by Jeffrey C. Friedman
www.eaplan.com

What is an Emergency Action Plan?

An emergency action plan (EAP) is a written document required by particular OSHA standards [29 CFR 1910.38(a)]. The purpose of an EAP is to facilitate and organize employer and employee actions during workplace emergencies. Well developed emergency plans and proper employee training (such that employees understand
their roles and responsibilities within the plan) will result in fewer and less severe employee injuries and less structural damage to the facility during emergencies. A poorly prepared plan, likely will lead to a disorganized evacuation or emergency response, resulting in confusion, injury, and property damage.

Putting together a comprehensive emergency action plan that deals with those issues specific to your worksite is not difficult. It involves taking what was learned from your workplace evaluation and describing how employees will respond to different types of emergencies, taking into account your specific worksite layout, structural features, and emergency systems. Most organizations find it beneficial to include a diverse group of representatives (management and employees) in this planning process and to meet frequently to review progress and allocate development tasks. The commitment and support of all employees is critical to the plan’s success in the event of an emergency; ask for their help in establishing and implementing your emergency action plan. For smaller organizations, the plan does not need to be written and may be communicated orally if there are 10 or
fewer employees [29 CFR 1910.38(b)].

At a minimum, the plan must include but is not limited to the following elements [29 CFR 1910.38(c)]:

• Means of reporting fires and other emergencies
• Evacuation procedures and emergency escape route assignments
• Procedures to be followed by employees who remain to operate critical plant operations before they evacuate
• Procedures to account for all employees after an emergency evacuation has been completed
• Rescue and medical duties for those employees who are to perform them
• Names or job titles of persons who can be contacted for further information or explanation of duties under the plan

You can find out how to get a great, totally distributed Emergency Action Plan by contacting support@eaplan.com

Check them out on the web at www.eaplan.com

A business risk is a circumstance or factor that may have a negative impact on the operation or profitability of a given company. Sometimes referred to as company risk, a business risk can be the result of internal conditions, as well as some external factors that may be evident in the wider business community.

ERM provides a framework for risk management, which typically involves identifying particular events or circumstances relevant to the organization’s objectives (risks and opportunities), assessing them in terms of likelihood and magnitude of impact, determining a response strategy, and monitoring progress. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall.

ERM can also be described as a risk-based approach to managing an enterprise, integrating concepts of internal control, Sarbanes–Oxley Act, and strategic planning. ERM is evolving to address the needs of various stakeholders, who want to understand the broad spectrum of risks facing complex organizations to ensure they are appropriately managed. Regulators and debt rating agencies have increased their scrutiny on the risk management processes of companies.

Prudent business owners take care to minimize the risk, just as you would in any other type of risky venture you undertake. A good risk management system is a continuous process of analysis and communication.

A search for risk management on the internet turns up a very diverse set of links, none really addressing comprehensively the risks a business should consider; that was one of the main reasons for creating theriskalliance.com.

Some topics that surface are environmental issues, OSHA standards, financial safeguards, security services, backup systems and government regulations – all of which are valid risk control systems, but are specialized areas for consideration.

Part of the difficulty is that each business will have different types of risks, so it is difficult to generalize. Insurance covers the ones that are most common. Specialized insurance for particular risks that are inherent to your particular field of endeavor is also available for some businesses. However, insurance is only part of the package you as a business must consider. Contingency planning for other potential hazards is just as important as insuring against losses.

Some disorganized  risk management plans are almost as bad as none because they can be time consuming with no long term benefit.

One business backed up its data from its computer on a date storage device and stored the device in another office on a different floor, in a secure closet.  The closet was closed and sealed when they left for the night. When the toilet water main broke during working hours and water rushed into the through the floor of the building, the closet filled with filthy water just like every place else. The computer operator only had enough warning to flip off the electricity. The computer was a loss and it took months to recover the data lost. The company had a contingency plan for a corrupted database, they just were not ready for a flood disaster.

While there is always something that unanticipated that can happen, planning for the worst case will help you through many a bad moment.

You prepare for marketplace risk through your business plan. In the same way you need to prepare for the risks of illness, disability, damages, losses, injuries, and even disasters. A good risk management system not only has adequate insurance coverage to compensate you for losses which might occur, but it also includes a plan to prevent losses, if possible, and to manage unexpected events as they occur.

Assessing and addressing Information Availability

Phase 1 – Business Impact Analysis (BIA)

• Conducting a Business Impact Analysis and Risk Assessment enables you to put in place the appropriate prevention, containment and recovery strategies to protect your business from such Impacts.

Identify the following:

• The critical professes, priorities and single points of failure
• The key dependencies, both internal and external
• The inherent risks and vulnerabilities that may exist

Phase 2 – Risk Assessment (RA)

The RA provides a review of the business risks and threats, looking at physical, logical and procedural risks. It allows the business to act on recommendations to reduce their exposure to risks and vulnerabilities. As a result of both BIA and RA the business will have a better understanding of the impacts and risks facing it and will therefore be better positioned to determine priorities and timescales for continuity and be able to establish a risk mitigation process. This will form the basis for putting in place a viable continuity strategy.