The Role of Safety in Business Continuity

• By Dr. Shawn Adams, C.P.C.U., A.R.M., PHR, CHCM
• Jul 01, 2007

OVER the past few years, disasters and emergencies have garnered much attention in American society. From the disaster that did not occur, Y2K, to the attacks on the World Trade Center, the blackouts in 2003, the multiple hurricanes making landfall during 2004 in Florida, Katrina in 2005, and the droughts and subsequent wildfires as well as the flooding and mudslides in the Northwest in 2006, it seems like a steady drumbeat of bad headlines have caught America’s attention for the past few years. Like families, businesses are paying close attention to these headlines, and the issue of emergency preparedness is now becoming more of a job responsibility for many in the safety profession.

The question arises, what role does the safety professional play in the disaster preparedness of the firm? Certainly the emergency preparedness field recognizes that the safety professional is an important part of the planning team (Wallace & Webber, 2004, p. 14) and in the emergency operations center (Wallace & Webber, p. 109). However, for the safety professional to optimize his or her role, there must be a greater understanding of the basic concepts of emergency preparedness and the specific process of business disaster recovery. Safety professionals need a better understanding of the role their profession plays in the process, rather than simply knowing the four recognized emergency management stages of mitigation, preparedness, response, and disaster recovery, as outlined by the Federal Emergency Management Agency (pp. 3.1 and 3.2).

In understanding emergency management it is important to understand this field appears to be in a development phase. One of the positive effects of the recent disasters is that the emergency management field appears to be developing into a much stronger, more professional one. Also, much like safety, the concept or philosophy of emergency preparedness is developing and forever changing. For example, prior to 9/11, FEMA was an agency with its primary attention given to natural disasters. After 9/11, FEMA was incorporated in the Department of Homeland Security, where much of the focus is on terrorism prevention. Now, after Katrina, the pendulum of focus could be shifting back to preparing for natural disasters—although this might last only until the next terrorist attack.

While some terms and concepts such as the phases of disaster preparedness are becoming more static, they are evolving as the United States attempts to strike a balance between terrorism prevention and dealing with natural disasters. These efforts are being hampered by limited resources and a press whose sometimes sensational reporting results in emergency managers being asked to prepare for whatever the disaster of the day is on the nightly news.

The flux of the emergency preparedness field could result in some confusion over terms, as well as the actual purpose of the preparedness, for safety professionals. However, safety professionals understand that safety is ever-changing. Grasping the uncertainty of the emergency management field in terms of everything from the mission down to the terms and seeing the comparisons with the safety field will help safety professionals better understand and deal with the uncertainty that participating in emergency preparedness efforts can cause.

Odds Are Against Disaster Recovery
An important lesson for safety professionals is what happens to a business that experiences a disaster. After a disaster, businesses are literally fighting for their very lives. A sobering statistic from the Bureau of Labor Statistics indicates 43 percent of businesses never reopen following a disaster, and 29 percent more go out of business within two years (The Hartford & U.S. Small Business Administration, 2002, p. 14).

Even if the firm is large enough to survive, losses quickly mount, and this pressures the firm to resume operations as quickly as possible. For example, Wal- Mart had 126 stores closed during Katrina, and this does not include the losses from stores looted after the storm or delayed in reopening (Wal-Mart Facts, 2006). Media reports in the wake of the hurricane indicated telecom losses would reach $600 million (Mohammed, 2005) and the costs of interrupted economic activity might be $100 million per day (CNNMoney.com, 2005).

If concern for the workforce is not built proactively into the disaster system from the very start, it will be nearly impossible to retrofit that system after the fact in the middle of the disaster. After the World Trade Center attacks, safety professionals described the scene as “the most dangerous workplace in the US” and as being “chaos” (Groves, Ramini, Radomsky, and Flick). Attempting to retrofit concerns—regardless whether the concerns have to do with safety or the human element—into the response and recovery plans can be described as difficult, at best.

As Peter Senge pointed out, “Today’s problems come from yesterday’s ‘solutions’ ” (p. 57). When a disaster occurs, an important, overriding fact immediately emerges that the safety professional must take into consideration in order to properly understand his or her role in the system as a whole: In the rush to survive or to reduce the financial impact of a disaster, properly managing safety could be forgotten, resulting in on-the-job injuries, turnover, increased mental stresses, and other problems that could end up destroying the company or, at the least, causing substantial financial loss down the road. Safety has to be proactive in the emergency preparedness system of the firm from the start because reactivity is nearly impossible in the “chaos,” and poor safety management during the confusion of the response and recovery phases could damage or end up destroying the company.

Another important concept for safety to understand is the difficulty of prevention in emergency management. While a company might strive for zero-injury performance through being proactive and focusing heavily on activities in the pre-loss phase, the emergency preparedness field does not enjoy that luxury. For example, natural disasters cannot be prevented. In assessing disasters, one of the most important and first parts is risk analysis, with understanding the types of hazards that exist being an indispensable first step in performing the risk analysis. This is best represented by the three types of disasters and contrasting the pre- and post-loss activities during each type of disaster.

Disaster Types
FEMA (p. 2.3) lists the first type of disaster as “natural disasters.” Examples include tornadoes and earthquakes. In a planning sequence, emergency management professionals know that, unlike on-the-job injuries, they cannot realistically stop natural disasters. All that can be done is to prepare for the day when the disaster strikes. Emergency management might seek to mitigate the disaster, such as mass evacuations, and then to move into the post-loss phase and try to reduce the inevitable losses. Still, nothing can be done to prevent natural disasters.

FEMA’s second category is “intentional” disasters, which include terrorism and civil disturbance. A good example from this category and how it contrasts with the safety field is counterterrorism. Counterterrorism is designed to “deter” a terrorist attack (Wallace & Webber, p. 366). The major difference between on-the-job injuries that safety professionals try to prevent and intentional disasters is that someone was putting forth effort to cause the disaster. Law enforcement, homeland security, and military personnel are primarily responsible for dealing with intentional disasters, but only up until the disaster occurs. While law enforcement tries to stop events such as the World Trade Center Attacks and the Oklahoma City bombing, when the disaster occurs, response personnel with no actual responsibility for law enforcement, security, or military operations will take a large role in medically treating, feeding, housing, aiding financially, and other response and recovery operations for the survivors. Law enforcement, security, and the military still have a role, although a diminished one, as evidenced by the Katrina response and recovery.

FEMA’s third category is a “technological” disaster. Examples include failure of the power grid and hazardous materials spills. Technological disasters can include dam failures, such as Missouri’s Taum Sauk Dam failure in December 2005 (National Oceanic & Atmospheric Administration), and chemical plant leaks and explosions, such as the 1984 leak in the Bhopal, India. Certainly, these types of disasters could be prevented using good safety/environmental management or engineering techniques; it is in this stage that prevention could have helped prevent the disaster in the first place. The November 1999 collapse of a bonfire structure at Texas A&M University, where the bonfire had been a tradition for decades, occurred with emergency crews already on the scene (U.S. Fire Administration). Sadly, the issue of prevention was overlooked in this instance, making it an example of disasters that safety professionals could have prevented— thus eliminating the need for response and recovery.

The safety professional should note that while prevention usually is not possible with natural disasters, prevention is becoming recognized as a part of the mitigation phase as technological hazards to our society increase. This is reflected in past FEMA materials (p. 148) and in NFPA 1600, Standard on Disaster/Emergency Management and Business Continuity Programs (p. 7). The NFPA definition is: “Activities taken to eliminate or reduce the probability of the event, or reduce its severity or consequences, either prior to or following a disaster/emergency.”

However, considering the three broad categories of disasters, prevention can sometimes be impossible. Preparedness, response, and recovery—not mitigation or prevention—are the areas of focus for much of emergency management.

Apart from understanding the general concepts of emergency management, it is also important for the safety professional to understand the phases of the business recovery effort. Because most safety professionals work at for-profit firms, this specialized planning is what most should focus on (versus planning to feed and shelter the population after a disaster, as is often the focus of traditional, public administration-based emergency management). According to Wallace and Webber, the business continuity field breaks the steps or activities of business continuity and recovery into three, seemingly overlapping, phases (p. xii).

The first is disaster recovery planning (DRP). These are the plans to avoid risk, mitigate risks, or shift them to a third party. The second is business recovery planning (BRP). At this stage, the disaster has occurred, but now the firm is trying to include customers and suppliers in its recovery efforts and to ensure the assets are in place to resume operations. Plans, training, and the pre-positioning of equipment fall to those responsible for business recovery planning, as well as checking that suppliers are doing the same.

Remembering the Human Toll
The third phase is business continuity planning (BCP). In this post-loss phase, the firm is attempting to reopen after the disaster, even at reduced levels. It is here that safety arguably has the most activity, helping strategic management to remember the human elements of the recovery even while attempting to get everything “back to normal” as soon as possible. (For example, some of the rebuilding contracts for Oakland’s Cyprus Freeway following the 1989 earthquake included incentives for completing the project either quickly or at least on schedule (Jackson).

In developing emergency plans, the broadest category of stakeholders should be considered. While more stakeholders will almost certainly slow down the process, it is important that all stakeholders be included to reduce the chance that anything is overlooked. Good plans must be developed to aid in the business continuity efforts. Unfortunately, good plans can be hard to develop, and plans also can be unrealistic. A prime example was how, after the World Trade Center attacks, it was reported that “many” disaster plans counted on surviving employees’ being on site the next day to help with the response and recovery efforts. However, “After watching their friends and co-workers dying around them, getting to the recovery site was not at the top of their priority list” (Wallace & Webber, p. 37).

That traumatized people might not be ready for duty the day after being involved in a disaster makes perfect sense now, after the fact. The fact still remains that some firms did not take into account a basic human element in developing their business continuity plans.

In developing plans for business continuity, some concepts will be very familiar to safety professionals, although differently named. The field of systems safety uses general terms such as “frequency,” “potential for injury,” and “severity” to develop a cognitive framework to assess and prioritize hazards (Hagan, Montgomery, & O’Reilly, p. 172). The risk management and insurance loss control profession talks of “frequency” and “severity” (Baranoff, Harrington, & Niehaus, p. 1.15). The business recovery field talks of “likelihood.” In place of severity is “impact.” A term that might not be as familiar to the cognitive concept of systems theory that is germane to the emergency preparedness field is “restoration.” Restoration is defined as “The length of time to get our critical functions back into service, not the amount of time for a complete recovery” (Wallace & Webber, p. 38). While company management might deal with a localized problem, the emergency management field deals in a world with not only large numbers killed and injured, but also where an entire region—the schools, roads, utilities, law enforcement, etc.—might be shut down for months if not years, as was the case with Katrina. In fact, according to the Los Angeles-based advocacy group Community Advocates, physical scars from both the 1992 Rodney King riots and the 1965 Watts riot still exist (Hicks).

Safety Plays a Vital Role
In conclusion, as the safety profession seeks its role in the business continuity process, the vital role that safety professionals play must be understood. Firms experiencing a disaster are literally fighting for their lives. Prevention is not a choice for most disasters. In responding to disasters and trying to speed recovery, it is easy to take shortcuts that could result in worker’s compensation claims capable of destroying that firm, in the end.

Developing effective plans will not be easy because of the number of stakeholders involved. The emergency management profession is struggling to standardize its terms, as well as to clarify its role as the national focus shifts back and forth between natural disasters and terrorism prevention.

References
1. Baranoff, E.G., Harrington, S.E., &Niehaus, G.R. (2005). Risk Assessment. Malvern, PA: American Institute for Chartered Property Casualty Underwriters/ Insurance Institute of America.
2. CNNMoney.com (2005). Katrina Could Cost Economy $100 billion. Available online: http://money.cnn.com/2005/09/ 02/news/katrina_estimates/
3. Federal Emergency Management Agency (2005). Principles of emergency management. Washington, DC: Department of Homeland Security.
4. Groves, W.A., Ramini, R.V., Radomsky, M.C., & Flick, J.P. (2004, November). Protecting first responders. Professional Safety, Volume 48, No. 11.
5. Hagan, P.E., Montgomery, J.F., & O’Reilly, J.T. (1997). Accident prevention manual for business & industry: Administration & programs. Itasca, IL: National Safety Council.
6. The Hartford and the U.S. Small Business Administration (2002). The Smart Approach to Protecting Your Business. Hartford, CT. Available online: www.sba.gov/library/pubs/mp-28.pdf
7. Hicks, J.R. (2005, Aug. 15). Lessons from the ruins. Los Angeles, CA: Community Advocates, Inc. Available online: www.cai-la.org/120805.html
8. Jackson, B. (1998, March/April). Replacing Oakland’s Cypress Freeway. Washington, DC: Federal Highway Administration. Available online:
9. Mohammed, A. (2005, Sept. 6). Telecom damage tops $400 million. The Washington Post. Available online: www.washingtonpost.com/wp-dyn/content/article/2005/09/05/AR2005090501231.html.
10. National Fire Protection Association (2004). NFPA 1600: Standard on Disaster/ Emergency Management and Business Continuity Programs. Quincy, MA. Available online:
www.nfpa.org/assets/files/PDF/NFPA1600.pdf
11. National Oceanic & Atmospheric Administration (2005, Dec. 14). NOAA National Weather Service issues warnings as dam fails in Missouri. U.S. Department of Commerce. Washington, DC.
12. Senge, P. (1990). The fifth discipline. New York, NY: Currency Doubleday.
13. U.S. Fire Administration (1999, November). Bonfire collapse: Texas A&M University. Federal Emergency Management Agency. Washington, DC: Department of Homeland Security. Available online: http://www.usfa.fema.gov/downloads/ pdf/publications/tr-133-508.pdf
14. Wallace, M. & Webber, L. (2004). The disaster recovery handbook. New York, NY: American Management Association.
15. Wal-Mart Facts (2006). Wal-Mart’s Hurricane Katrina relief efforts. Bentonville, AR.

This article originally appeared in the July 2007 issue of Occupational Health & Safety.