Crisis Management Guide

(Location name goes here) CM Guide

(Company Name)

Crisis Management Guide

(address of main office) And Primary Dependent Sites:

(address) (address) (address)

Document Control

Version No Version Issue Date Last Revision Date

Supersedes Version Review Dates

Submit Revisions To Owner

Company Name Crisis Management Guide

Table of Contents

A. CRISIS RESPONSE ACTIVATION

B. LOCAL NOTIFICATION AND ESCALATION PROCESS

C. GLOBAL NOTIFICATION AND ESCALATION PROCESS

D. CONTACT LISTS

E. ACTION CONSIDERATION LISTS F. APPENDICES 1. Crisis Identification and Assessment 2. Conducting Pre-Event Response Planning 3. Preparing an In-crisis Event Status Report 4. Maintaining an In-crisis Event Log 5. Crisis Command Center Locations and Utilization 6. Conference Call Meeting Instructions 7. Principles of Crisis Management 8. Crisis Management Program Compliance 9. Glossary of Terms 10. Team Member – Exclusive Use Information

STATEMENT OF CONFIDENTIALITY

This document has been provided to members of the (Company and location name goes here) Crisis Management Organization to assist in the response, management and recovery of a crisis situation directly impacting the people or operations of (address of main office) and other facilities covered by the (location name goes here) CMO. All information contained herein is considered to be extremely confidential and is only to be used for its intended purpose. Copying this document in whole or in part is strictly prohibited for any purpose without the expressed permission of the designated (location name goes here) Crisis Manager.

INTRODUCTION

Crisis Management has more significance today than ever before. (Company Name), like many other leading companies, has been faced with managing a multitude of crisis situations. Organizations have come to realize that every day brings the possibility of a significant natural or man-made disaster / crisis that could affect the safety of (Company Name) employees, affect the image of (Company Name) or could have an adverse impact on critical business operations. (Company Name) must continue to prepare for these situations, since the way it reacts and communicates during a crisis can enhance, preserve or destroy its reputation and viability as a business. The Crisis Response Team must institute their emergency response rapidly to control the problem, the Crisis Management Team must be able to make informed decisions quickly and the Corporate Affairs and Communications team members must tell the story accurately, immediately, repeatedly and consistently. This Guide is not a complete, step-by-step, how-to-do-it manual since each crisis is unique, with varying levels of threat and impact. However, the CM Guide will provide vital information to ensure a timely and effective response. The Crisis Management Organization will use this information to increase confidence in its ability to manage a crisis in an appropriate manner as and when necessary. Whatever the crisis, members of the Crisis Management Organization must be honest, candid and flexible; they must combine a sense of urgency with sensitivity and a large measure of common sense. They must demonstrate that (Company Name) is a caring, competent and responsible company. Doing so will go a long way toward comforting our various constituencies, preventing rumors and protecting the brand image of (Company Name).

A. Crisis Response Activation The Crisis Management Program may be activated as a result of any event that impacts or threatens to impact the safety of employees, the image of (Company Name) or the availability of business processes critical to the provision of products and services. The Crisis Management Program is activated, not based on the event itself, but rather the impact the event has or may have on the organization. As an example; if an employee has been seriously injured while on company premises, the decision to activate Crisis Management is simply based on the fact there has been a serious injury, not based on the cause of that injury (e.g. violence in the workplace or bombing). Only the impact or threat of impact dictates a Crisis Management response. The Crisis Management Organization (CMO) will take operational ownership of the company’s crisis response plans when;

1. A crisis has occurred, or

2. When a possible or probable crisis situation will exist if a threatening event materializes. Activation of the Crisis Management process occurs as a result of receiving an event notification as per the Local Escalation and Notification Process (see section B of this guide) or when the CMO has been asked to respond in a ‘Pre-Event’ mode to a threatening situation (see Appendix 2, Conducting Pre-Event Response Planning). Crisis Management is routinely activated regardless of the degree or level of impact or threat. This standard initial response will conclude with a determination if the Crisis Management Program is to be activated or not based on the impact or threat as presented to the Crisis Response Team (CRT). This determination can only be made by a majority agreement of the CRT Members. There are two primary impacts or threats that will always activate the Crisis Management Program. They are;

1. Serious injury or loss of life, or

2. Inaccessibility of the facility. If either of these situations exist, the CRT has no option but to meet (physically in the Crisis Command Center or via conference call) to perform an initial assessment of the situation and determine an immediate course of action. This assessment must not only consider the actual impact an event may or has had, but the consequential impact as well. As an example, a military conflict in one part of the world could obviously create an immediate risk to the local (Company Name) facility. This situation may also consequentially create a threat to other global locations where (Company Name) owns or occupies facilities. Taking the example a bit further, the 2003 Iraq war created an immediate threat to all regional interests of American companies; including, (Company Name). Due to the potential actions of sympathetic terrorist groups, all American interests became potential targets; therefore, all (Company Name) facilities would initially be considered to be at risk.

The following table provides an analysis of various events and whether or not there would be an impact or threat to life safety, brand image or company operations. While the event itself can be devastating and require the organization to respond differently, the activation of Crisis Management is required only when the impact, not the event, can be measured.

Threat or At Risk Requiring Activation of Crisis Management Event Life Safety Image Operations Bio-Terrorism Yes No Yes Bombing Yes Yes Yes Chemical spill in area No No Yes Fire Yes Yes Yes Industrial Espionage No Yes No Kidnapping / extortion Yes Yes No Neighbor’s disaster Yes No Yes Pandemic threat Yes No Yes Power failure No No Yes Protest march in area No Yes Yes Random act of violence Yes No Yes Restructuring of organization No Yes No Terrorist Attack Yes No Yes Violence in the Workplace Yes Yes No While any event that impacts operations of the (Company Name) will usually require Business Continuity Plans to be activated, the Crisis Management Program may not. That will be determined entirely by the impact of the event and the probable length of time the disruption will last. Supporting Dependent Sites The Crisis Preparedness Program Policy dictates that every location within (Company Name) be safeguarded through the Global Security Crisis Management Program. Given that most (Company Name) locations are extremely small in terms of number of employees, it is not logical to require a location of say 5 employees to have the same crisis response capability (organization and program) as a location of 3,000 employees. Nonetheless, every location must be protected. To ensure all employees within smaller locations are provided this level of protection, a two level site classification has been established comprised of Primary Dependent Sites and Secondary Dependent Sites. Primary Dependent Sites Facilities that do not have a resident Crisis Response Team and have an employee population of approximately 100 or more are classified as ‘Primary Dependent Sites’. They are dependent on the Crisis Response Team within their geographic area. For the (location name goes here) area this means

that all (Company Name) facilities with 100 resident employees or more will be under the charge of the (location name goes here) Crisis Management Organization. Each of these facilities will have one or two CRT Site Coordinators assigned as facility subject matter experts and to coordinate (on behalf of the (location name goes here) CRT) all response and control activity within their respective facility. There are xxx ‘Primary Dependent Sites’ under the charge of the Headquarters Crisis Management Organization. They are: Address of dependent site Address of dependent site Address of dependent site ** Contact information for the Site Coordinators of each location is within Section D, Contact lists. The CRT Site Coordinators will actively participate as members of the (location name goes here) CRT ONLY when their respective site has been impacted or threatened by an event. In situations that do not have a direct impact on their respective location, the CRT Site Coordinators will only be kept informed of the event and all response and control activity. Secondary Dependent Sites Facilities that do not have a resident Crisis Response Team and have an employee population of less than 100 are classified as ‘Secondary Dependent Sites’. They are dependent on the Crisis Response Team within their geographic area. For the (location name goes here) area this means that all (Company Name) facilities with less than 100 resident employees will be under the charge of the (location name goes here) Crisis Management Organization. Each of these facilities will have one person identified as the location’s Crisis Management Site Representative to function as the interface on all events that impact or threaten to impact that location. The Site Representatives will not have any direct role in the CRT or related response and control activities; other than those tasks and activities within their respective site. Section D, Contact Lists provides a listing of all Secondary Dependent Site locations and their respective Site Representative. Establishing an Alert Level Many crises require little more than the event name itself to establish an immediate and common interpretation of the impact or threat (e.g. bombing). However; it will be far more difficult to understand the gravity of a situation (simply through the event name) for most crises that will be responded to within the Crisis Management Program. Therefore, there is a need to have a common and easy to understand ‘Crisis Classification Code’, (globally applied) to ensure there exists a consistent and equally applied definition of a crisis situation. When a region declares a ‘Level 2 Alert’, it must generally be interpreted by all company emergency response groups to mean generally the same thing, particularly in global events or threats such as an international terrorist attack that often generates an emotional response. To that end, Global Security has established an Alert Classification Structure consisting of four distinguishable codes represented by an escalating 1, 2, 3 or 4.

The Alert Classification Structure has a single purpose and that is to establish an immediate and universally applied understanding of an event that has occurred and is now classified as a crisis or a confirmed threat to (Company Name). The Alert Level is established and escalated by the CRT when it has been determined that the CRT will meet / discuss the situation. A CRT meeting or situation conference call (other than in Pre-Event Response Planning mode) will always establish a Level 1 Alert or higher. Global Security will always be notified when the Alert Level is initiated or escalated for any reason or lowered as the event is minimized. Establishing an Alert Level

Alert Level Definition Measurement Criteria Level 1 Alert An event has occurred or,

A threat is imminent. � Minor impact at this time. � It is a manageable

situation. � There exists a low

probability of escalation. Level 2 Alert An event has occurred or,

A previous Alert Level has been escalated or, A serious threat is imminent.

� Serious injury or loss of life has occurred.

� The CMT has an active role.

� It is a manageable situation.

� There exists a possibility of further escalation.

� There is a possibility of impact on the Company’s image.

� There exists a threat to company operations.

Level 3 Alert An event has occurred or, A previous Alert Level has been escalated or, A serious threat currently exists.

� Serious injury or loss of life has occurred.

� The situation is difficult to manage.

� There exists a serious threat to the Company’s image.

� There is a short-term disruption to operations.

Level 4 Alert An event has occurred or, A previous Alert Level has been escalated or, A serious threat currently exists.

� There are serious injuries or loss of life has occurred.

� The situation is very difficult to manage.

� There is a definite impact

or threat to the Company’s image.

� There will be a prolonged disruption to company operations.

A common and globally applied Alert Classification Level will provide all emergency response groups with a global interpretation of an event. Although any event that is being addressed by the Crisis Management Organization will be initiated with a Level 1 Alert, the impact or threat of an event could be initiated with a higher alert level. It is vitally important that the event itself does not determine an Event Level, but rather it is the impact or threat of impact that establishes the Event Level. As an example, the fact that a tornado has occurred is of far less importance than the impact of the tornado on an (Company Name) facility, its employees and operations. A uniform interpretation and definition of a crisis situation will provide;

� A consistent means of escalating an Alert Level,

� A common recognition of an event or threat,

� A common interpretation of a crisis,

� A clear, non-interpretative status of a situation,

� An automatic notification to (location) Headquarters. Note: In Pre-Event Planning mode, most situations that the Crisis Management Organization will be addressing will be in advance of an event or threat; in which case the organization will not be placed on ‘alert’.

B. Local Escalation and Notification process Crisis Management is based on the disciplines of ‘response, control and decision making’; all of which are based on the receipt of timely information and the recognition that there are situations where decision-making must be escalated to higher-level management. Crisis Management is also based on a ‘team’ approach, eliminating individual decision-making. Stress, chaos and confusion will often exist in a crisis situation; that in turn can place an extreme level of pressure on an individual; therefore their ability to make rationale, effective and timely decisions, no matter the triviality or impact.

As such, it is mandatory to ensure an automatic, emotionless process exists to notify all parties of a situation; ensuring senior levels of management are kept informed in the event that timely and well informed decisions are to be made. The Notification and Escalation process removes the opportunity for individual decision making while ensuring all stakeholders are informed in an orderly and timely fashion. There can be no deviations from the process; there can be no short-cuts performed; the only actions that can be taken are those that are provided for.

?

? Life Safety Image Operations

?

Standard Safety & Security Emergency Management Plans

are activated as required

Impact or

threat

CRT Team Leader to be Informed of Event

CRT Meeting or

Conference

All CRT Team Members to be Notified of the Event

CMT Crisis Manager to be

Informed of Event

All CMT Team Members to be

Informed of Event

CMT Meeting or Conference

All GLT Members to be

Informed of Event

Global Security Crisis Management Program

LOCAL

Notification and Escalation Process Flow Diagram

for

(location name goes here) (main address goes here)

Event or Threat

Recognition of Event or Threat

If ‘loss of life’, a 24 hour / day notification process is implemented. If ‘serious injury’, notification is only to take place in reasonable hours (9:00 a.m. to 9:00 p.m.).

CRT will issue at least a Level 1 Alert

?

Crisis Management Local Notification and Escalation Process Any person that detects an event or threatening situation that endangers people, property or operations of (Company Name) should contact Security.

1. Security will, upon notification of an event, determine the need to contact the CRT Leader or, in his / her absence, the designated backup or alternatively any listed member of the CRT.

2. The CRT Leader will determine when and where the CRT will meet or alternatively to conduct a conference call to discuss the event or threat. The CRT will determine the Alert Classification Level and issue the appropriate Alert Level.

3. The CRT Leader will contact the CMT Crisis Manager or his / her alternate, providing an update on the event or threat, actions taken to-date and when and how the CRT will be meeting to deal with the situation.

4. Depending on the event, Business Contingency and Recovery teams will be put on alert or activated.

5. The CMT Crisis Manager will notify all CMT members of the situation and, as required, the CMT will meet in person or via conference call to review the CRT’s Event Status Report.

C. Global Notification and Escalation Process Many events or threats have global ramifications within (Company Name); including, terrorism and major threats to the company’s image. As such, it is necessary to ensure, on a global basis, that all Crisis Management Organizations are initially informed and subsequently keep abreast of all relevant information regarding the threat or event. It is mandatory that the impacted Crisis Management Organization notify Global Security and the Corporate Crisis Manager in three situations.

1. When a crisis situation is initiated or escalated to Alert Level 3 or higher.

2. As a result of any act of terrorism directly against a facility or its employees.

3. When an event threatens or impacts ONLY a (Company Name) facility and has gained any level coverage in the news media. Note: (location name goes here) Security will notify Global Security of any event that impacts their facilities or employees, regardless of the Alert Level. Note: The Corporate Crisis Manager will keep the CRT Leader of all Crisis Management Organizations informed as to the event and its impact if there is a potential threat to other locations, regions or countries.

D. Contact Lists

Crisis Response Team

Contact Numbers Team Member Function Work Tel. # Home Tel. # Home Email Cell # Assistant

Global Security

Corporate Safety

Employee Communications

H.R. / Employee Relations

Facilities / Real Estate

Health Services

Business Continuity Management

Technologies

CRT Team Leader - xxxxx xxxxxxxxxx Alternate CRT Team Leader – xxxxx xxxxxxxxxx

Crisis Response Team – Designated Backups


Global Security

Corporate Safety

Employee Communications

H.R. / Employee Relations

Facilities / Real Estate

Health Services

Business Continuity Management

Technologies

Crisis Management Team


CMT Team Leader - xxxxx xxxxxxxxxx Alternate # 1 CMT Team Leader – xxxxx xxxxxxxxxx Alternate #2 CMT Team Leader – xxxxx xxxxxxxxxx

Primary Dependent Sites - Site Coordinators

(location name goes here) Area Locations

Contact Numbers Location Site Coordinators Work Tel. # Home Tel. # Home Email Cell # Alternate /

Assistant

Secondary Dependent Sites - Contacts


Contact Numbers Location Site Contact Work Tel. # Home Tel. # Home Email Cell # Alternate /

Assistant

Secondary Dependent Sites – Contacts Continued


Contact Numbers Location Site Contact Work Tel. # Home Tel. # Home Email Cell # Alternate /

Assistant

Global Leadership Team (GLT)


Chairman’s Direct Reports


Emergency Contact Numbers

EMERGENCY SERVICE NUMBER COMMENTS

Business Resumption Line (Employee Information Hotline) menu driven

Security Manager (name goes here)

Security Supervisors (name goes here)

Security Console (location name goes here) 24 hours / 7 days

Location address and telephone number See Appendix 5 for details


Crises Command Centers

Primary Site

Alternate Site 1

Alternate Site 2



Center For Disease Control

404-639-3311

770-488-7100

404-639-0385

General Number

Emergency Hotline

Bioterrorism Preparedness and Response Program

Local Fire Department (station number and address)

Emergency Number

Non-emergency Number

Local Police Department (precinct and address)

Emergency Number

Non-emergency Number

Ambulance Services

City Ambulance Service

AMR (private ambulance service)

Employee Assistance Program

Help Desk

CM Conference Line

Poison Control Center


Corporate Travel xxx-xxx-xxxx

Global Real Estate

Utility Company

Electricity / Steam / Gas

xxx-xxx-xxxx

Emergency Desk staffed 24 hours / day

Records Retention Service

xxx-xxx-xxxx Company and Contact Name

Bio-terrorism Related Contacts

xxx-xxx-xxxx

xxx-xxx-xxxx

xxx-xxx-xxxx

xxx-xxx-xxxx

xxx-xxx-xxxx

xxx-xxx-xxxx

xxx-xxx-xxxx

(State name goes here) Department of Health

Communicable Disease Program

After Hours Duty Officer

Laboratory

(location name goes here) Dept. of Health and Hygiene

Communicable Disease Program

After Hours Within (location name goes here)

After Hours Outside (location name goes

here)

Public Health Laboratories


Radiological Terrorism Related Contacts

xxx-xxx-xxxx

xxx-xxx-xxxx

xxx-xxx-xxxx

xxx-xxx-xxxx

xxx-xxx-xxxx

xxx-xxx-xxxx


Bureau of Environmental Radiation Protection

Laboratory

After Hours Duty Officer

After Hours Emergency Number

(location name goes here) Department of Health

Bureau of Radiological Health

After Hours


Chemical Terrorism Related Contacts

xxx-xxx-xxxx

xxx-xxx-xxxx

xxx-xxx-xxxx

xxx-xxx-xxxx


Bureau of Toxic Substance Assessment

After hours Duty Officer

After hours Emergency Number

(location name goes here) Department of Health

Poison Control Center

Office of Emergency Management

(location name goes here) xxx-xxx-xxxx

FBI, (location name goes here) xxx-xxx-xxxx

Police – Intelligence Division xxx-xxx-xxxx

U.S. Secret Service xxx-xxx-xxxx-

ATF xxx-xxx-xxxx (State name goes here) State Office of Public

Security xxx-xxx-xxxx

FEMA, (State name goes here). xxx-xxx-xxxx

(location name goes here) Transit Commission xxx-xxx-xxxx

American Red Cross xxx-xxx-xxxx 877-733-2767

(location name goes here) and Area Hospitals

Hospital

Main Number

ER Number

Pt. Info Number

Other Contacts That May Be Required In An Emergency

ORGANIZATION / PERSON NUMBER COMMENTS

E. Action Consideration Lists The Action Consideration Lists (ACL) provides a check list of issues and actions that the Crisis Management Team and / or the Crisis Response Team should consider at the onset of any event that threatens or impacts (address of main office goes here) or any Dependent Site. The ACL will focus on issues and actions that may be required in the first 24 - 48 hours of an emergency situation. It does not represent procedures for the actions to be taken; it serves as a reminder to ensure no critical issue is forgotten in the confusion and chaos that may result in a severe crisis. The most important objective of an Action Consideration List is to ensure that the Crisis Management Organization is responding to or treating the event; then subsequently dealing with cause and correction. Primary Action Consideration Lists are: Injury / Loss of Life Threat to or Impact on Building Security Stakeholder Notification / Communications Required Rumours and Speculation Reach News Media Bomb Threat Received / Suspicious Package Found Pandemic or Biohazard Exposure

(Location name goes here) CM Guide

Company – (location name goes here) ACL

Actions Consideration List PRIMARY RESPONSIBILITY

Safety Public Affairs

Facilities

Global Security

Health Services

Human Resources

Business Continuity Planning

Team Leader / General

Assignment Injury / Loss of Life

Ambulance services required and called X X Police notification X Area secured for police investigation X Treatment provided to victims X X Families notified X Counseling required for victims X Counseling required for families of victims X Co-workers informed of event and status of victims X Counseling required for co-workers X All employees informed of event and status of victims X X Personal belongings of victims collected for family X Insurance coverage review conducted / activated X Insurance companies notified for immediate response X City health services notified X News media announcement on event, status and actions being taken on behalf of injured

X

Position statement for general distribution (other company locations, all management)

X

Legal counsel notification (if victim is a visitor to the facility)

X

Management informed of event, status and actions being taken

X

Direct management informed to make contingency arrangements

X

Facility Security

(Location name goes here) CM Guide 31



Facilities

Global Security

Health Services

Human Resources



Assignment Building access restrictions implemented X Floor / area security enforced X Additional security services obtained X Police complement obtained X Search procedures implemented X Visitor access restricted X Employees notified of security procedures X X X News media announcement issued X Corporate security office notified X Building search conducted X Management notified X Security personnel trained in interim emergency procedures

X

Facility evacuation X X

Notification to Stakeholders Executive Management notification X GLT / GMT notification X X Regulatory notifications X X Employee communications X X X X Customer notification X Supplier notification X Facility services firm notification X Other company locations notified X X X

News Media Management

Point of contact identified X




Facilities

Global Security

Health Services

Human Resources



Assignment Press release prepared and issued X Media conference conducted X Media update schedule issued X Internal stakeholders informed of point of contact X Authorities issued all press releases X Regulatory bodies issued all press releases X

Bomb Threat / Bombing Call spec. sheet prepared X Police notified X Building access restricted X Enhanced security precautions implemented X Area secured X Employees evacuated from area X X Building evacuation X X Physical search of building X Management notified X Press release prepared / issued X Employees notified X X X




Facilities

Global Security

Health Services

Human Resources



Assignment Pandemic or Biohazard Exposure

Facility / area evacuated X X X Air supply system shut down X City / State Health authorities notified X X Media statement prepared and issued X Insurance providers notified X X X Building sanitization supplier put on alert X X Exposure / cotangents assessment conducted X X Implement restricted access to facility X X Affected families notified X X X Employee counseling established X X On-site protection requirements established X X

Survey of impacted adjacent facilities X X




Facilities

Global Security

Health Services

Human Resources



Assignment


Appendix 1

CRISIS IDENTIFICATION AND ASSESSMENT

A ‘crisis’ is any event that impacts or threatens….

• Life Safety • Brand Image • Business Operations

By general definition ‘crises’ can be disasters, such as; fire, bombing or an ice storm, or incidents, such as a power failure or an act of kidnapping and extortion. In either case, any event can be an accident, act of nature or a willful act of aggression. Crises can be obvious, requiring an immediate response on the part of local authorities and the company (e.g. fire) or creep-up-on-you, requiring a timed response (e.g. pandemic threat). A crisis can exist even if the event has not yet occurred. The mere threat of an event can require Company to take extraordinary actions in advance or just in case an event occurs. Examples of physical crises include;

• Act of nature, • Actions of a disgruntled customer, • Actions of a disgruntled employee, • Bio-terrorism attack, • Bombing, • Chemical spill, • Fire, • Industrial espionage, • International terrorism, • Neighbor’s disaster, • Power failure, • Pandemic threat, • Random acts of violence, • Urban terrorism, • Violence in the workplace, • Wide area disaster.


Examples of other crises include;

• Closure of a facility, • Acquisition and subsequent amalgamation, • Non-standard use of a facility, • Major restructuring of the organization, • Protest marches in close proximity to a (location name goes here) facility.

Assessment It is critical to ensure that the determination to take action in any state of emergency or crisis situation is based only on facts that have been confirmed. To that end, every potential crisis situation must be assessed in terms of its impact and / or threat.

• Validate and record all sources of information if there is any doubt whatsoever as to its legitimacy.

• If necessary or if any level of doubt exists, corroborate the information with other sources.

• Ensure Public Affairs and Communications are informed immediately of the situation if there is an employee injury or loss of life, or if there is any possibility that the company’s image could be negatively impacted by the event situation.

• Maintain complete and accurate records of all facts, information sources and related actions taken. Record the event and initiate an Event

Log (see Appendix 4).

• Initiate the preparation of an Event Status Report based on the content and structure provided for in Appendix 3.

Security Response Procedure FIRST

Be sure all employees and visitors are safe and then contactemergency personnel as needed.


1. Security Console is first notified of the Crisis/Event. 2. Security Console will contact external Emergency Services as required. 3. Security Console will contact Facilities/Engineering Staff as required. 4. Security Personnel would then be dealing with the Emergency Situation at hand. 5. Security will advises Security Members of CRT. 6. If necessary, the Security Member of CRT will notify at least one CRT member, who will then contact other CRT members to

determine the place of meeting. Please refer to ‘CRT Response Team Contact Information Lists‘ for phone numbers. 7. Security Services management and / or a member(s) of the CRT will notify the CMT, based on standard Notification and Escalation

steps discussed in Section B. 8. Security Console will initiate evacuation of the impacted (location name goes here) facility as warranted. 9. Security Console will then, if necessary and as directed, arrange for additional security personnel. 10. Communication is then maintained between the CRT and the Security Console regarding ongoing situational development of the

event.


Appendix 2

CONDUCTING PRE-EVENT RESPONSE PLANNING

Pre-Event Response Planning is the process of response identification to a known or expected threats that directly or in directly endangers the people, image or operations of Company Company. Through Pre-Event Response Planning, the Crisis Response Team will discuss, analyze and conclude actions that will or may be taken should the threat become reality and / or should the event escalate to a higher level of probability. Discussion Points may include;

o Threat identification, clarification and description,

o Probability level based on unfolding events,

o Impact possibilities before, during and after the event has occurred,

o Global alert and escalation processes, if required,

o Global notification process alternatives, if required,

o Media Management (spokesperson(s), media center, logistics),

o Employee Information Exchange and Support strategies,

o Employee Communications Strategy alternatives,

o Key stakeholder Communications Strategy alternatives,

o Contingency planning alert status and escalation processes,

o Maintaining a Global Event Log,

o Global Business Contingency Plans – activation triggers,

o Critical Incident Support Resource - alert and notification strategies,


o Role of the (location name goes here) CMT,

o GLT role and expectations while in crisis,

o Rapid-response and reporting mechanisms,

o Decision making authorities and decision escalation processes related to the identified actions. The primary objective of Pre-Event Response Planning is to identify tasks or activities that should be carried out by various operations or functions within Company based on a time-line of probable events. Each task or activity will be assigned to an appropriate senior executive to ensure the timely completion of the prescribed actions. The primary deliverable of Pre-Event Response Planning is an Action Consideration List (ACL) aligned to a probable or possible event. The ACL will then provide a framework of responses and actions by Company should the event occur. This process will significantly reduce the time required for the organization to respond to any related event during the crisis time frame. Post Workshop Steps 1. A preliminary plan will be prepared for review and approval by the Crisis Management Team (CMT). The preliminary plan, based on the

workshop results, will minimally include;

o Identification of threats and risks to Company,

o Analysis of threat, probabilities and impact as discussed,

o Action Consideration List (actions to be taken based on events) presented as an event time-line and by area of responsibility,

o Outstanding issues requiring further discussion. 2. The preliminary Pre-Event Response Plan will be distributed initially to all CRT Members for review, comment and approval. 3. If necessary, a second working session will be conducted to address outstanding issues and to finalize the Pre-Event Response Plan for

CMT approval. 4. The finalized Pre-Event response Plan will be submitted to the CMT and possibly the GLT for review, comment and approval. 5. The approved Pre-Event Response Plan will be distributed on an as required basis for immediate action as directed and / or for stand-by

activation.


Appendix 3

PREPARING AN IN-CRISIS EVENT STATUS REPORT

An In-Crisis Event Status Report (ESR) will represent the only fully authorized account of a crisis situation. It is a concise and factual account of the situation. It serves as a ‘road map’ of what has occurred and what may occur depending on unfolding events of the situation. Its purpose is to ensure all stakeholders are informed and kept aware on a timely basis. It will be the only in-crisis report produced and maintained by the Crisis Response Team. It will provide a detail accounting of the organization’s response to an event. Every updated version of ESR will be distributed to all members of the CRT, all members of the CMT and others designated as recipients by the CRT and CMT. A copy of the ESR will only be distributed to those so designated on the event-driven ‘ESR distribution list’. Only the CRT is authorized to prepare and make changes to an active Event Status Report. The Event Status Report must be prepared as soon as possible after the crisis or threat has been identified. The frequency of distribution for an updated version of the ESR will be dependent on the event itself and the level of threat and response required.

The Event Status Report comprises four interrelated sections: Overview of the Event Provides a description of the event, a synopsis of what has occurred to-date, relevant and important ‘facts’ regarding the event (as they have occurred and in the sequence that they occurred), known and confirmed direct or consequential impact and possible or probable outcome or unfolding events that may yet occur. Note: Statements of fact that do not clarify or support what has happened should not be included. Unconfirmed statements of fact should not be included unless otherwise noted.


Actions Taken To date Provides a time-line of ‘actions’ taken by local Emergency Management authorities and / or the CRT in response to the event and its impact. Actions Contemplated Based on Unfolding Events Provides a list of actions that will be taken or are being considered by the CRT depending on probable or possible changes (trigger points) to the situation. All ‘trigger points’ must be fully described, leaving no doubt as to what will occur based on specific events occurring. Where applicable and possible, alternative actions should be provided.

Actions Requiring CMT Approval Provides a list of specific actions that require the pre-approval of the Crisis Management Team. Process Considerations

• When the Event Status Report is completed present it to the Crisis Management Team as quickly as possible. • Where possible, a member of the CRT (not the CRT Leader) will take the Event Status Report and review it with the CMT. The CRT

Leader will normally be required to continue CRT deliberations. • The CRT representative will clarify and provide any further details required by the CMT during their discussion and deliberations of the

recommendations. • If the CMT is meeting by way of a ‘conference call’, the CRT representative will take part in that conference call. • If a representative of the CRT, for any reason, cannot attend or take part in the CMT discussion, the Event Status Report is to be sent

(email, fax or delivery) to the CMT Leader or his/her alternate.


THE EVENT STATUS REPORT (SAMPLE FORMAT)

Event Status Report Date: ________________ Event Name: _________________________________________ CRT Members in attendance: _____________________________________________________ _____________________________________________________ EVENT LEVEL Overview of Event: Actions Taken to Date: Actions Contemplated: Recommendations to CMT:


The Event Tracking Log represents events and actions only. This log will ensure the sequence of events and actions are properly recorded and known to all members of the CRT and CMT (if requested). All events and actions taken may be of critical importance to the overall management and control of the situation.

Appendix 4

MAINTAINING AN IN-CRISIS EVENT TRACKING LOG

An ‘Event Tracking Log’ provides a timeline of events and actions taken during the course of a crisis. The purpose of the Event Tracking Log is threefold;

1. To provide a point of quick-reference documentation to aid in response management and control on the part of the CRT.

2. To provide an audit of events and actions taken during the course of the crisis.

3. To provide a chronological record of events and actions in order that the CMO can ‘learn’ from the organization’s successes and areas where response improvement is required.

Note:

• All events, regardless of importance, should be recorded on the Event Tracking Log. Minor events at the time may appear to be less significant than others but will subsequently have key importance to the assessment stage of the crisis.

• The CRT Leader will assign one member of the CRT as the event ‘scribe’ or may solicit the assistance of a non-team member to maintain

the Event Tracking Log. • The person assigned as the ‘scribe’ will provide a brief description of each event or action taken. The date and time must be recorded

appropriately (see sample Event Tracking Log).


EVENT TRACKING LOG

Event Tracking Log Event Name / Description: __________________________________________________ Maintained by: __________________________________________________ ----- Event / Action ----- Date Time

Summary of Events or Actions Taken


APPENDIX 5 CRISIS COMMAND CENTER LOCATIONS AND UTILIZATION

The Crisis Command Center is designated as the physical location from which the Crisis Response Team (CRT) would co-ordinate all emergency response activities. The designated location is equipped with a variety of telecommunications devices and organizational tools to assist the CRT in managing the crisis situation. Primary Crisis Command Center Unless inaccessible, the primary Crisis Command Center is located on the (location to be inserted here). Alternatives Depending on the nature of the crisis / incident, the CRT and possibly the CMT will assemble in one of three locations: • If the event DOES NOT REQUIRE EVACUATION of (address of main office goes here), the primary Crisis Command Center will be used.

• If the event REQUIRES EVACUATION of (address of main office goes here), the first alternate Crisis Command Center location is (address of

1st alternate site goes here) - see directions and location map.

• If the event REQUIRES EVACUATION of (address of main office goes here) and the crisis prevents access to the first alternate location, (e.g.

wide area disaster), the second alternate Crisis Command Center location is (address of 2nd alternate site goes here) – see directions and location map).

Crisis Command Center The primary Crisis Command Center in (address of main office goes here) is equipped and serviced with the following;

Telecommunications Services and Equipment (this list to be changed as required for (location name goes here))

In a crisis situation, the (location here) Crisis Management Team will convene in the (location where the CMT will meet, e.g. Executive Conference Room goes here).


• dedicated outside telephone line for emergency external calls, • telephone extension jacks for three internal lines that will be activated at time of crisis • three telephone handsets (speaker-phones) • two data ports for host system (email) access • one telephone headset • cable television feed • one cellular telephone with extra battery pack • two pairs of two-way radios with repeater rack Equipment and Supplies (in lockup storage) (this list to be changed as required for (location name goes here)) • floor plans for (address of main office goes here) • (location name goes here) city telephone directory • area telephone directories • three flashlights / battery operated lantern • tape recorder and 5 blank tapes / extra batteries • digital or instant developer camera and 5 film packs • portable radio with extra batteries • blank VCR tapes • three flip charts / office supplies • bullhorn • defibrillator (stored in security console room) • supply of bottled water • maps of Minnesota and other US locations where Primary and Secondary Dependent sites are located • supply of protective masks (N95 rated) • supply of blank ‘Event Tracking Log’ forms • three copies of the Crisis Management Guide Items to be retained in the Crisis Command Center will be periodically reviewed and upgraded where necessary.


Primary Crisis Command Center – (address of primary crisis command center goes here). Telephone Number in Center - xxx-xxx-xxxx Location of Crisis Command Center (Location / directions to locate the Crisis Command Center go here). 1st Alternate Crisis Command Center - (address of 1st alternate Crisis Command Center goes here) Telephone Number in Center - xxx-xxx-xxxx Directions to (address of 1st Alternate CCC goes here) (approximately x.x miles from primary Crisis Command Center)

• (Location / directions to get to the 1st Alternate Crisis Command Center goes here)

Location Map for 1st Alternate Crisis Command Center Use Map Quest to obtain map and insert here.


2nd Alternate Crisis Command Center - (address of 2nd alternate Crisis Command Center goes here) Telephone Number in Center - xxx-xxx-xxxx Directions to (address of 2nd Alternate CCC goes here) (approximately x.x miles from primary Crisis Command Center)

• (Location / directions to get to the 1st Alternate Crisis Command Center goes here)

Location Map for 2nd Alternate Crisis Command Center Use Map Quest to obtain map and insert here.


APPENDIX 6 ESTABLISHING AN ‘EMERGENCY CONFERENCE CALL MEETING’

In many situations, some, if not all members of the CRT may not be in a position to meet in the Crisis Command Center. It may be necessary to conduct a ‘conference call meeting’. Note: The Crisis Management Conference Line will be opened immediately following the identification of a threat or event. Any CRT member can call into this conference line for an update or provide additional information. Standard Procedure

• The CRT Leader or his/her designated backup will inform (by way of email or telephone message) that a CRT conference call meeting

will be held at a specific time. • If any of the primary members of CRT are unavailable, their designated backup is to be included. • Each CRT member will be instructed to call the Conference Call line at the predetermined time, introduce him/her self and the

functional area of the business s/he represents. • The CRT Leader will initiate the conference call meeting by a) informing the CRT members of the situation, b) providing known facts,

c) asking if any other CRT Member has additional or supporting information and d) identifying any emergency response actions that have been taken thus far.

• The CRT Leader should ask if any further immediate actions are necessary. • The CRT Leader will suggest that the CRT meet at the designated Crisis Command Center at a specific time to continue development

of an action plan and the preparation of an Event Status Report.


Conference Dialling Existing Crisis Management Conference Line Phone Number xxx-xxx-xxxx Pass Code: xxxxxxx# Moderator Number: *xxxxxxx# Setting Up a New Conference Call 1. Call Conference Plus to set up your reservation at: (insert phone # here) 2. Provide:

-Name of Host and time of call -Your Corporate Card information

Note: Company Recommends Pass code Conferencing


Conducting a Conference Call Managing a ‘conference call’ can be a significantly challenging task at the best of times. Add to this the stress and chaos of a crisis, the session leader’s ability to manage the discussion could be horrendous. The following general rules will significantly improve the success of any conference call.

1. State who the Session or Team Leader is.

2. Have each person state their name and the functional area they represent.

3. Session Leader states the objectives of the conference call (no more than 3).

4. Session Leader states all known FACTS.

5. Session Leader asks others for known facts (one person at a time).

6. Session Leader asks for information that is missing (unknown facts).

7. Session Leader provides what he/she believes should be the next steps.

8. Session Leader asks for comments and suggestions regarding next steps.

9. Session Leader controls time spent in discussion (keep conversation focused).

10. Session Leader (after 1 hour maximum) recaps status and next steps.

11. Session Leader establishes schedule for a meeting (preferred) or next conference call.

12. Session Leader prepares status / decision report for immediate distribution and comment to conference call attendees.

13. Session Leader distributes status / decision report to the appropriate management.


APPENDIX 7

COMPANY PRINCIPLES OF CRISIS MANAGEMENT

The general effectiveness of Crisis Management will in part be dependent on the guidelines (standards, rules, policies) that have been implemented within Company. This document provides key operating principles that provide the Crisis Management Organization (CMO) with the terms of reference necessary to ensure that Crisis Management will achieve its mission and objectives. Principles of Operation • Notwithstanding any other objective, Crisis Management exists primarily to protect and support employees and visitors directly or indirectly

impacted by a ‘threat or event’ that causes or threatens to cause physical injury, loss of life or trauma resulting from the event or consequential impact as a result of the event.

• Crisis Management does not exist to prevent or eliminate loss, but rather to minimize the effect of any crisis affecting the organization. • Members of the Crisis Response Team (CRT) must be solicited on a ‘voluntary basis’, recognized for their contribution and be capable of

operating effectively under extreme circumstances and stress. • The CMO must be positioned to ‘act / make decisions’ without organizational or political interference while the organization is in a state of

crisis. The CMO must have unrestricted authority to respond in the best interests of all stakeholders. • The Crisis Management Team (highest level decision-making authority) and the Crisis Response Team will always respond as coordinated

bodies, demonstrating consensus on all decision made while each member has an equal voice and vote on matters requiring a majority affirmation.


• The existence, structure, membership and role of the CMO must be regarded as ‘public’ information, promoted within the organization as a

necessary and vital process and reinforced on a consistent and regular basis. • Crisis response decisions will be made in the best interests of the organization and all stakeholders and will supersede the existence or

normal interpretation of all or any policy or standard operating procedure. • The CMO will always act equally in the best interests of all stakeholders and will not be held individually or collectively accountable for any

consequential impact whatsoever. • The CMO will be the single and only representative of the organization (in a state of crisis) to all internal organizational units and external

organizations participating or impacted by the event. • Crisis response activities must complement or otherwise co-exist with external emergency management response activities provided and / or

coordinated by local, state or federal authorities. • The CMO must ensure that it immediately and constantly possesses the capability and capacity to communicate within itself and to all external

stakeholders requiring instruction or information. • The CMO must possess (or have immediate access to) the knowledge and capability to make critical time-sensitive decisions related to any

issue that may arise from any event including; the capacity to evaluate threat, risk and probabilities versus impact of an event or consequential impact of an event.

• Crisis Management emergency response activities must recognize the immediate and expanded requirement for security of organization’s

facilities, employees and visitors during and immediately following a crisis situation. • Crisis Management response activities must be aimed at reducing or eliminating the negative impact of a crisis on the continued operations of

the organization. • Crisis Management documentation will be maintained at a high level of operational readiness, functioning as a roadmap of response.


• Exercising of the organization’s state of readiness must be recognized as a mandatory requirement, management endorsed and conducted on

a scheduled and regular basis. • Crisis Management response consideration must be given to the highest of probable events only and always predicated on a worse case

scenario; thereby ensuring any lesser or lower probability event can be effectively managed. • Crisis Management policies, rules, guidelines and principles must not be flexible to interpretation, but remain flexible to changing

organizational needs and events as they unfold in a crisis. • Crisis Management must be regarded as a Standard Operating Procedure; understood, supported and endorsed by Executive Management

and the Company’s Board of Directors.


Appendix 8

CRISIS MANAGEMENT PROGRAM COMPLIANCE

Crisis Management Program Compliance is a component of the Global Security Crisis Management Program Implementation Plan and be in effect when the program is implemented in a location, region or country. The ‘compliance’ process provides a means of measuring the probable effectiveness of the Program as implemented. An annual measurement of ‘compliance’ will heighten the resolve of management to ensure a state of crisis preparedness exists within their area of responsibility. Crisis Management Program Compliance The Crisis Preparedness Policy requires all locations of Company be under the general charge of the Global Security Crisis Management Program and further that all implemented Crisis Management Programs be maintained to ensure a state of preparedness infinitum. As a means to monitor the overall state of crisis preparedness on a global basis, all Crisis Management Programs will undergo an annual review or assessment to ensure compliance with the Crisis Preparedness Policy and supporting operational imperatives (standards) as established within the Global Security Crisis Management Program. In order to effectively confirm compliance and maintenance of Crisis Management within each Company location, a means to measure the five primary components of Crisis Management has been established. The components to be complied with are: 1. Implementation of the Global Security Crisis Management Program was conducted as per the standards and guidelines provided by and

through the Global Security Crisis Management Program Implementation Process. 2. The establishment of a Crisis Management Organization consisting of a Crisis Management Team (CMT) and a Crisis Response Team

(CRT). Every location selected for implementation of the Global Security Crisis Management Program will have a Crisis Management Team and a Crisis Response Team responsible for all activities and actions related to crisis response and control within the respective facility; albeit the Crisis Management Organization for any given location may be physically located at a different facility.

� The Crisis Management Team shall consist of the highest ranking executive in the respective location and all of his / her direct

reports. Representation should not be delegated to lower level management.

� A Crisis Management Team Leader (Crisis Manager) will exist where the Crisis Management Team has been established, functioning as the executive coordinator of the Crisis Management Program within all locations under the charge of the respective Crisis Management Team. An alternate Crisis Manager will be identified in advance (and be a member of the CMT) for in-crisis situations where the designated Crisis Manager is unavailable.


� The Crisis Response Team must be comprised of senior individuals from all of the following functional groups if the functions exist

in the respective location; Security, Health & Safety, Facilities Management, Real Estate, Human Resources, Public Affairs and Communications, Business Contingency Planning, Information Technology and Medical Services. Regardless, the Crisis Response Team must minimally consist of at least six of the listed functional groups. The inclusion of representatives from other functions or business areas not listed above is to be avoided as permanent members of the Crisis Response Team.

� A Crisis Response Team Leader will exist where the Crisis Response Team has been established, functioning as the coordinator for all in-crisis operational response activities of the respective location. An alternate CRT Leader will be established for in-crisis situations where the designated CRT Leader is unavailable and will be an existing primary member of the Crisis Response Team.

� Designated backups will exist (mandatory) for all members of the Crisis Response Team and will participate in all education and training activities, but will only participate in an in-crisis situation when the corresponding primary member is unavailable.

� Designated backups for members of the Crisis Management Team should not be established. In order to effectively function as the senior in-crisis decision making authority, the CMT must only be comprised of persons at the same level of authority. At time of crisis, the CMT will be comprised of those members that are available.

� Crisis Management activities are performed on a geographical basis (as are crises); meaning that an established Crisis Management Organization is responsible for all locations / facilities within their geographic region. The respective Crisis Response Team is responsible for all locations in their geographic area that do not have a resident Crisis Response Team.

� For locations / facilities that do not have a resident Crisis Response Team and have an employee population of 100 or more there will be one designated person assigned as the CRT Site Coordinator. This person will function as an event-dependent member of the respective Crisis Response Team and will participate on the CRT when their location has been impacted or threatened.

3. The establishment and maintenance of the location’s Crisis Management Guide as per the structure and content provided

in the Global Security Crisis Management Guide ‘template’ and with structural amendments as provided by Global Security on a periodic basis. Variations on content and / or additionally required information would be provided for within the Appendix.

4. The establishment of an annual Continuing Education and Training Program (CET Program) consistent with Global

Security Crisis Management standards and consisting of at least four education / training sessions per year. The implemented program must include at least 16 hours per year for each member of the Crisis Response Team and at least 4 hours per year for the Crisis


Management Team. The CET Program must include at least two exercise-based sessions incorporating a CRT / CMT response process to crisis situations that the respective location could encounter. The annual CET Program plan and schedule will be submitted to Global Security for review.

5. Assignment of one or two persons at each of the locations where a Crisis Response Team has been established as the

Program Administrator(s); responsible for general administration and training associated with testing, exercising and verification of the implemented Crisis Management Program. All information within the Crisis Management Guide must be tested or otherwise verified minimally every three months for accuracy.

Compliance Grading Method In order that a global, consistently applied Crisis Management Program is implemented in all qualifying locations, a method to measure compliance with the Crisis Preparedness Policy (as it relates to Crisis Management) and related Global Security Crisis Management Standards, has been established as the Compliance Grading Method. The grading of compliance will be performed every six months following implementation for the first year and once per year thereafter and submitted to the Vice President (Corporate Crisis Manager), Global Security. Results of the compliance measurement process will be reported to the Global Leadership Team, Executive Vice President and General Counsel, Executive Vice President of Risk and Control and posted on the Global Security Crisis Management Database. It will be the responsibility of each Crisis Response Team to perform a self-assessment of the implemented Crisis Management Program. All members of the CRT and the respective Crisis Manager will be required to sign-off on the compliance grading documents to be submitted to Global Security. The Compliance Grading Method is based on the awarding of points for complete implementation of the five key components of the Global Security Crisis Management Program. The points awarded are then totaled and graded to an acceptable or unacceptable level of risk to the company.


The Grading Process

CM Program Component

Points Awarded or Deducted

1. Implementation of the Global Security Crisis Management program as per the Global Security Crisis Management Program Implementation Plan.

Plus 10

2. Establishment of a Crisis Management Organization as per the standards provided in the Global Security Crisis Management Program. A deduction of 2 points for each of the following CMO components that do not meet the standards as provided;

� The established CMT is comprised of a location, region or country’s senior executive and his / her direct reports.

� A CMT Crisis Manager and alternate have been designated.

� The established CRT is comprised of at least six of the suggested

areas of representation and a designated backup.

� A CRT Leader and alternate have been designated.

� CRT responsibility for all geographically or operationally related facilities / organizations has been established.

Plus 10

Minus 2

Minus 2

Minus 2

Minus 2

Minus 2

3. Establishment of the Crisis Management Guide as per the Global Security Crisis Management Guide Template.

Plus 10


CM Program Component

Points Awarded or Deducted

4. Establishment and performance of the Crisis Management Program Continuing Education and Training Program as per Global Security standards.

� A deduction of 2 points is to be made for each education / training session below the base requirement of 4 per year.

� An awarding of 2 additional points is to be made for each

education / training session beyond the base requirement of 4 per year.

Plus 10

Minus 2 each

Plus 2 each

5. Assignment of one or two members of the CRT to function as Crisis Management Program Administrator(s) for the coordination of maintenance, testing and exercising of the implemented Crisis Management Program.

Plus 10

Compliance Measurement Compliance with the Global Security Crisis Management Program will be measured based on a total score established through the Grading Process described above. More than 50 points - exceeds the Global Security Crisis Management standards of Company.

50 points - satisfies the Global Security Crisis Management standards of Company. Less than 50 points - fails to meet the Global Security Crisis Management standards of Company, creating a risk of a failed response and control. Less than 40 points - serious default of obligations under the Crisis Preparedness Program Policy and Global Security Crisis Management standards creating a significant risk of a failed response and control.


Appendix 9 GLOSSARY OF TERMS

This glossary has been developed to define the various terms used in Crisis Management, Emergency Response, Business Continuity & Disaster Recovery planning and thereby will greatly help in building a common understanding of Crisis Preparedness across (Company Name). This will significantly help in achieving a standard approach to recovery planning and ensure global alignment of terminologies. The Glossary of Terms is maintained by GBCM.

Purpose This glossary has been developed to define the various terms used in Crisis Preparedness Program consisting of Emergency Response, Crisis Management, Business Continuity & Disaster Recovery planning and thereby will greatly help in building a common understanding of Crisis Preparedness across Company. This will significantly help in achieving a standard approach to recovery planning and ensure global alignment of terminologies.

Terms Brief Definition

Announced Exercise Testing of an Emergency Action / Crisis Mgmt / Business Continuity / Disaster Recovery plan with a prior communication to all stakeholders describing the scope and objectives of the test exercise.

BCP Repository An automated and protected database containing all relevant

BCP information at a centralized place accessible to relevant employees.

BCP / Alternate Site An alternate operating site identified to continue the critical business operations in the event that the primary / original site is not available. This site must be pre-equipped as per identified requirements and should be tested on a regular frequency.

Business Continuity Plans Documented procedures and action steps to be followed in order to continue the business functions following a declared disaster. The plan document contains all relevant information with respect to continuity of business operations. The plan covers business function continuity and business unit recovery.


Terms Brief Definition Business Continuity Process Planning for continuity of Critical Business Functions and all

Business Unit recovery, including: • Impact analysis/target recovery objectives • Risk Assessment • Critical Business Function contingency plans • Business Unit recovery plans • Coordination for third party contingency and recovery

plans The planning requires that all business units assess how to

recover from the following possible catastrophic losses : • Loss of Area • Loss of Building • Loss of People • Loss of data • Loss of Telecommunications • Loss of channels of distribution (mail, air & ground

delivery, strikes etc) Business Function A business activity or service within an organization. It can

expand across departments, divisions, branches or locations of the organization.

Business Function Continuity Process to continue those business functions that are deemed critical for the organization based on their impact. These functions have been defined in the COMPANY BIA report.

Business Impact Analysis (BIA)

A technique for identifying both tangible and intangible impacts on a business process, function or department, usually over time based on given criticalities. The analysis assesses the Business/Financial/Regulatory impact in the event of catastrophic losses. It provides senior management with information to devise a recovery strategy and recovery prioritization.

Business Interruption An event that disrupts access to facilities, customers, or information or threatens the health or safety of employees and visitors within COMPANY facilities. Business Interruptions may or may not lead to a crisis.

Business Unit Recovery A process to recover all business functions or a complete business unit in order to mitigate the impact of a long-term crisis.


Terms Brief Definition Contingency Plan A plan of action to be followed in the event of a potential risk /

crisis. A business continuity plan may contain many different contingency plans based on the nature of crisis or loss scenario.

Crisis

A crisis is an event that threatens to overwhelm existing processes of control. Crises can be physical such as fire, power failure, and terrorism. Crisis can be a threat such as kidnapping and extortion. Crises can be logical or electronic like an Information Security breach or denial of service attack. In all cases, crises can be designated as such by the Company when events threaten to impact life safety, brand image or business operations

Crisis Command Center A fully serviced location where the Crisis Response Team will assemble to provide the coordination and control of a crisis situation. An alternate Crisis Command Center would be established and equipped should access to the primary Crisis Command Center be denied.

Crisis Management Guide

A document containing vital information necessary for the CMO to respond to and manage a crisis situation, e.g. contact information, escalation and notification processes and action check lists.

Crisis Management Organization (CMO)

The people and teams established in each Country / Region / Location to provide all management, response and control activities related to an event that impacts or threatens the employees, image or general operations of the company. A Crisis Management Organization will be comprised of two teams, the Crisis Management Team and the Crisis Response Team.

Crisis Management Plans Refer to Crisis Management Guide Crisis Management Program Represents the policies, organization (people) and processes

employed to respond to and manage a crisis situation that threaten the people, operating continuity and image of Company.

Crisis Management Team (CMT)

A location’s senior leadership team (the highest level manager and his/her direct reports) functioning as decision-making authority during crisis to safeguard the interest of employees, customers and shareholders.


Terms Brief Definition Crisis Preparedness Program (CPP)

COMPANY's Crisis Preparedness Program is a management program for the protection of people, property and assets, identifying potential impacts that threaten Company and directing a framework of controls resulting from due diligence. The Crisis Preparedness Program includes four components - Emergency Response, Crisis Management, Business Continuity and Disaster Recovery – each a process in itself.

Crisis Response Team (CRT)

A location’s team of senior employees having responsibility for in-crisis first response, assessment, response planning and thereafter coordination of the organization’s response processes to an event.

Critical Business Functions A critical business function is any service, which is essential to support the survival of the enterprise as identified in the COMPANY Business Impact Analysis report.

Disaster

A disaster is an event that causes significant harm or physical damage to a facility, its people or operations.

Disaster Recovery Plans Technology Plans for recovery of the technology infrastructure supporting business processes. These plans address recovery of data, hardware, network connectivity, telecommunications and system and application software Technology groups (Company, and/or third party providers) create and maintain Disaster Recovery Plans.

Emergency Action Plan Specific immediate actions employees need to perform, at the

time of an emergency, to protect themselves, co-workers and the business. Emergency action plans include: notification and evacuation procedures, response to medical emergencies, natural disasters and other threats.

Exercises / Tests

A test of the plan, which is carried out under controlled conditions, in order that gaps and issues may be identified.

Fire/Safety Warden/ Evacuation leader

Person providing assistance to employees in building evacuation and assisting on first aid in case of fire or other scenario i.e. bomb-threat etc. based on the conditions

Functional Exercise Refer Operational/Functional Exercise


Terms Brief Definition Guide A guide is a directional road map to address specific issues or

take predefined actions. Summary documentation of tasks to be preformed. Example of a Guide is the Crisis Management Guide.

Hot Site A facility with technology infrastructure installed & plugged-in and

ready for use, to recover technologies or business function, in the event of a disaster that prevents the normal day-to-day use of the primary location.

Incident

Any event that may be, or may lead to, a business interruption, disruption, loss and/or crisis.

Incident Log A document log to track the complete event / incident along with the actions taken and result thereof.

Live Testing exercise This means exercising plans in a live environment using real-time

data and service delivery. (See Exercises / Tests) Maintenance Schedule A calendarized schedule to maintain the Emergency Response,

Crisis Management, Business Continuity & Disaster Recovery Plan documents.

Manual A manual organizes and presents a series of interdependent or related sets of information. Primarily used as an educational tool. Rarely used in or referred to in a crisis situation.

Offsite Storage Location An alternate location, other than the primary production site,

where back up data tapes, duplicated vital records and documentation may be stored for retrieval when needed for Business Continuity and/or Disaster Recovery.

Operational/Functional Exercise

Similar to a tactical exercise, but with a broader scope both in terms of teams involved and the number of supporting plans required. (Refer to Exercise/Tests)


Terms Brief Definition Plan

A plan is a pre-established set of procedures stating exactly how people will perform specific pre-defined steps or actions in response to an event and its impact. Examples are the performance of standard emergency response procedures (bomb threat response, emergency evacuation, violence in the workplace) and complete contingency, recovery and resumption steps if normal business functions cannot be performed. Examples of Plans are Emergency Action Plans, Business Continuity Plans and Disaster Recovery Plans.

Plan Exercise / Test Refer to Exercise / Test Plan Owner The most senior leader of the function / department signing

concurrence statement in the Plan document. Recovery Objective The level of recovery and the time to resume a process or

function based on regulatory requirements and/or an assessment of the financial, operational and brand damage resulting from a business interruption as reported in COMPANY Business Impact Analysis. Recovery Objectives helps in defining RTO & RPO (defined in following sheets)

Recovery Point Objectives (RPO)

The level of currency of the data you are recovering. Varies from the last good backup, which may be 24-48 hours old, up to the last recorded transaction before the disaster. Critical data may include computer based data and documents within the workplace.

Recovery Strategy A pre-determined, management-approved course of action to be deployed to respond, to recover a business unit and continue the critical business operations following a disaster. In simple terms it is primarily what to recover and how to recover.

Recovery Time Objectives (RTO)

The maximum length of time following an interrupting event that a business process could be unavailable before the business unit’s operations are significantly impaired. E.g. The time taken to resume Card Member billings, Service Establishment pay-outs or restore user access to the applications and data.

Rehearsal Refer to Exercises / Tests Risk Analysis The assessment, probability and analysis of various kinds of

potential threats / risks to the organization. Safety Warden See Fire/Safety Warden/Evacuation Leader


Terms Brief Definition Simulation exercise Testing the documented plans in an simulated environment i.e.

replicated or mock-up scenarios (Refer to Exercises / Test) Structured Walk-Through A paper-based method used to exercise or test a plan. Structured

Walk-Through exercises are tests in which team members verbally review each step of a plan to assess its effectiveness, identify enhancements, constraints and deficiencies. A Table Top exercise is a presentation of the plan on a verbal basis. This is generally done immediately following plan development and documentation. (Refer to Exercises / Test)

Table top Exercise

See Structured Walk-Through

Tactical Exercise An exercise intended to implement existing plans and/or highlight the need for additional plan development. The exercise/test is scenario based and should be an in-depth look at the plan. The scenario can be provided prior to the test or can be disclosed at the time of the test for a more rigorous testing process.

Template A template is a framework of a Plan, Guide or Manual. It represents what the end product should contain, how it should be organized and how it can be customized to accommodate unique requirements. Templates exist for Business Continuity Plan, Crisis Management Guide, Emergency Action Plan and Disaster Recovery Plan. A related Plan or Guide may also exist to provide procedures or guidelines of how to complete and/or customize the template.

Test Refer to Exercises / Test Unannounced Exercise Conducting a test exercise without prior communication to

stakeholders. This type of exercise identifies the practical gaps of the plans.


Notes : • GBCM group is currently reviewing the testing methodology and the related terms in order to enhance the effectives of testing

process and ensure consistency in terms used across the organization. The changes will be shared with the group in the following month.

• GBCM has also defined the various BCP roles (i.e. Functional Lead, Site Lead etc) highlighting the responsibilities associated with

each of these roles. This information can be viewed on the Global BCM database, under Miscellaneous / Miscellaneous / BCP Organization Structure, Roles & Responsibilities section.


Appendix 10

TEAM MEMBER DOCUMENTS (FOR THE EXCLUSIVE USE OF THE TEAM MEMBER)

Crisis Management Guide

Documents

Transcript of Crisis Management Guide