The Noggin Blog

If you'd like to discuss your client portfolio, existing implementations, and/or how to take Noggin forward with your customers, please contact us at partners@noggin.io to schedule a meeting.

In the wake of COVID-19, your clients probably understand the importance of being prepared for what have now become near-inevitable crises. But have they taken the next step, developing a best-practice crisis management capability that hews closely to prescribed standards in the field?

Unlikely, when it comes to crisis management. But there’s something you can do about it.

What’s the value of international standards in the age of COVID-19? Well, in the case of information management system standard, ISO/IEC 27001, the standard prescribes baselines for securing information assets. If you haven’t noticed, those information assets are increasingly under threat with the sharp rise of cyber attacks.

So, what should Security teams know about the best-practice standard?

The emergency threat has grown like never before. Natural disasters alone have increased ten-fold since the 1960s.

Add in an unprecedented pandemic, and these figures only up the ante on the need for not just any emergency management platform but the right emergency management platform. What capabilities matter in this age of disasters? 

With a worsening risk climate in the age of COVID-19, how can businesses prepare for the unexpected? Well, at the core of business resilience and preparedness lies the business impact analysis (BIA). The BIA gives organisations an intimate understanding of how their prioritised business activities would be impacted by crises, disasters, or disruptions.

In incident management (more broadly) and incident command (more specifically), major incidents are commonly defined as events that require an extraordinary allocation of resources, usually due to the location, severity, type, and/or number of victims. Incidents of this kind are varied in nature. But one constant is that their management usually involves responders coming together from different jurisdictions, geographies, and rescue services. Healthcare organisations quite obviously play a prominent role.

Before the COVID-19 crisis, the underreporting of accidents, injuries, illnesses, and other safety incidents loomed large as a major hurdle to improving safety performance. Since then, the pandemic has scrambled many safety priorities. But return to work shouldn’t be a return to safety underreporting. And here’s why.

Just last month, there were five named storms in the Atlantic all at once – a rarity last seen in the early 1970s. Nor is the Atlantic the only hotspot for storm activity. The interim Royal Commission investigation into last season’s bushfires also forecasted increasingly “erratic” storms hitting Australia.

For crisis leaders battered by COVID-19 yet still in the path of surging storms, it’s not only time to dust off your severe weather preparedness plans but also to get acquainted with the Incident Command System (ICS).

Most businesses entered the coronavirus crisis with a false sense of confidence in how prepared they were to handle a major crisis. Sure, they might have learned better. But how long will those lessons stick? A good way to tell is by figuring out whether and how often your clients are exercising their crisis response plans and scenarios. 

Buildings, sites, plants and equipment, materials, and other physical assets remain some of the easiest targets for malicious actors. And when surveyed, security professionals usually despair of their organisation’s inability to protect them.

Why’s that? Under-investment in physical security management has left these larger, (usually) older assets dangerously vulnerable to compromise. What can be done? Well, Security Operations Centres (SOCs) give organisations a chance to improve their operational security posture and better secure people and property. 

From tornadoes to floods to explosions, emergency agencies bring experts together in emergency operations centers (EOCs) to manage and coordinate operations. Before the pandemic, they did so largely in person. The risk (and reality) of infection, however, has forced EOCs to go virtual – out of necessity.  

Makeshift affairs, many of these virtual emergency operations centers (VEOC) are virtual in name only. How, then, to get the most out of your VEOC?