Workplace Disasters and Emergencies: Weaving a ‘Safety Net’ to Protect Valuable Corporate Assets

8 December 2008 | Source: Chemical World
0 0 0.0/5

Summary
Employees, assets, infrastructure and information form the most important elements of any organization. These elements require care and protection from disasters and emergencies for long-term business continuity and growth. While most organizations realize this and implement safety plans, these are often inadequate or neglected over longer durations. A safe and conducive work environment is a must not only for progress and prosperity, but also for long-term continuity of an organization.

Introduction
It takes a disaster to galvanise people to action – ironic but true. Devastating disasters such as the Bhopal gas tragedy, Chernobyl and the 9/11 attacks underscore the need for stringent safety norms and preparedness to deal with both phenomenal catastrophes and smaller emergencies and accidents. Today, top management teams of organizations gear up to counter natural disasters like earthquakes, fires, floods and hurricanes, man-made mishaps like nuclear accidents, toxic chemical leaks, and relatively new forms of threat such as terrorist attacks, which can cause large scale destruction within seconds. This, incidentally, is aside and apart from implementing basic safety rules.

So, how can organizations ensure safety of their employees and assets? As with all complex problems, there is no one solution. However, despite the fact that every organization differs in size, infrastructure and dynamics, the first step is to create an Emergency Recovery Plan.

Disaster Management – Advance Planning
The key element of disaster management is to plan before being struck. Post-disaster situations leave you with limited options, if you are not prepared. Statistics indicate that about 40% of the businesses struck by calamities never re-start.

A good recovery plan typically works with a twin agenda of building employee awareness, and protecting employees, physical assets and information.

Employee Protection:
Most organizations today prefer being safe than sorry. They plan elaborate employee safety programmes and invest in training them to protect themselves. These measures fall under three broad categories, viz. training, evacuation, and treatment, should the first two fail.

Employees are trained in rendering first aid and are assigned specific tasks in the event of a disaster. Most firms conduct mock fire / evacuation drills. Human resource departments work hard to emphasise the importance of such training.

Pre-planning includes drawing up a detailed evacuation plan and installing ‘Exit’ signs on the evacuation route and doorways. In order to expedite evacuation, most firms display floor plans showing the vital resources and exit routes available on each floor.  Emergency lights and alarm systems are a given.

The disaster management team designates a specific location where all employees should meet in an emergency. Technology is certainly handy in this area, as firms use public address systems, voicemail messages, mass emails or sirens to alert employees of imminent danger and evacuate them.

Organizations are also prepared to handle the initial treatment of minor and major injuries. First Aid Kits are usually available throughout the premises, in addition to a health room and a physician or paramedic on call. Firms also maintain, off-site, a list of phone numbers of family members of all employees to be contacted in an emergency.

Protecting Assets and Information:
Assets, infrastructure and information complete the quartet of vital elements that form an organization. Business assets and infrastructure are protected by installing fire alarm systems throughout the facility, and sprinklers, water pumps, storm shutters and heating units at strategic locations. An effective fire fighting system requires that all work areas are fitted with fire extinguishers to fight different types of fires. Most equipment today comes with shutoff valves and auto-shut off mechanisms. Firms keen on disaster preparedness must insist on these from the equipment manufacturer. As an added precaution, they also install remote switches to shut off ignition systems.

Computers and other sensitive equipment are typically connected to backup power sources for critical machinery. Firms also ensure they have critical data docked off-site in a safe system.

Employee Awareness:
The most important step following preparation of a Disaster Preparedness Plan is to ensure that all employees are aware of it. Firms address this issue with training programmes and drills. Displaying articles and posters providing ‘how to’ information for responding to disasters at various locations in the premises also helps in spreading awareness and generating interest.

Business Continuity Planning (BCP)
Most effective organizations actively plan for business continuity in the face of disasters or emergencies. This is an exercise which is slightly broader than advance planning to manage disasters in that it includes external stakeholders (suppliers and vendors) as well as firms within an industry (but situated in different locations) and firms within a locality (sharing the same location but from different industries).

BCP begins at home, with an assessment of the company’s functioning to identify crucial functions, staff, resources and processes absolutely essential to run the business. Apart from an annual disaster management plan, firms also develop an alternative site from where the business can be run if the primary site is cut off.

Outside of the firm, the team involves participation from suppliers and vendors to develop alternative plans for business continuity. They work with firms within the industry to deal with emergencies that might affect the whole sector irrespective of location (e.g. research and development of alternate options in the event of a loss of raw material sources or fuel). They also work with firms from different industries that are located in the same region (e.g. to tackle natural disasters like earthquakes and storms or man-made ones like terror attacks).

Industry Perspectives
Most successful organizations have emergency recovery systems and processes in place to deal with accidents, disasters and calamities, and quickly recover from such occurrences, besides having preventive measures to protect life and property. Some frontrunners in this field are:

1. Kyocera Corporation
Kyocera Corporation is headquartered at Kyoto, Japan. It is in the business of manufacturing ceramic and printing devices, telecom equipment and imaging products such as solar cells, laser printers, mobile phones, and digital cameras. It acquired famous brands such as Yashica, Mita and Qualcomm to form Kyocera Wireless.

Kyocera implemented the Occupational Health and Safety Management System (OHSAS) 18001 standards to improve its work environment for the safety, health and comfort of its employees. It focuses on securing areas involving use of chemical substances, transportation of heavy materials and hazardous or dangerous work activities.  In 2006, it achieved Level 1 (no further improvement necessary) for 98.4% of work of areas across all its group companies in Japan. In 2005, the lost time accident rate across all group companies was 0.18 persons / M hours and for Kyocera Corp it was 0.13 persons / M hours, a significant improvement over 2004 rates of 0.31 and 0.19, respectively. It also achieved the least number of labour accidents and excellent safety results.

Kyocera routinely organizes disaster prevention activities, like fire-fighting competitions among employees and facility-wide mock fire drills along with local community members, to improve fire-fighting skills and fire prevention management. Every year, October is designated as the ‘Kyocera Group Safety and Disaster Prevention Awareness Month’. During this month safety and disaster prevention measures are implemented. A safety and disaster prevention team visits the plants and sites of all group companies for inspection of equipment, compliance monitoring and education / training and awareness activities.

2. Corporate Network for Disaster Response (CNDR)
Corporate Network for Disaster Response (CNDR) was formed in the aftermath of the Luzon, Philippines Earthquake on July 16, 1990, which measured 7.2 on the scale and led to 1666 deaths, over 3000 injuries and 1000 persons untraceable. The CNDR is a voluntary outfit of private companies, business enterprises and corporate bodies and institutionalized disaster relief and rehabilitation. CNDR is now a part of the Technical Working Group and the Relief and Rehabilitation Committee, which forms the National Disaster Coordinating Council (NDCC) in Philippines.

The CNDR encourages organizations to integrate risk management and corporate social responsibility as a part of organizational strategy. The CNDR plays multiple roles such as:

Experimenting with innovative approaches:
The four year Bayanihan (Philippinos working together) programme for disaster prevention, mitigation and preparedness implemented jointly by CNDR and USAID involves different sectors such as government, NGOs, corporate sector, academia and local groups. This has proved to be a successful prototype.

Stakeholder Grouping and Support:
The Philippine business sector is proficient at networking, forming alliances, lobbying and promotion. The private sector is proactively advocating reforms on disaster management policies and roles, and the concerned authorities are receptive to their suggestions, creating a successful partnership model.

Public Awareness and Education:
The CNDR, along with its media members, educates the public on disaster management. Together with the Philippine Institute of Volcanology and Seismology (PHIVOLCS), PAGASA and NDCC it has conducted several awareness seminars and the Science and Technology Caravan.

Creating a Disaster-Resistant Society:
Encouraged by the success of Bayanihan, CNDR, together with NGOs and local government bodies, is working at the village level with a focus on reduction of livelihood vulnerability of the local neighbourhood. The corporate sector will be the technical advisor for livelihood risk management.

3. Wipro Technologies
Wipro Technologies has business operations spanning several countries across the globe; it has facilities including sales offices and development centres in countries like the US, UK and Japan besides India. Wipro is one of the first organizations to achieve a BS 7799-2: 2002 certification, a new standard defined and released in the year 2003. In accordance with this framework, it has defined a detailed Disaster Recovery (DR) Policy that addresses critical aspects of physical security, information security and Business Continuity Planning.

The DR strategy of Wipro is focused on protecting critical business systems and processes across its various locations. The BCP involves developing, testing and maintaining a plan for recovery of critical IT systems in an emergency. It also involves managing availability of employees and ensuring flow of processes and operations in the face of disaster.

Wipro’s BCP:
Its BCP framework ensures complete readiness to carry out an impact analysis and risk assessment to understand the scope of recovery and restoration of valuable data. This includes preventive measures such as backup of vital technical data, server configurations etc. besides information needed for critical business processes, at remote sites.

Each strategic centre worldwide has a chief recovery officer, and a damage assessment and emergency response team to protect and recover critical data. Specialists for critical functions and processes are identified and assigned specific tasks. They are provided with visas to travel across the world in case of emergencies. Wipro has an online project / configuration team that can move data seamlessly across locations. The aim is quick response, analysis and minimization of impact, and preventing re-occurrence through well-defined policies and procedures.

Wipro’s DR Plan:
Wipro’s DR site, located at Chennai, is fully equipped to run operations in case disaster strikes at other locations. This site also serves as a remote storage facility with fireproof storage areas. The information and data generated at its worldwide locations is replicated at this site. The operations of any strategic centre across the world can be restarted, from this site, within four hours of shutdown. Once in six months a mock DR restoration drill is carried out to check preparedness of the DR infrastructure, where all systems and process at locations around the world are shut down for a whole week and operations are run from the DR site.

4. National Stock Exchange (NSE)
National Stock Exchange (NSE), one of the largest exchanges in India, focuses on Business Continuity Management (BCM) planning, which includes an elaborate Disaster Recovery (DR) plan to ensure continuity of its critical trade and settlement operations if disaster strikes.

NSE’s primary site at Bandra-Kurla comprised redundant systems with backup and failover. This was improved over the years and basic BCM was implemented. In 1998, it initially set up a DR site at Pune, which was later migrated to Chennai, since Pune falls in the seismic zone. This made it the first stock exchange in India to have a live DR site. It took a three-pronged approach as follows:

  • All important applications and equipment are replicated at this site, acting as a failover in case of disruption of operations at the primary site
  • A few not-so-critical applications will continue to run but with lesser response times and slower performance
  • Operations like software development and testing of benchmarks will be completed stopped and their deadlines will be extended.

The DR site has three mainframe class fault-tolerant machines replicating mission critical applications running at the primary site. Six UNIX servers running Oracle databases replicate back office applications like clearing and settlement. Windows NT servers are used to run mail applications. The extranet server is mirrored at an external ISP location to enable brokers to access it directly via the Internet in case of a disaster.

To test its disaster preparedness, it conducted live drills where regular operations were run from the DR site.  As the primary site grows, the DR site will reflect that growth and live drills will be conducted periodically to test disaster preparedness.

Conclusion
Disaster management and business continuity go hand in hand. A disaster preparedness or emergency recovery plan is an essential component of strategy in an effective organization. Top managements must ensure that their DR and BCP are in sync with changing needs through periodic reviews. While all types of disaster cannot be prevented, their impact can certainly be reduced by being forewarned and forearmed.

CREDITS: Suresh Lulla, Founder & Mentor, Qimpro Consultants Pvt. Ltd.
Rate this Article:

Comments

Post your comment