Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:

 

A Certification Standard Has Not Emerged In Emergency Preparedness Plans

02.05.2008
The majority of U.S. companies have a formal, written plan for emergency preparedness, according to a report released today by The Conference Board. But a widely adopted certification standard for such plans does not exist yet.

Three-quarters of the 302 senior corporate executives surveyed in mid-2007 said that an emergency preparedness plan exists in their companies. The analysis was sponsored by the U.S. Department of Homeland Security as part of an ongoing research project to assess the effectiveness of security in American companies.

The survey sample was intended to reflect the characteristics of American businesses as defined by size and industry. The sample was divided into three strata: small business (companies with $5 million to $50 million in annual sales); mid-market ($50 million to $1 billion in sales); and enterprise ($1 billion or more in sales). Within these groups of companies, the survey polled executives with responsibility for security, business continuity, crisis management, and emergency response efforts.

A “voluntary” certification process for preparedness was adopted as part of the 2007 homeland security legislation (Public Law 110-53). The choice of standards that would permit certification under the law is currently under review. As this report goes to press, it is expected that several different standards may qualify for certification.

“Currently, the most significant finding is that none of the many standards proposed for certification has attained widespread usage in the private sector,” says Thomas Cavanagh, Senior Research Associate, Global Corporate Citizenship, The Conference Board.

The most common standard is the ISO 27001/17799 information security standard, which has been implemented by 23% of the surveyed companies. Following close behind, used by 20% of companies, is NFPA 1600, which was endorsed as the National Preparedness Standard in 2004 by DHS, the U.S. Congress, the 9/11 Commission, and the American National Standards Institute (ANSI). Three other kinds of standards have all been implemented by 12% of companies.

The Larger the Company, the More Prepared for Certification
The larger companies are much more likely to have implemented the most widely known standards. At the enterprise level, 30% have adopted the ISO information security standard, compared with 24% of mid-markets and 15% of small businesses. Despite its high visibility as the National Preparedness Standard, NFPA 1600 has been implemented by 29% of large companies and less than 18% of those below the enterprise level. NIMS (the National Incident Management System) has been adopted by 19% of enterprise-level firms, compared to 10% of mid-markets and only 4% of small companies. The discrepancy is most dramatic with regard to C-TPAT, which has been implemented by one-quarter of large businesses but only single-digit percentages of companies with less than $1 billion revenue.

As with the other procedures examined, the size of the company has a major impact on the level of preparedness. Roughly three-quarters of companies at the enterprise level conduct regular risk audits, mitigation, and activation of their backup facilities, and two-thirds undertake regular tabletop exercises. Annual risk audits are conducted by 69% of mid-market companies, and 53% of mid-markets report that they conduct regular mitigation activities and backup site activation. However, only 31% conduct tabletop exercises at least once a year. Fewer than half of small businesses report that they conduct any of these activities on an annual basis.

Different industries have different approaches to the pursuit of preparedness. The clearest example is the IEEE SCADA standard, which is used by many firms in the energy industry (38%) but is rarely encountered in other sectors of the economy. NIMS is the most widely utilized in the energy and healthcare industries (38% and 29% respectively). The financial services industry leads the way in the implementation of NFPA 1600 (36%) and the ISO IT standard (33%).

Ownership Structure and Industry are Factors
Ownership structure is also strongly related to these aspects of preparedness. Among publicly traded companies, at least 70% report that they conduct risk audits, mitigation, and backup site activation at least once a year, and 59% undertake annual tabletop exercises. The proportion conducting annual risk audits falls to 58% for privately held companies and 47% for family-owned companies.

Only 52% of private firms and 37% of family-owned companies conduct annual backup activation, and regular mitigation is undertaken by 43% of private companies and 40% of family firms. Regular tabletop exercises are conducted by only one-third of private companies and one-tenth of family-owned businesses.

The financial services sector is at or near the top of the list of industries on virtually every one of these procedures, with especially impressive showings for backup facility activation (72%) and tabletop exercises (64%). Service industries are most likely to schedule “work from home” days, a procedure most commonly followed in healthcare (39%), business and professional services (36%), and other services (32%).

Crisis Communications is an Integral Component
The most common item in emergency preparedness plans is crisis communications, which is included in 91% of the plans. Almost as common is inclusion of evacuation procedures, present in 89% of plans. Other common items are securing access to facilities in 77% of plans, locating employees in 75%, first aid in 65%, liaison with first responders in 64%, legal representation in 42%, and coping with stress and trauma in 39%.

Compared with smaller companies, firms at the enterprise level are far more likely to have implemented written plans that contain these specific items. The differences are most striking with regard to organizational procedures that go beyond the immediate needs of first responders and involve dealing with stakeholders in the outside world. Eighty-eight percent of large companies have a written plan for crisis communication, compared to 63% of mid-markets and 48% of small businesses; and 52% of enterprises have a written plan for legal representation in the event of an emergency, as opposed to 24% of mid-market firms and 17% of small companies.

Some Plans Have Board Approval
Among the companies with emergency preparedness plans, 58% have had the plan approved by their board. Therefore, 43% of companies overall have written emergency preparedness plans that have been approved by the board.

Among large companies, 92% of companies have a written plan, compared with 72% of mid-markets and 58% of small businesses. But only one-third of large companies have plans that have been formally approved by their board, compared to 49% of mid-markets and 44% of small firms.

“It is quite surprising that so few large companies have board approval on their emergency preparedness plans,” says Cavanagh. “This could be because in larger companies, emergency preparedness is considered an operational rather than a strategic issue, so it may not be considered essential to send it to the board for review.”

Off-Site Storage Very Popular
The most common procedure companies currently have in place for emergency preparedness is by far the maintenance of an off-site storage of data and documents. This step is essential for business continuity in the event that a firm’s primary facility is damaged or otherwise inaccessible. Fully 81% of companies report that they store these materials off-site. But a much smaller proportion (40%) has an off-site emergency operations center. Approximately 62% of companies maintain a phone tree, and the same percentage has installed security checkpoints at entries to their facilities. With regard to other procedures, 42% have a travel management system and 21% have provided emergency survival kits to employees.

Some basic procedures are performed at least annually by a wide range of companies. Fully 83% of companies regularly update their emergency contact information, and 81% conduct fire and/or evacuation drills at least once a year.

Two-thirds of companies give regular messages about security to their employees and conduct risk assessments and vulnerability audits, while 57% follow up the audits by implementing plans to mitigate the identified weaknesses. Some 56% of companies activate their backup facility in a test at least once a year. Some other procedures are considerably less common. Only 42% of companies conduct tabletop exercises on a regular basis, and only one-quarter schedule “work from home” days in advance to test their resiliency in the event that their personnel are unable to work from their main facility.

Business Continuity Plans are Closely Related
Business continuity programs originate from the need to recover IT operations in the event of a system crash. So it is not surprising that the most frequently mentioned item in BC plans is maintaining IT systems, present in 92%. In general, the most common items on the BC checklist refer to basic utilities, facilities, and HR issues. For example, moving operations to off-site locations and communicating with employees are mentioned by 82% apiece, followed by providing telecom services (78%), backup electrical generators (77%), identifying essential employees (75%), and working from home (71%).

A second cluster of issues, which is less commonly addressed, concerns the conduct of business operations. These items include conducting financial transactions (mentioned by 70%), contingency plans with suppliers (65%), coping with an avian flu pandemic (51%), prioritizing customers (49%), disruption of business travel (40%), and alternative transportation of goods (32%). The relative lack of attention to transportation issues may be somewhat surprising and even alarming, in light of the extent to which supply and distribution chains now extend across the globe for American businesses.

Companies at the enterprise level are especially likely to have implemented business continuity plans dealing with the conduct of business operations. The energy and finance sectors are most likely to have written business continuity plans, with 92% of energy companies and 90% of financial firms reporting such a plan. These two industries also lead the way on virtually all of the specific items that were asked about in the plans. One interesting anomaly is that the healthcare sector scores quite low on many aspects of business continuity planning, often at levels comparable to the trade and industrial manufacturing sectors.

Source: Benchmarking Business Preparedness:
Plans, Procedures, and Implementation of Standards
Executive Action #267, The Conference Board
The Conference Board
The Conference Board creates and disseminates knowledge about management and the marketplace to help businesses strengthen their performance and better serve society. Working as a global independent membership organization in the public interest, The Conference Board conducts conferences, makes forecasts and assesses trends, publishes information and analysis, and brings executives together to learn from one another. The Conference Board is a not-for-profit organization and holds 501(c)(3) tax-exempt status in the United States.

Carol L. Courter | Newswise
Further information:
http://www.conference-board.org

More articles from Business and Finance:

nachricht Frugal Innovations: when less is more
19.04.2017 | Fraunhofer-Institut für Arbeitswirtschaft und Organisation IAO

nachricht Europe's microtechnology industry is attuned to growth
10.03.2017 | IVAM Fachverband für Mikrotechnik

All articles from Business and Finance >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Making lightweight construction suitable for series production

More and more automobile companies are focusing on body parts made of carbon fiber reinforced plastics (CFRP). However, manufacturing and repair costs must be further reduced in order to make CFRP more economical in use. Together with the Volkswagen AG and five other partners in the project HolQueSt 3D, the Laser Zentrum Hannover e.V. (LZH) has developed laser processes for the automatic trimming, drilling and repair of three-dimensional components.

Automated manufacturing processes are the basis for ultimately establishing the series production of CFRP components. In the project HolQueSt 3D, the LZH has...

Im Focus: Wonder material? Novel nanotube structure strengthens thin films for flexible electronics

Reflecting the structure of composites found in nature and the ancient world, researchers at the University of Illinois at Urbana-Champaign have synthesized thin carbon nanotube (CNT) textiles that exhibit both high electrical conductivity and a level of toughness that is about fifty times higher than copper films, currently used in electronics.

"The structural robustness of thin metal films has significant importance for the reliable operation of smart skin and flexible electronics including...

Im Focus: Deep inside Galaxy M87

The nearby, giant radio galaxy M87 hosts a supermassive black hole (BH) and is well-known for its bright jet dominating the spectrum over ten orders of magnitude in frequency. Due to its proximity, jet prominence, and the large black hole mass, M87 is the best laboratory for investigating the formation, acceleration, and collimation of relativistic jets. A research team led by Silke Britzen from the Max Planck Institute for Radio Astronomy in Bonn, Germany, has found strong indication for turbulent processes connecting the accretion disk and the jet of that galaxy providing insights into the longstanding problem of the origin of astrophysical jets.

Supermassive black holes form some of the most enigmatic phenomena in astrophysics. Their enormous energy output is supposed to be generated by the...

Im Focus: A Quantum Low Pass for Photons

Physicists in Garching observe novel quantum effect that limits the number of emitted photons.

The probability to find a certain number of photons inside a laser pulse usually corresponds to a classical distribution of independent events, the so-called...

Im Focus: Microprocessors based on a layer of just three atoms

Microprocessors based on atomically thin materials hold the promise of the evolution of traditional processors as well as new applications in the field of flexible electronics. Now, a TU Wien research team led by Thomas Müller has made a breakthrough in this field as part of an ongoing research project.

Two-dimensional materials, or 2D materials for short, are extremely versatile, although – or often more precisely because – they are made up of just one or a...

All Focus news of the innovation-report >>>

Anzeige

Anzeige

Event News

Fighting drug resistant tuberculosis – InfectoGnostics meets MYCO-NET² partners in Peru

28.04.2017 | Event News

Expert meeting “Health Business Connect” will connect international medical technology companies

20.04.2017 | Event News

Wenn der Computer das Gehirn austrickst

18.04.2017 | Event News

 
Latest News

Wireless power can drive tiny electronic devices in the GI tract

28.04.2017 | Medical Engineering

Ice cave in Transylvania yields window into region's past

28.04.2017 | Earth Sciences

Nose2Brain – Better Therapy for Multiple Sclerosis

28.04.2017 | Life Sciences

VideoLinks
B2B-VideoLinks
More VideoLinks >>>