The impact could be severe:

• Employee sickness or death,
• Large scale absenteeism due to fear of going to work,
• Inability to meet product or service commitments,
• Failure to meet corporate contractual obligations,
• Potential of severely damaged reputation,
• Significant financial losses / loss of market-share.

History has taught us that having an all encompassing plan of what your organization will do in response to a pandemic is literally impossible to achieve and quite frankly a waste of time.  So what can we do?

"Pre-Event Response Planning"-- provide an understanding of the threat, precautionary and preventative measures that can be taken, and a roadmap of an organization's best efforts to support employees and minimize operational disruption to the business.

Here are my Top ‘10' Issues and Steps You Can Take in Response to a Pandemic:

1. Keep your employees informed - lack of understanding and fear of the unknown is a deadly combination when it comes to employee reaction to a Pandemic threat. While there are countless information sources that provide a realistic understanding of the threat, most people draw conclusions from headlines and what others are saying.
   
   Do what you can to keep your employees informed and aware of your organizations actions; a dedicated page on your internal website is a good start.



2. Support and assist their families - the number one priority of every employee in a Pandemic will naturally be their own family. Providing information to employees to assist their families in understanding the threat and what they can do at home to ease their concerns would help not only the family, but it may help employees focus on Company issues as well.



3. Manage rumors and speculation - maintain vigilance on what the media is saying and particularly what rumors, speculation and assumptions are being made in the office regarding the pandemic. Be prepared to respond each and every time something new is introduced to the rumor mill.
   
   As an employer you are obligated to provide as much ‘factual' information as possible. It's better that all employees receive a daily update during the entire threat than to allow misguided and ill-informed rumors to control the beliefs and attitudes of your employees.



4. Counter the negative impact of the news media - bad news sells and a great deal of sensational reporting will result. Where appropriate, this negative view must be tempered within your organization with facts and status information as issued by the World Health Organization (WHO) and other ‘public safety' related agencies such as your local Centre for Disease Control, as well as the positive steps your organization is taking.



5. Take precautionary and preventative measures - this may actually prevent the spread of the influenza and of equal importance, earn the trust of employees that the organization is responding in an effective manner. Adopting the WHO guidelines for controlling the spread of influenza represents the best advice available.



6. In a pandemic, over-reaction is well worth the effort - don't be swayed by some views that you don't want to over-react to a situation. Unlike most crises, a Pandemic can cause wide spread stress, panic, fear, anxiety and a great deal of confusion. Employee actions or inactions are going to be directly aligned to their attitude towards the organization and how they personally believe the situation is being managed. Do whatever it takes and keep them informed.



7. Key customer confidence is constantly at risk - how well your organization manages through a Pandemic or fails in its response to the crisis will dictate your customers' continued loyalty. You must clearly demonstrate to your customers that you are doing all you can to minimize the negative impact of the Pandemic. Keep your customers informed about your actions; offer to assist them in planning their response; work together to ensure a long term relationship is maintained.



8. Critical Service Providers put your organization at risk - direct your service providers to respond in a manner consistent with the threat and at least equal to your own response to the Pandemic. If their operations are quarantined or if they experience significant loss of life, the impact on your organization could be severe.



9. Keeping your plans a secret benefits no one - while there may be a tendency to protect the secrecy of your plans out of fear of being accused of doing to much or too little, it actually has the opposite affect. Promote what you have done; it's a significant marketing opportunity. Share your efforts and plans, not only with your employees and contractors, but with your key customers, product and service providers and even the media. Displaying your organization as being caring and proactive can deliver significant benefits.



10. Engage your experts in the planning process - it's vital that senior members of key ‘Utility' groups within your organization participate in the development of your Pre-Event Response Plan. These include: Corporate Security, Human Resources, Facilities Management, Health and Safety, Business Continuity Management. It's their combined knowledge and skills that will determine the most appropriate and complete actions that must be taken.

Operational Capability in Response to a Pandemic

Ensure your Pandemic Pre-Event Response Plan only incorporates the information you will need to effectively manage through a pandemic situation (Business Continuity Plans do not form part of a Pre-Event Response Plan).

• An understanding of the Pandemic threat
• Impact globally, nationally and to your organization
• Pandemic phases of the WHO
• Risks to your organization
• Escalating actions to be taken by Pandemic phase
• Precautionary and preventative measures taken or planned
• Appendices can include: Employee Education, Cleaning Recommendations by Pandemic Phase, as well as Medical Screening Forms and Use

Ensure your mass notification and targeted communication service capabilities can meet all of your in-crisis requirements including a quick means to incorporate all potential Stakeholders. Employees, contractors, customers, suppliers and potentially hundreds or thousands of additional Stakeholders may need to receive information, instructions or be a source of information for you.

A key communications requirement for multi-site organizations is the capability to easily initiate and rapidly change the site status message on a site-by-site basis. As the impact and status for each site will differ, so must the Site Status Message that the local employees will hear.

A Pandemic, like all crises, will constantly change in terms of impact and therefore so will the actions taken by your organization. Automatically distributing Event Status Reports based on variable criteria such as alert levels and actions taken, is key to managing rumors, speculation and assumptions.

Recognizing that some Company employees will be relied upon to respond to the Pandemic and the primary concern of those same employees will be their families, it is vitally important that they are provided with a capability, through a single call, to inform family and friends as to their personal status

It's critical that a real time ‘Event Status Report' be maintained so that you're ready to release information at any time on both a fixed and variable basis. Your Event Status Report could be issued hundreds of times during a Pandemic so version control will be necessary.

Because of the topical and potential impact of the Swine Flu, I'll continue this conversation with the next Blog.

And in the next few Blogs, I'll provide you with an operationally proven model of a ‘Pandemic Pre-Event Response Plan'. My goal will be to make this especially valuable to organizations at the early stages of addressing the Swine Flu and other Pandemic threats.

Stay tuned.

This is part two of a two-part conversation outlining 'Crisis Management Policy'. As I mentioned last week, after you've read through both Blogs, I hope you'll be convinced of the need for a formal Crisis Management policy.

Last week in Crisis Management Policy - Part 1, I discussed the:

    1.  Purpose of the Policy

    2.  Policy Statement

    3.  Scope of Policy

    4.  Accountability

This week we'll go into more detail on:

    5.  Policy Exceptions

    6.  Operational Imperatives, and

    7.  Policy Compliance

5. Policy Exceptions

My personal favorite, there are no exceptions to the policy.

6. Operational Imperatives

The Crisis Management Program is based on the principle of having the most qualified management and employees participating in the response to a crisis with the authority to take necessary actions within the rules or standards of how that crisis will be managed.

6.1 Crisis Management Organization

The Crisis Management Organization (CMO) represents the personnel chosen to participate on the Crisis Management Team or the Crisis Response Team; each team is staffed and given a primary in-crisis role as follows:

• A Crisis Management Team (CMT) is made up of a location's most senior executive and their direct reports. Deviations should only be made in the absence of team members. The CMT is the highest level in-crisis decision making authority and authorized to make any decision or take any action necessary to ensure the safety of employees and on-site visitors.

• The Crisis Response Team (CRT) is comprised of a location's ‘utility' groups, with a single representative and at least one designated backup from at least six of the following areas: Corporate Security, Safety, Employee Relations/Human Resources, Corporate Affairs and Communications, Facilities Management/Real Estate, Medical Services, Information Technologies and Business Continuity Management. The CRT is operationally responsible for all aspects of the location's response to a crisis situation and management of that event throughout its duration.

• Not every physical site or location will have a Crisis Management Organization (CMO), however; every location should be covered by a CMO.

6.2 Authority To Act

The CMO (the Crisis Management Team and Crisis Response Team) has been given the full and unconditional "authority" to take any in-crisis action deemed necessary to protect employees and on-site visitors, safeguard the company's brand image and minimize the disruption to business operations.

6.3 Crisis Management Standards

All countries/regions/locations should apply Crisis Management Standards that have been created to promote global compatibility and consistency between countries/regions/locations. This compatibility provides an "enterprise" response to events that are wide-scale, international or global in terms of threat or impact.

These "standards" can be occasionally modified to reflect changing requirements within the organization and global threat conditions. The Crisis Management Standards will direct a number of operational requirements within the Crisis Management Program, including;

• Structure and Participation on the Crisis Management Organization,
• Crisis Management Guide / Documentation,
• Crisis Management Administrative Processes,
• Continuing Education and Training Program,
• Crisis Command Center Setup and Utilization,
• Program Maintenance Requirements,
• Escalation and Notification Processes,
• Application of Alert Levels,
• In-crisis Process and Reporting,
• Pre-Event Response Planning.

7. Policy Compliance

Compliance of the Crisis Management Program is measured using a process of "Self Assessment" and by random program reviews initiated by the organization's Enterprise Risk Management program.

Crisis Management Program Self Assessment

Those accountable for the organization's Crisis Management Program should establish and maintain the risk criteria and the corresponding Crisis Management Program requirements designed to mitigate those risks.

Each Crisis Response Team is required to perform the Self Assessment on an annual basis, reporting all analysis and results to a coordinating body.

The results are summarized for presentation to company executives and provided to the respective country/region/location management team. Compliance of the policy is primarily measured against the current Crisis Management Standards.

A Crisis Management Policy should not be complex or difficult to understand. Above all else it must be enforceable and fully supported by the organization's most senior executive. And it's interesting to note that while failure of a Crisis Management Program is not considered an option for a senior executive, it's sometimes not as obvious that without full support by that senior executive, it will fail.

When people die as a result of a crisis and their deaths could have been prevented, or the malicious attacks of the media could have been countered in time, but were not -- I think you would agree that Crisis Management failed.

The good news is that Crisis Management never has to "fail" -- the bad news is that more often than not, it does. While a search for the reasons for failure and someone to blame will always ensue, the real culprit is rarely nabbed. Unfortunately, it's the simple absence of the rules-of-engagement; a policy that directs existence, structure and standards of how Crisis Management must behave in a crisis. Without rules and direction how do we know who will do what, when, how and why?

This is part one of a two part conversation outlining Crisis Management Policy. After you've read through these 2 Blogs, I hope you'll be convinced of the need for a policy.

Crisis Management is "big picture" for the organization. It's there to serve and support the entire organization on an equal basis and it must be driven by unrelenting and management-directed policy or rules.

In earlier blogs (The Building Blocks of Crisis Management), I said the absolute "job one" of Crisis Management is to minimize serious injuries and loss of life. In order to do this, the Crisis Management Organization, (the teams assigned to this critical role), must have the mandate, authority and unfettered right to take what ever actions they believe are necessary on behalf of all employees and visitors to the organization's facilities.

Achieving this without political interference or the influence of other personal agendas can be a daunting task. So here's where we need a Crisis Management Policy that reflects the will of the organization, its executive management team and even the Board of Directors or Governance Board.

The following provides a guideline on the structure and content of a Crisis Management Policy. Your legal counsel, compliance group and/or the responsible executives must customize these suggestions to "make it your own".

1.Purpose of the Policy

• The purpose of the policy is to ensure the organization can effectively respond to, manage and recover from a crisis situation. This resulting capability will provide for the safety of impacted resident employees and on-site visitors, the safeguarding of the company's brand image and the ability to prevent or otherwise minimize the loss of other assets and disruption to business operations.

2.Policy Statement

• This policy requires that all locations owned, leased, operated or otherwise occupied with employees and visitors be protected or otherwise supported by the Crisis Management Policy.

3.Scope of Policy

• This policy covers all employees and on-site visitors.

4.Accountability - Executive Management of the organization are accountable and responsible for:

• Ensuring that the Crisis Management Program is implemented throughout the organization as per the approved standards prepared by and administered by the Crisis Management Organization.
• Ensuring an appropriate level of education and training is provided to members of the Crisis Management Organization as per the standards.
• Ensuring all requirements of the Crisis Management Program are complied with as per the compliance measurement standards established.

5. 6. and 7.Policy Exceptions, Operational Imperatives, and Policy Compliance - Next week I'll go into more details on these three guidelines, but here is the short version.

• Policy Exceptions -- there are no exceptions.
• Operational Imperatives of the Crisis Management Program -- are based on the principle of having the most appropriate (qualified) management and employees participating in the response to a crisis -- with the authority to take necessary actions within the rules or standards of how that crisis will be managed.
• Policy Compliance of the Crisis Management Program -- is measured using a process of "Self Assessment" and the application of random program reviews through the organization's Enterprise Risk Management program.

I'll be doing more of these multi-part Blogs, so feel free to sign up for the email notification ... and your feedback and opinions are welcome.

 Stay tuned for Part 2.

Once again, we have experienced yet another mass shooting, this time by a disgruntled immigrant randomly killing other would-be citizens for reasons that are unknown. Undoubtedly, gun advocates and gun control activists will climb aboard their respective soap-boxes to draw their customary politically motivated conclusions. But this really should have nothing to do with the weapon-of-choice; it could have just as easily been a bomb, environmental contamination or arson.

Looking back at other premeditated mass murders, there are supposed reasons for each and to a great extent the situations are all different; except for one common fact; they are all totally unpredictable and unpreventable.

It's the unpredictability that's of greatest concern. Emotionally disturbed by their very nature, mass murderers rationalize their actions as legitimate behavior, possibly against a government or an organization that they believe is responsible for their status in life.

In an earlier blog, What's the Economic Downturn Really Doing to Crisis Management? , I discussed how the economic downturn has created an unprecedented growing threat to every employer who found it necessary to terminate large numbers of employees. For every termination, the probability increases that one or more of these people will physically attack the organization and/or the people that they hold responsible for their termination.

The fear of losing your ability to survive and care for your family is an extremely powerful and dangerous emotion; an anxiety that can grow by the day as opportunities for employment dwindle as more and more are added to the unemployment lines. This emotional trigger can be set off at any time and can easily translate into yet another mass murder or bombing of a building belonging to the organization they blame for everything that has gone wrong.

Executive Management from both the private and public sectors must stop sticking their proverbial heads in the sand

Recognize that the threat is very real and force their management teams to demonstrate what they've done to prevent or at least mitigate the impact of these events should they occur. It is no longer acceptable to simply assume such an event would never happen in their organization and make an even worse assumption that they are effectively prepared to respond.

There are any number of questions that should be asked, but this time a simple yes or no should not suffice. Executive Management and even Board's of Directors should be engaged and understand what and how the organization is responding to this ever dangerous and growing threat. Your questions should include:

• Do we have an exit interview that in part gages the emotional stability of the person being terminated? Can we at all determine if the person is a threat to the organization? Has Human Resources engaged Corporate Security as part of the process? What do we do with the results?

• What are we doing to support the people being terminated? Are our efforts being received in a positive manner? Are there other steps we can take to mitigate the threat of a disgruntled employee?

• Has our physical security been improved since the terminations began? How? What are we attempting to prevent? How do we measure its effectiveness?

• Have we engaged an organization to provide counselling services to not only those terminated, but to others that believe their jobs are also at risk? Are these counselling services available to the organization if such an event occurs?

• Have all of our emergency response plans, business continuity plans and overall Crisis Management Program been reviewed to ensure their adequacy for these current threats versus the ones on which they were originally based?

• Does our Crisis Management Program address this type of violence? Who is involved? Have our Crisis Management Teams been given the mandate, resources and tools to effectively mitigate and respond to such an event?

According to the ‘experts', hundreds of thousands of additional workers will be terminated before the global economic conditions improve. Many more premeditated attacks on employers will occur. You and your organization need to decide if you prefer to play Russian-roulette with employee safety or if you will have a well thought out crisis management plan in place to address this serious issue.

What are your plans?