It’s going to happen some day: A key employee is badly injured in an accident; a power outage knocks out your computers; a tornado takes out your warehouse. Unexpected emergencies can momentarily shut down operations, or even worse, put you out of business for weeks and force your customers to go elsewhere–and stay there. Are you prepared for this? It’s not as difficult as you think. Here’s how to plan for the inevitable:Step 1: Determine what can go wrong. The first thing you should do is complete what’s commonly referred to as a vulnerability or risk assessment. This assessment will identify what could go wrong, the effect on your business if something does go wrong, and what priority you should take in minimising your risk exposure. During this assessment, you should:
- Learn the threats and risks your business faces. Threats are anything that could happen to your people, processes, infrastructure or reputation, including natural threats (hurricanes and tornadoes), technological threats (machinery malfunctions), or human threats (stealing).
- Once you’ve identified the possible threats, determine how vulnerable you are to them. How reliable is your data backup system in the event of a power outage? Are your employees properly trained for an earthquake? What about your security system–how capable are you of preventing customer or employee theft? Determine what your most vulnerable areas are and what mitigation measures are needed to protect them.
- With threats and vulnerabilities identified, start prioritizing. Rank your threats in order of frequency. Now rank your vulnerabilities to these threats by the impact they’ll have on your business; for example, inventory results show employee theft is $5,000 per year, computer failure costs $100 per hour, and so on. Apply those numbers to the prioritised risks, and now you have a risk exposure for each threat. The higher the risk exposure, the more it’s worth your while to protect yourself from that threat.
Step 2: Develop a plan. An emergency action plan is a written procedure manual for dealing with the threats you’ve identified in step one. Some of the components of your plan will be prescribed by law, regulations or good business sense. Among these are an OSHA-directed evacuation plan, adherence to the provisions of the 1996 Health Insurance Portability and Accountability Act, the Sarbanes-Oxley antifraud law, or the National Fire Protection Association’s Life-Safety Code.
When there’s a legal requirement to do something, you’re usually–but not always–told how to comply. There are a number of different ways to create your emergency plan; however, all emergency plans tend to have the same basic elements. According to the National Safety Council, emergency actions plans should contain the following minimum elements:
- Clear, written policies that designate a chain of command, listing names and job titles of the people or departments who are responsible for making decisions, monitoring response actions, and recovering back-to-normal operations
- Names of the people responsible for assessing the degree of risk to life and property, and who exactly should be notified for various types of emergencies
- Specific instructions for shutting down equipment and production processes and stopping business activities
- Facility evacuation procedures, including a designated meeting site outside the facility and a process to account for all employees after an evacuation
- Procedures for employees who are responsible for shutting down critical operations before they evacuate the facility
- Specific training, practice schedules and equipment requirements for employees who are responsible for rescue operations, medical duties, hazardous responses, fire fighting and other responses specific to your work site
- The preferred means of reporting fires and other emergencies