In light of this week’s events, I thought it would be timely to catch up with executive security expert Mac Segal, founder of AHNA Consulting Group.
As a hospitality & fixed asset subject matter expert, Mac conducts security assessments and designs comprehensive security plans for hotels, event and conference centers, corporate headquarters, production facilities, and critical infrastructure the world over.
Working extensively with owners and operators in the private and government sectors worldwide he possesses an in-depth understanding of the challenges facing the hospitality businesses and infrastructure in today’s world.
Mac leads training programs in Hotel Security, Event and Hospitality Security, Security Awareness & Suspicious Indicator Identification, Emergency Response Procedures, Counterterrorism, Covert Close Protection, and Surveillance Detection. Mac has taught thousands of hotel and hospitality employees, security professionals, government close protection units, and C-suite executives the world over.
Planning for Emergencies
By Mac Segal
Do we need security at our facility?
If the answer is no, then stop reading now.
However, if the answer is yes, then we must acknowledge that an emergency may arise. After all, “it won’t happen to us” is not an effective security strategy. Prevention is infinitely better than cure however if the worst does occur, we best be prepared.
Emergency: “A serious, unexpected and often serious situation requiring immediate action”
Emergency procedure: The emergency procedure is a plan of actions to be conducted in a certain order or manner, in response to an emergency event.
This is a dictionary description of an “emergency”, hence by definition our response to emergency situations is time-critical. Seconds can make the difference between a positive or negative outcome and hesitation or confusion can cost us dearly.
So, let us start at the end. I hope we can all agree that our primary goal is to protect human life, all the while keeping our guests and employees safe, happy, and productive. There are however other goals that cannot be ignored
– Goals of Emergency Procedures
Protect property + information/data
Ensure business continuity
Minimize financial impact + liability
These goals bring with them a tremendous responsibility that should not and cannot be taken lightly which brings me to my question? Will the emergency response plans that are currently in place actually work? Below are 9 points that must be considered to ensure your plan will work when put to the test.
– Base your emergency procedures on a reliable Risk Assessment
Good emergency procedures start with thinking about risks. Given your facilities’ specific combination of threats and vulnerabilities, what are the most important risks, and what types of emergencies should you prepare for?
The probability of occurrence is one parameter. Criticality – or the impact of the emergency on human lives, physical assets, reputations, or legal liabilities – is another. Time and money are, inevitably, also part of the mix.
There are no one-size-fits-all emergency procedure manuals. At least there shouldn’t be. A solid Risk Assessment, where site-specific consideration is given to all discoverable risks, threats, and vulnerabilities, should be the foundation of all procedures.
– Declare an Emergency
It sounds elementary however if an emergency arises, it is critical that pre-appointed members of the team identify and declare it and then initiate the Emergency Procedures. You must define what constitutes an emergency and who has the authority to declare it and through which channels that are communicated.
If there is an active shooter scenario in the lobby it is ineffective if the people in the cafeteria are blissfully unaware, they should be taking appropriate action.
Albeit fire, terror attack, or earthquake, the designated people must declare the emergency and set the Emergency Procedures in action. Everybody thinks, “it’s obvious, of course, everyone knows”. That thought can result in injuries or worse. In an emergency, you can take nothing for granted, every step must be thought through.
– Assign clear roles & responsibilities
In an emergency, “someone” usually ends up being “no one”. Everybody thinks that “someone” called 911, that “someone” locked the door, or that “someone” checked that the Children’s Area was empty.
It is essential that all critical roles and responsibilities be clearly defined. Everyone at the facility, whether the CEO, the security manager or the receptionist must know their designated tasks and their spheres of responsibility. It is crucial that nothing falls between the cracks. The same applies to crisis management teams.
Security managers must think through what actions need to be taken in an emergency, and who are the best people to carry out those actions. They should list the tasks that need to be done, making sure that all aspects are addressed, and assign a person to every one of them. For example, you must remember out-of-the-way places as well as the busiest gathering places. If there is a play area for children, it must be someone’s responsibility to check that area in an emergency.
– Designate authority
Responsibility without authority is useless. It’s like asking someone to juggle with their hands tied behind their backs. If you are going to assign roles and responsibilities, then you must also empower people to make the necessary decisions in the field. A secretary may have to order the CEO to evacuate and must be given the authority to do that with confidence.
Remember that time is critical in emergencies. If the crisis management team has to run everything by Corporate before taking action, there will be a time delay that will negatively affect the outcome. Emergencies cannot be managed by someone in an office 3000 km away. While a Global Security Operations Centre (GSOC) might be an integral part of overall emergency and crisis management, it is essential that there is someone who has the authority to make decisions on the spot.
Security managers must nominate capable people, train them well, then trust them to do their job. And as we know, trust is good – but control is better: As we will see below, regular checks and audits are a necessary part of emergency procedure maintenance.
– Check all relevant equipment regularly
Ensure that all emergency equipment is regularly checked and maintained. In an emergency, you have no time to look for phone numbers, struggle to open a closet or discover that the flashlight has no batteries.
Your SOPs must include the maintenance of all emergency equipment. Ensure that it is up to date, in good working order and accessible to whoever may need it. Think about things like local SIM cards, portable phone chargers, sat phones. Know what passports your crisis management team members hold and which countries they can enter visa-free.
– Prepare for unambiguous communication
Nothing creates confusion quite like multiple communication channels all working at cross purposes. It’s like four donkeys trying to reach the same destination by pulling a cart in four different directions.
During an emergency or while managing a crisis, clear communication is vital. The team must know where their instructions are coming from. Communication must be streamlined, unambiguous and clearly transmitted to all who need to know.
Far too often, confusion arises because team members receive contradictory instructions from different sources. Instead, security managers must define lines and methods of communication, as well as who is the issuing authority.
– Write emergency procedure manuals that people actually read and use
Most corporations have file rooms full of manuals of all shapes and sizes, including Emergency Procedures. A 450-page emergency manual is simply not effective. Come crunch time, no one will successfully page through an encyclopedia to find the appropriate response.
Remember, emergencies are time-critical. That huge manual might be great when it comes to liability concerns after the fact. It will let you can show in court that you had a procedure for just about everything, from a fire to an asteroid hitting your building. But in times of actual emergency, what is far more useful is one laminated page of bullet-point instructions written in 44-point font and posted in a clearly visible location. This way the people who need to respond have the information they require immediately, effectively, and unambiguously.
– Train as if your life depended on it (it might)
No matter how good your emergency procedures or manuals are, unless teams train in them they are useless.
Training is how people learn to act reliably in high-stress situations. The more realistic the training conditions – and the more frequent the training sessions – the better the outcome.
Of course, time and budget constraints are always an issue when it comes to training. In an ideal world, there would be plenty of both. In the real world, security managers must juggle between many priorities. We recommend that emergency procedure training becomes one of those priorities.
– Test your plan
How do you know if your emergency procedures work? You could wait for a crisis to happen and see how things go. Or you could test them ahead of time, discover what works and what doesn’t, and then adjust accordingly. We can confidently recommend the second approach.
Maybe you need better procedures. Maybe you need more training. You might even learn that some of your people are just not up to snuff and that they need to be replaced. Discovering this before an actual emergency, and taking appropriate corrective action, is infinitely preferable to the alternative.
Call them audits, tests, or whatever you want to. Do them planned or unannounced. But if you don’t regularly check your emergency procedures, then you don’t know if they are effective.
One of my favorite quotes comes from Mike Tyson’s, “Everyone has a plan until they get punched in the mouth”. This is pretty much a universal truth however that does not mean you should not have a plan. It means that you must have a plan and then be flexible and able to adapt to the realities on the ground.
Emergency response planning used to be “nice to have”, not “need to have”. Our reality today is different. Given the risk environment, we now operate in, public facilities, corporations, and strategic installations have a duty of care to ensure we are ready to respond to real threats rapidly and effectively, whenever, and wherever needed.
This is a huge subject, and we cannot, of course, cover everything in one article. The takeaway, however, is simple. Security managers need to develop routines to deal with emergency situations. They need to think things all the way through, plan procedures down to the finest resolution. Keep asking “What then?”. When you can answer that question until people are safe, when you have thought through all the steps, then you can say that you truly have an emergency plan.