Late on the evening of April 20, 2010, an explosion ripped the Deepwater Horizon oil drilling rig, owned by British Petroleum (BP), located about 50 miles southeast of Louisiana’s Gulf of Mexico coastline. 11 lives were lost. Our thoughts and prayers go out to those families as they cope with their loss. We’re deeply concerned about the current and future impact this disaster will have on our environment. Oil made landfall on May 6, 2010, near New Harbor Island, Louisiana. It’s estimated that 210,000 gallons of oil are leaking into the Gulf of Mexico from the broken wellhead each day. Is learning from disaster possible?
The companies involved, BP, Transocean Ltd. and Halliburton, Co have had to testify before Congress. They publically blamed each other causing President Obama to issue a statement about the fingerpointing. To their credit, BP has publically claimed that they “own” the problem and will take responsibility for the cleanup. They maintain a dedicated site about their Gulf of Mexico response.
Learning About Incident Response Plans
What if this were your company? Do you claim that your business is “socially responsible?” How will you back that up when the time comes? There are many lessons to be learned from the BP Oil Spill Disaster presently and probably well into the future. The first thing you should ask yourself is what is the critical incident response plan for your company? Don’t be fooled into thinking that you’re too small of an organization to think about such things. For example:
- Do you sell jewelry aimed at children? What if one of your components were tainted with lead? What if it presented a choking hazard?
- If you accept credit cards online, what if you or your merchant provider experiences a security breach, data loss, or hack?
- Do you sell niche food goods or other consumable commodities? what if your product was contaminated through no fault of your own?
- If one of your custom web applications is hacked and your client experiences a data loss, what will you do?
- What about a natural disaster? A man-made disaster? An act of terrorism in your city?
We could list “what if’s” ad nauseum. The point we’re trying to make is this- what is your planned response to a critical incident? An incident response plan should be a part of your business continuity plan and should initiate your disaster recovery plan.
Plan Now To Avoid Disaster
Now is the time to take a good look at your business and the products/services you provide. Think about worse case scenarios and jot down potential incidents that could occur. We’re sharing a worksheet on Scribd with you to start your brainstorming. The first tab contains some definitions. The second tab contains a sample scenario to get you started.
Think about who will be on your response team. Team members typically have response plan duties similar to their everyday duties and responsibilities. Your response team will guide your company through the crisis so it is of utmost importance that you choose people wisely.
Once you and your team have listed potential scenarios, it is time to start crafting your response plan. There are several great resources online for you to take advantage of. These include:
- Homeland Security’s National Response Framework
- CDC’s Emergency Preparedness and Response Site
- FEMA’s National Incident Management System
- Ready.Gov Publications
- HHS Guidelines for Business
- OSHA’s Hazardous waste operations and emergency response regulations
As you examine these resources and adapt them to your needs, you will want to be sure that both your business continuity plans and communication plans are current. Make sure you know what resources you’ll need if you have to activate your plan. And, who has the authority to activate your plan?
Bottom line – don’t wait until a disaster happens to deal with it!
Image courtesy of the Department of Defense.