As potentially stressful, chaotic and financially imposing as an emergency, disaster or crisis can be, some companies are still not prioritizing preparedness and 反应计划.
The three building blocks of emergency preparedness -识别、审核和验证可以提供有效的企业手段 emergency response plans. When all three aspects are in motion, the ongoing process of preparedness is established, giving companies the best possible prognosis for a response.
Identify Preparedness + Response Plan Criteria
随着复杂的技术网络,彩宝网正变得越来越复杂, 人力资源, 以及全球影响. Companies must routinely identify relevant risks 以及各种威胁,以便制定切实可行、符合要求和最新的应对计划. 针对未被认识到的情况,临时采取和实施计划外的应对行动往往会导致不足, and potentially damaging outcomes.
Preparedness is a continual sequence of analysis. 业务整合、增长和不断变化的威胁变量需要识别. To prepare for and respond to an incident, 应急管理人员 应确定以下准备和响应规划标准:
- 哪些风险和危害可能导致紧急情况或灾难响应事件?
- 采取了哪些流程来限制风险和危害的暴露?
- What community/environmental sensitivities exist?
- Who will respond when an incident occurs?
- What processes, 程序, and training are in place for responders?
- How will individuals/employees secure their safety?
- 应对事故需要哪些工具/设备?谁将提供这些工具/设备?
- What local, state, and/or federal organizations should be consulted?
- What regulations apply?
与风险, 威胁, and preparedness needs identified, 公司应着手制定针对具体地点的应对计划. However, preparedness does not end with a completed response plan.
检讨应变计划
应审查公司准备方案和适用的应急响应计划的准确性,并对其进行更新,以便对新发现的变量作出有效反应. 熟悉并受过准备工作培训的员工更有可能确保执行最佳实践.
Reviews of response 程序, 风险缓解 机会, 最佳实践, 响应的目标, 确保准备和有效应对措施到位的操作要求是必要的. Reviews should include, but are not limited to:
- 资料及电脑需要:检讨电脑备份的程序细节, data restoration methods, 最小的程序需要重新建立关键的业务流程. 公司应该检查当前的数据中心外包或其他替代方案,以确保连续性和可访问性
- 通知列表:响应计划管理员必须确保新分配的人员包含在计划中, 必要时, 通知被发送到准确的电子邮件地址和/或电话号码. Review contact lists to ensure all necessary information is correct
- 沟通需求:必须保持清晰有效的沟通渠道,以便向员工传播信息, assess and relay damage, and coordinate a 复苏 strategy. 评估当前的通信设备和/或大规模通知系统,以便与关键人物沟通, 公司员工, or an entire client base, as each scenario deems necessary
- 供应链:随着公司需求的变化和新供应商的出现, potential suppliers should be evaluated, and plans should be updated to reflect any changes. Alternate resources should be reviewed to ensure availability, 交付, 如果主要供应商在需要时无法获得,则继续运营
- 必要人员:确保必要的最低人员配备水平是可接受的,以保持运作. 与员工一起回顾个人职责和恢复时间目标, 承包商, 和供应商
- 设备需求:审查必要设备的可用性并建立响应流程, 复苏, and continued operations, to minimize downtime and additional 复苏 efforts
对公司应急计划的审查应包括与协作反应实体的情况汇报. 与这些外部响应人员的会议应该确认具体的计划和响应细节,这些计划和响应细节可以与最佳实践和公司协议相一致. 规划检讨须考虑的团体包括但不限于:
- Local responders (fire, police, emergency medical services, etc.)
- Government agencies (LEPC, 应急管理 Offices, etc.)
- Community organizations (Red Cross, weather services, etc.)
- Utility Company(s) (gas, electric, public works, telephone, etc.)
- Contracted Emergency Responders
- Neighboring Businesses
Verification of Effectiveness + Accuracy
无论威胁或危害如何,必须对应急响应计划的总体准确性和有效性进行评估和验证. 培训和演习是宝贵的验证工具,可以确认有效的应对规划和准备工作. Verification should include, but is not limited to:
- 一种评估紧急情况和确定事件反应优先次序的系统
- Thresholds and 程序 for activating the Incident Management or 危机管理 团队
- 通知信息(如果保持准确的联系信息具有挑战性), 考虑选择一个电子邮件验证系统,使每个联系人都能验证他们的联系信息
- 事件管理或危机管理团队成员的角色和职责
- 沟通和通知程序,以促进响应人员和事件管理团队之间的互动
- 指导方针和清单,以协助有效和有组织的反应
- 现场危险物质详细信息、响应设备和响应时间的验证
技术, such as a web-based 反应计划 system, 为公司提供平衡企业范围的标准化和特定于站点的监管标准的工具. Companies responsible for multiple buildings, possibly in various locations, 是否应通过创建事件响应政策的系统模板来表明对有效应急响应管理和计划的承诺, 程序, 和实践. These templates should enable users to incorporate the detailed, site-specific data necessary for an effective response.