them the only readily available resource.


4. They are usually the first to know of a threat or event and most often they have first response accountability.


5. They are or at least should be very influential with the executive decision makers to ensure there is political and operational support for a Crisis Management Program.


6. They have easy access to every business unit to garner the required support.


7. They are the best positioned to effectively work with external emergency services and agencies.


8. And, quite simply, it's their job.

But it's important not to see Corporate Security in a dictatorship role when it comes to Crisis Management.  While they should be responsible for creating and implementing Crisis Management, Corporate Security's role during a crisis is one of facilitation and coordination of the Crisis Response Team; a team that should operate on a principle of "majority rules decision making" - and that's another good topic for a future Blog.

Clearly the role and responsibility of Corporate Security is evolving at a rapid pace.  Boards of Directors, Executive Management and other key Stakeholders are recognizing threats and disruptive events are increasing both nationally and on a global basis -- and increasing the risk to employees, the brand, operations and the organization as a whole.  Virtually every Enterprise Risk Management assessment now concludes that the role and responsibility of Corporate Security must continue to evolve to protect the stability and survivability of the organization.

While Corporate Security has a number of responsibilities, few are more critical than that of Crisis Management.

Call Trees - an interesting idea...one that's been used in various forms and fashions for years.  Under the right circumstances it may even work (in small organizations that is).  More often than not, expectations far outweigh the actual probability of success.  In fact, in my 25 + years of Crisis Management experience I have never seen a manual ‘call tree' even come close to being effective in a real crisis situation.

Call trees arose from the need to communicate information or instructions to relatively large numbers of people as quickly as possible, typically in an emergency or crisis situation.  The premise is that emergency has prevented access to your facility or happens to occur when your employees are not at work.

Let's assume you must reach 2,000 employees with a single SHORT message.  Now, to start the ball rolling, you simply ask one person to call two more people and deliver the message.  Those two people would call two more people; those four people would then call eight people and so on, until you've reached all 2,000 people that must receive the message.  Simple and effective - as long as the planets are aligned, you're unbelievably lucky and every one of your employees is at home waiting for a call they are not expecting!  Bottom-line, the process simply will not work - ever, but it sure looks good on a diagram!

The number one reason for failure is the 100% probability that the call-links will be broken and that all corresponding call-chains will come to a grinding halt.  Not reaching one person could end your ability to reach 50% of your people.  Now think about reaching 2,000 people on a beautiful Saturday afternoon on a long weekend; your probability of success is zero.  It can literally take days to successfully reach everyone on the list.  This coupled with the headaches associated with maintaining accurate contact information make call trees a very ineffective tool for emergency notification.

Most call trees have people's home phone number, with the assumption they're always reachable.  Some add a cell phone, but rarely do they go past two devices.  Other than members of your Crisis and Emergency Management Teams, employees are not waiting around to receive company calls on a weekend.

Experience has shown that when you are conducting unscheduled calls, it will average at least 3 attempts per person to make contact and it could be 6.  Lots of questions come to mind, such as: how long do you wait between calls, do you attempt to find others to make additional calls; do you leave a message and assume that person will eventually make his or her calls, how do you verify that they did, do you have people call you back?  There is a consequence to every one of these questions; the answers to which will always lower the probability of success.

When you are physically calling someone to provide information and instructions, you will always exceed the projected time it takes to complete the call.  People will have questions and interestingly enough, the more senior the person you're calling, the longer the call will take.

Experience has shown that when a message is verbally passed on from person to person, the message itself begins to change on the third repeat and by the sixth repeat; the message may not even resemble the original.  In reaching 2,000 people in our scenario, the message would need to be repeated perfectly 2000 times by 1,022 people calling out.

I don't know about you, but I sure wouldn't want to bet my company's survival on 1,022 people accurately relaying a message in a short time frame.  In fact, the use of manual call trees (versus the use of automated tools such as ERMS Messenger) would never pass as an effective means to mitigate the intended risk.

For the record, to reach 2,000 employees using a manual call tree there will be 11 call levels, 1,022 people repeating the message -- it will require roughly between 6,000 and 12,000 actual calls and take anywhere from 10,000 to 34,000 minutes based on call lengths of 3 to 12 minutes and call attempts of 1 minute.  That's 167 to 567 hours of effort to complete and the time spent by the people receiving the message isn't even included in these numbers.  And it can get much worse.

By comparison, ERMS Advantage Services requires no manual effort and can make 2,000 calls in just an hour or two including time between re-dials.  It's worth a look!

Regardless of the virus or disease, there is no question that a Pandemic is a serious threat to public safety - and because of its impact on people, it could also be a serious threat to many organizations.

Lately I have been hearing shouts of panic and comments implying it's too late to do anything about it. These seem to be in direct response to the World Health Organization (WHO) raising its pandemic alert level from 3 to 4 and then to 5 within a relatively short period of time. An increase of an alert level, does not necessarily increase the actual threat or risk of global annihilation. It simply means that the number of countries with fatalities has increased, sometimes by an amount as low as one.

A Pandemic is certainly a ‘crisis', but not necessarily at an organizational level. Only if your organization is impacted through quarantine, high absenteeism or a high level of infection, is a Pandemic a true organizational crisis. Yes, it may be necessary to calm the fears of employees, improve the quality and frequency of cleaning and re-look at the assumptions applied to staff availability within Business Continuity Plans; but these precautionary steps do not make it a crisis.

WHO has stated, "from past experience, we know that influenza may cause mild disease in affluent countries, but more severe disease, with higher mortality, in developing countries". For countries such as Canada and the United States Influenza A H1N1 will not likely result in the ‘end of the world' prognostications being preached by those that could benefit from the fear factor.

At the same time, you don't want to be caught unprepared; it's simply a matter of scale and ‘when' actions should be taken. I'm speaking here about the private sector; public health authorities and agencies must be more proactive.

So my suggestion is not to worry too much about the WHO Pandemic Alert Levels, but rather focus on the actual ‘impact' of the Pandemic as and when or if it occurs, and only when that impact is on your organization. The fact that some areas of the world could be severely impacted does not necessarily make it a greater threat to your organization.

Build your response plans based on ‘actual impact' -- as the threat or impact to your organization worsens, do more to educate your: employees, contractors, critical service providers and your key Customers. Improve your cleaning and disinfection efforts and of course ‘road test' your contingency plans. Take a look at my previous blog of "Swine Flu Pandemic Response Plan - Top 10 Actions Your Company Can Take" for some additional thoughts and ideas.

Bottom-line; unless the current strain of H1N1 mutates to something more contagious and deadly, it's a reasonable conclusion that past global undertakings, lessons learned, investments made, and the world-wide reach of the World Health Organization -- will moderate the impact of the current Influenza A H1N1 Pandemic.

Be prudent, diligent, and proactive ... just don't panic.