An earthquake and resultant tsunami have devastated coastal sections of Indonesia and Thailand; an influenza virus-like outbreak has spread across Asia, causing a near pandemic; terrorists detonate explosives in hotels within Jakarta’s business district; demonstrations have turned to riots in Bangkok and Kuala Lumpur, while an armed disgruntled former police officer takes hostages in Manila. Events such as these are all too common place, not only in Southeast Asia but throughout the world. Security professionals must remain diligent and be prepared to respond appropriately, ensuring the preservation of life, continuity of operations and reputation of the organization. The importance in establishing and routinely exercising a crisis management plan cannot be underestimated and needs to be an integral part of every organization’s business continuity plan.
What is a crisis?
The word “crisis” initially brings negative thoughts to mind, but to a seasoned security professional a crisis stirs a call to action that has been well thought out, planned for and rehearsed. BusinessDictionary.com defines a crisis as a “critical event or point of decision which, if not handled in an appropriate and timely manner (or if not handled at all), may turn into a disaster or catastrophe.” The whole of business approach, wherein each and every facet of the business is co-dependent to achieve success, requires the integration of an effective crisis management plan to heighten the organization’s ability to protect its personnel and weather the storm.
Crisis management is the process by which one can identify, plan for, control and mitigate actions and events that are detrimental to the successful operation of any organization. Planning for all possibilities might seem an impossible task but this can be achieved through the development of a comprehensive understanding of the local environment, the establishment of a proper network of local, national and international contacts and a keen knowledge of your business/ organization’s operating requirements.
Case Study 1
On July 17, 2009 the morning rush hour was shattered by the near simultaneous bombings of the JW Marriott and Ritz- Carlton hotels in the Kuningan business district of Jakarta, Indonesia. Suicide bombers associated with the terrorist group Jemaah Islamiyah (JI) successfully targeted and carried out the attacks, which left both foreign nationals and local Indonesian citizens injured or dead. JI had previously been linked to numerous attacks throughout Indonesia, to include the 2002 and 2005 Bali bombings, the 2003 JW Marriott Kuningan bombing and the 2004 Australian Embassy bombing. Both private sector and government security officials noted the following crisis management issues related to the 2009 attacks:
• Initial command and control at the sites was limited or non-existent.
• Accountability relative to the dead and injured was difficult. Individuals either directly involved in the blasts, working at or visiting the hotel included hotel employees and guests, local and foreign private sector business representatives as well as local and foreign government personnel.
• Emergency medical services, to include planning and response to mass trauma incidents, were inadequate for the size and scope of the event. This was compounded by the lack of sufficient in-country emergency medical/ mass trauma trained personnel, facilities and associated equipment.
• Communications plans across all involved personnel and sectors were not current or did not allow for optional contact means and methods.
• Issues related to the recovery of and safeguarding of both personal property and proprietary information. Subsequent to the explosions and evacuations, both personal property and business proprietary information were left behind and unattended.
• As an assist to law enforcement, the collection and preservation of evidence was difficult due to numerous personnel being on scene coupled with a propensity of staff to clean and remove debris.
• Managing information flow both internally and externally, especially relative to the media, became a challenge. Following a significant event such as this, everyone wants information. Managing the content and flow of the information released is most often challenging at best.
Case Study 2
The politically-fueled protests and riots that occurred in Bangkok, Thailand during the months of March thru May 2010 significantly impacted many businesses and governmental organizations operating from in and around the city. Political instability had been a constant concern to the Royal Thai government since the 2006 military coup and overthrow of former Prime Minister Thaksin Shinawatra’s government. Leading up to the 2010 riots, sporadic protests and occasional violent acts had been affecting the capital city’s economic, tourist and transportation hubs, to include Bangkok’s Suvarnabhumi primary international airport. Many small and large businesses/organizations were not fully prepared for an extended period of disruption, to include the possibility of staff and family evacuations, although the ongoing problems should have been enough to trigger the crisis management process long before the actual riots.
Common issues voiced by private sector security professionals included the following:
• Many small and large businesses/organizations had little to no comprehensive and/or routinely exercised crisis management plan.
• Lack of a fully developed and maintained network of logistics, medical and security contacts and services, both within and outside the country.
• Business continuity plans reflected foreign home office thought processes without fully taking into account the local environment. In some cases, the corporate executive office did not seem to understand or consider the customs and culture of the country, nor did they understand the nuances of actually getting things done in country, especially during chaotic times. As a result, some businesses were not able to adjust and continue full operations while others were more fortunate.
• Some business/organizational leaders did not fully understand the security environment, relying solely on their perception of events, routinely challenging and, at times, overriding the recommendations of the security manager despite obvious safety and security concerns.
• Lack of information sharing, open and continuous dialogue with both local and foreign government security officials, making it difficult to identify the “tripwires” necessary to begin appropriate and timely courses of action (e.g. relocation of staff and business operations, evacuations). Based on the information available to each business/organization, some evacuated staff and/or family members, some relocated operations, while others did not.
• Lack of a developed and routinely tested communications plan, taking into account the failure of local technology. Many businesses depended on the internet and simple mobile telephones to communicate with staff and the outside world, with no back-up communications plan in place.
Developing the Crisis Management Plan
The Jakarta terror attacks and the Bangkok riots highlight the need to develop and maintain a comprehensive crisis management plan, which is routinely exercised, and takes into account a wide range of crisis event possibilities and relevant responses. A base plan should consider and address the following:
• A thorough knowledge of your business/organization’s operating environment, taking into account the local history, incident trends, culture, customs and government legal/regulatory issues. Connect with and monitor risk and threat information sources and reputable services if available and budget-supported. Failure to understand your environment will likely cause or lead to problems, especially during crisis situations.
• Identify and establish a crisis or emergency action team incorporating key personnel from each business/ organizational department (e.g. management, operations, human resources, safety and security, facilities, public affairs, legal, etc.). This supports a “whole of business” approach to crisis management.
• Assess your business/organization’s strengths and vulnerabilities and include vulnerability mitigation factors…
To read the rest of the article, make sure you subscribe now! Go to http://www.malaysiasecuritymagazine.com/subscribe/ and purchase either a 1 year or 3 year subscription today!