The question of how organizations can better handle crisis management was explored during Facilities Management Advisor’s April 12 webinar “Moving from Passive to Active Crisis Management.”
Sean McDevitt, Director of CEM Solutions for Everbridge, spoke during the online session and is knowledgeable on facility security and cybersecurity issues, having held various leadership positions in the software-as-a-service (SaaS) industry over the last 15 years.
According to McDevitt, there are three main reasons organizations should focus on crisis management:
- Safety and security—protect people and assets
- Business continuity—ensures functional operation and preserves revenue
- Risk resiliency—optimizes performance and leads to the organization’s growth
Emerging Trends and Thoughts for 2023
As the world gets more complex, organizations face more security risks than ever, making organizational resilience even more important. This enables organizations to prepare, respond, and adapt to disruptions to not just survive but also thrive.
McDevitt believes security professionals should continue to consider how they can keep themselves, their coworkers, and their customers safe in 2023.
McDevitt advised facilities professionals to look at organizational systems that measure security effectiveness and risk severity:
- Fragile: These systems have difficulty modifying plans and can’t cope with changes. Even though this might work for static environments, it becomes a liability when facing stress.
- Robust: These can handle a specific level of stress but can’t adapt to changes. They can survive, but they can’t grow.
- Resilient: They can handle various types of stress and have adaptability features. McDevitt noted organizations that are resilient are doing better than those that work in either a fragile or a robust system.
- Antifragile: These systems are created to handle change and drive the business based on stress. They’re both social and technical and are what organizations should aim for.
When the Crisis Happens
Organizations should use metrics to show how resiliency can reduce time, money, and production as their system moves between the following steps during a crisis:
- Interruption begins—the incident occurs.
- Awareness—knowledge is gained about the crisis.
- Mitigation—the organization determines what actions need to be taken.
- Event stabilization—takes time for actions to take effect, and other actions may need to be taken.
- Recovery to optimal conditions—things go back to normal.
Based on feedback he received from critical event management and operations executives in the United States at enterprises with global organizations, McDevitt spoke of the challenges organizations are facing. The top five are a slow resolution, response systems not being integrated, a lack of repeatable communication workflows, poor business continuity during an event, and locating and communicating with employees.
As for facility security, some examples of threats security professionals should be prepared to respond to include natural disasters, hazmat incidents, political turmoil, active assailants, and utility disruption.
When communicating internally and externally during a crisis, McDevitt believes security professionals should do the following:
- Prepare: information-sharing (desktop notifications and lobby messaging), education, impact analysis, functional redundancies, strategy, and training;
- Respond: concise, correct, multimodal (different ways to communicate, such as through e-mail, text, or phone), audience-specific (messages are different for upper management, other campuses, and the building affected), and timely; and
- Recover: action-oriented, transparent, metric-driven, thorough, and enterprise-wide.
“This is realistically what every security organization needs to be striving for when it comes to the basics of emergency communications. Right time, right message, right people,” McDevitt said.
He advocates for the 3-3-30 component: no more than 3 message points, delivering 3 short sentences and keeping the key content in the first 30 words and during the first 30 seconds.
McDevitt believes organizations should focus on providing training on several physical security topics, such as travel safety skills, field team safety protocols, active shooter preparation, and tabletop exercises.
He explained this should complement the cybersecurity training most organizations provide.
To learn more about crisis management, check out the entire “Moving from Passive to Active Crisis Management” webinar for FREE on demand by clicking here.
For more upcoming events, don’t forget to check out the Facilities Management Advisor Events Page.