The Noggin Blog

In a crisis, every moment counts. That’s why emergency communications must be quickly disseminated. But how to keep all parties informed, a perennial challenge?

That’s where mass notification software systems come in. Read on to learn their value to the enterprise.

So, what is operational resilience?

At its most basic, operational resilience is simply your business’ ability to adapt to (remain resilient during) times of uncertainty and stress.

Operational resilience initiatives expand upon the traditional complement of business continuity management programs, focusing on the impacts, connected risk appetite, and tolerance levels for disruption of product or service delivery to internal and external stakeholders. Sounds pretty prosaic when you put it like that. So, why are regulators interested? 

*If you'd like to discuss your client portfolio, existing implementations, and/or how to take Noggin forward with your customers, please contact us at partners@noggin.io to schedule a meeting.

In the crisis recovery moment, clients might be turning to you to help develop or revise their crisis management plan with lessons learned from the pandemic experience. That’s great. But crisis management planning doesn’t equal full crisis lifecycle preparedness.

As we’ve learned before, once plans are developed, clients are all too likely to fall prey to major crisis planning pitfalls. How to help clients avoid the inevitable bumps along the road and ensure full crisis lifecycle preparedness?

Data from the Global Peace Index shows that civil unrest doubled over the course of the 2010s. Think only high-profile venues need to be concerned? All organisations need to prepare. Not sure how to develop your civil unrest action plan, though? 

The goal of emergency planning is to build a robust emergency response capability before a disaster even happens. However, disasters have a way of going against plan. That’s when organisations have to scramble and build out incident plans. Of course, the incident planning process isn’t without its own challenges. One of the biggest is incident assessment. 

Major risk clouds were accumulating long before the COVID-19 pandemic. However, the research shows that firms only take an interest in risk after major crises. Well, it’s never too late to leverage risk management best practices to prepare for next time. And ISO 31000 might just be key to those preparations. 

In the aftermath of the US Capitol attacks, critics dissected the security response – a failure to predict leading to a sluggish, reactive response. And that’s often how we review incidents of civil unrest, through the prism of security operations. But we might be missing something crucial by this limited focus – namely the role of crisis management in securing key assets. 

The recent Capitol riots in the US shouldn’t have surprised anyone. Civil unrest leading to attacks on places of mass gathering, particularly government buildings and other venues of high symbolic value, have only increased in recent times. How to protect these venues of mass gathering?

*If you'd like to discuss your client portfolio, existing implementations, and/or how to take Noggin forward with your customers, please contact us at partners@noggin.io to schedule a meeting.

In the age of COVID-19, cyber security incidents are on the rise. Last year saw a 400 percent increase in cyber attacks, with a staggering 80 percent of companies reporting an annual increase.

Of course, cyber risk was worsening before the pandemic, too. Insider threats alone jumped by 47 percent between 2018 and 2020. The question now is what’s your client’s plan to respond to cyber security incidents? Too much else on their plate? Here’s what your clients need to know to get prepared.

Since the outbreak of COVID-19, safety teams have been working overtime to mitigate risk, ensure a safe work environment, all in compliance with the employer duty of care obligation. But that work won’t end even when the pandemic is over.

Indeed, PCBUs (Persons Conducting a Business or Undertaking) have a legal obligation to ensure the health and safety of staff. That duty of care obligation never ends. So, how to maintain the obligation in the midst of a crisis, emergency, or other business continuity incident? 

It was mere months ago that a bomb threat gripped Australian schools. But already, educational institutions and other organisations might be forgetting the lessons.

While those threats turned out to be hoaxes, the risk remains real. How to prepare your organisation? 

*If you'd like to discuss your client portfolio, existing implementations, and/or how to take Noggin forward with your customers, please contact us at partners@noggin.io to schedule a meeting.

Now, in the midst of the Covid-19 crisis, it might seem like the demand for business continuity plans (BCPs), processes, programs, and services will never end. But we’ve been here before, namely after the 11 September 2001 terror attacks when demand spiked but then plummeted. How, then, to help your clients build a sustainable case for business continuity management?

COVID-19 has brought with it a rash of illegal cyber activity against high-profile targets. The worst part is there’s no end in sight. What’s to be done? In Australia, for one, policymakers are honing in on revisions to the Security of Critical Infrastructure Act 2018.

What to expect in this new year, and what broader lessons will there be for the global security sector?

Emergency managers are well acquainted with the after action review, a qualitative evaluation of actions taken to respond to a given emergency. A staple of the recovery process, the after action review provides the best means of identifying best practices, gaps, and lessons learned, so as to respond better next time.

However, the COVID-19 crisis was a shock to the system. Normal processes were upended; plans turned out to be inadequate. How to do better next time? 

It’s the new year, and you’ve made the commitment to build (or enhance) your safety culture. Only problem is your contractors and suppliers haven’t made the same commitment to prioritise their safety culture. Why does it matter and what can you do about it? 

2020 was no doubt a year for the crisis record books. So, what can crisis leaders expect in the year ahead? Not Nostradamus-level prognostication, here, but the safe bet is on the acceleration of severe weather events. 

*If you'd like to discuss your client portfolio, existing implementations, and/or how to take Noggin forward with your customers, please contact us at partners@noggin.io to schedule a meeting.

With a vaccine now in the offing, many of your clients will be tempted to turn the page on the pandemic. But those companies who failed to remember the business continuity lessons of prior pandemics like SARS and H1N1 condemned themselves to repeat them during COVID-19. Now it’s your job to keep your clients from repeating the lessons of COVID-19 in the public health crises of the future. 

Healthcare workers have long faced significant risk of violence on the job. But the hospital security crisis didn’t just happen by chance. Specific reasons explain these high rates of occupational violence.

Think those reasons don’t matter to you? Think again. Many of the underlying, hospital security risk factors are germane to most professional sectors.

In this age of COVID-19, all-hazards planning has never been more integral to effective major event management. But the size of these events (including major disasters) means planning is often parceled out between a diverse set of stakeholders, potentially increasing operational risk. What, then, is needed to mitigate risk and enhance major-event emergency response capabilities? 

Most models of business recovery assume that the crisis itself has ended. Unfortunately, COVID-19 has proven far more durable than most major disasters. So, for businesses trying to get back to full, pre-crisis operations – the goal of recovery – what can be done to mitigate the logistical hurdles of business recovery from the COVID-19 crisis?

*If you'd like to discuss your client portfolio, existing implementations, and/or how to take Noggin forward with your customers, please contact us at partners@noggin.io to schedule a meeting.

Crisis management plans are great. But if we’ve learned anything from the COVID-19 pandemic, it’s that they aren’t enough to ensure that your clients are prepared for a protracted crisis.

After all, when a crisis breaks, it’s execution that matters. And seamless execution entails regular training in crisis-like conditions. How to help your clients create those conditions? 

When many in-person industries shut down at the beginning of the pandemic, remote work took off. An unintended consequence of these rapidly assembled teleworking arrangements, though, was the steep rise in cyber attacks.

But attacks themselves aren’t the only incidents Security teams and their enterprises have to worry about. There’s also the reporting that comes after. 

Even in the age of COVID-19, getting resources to the right place at the right time is still only half the battle. Relief organisations and agencies still confront barriers, ensuring that those resources are productive once on site. What’s one of the most difficult, and how to overcome it? 

With broad swaths of the economy once again open, entities involved in hazardous operations and other forms of non-routine work will need to re-implement stringent, work risk controls.

By law, those controls should go above and beyond safe work protocols for routine jobs. So how do PCBUs go about taking formalised steps to mitigate the work health and safety risks associated with dangerous jobs?

Remote work has taken off since the start of the pandemic, and so has the cyber threat. Already in March, online attacks had shot up six times their February levels. As we now know, that surge would only accelerate – to dire consequences for businesses already struggling to respond to COVID-19.

What can organisations do to respond to the crisis threat? These crisis planning practices will help. 

If you'd like to discuss your client portfolio, existing implementations, and/or how to take Noggin forward with your customers, please contact us at partners@noggin.io to schedule a meeting.

In the wake of COVID-19, your clients probably understand the importance of being prepared for what have now become near-inevitable crises. But have they taken the next step, developing a best-practice crisis management capability that hews closely to prescribed standards in the field?

Unlikely, when it comes to crisis management. But there’s something you can do about it.

What’s the value of international standards in the age of COVID-19? Well, in the case of information management system standard, ISO/IEC 27001, the standard prescribes baselines for securing information assets. If you haven’t noticed, those information assets are increasingly under threat with the sharp rise of cyber attacks.

So, what should Security teams know about the best-practice standard?

With a worsening risk climate in the age of COVID-19, how can businesses prepare for the unexpected? Well, at the core of business resilience and preparedness lies the business impact analysis (BIA). The BIA gives organisations an intimate understanding of how their prioritised business activities would be impacted by crises, disasters, or disruptions.

In incident management (more broadly) and incident command (more specifically), major incidents are commonly defined as events that require an extraordinary allocation of resources, usually due to the location, severity, type, and/or number of victims. Incidents of this kind are varied in nature. But one constant is that their management usually involves responders coming together from different jurisdictions, geographies, and rescue services. Healthcare organisations quite obviously play a prominent role.

Just last month, there were five named storms in the Atlantic all at once – a rarity last seen in the early 1970s. Nor is the Atlantic the only hotspot for storm activity. The interim Royal Commission investigation into last season’s bushfires also forecasted increasingly “erratic” storms hitting Australia.

For crisis leaders battered by COVID-19 yet still in the path of surging storms, it’s not only time to dust off your severe weather preparedness plans but also to get acquainted with the Incident Command System (ICS).

Most businesses entered the coronavirus crisis with a false sense of confidence in how prepared they were to handle a major crisis. Sure, they might have learned better. But how long will those lessons stick? A good way to tell is by figuring out whether and how often your clients are exercising their crisis response plans and scenarios. 

Buildings, sites, plants and equipment, materials, and other physical assets remain some of the easiest targets for malicious actors. And when surveyed, security professionals usually despair of their organisation’s inability to protect them.

Why’s that? Under-investment in physical security management has left these larger, (usually) older assets dangerously vulnerable to compromise. What can be done? Well, Security Operations Centres (SOCs) give organisations a chance to improve their operational security posture and better secure people and property. 

From tornadoes to floods to explosions, emergency agencies bring experts together in emergency operations centers (EOCs) to manage and coordinate operations. Before the pandemic, they did so largely in person. The risk (and reality) of infection, however, has forced EOCs to go virtual – out of necessity.  

Makeshift affairs, many of these virtual emergency operations centers (VEOC) are virtual in name only. How, then, to get the most out of your VEOC?

It’s been a couple years since work health and safety management system standards got a global upgrade. In 2018, ISO (International Organization for Standardization) 45001 came out, replacing British certification, OHSAS 18001, as the best-practice standard.

Plenty of compliance conscious PCBUs didn’t make the move then. But the British standard is only valid until the end of March 2021, meaning now is the time to upgrade. What are the other safety advantages of ISO 45001?

Your clients probably know that seeking out too much information can be a way of avoiding acting decisively during a crisis. But do they know there’s a whole class of stressors called decision derailers that cause ineffective crisis decision making?

COVID-19 wasn’t the first public health crisis of the 21^st century to come out of Asia Pacific – that would be SARS. But it was the first pandemic to shut down central China after that region had become one of the world’s premier manufacturing hubs. Add to that, over the intervening years, much supply chain resilience had been sacrificed to just-in-time manufacturing. How, then, to regain supply chain resilience in this era of heightened public health crises?

It’s obvious that COVID-19 has shifted the focus of physical security management. Guards, formerly responsible for managing physical threats to people and assets, are now being asked to step into a safety protection and promotion role.

How are they faring? Well, the recent hotel quarantine incident in the Australian state of Victoria suggests that the transition hasn’t been seamless. What could help improve the quality of physical security management in the age of COVID-19?         

In this age of increasing emergency threats, informal volunteer emergency workers often provide critical first responder help, usually search and rescue, first aid, damage, and need assessment.

But because they tend to lack pre-established relationships with emergency managers, informal volunteers can also pose operational risks. Dispatchers, for one, can’t verify training or credentials, so they are unable to accurately match volunteer skills with service areas. And that’s not the only management challenge relief organisations face. What are they?

The imperatives of social distancing during the pandemic have created unprecedented changes to work. Foremost among them: the increased need for people to work alone or in remote arrangements.

For PCBUs (Persons Conducting a Business or Undertaking), more people working alone mean more lone workers in need of a new class of safety protections, documented internal policies to keep this high-risk occupational group out of harm’s way. How to go about mitigating the risk so you don’t incur the liability?

We’ve said it before. Producing the assets that are relevant to the context of your organisation will only strengthen a business case for the business continuity planning resources needed to maintain acceptable levels of risk – once you’ve measured them.

But what would those resources look like? We argue, practical business continuity technology should be part of the mix. Why? Well, during moments of disruption, every minute matters. And manual processes are ill fitted to help you meet recovery time objectives (RTOs). Read on to find out why.

The reopening of the world’s economies from COVID-19-induced shutdown is happening at different paces. It continues apace in some areas that have contained community spread. In others, the emergence of new hot zones has caused a fresh wave of mandated business closures. Suffice it to say: after months of disruption, businesses are understandably eager to go back to normal as part of the recovery process. The question remains, though, have those businesses prepared themselves to resume operations at pre-crisis levels, especially in a public health environment marked by uncertainty?

Post-crisis business closures weigh heavily towards companies that fail to develop business continuity plans (BCPs) before major incidents. But the length and depth of the COVID-19 crisis suggest that not just any BCP will do.

Instead, it’s absolutely essential that your client’s BCP accurately identifies, quantifies, and minimises potential interruptions and risks before a crisis happens. And to that end, best-practice certifications, like ISO 22301, help clients bolster their business continuity planning risk mitigation strategy as they adjust to the new normal. 

Oh, how things have changed. Mere months ago, protective security entailed managing all physical security incidents, threats, and operations – reducing risks to keep people and physical assets safe.

Now, in the midst of an ongoing pandemic, organisations have had to redefine the mission of their physical security teams in an effort to ensure that employees and customers avoid likely health threats, specifically community spread of COVID-19. 

In the midst of the COVID-19 crisis, business continuity plans (BCPs), processes, and programs have never been in greater demand. But we’ve been here before.

Both the 11 September 2001 terror attacks and late 2000’s financial crisis spurred similar upticks in the popularity of business continuity management systems (BCMS). And yet, by the time COVID-19 came along, an alarming number of companies were unprepared.

Why didn’t business continuity management take off before; and how can you build a sustainable program today?

Mere days into the hurricane season, the Atlantic basin is already experiencing its third named storm. Meanwhile, China, faced with flooding in its south and east, is upping flood defense emergency response to level III. Western Australia, for its part, is less than a month removed from a “once-in-a-decade storm,” so dubbed by the state’s acting commissioner of Fire and Emergency Services.

For many organizations whose physical operations were forced to close due to COVID-19-induced lockdowns, reopening day is coming soon. Indeed, employers are busy planning for a safe reopening as the day approaches.

While planning matters, it’s the quality of those plans that will determine whether a safe reopening is possible. And as it turns out, too many organizations follow one-size-fits-all strategies that can actually compromise the safety of returning employees, imperiling business recovery from the crisis. How, exactly?

The scale of the COVID-19 disruption to what had long been normal working arrangements has been unprecedented. Take remote work: an early April 2020 MIT survey revealed that nearly a third of all workers in the U.S. who had been employed the month before were working from home, up from five percent in 2017.

At the outbreak of the COVID-19 crisis, more than 70 percent of employers admitted not having a pandemic plan in place. That glaring lack of planning suggests that your clients might not be as prepared as they think to resume normal working operations, now that the conversation has shifted to business recovery.

For many organizations, COVID-19 has meant a halt to on-premise operations and the introduction of broad work-from-home policies.

Sure, that pivot has been key to business survival. But it does carry serious risk, including a greater opportunity for physical security incidents from less oversight. How to mitigate that risk with a remote, fragmented staff? Best-practice security standard, ISO 27001 offers some clues.

After months of disruption, organizations are eager to return to normal as part of the recovery lifecycle. For many, that means resuming operations in work facilities vacated due to local, state, and national lockdown orders.

Even before the outbreak of the coronavirus, Forrester findings had shown that a full 100 percent of surveyed companies had experienced at least one critical event in the last two years – many firms faced multiple. The impacts of those critical events might now pale in comparison to the ongoing effects of the COVID-19 crisis. Still, the fact remains, organisations must be ready.

Your clients might be more receptive to that message than ever. The question then is: how can you help them build an end-to-end crisis competency in this moment? We have some ideas. So, do some of our partners.

Early numbers from the COVID-19 response reveal long-simmering challenges in ensuring business continuity for most organizations. In one employer survey, only 37 percent of respondents said that they had the right technology in place for employees to conduct critical business operations from home in the event of an emergency. 

Frontline workers, especially healthcare professionals, have become the faces of the response to the COVID-19 pandemic. In areas hard hit by the rapid spread of the coronavirus, like Lombardy, New York City, and New Orleans, stories of the noble sacrifices of healthcare workers who have had to risk their personal safety to treat patients without an adequate stock of personal protective equipment (PPE) have proliferated – incomplete data sources point to at least 5,400 healthcare workers COVID-19 infections in the U.S. alone, with dozens of deaths.

The Incident Command System sprung out of a fire suppression event in the 1970s. But it didn’t take too long for non-fire organizations to begin using the system, as well.

The question is now as emergency response agencies mobilize against the COVID-19 pandemic, can ICS be relevant to their efforts?

If you didn’t know before, a mainstay of business continuity management is the business continuity plan (BCP), a collection of resources, actions, procedures, and information, designed to prepare organizations to maintain essential functions in the event of a major disruption like the coronavirus pandemic.

Over the past few weeks, Noggin, a global leader in crisis and business continuity software solutions, has received press coverage from national news outlets including: Channel 7, The Daily Telegraph, news.com.au, NT News, Weekly Times, and more - for its its free COVID-19 Response software.

Here's what they are arguing for

When organizations need to cull information together quickly, case management makes the difference.

For safety, risk, compliance, and emergency managers, success often comes down to getting lots of information gathered and distributed quickly. That’s where case management comes in. Not only is the approach fundamentally adaptive, case management is also applicable to diverse types of complex, unpredictable work, all involving the accessing of fragmented resources (often data) to meet the fast-changing needs of clients.

Physical EOCs (Emergency Operations Centers) have proliferated in recent years. And it’s easy to see why. Physical EOCs help teams, individual organizations, and multiple agencies working in concert mobilize people and equipment for incident responses lasting the entirety of an emergency.

Why’s a place of mass gathering so difficult to pin down, even for owners and operators? The answer is more complex than you’d think. For one, place of mass gathering is a risk designation, extrinsic to the core function of the venue. Qualifying a venue as a place of mass gathering is its (high) potential to inspire terrorist attacks, which it becomes by concentrating large numbers of people.

With a surge of coronavirus cases around the world, new reports of workplace closures due to fear of exposure are emerging outside of coronavirus-epicenter, China, and outbreak hotspots like Hong Kong, South Korea, and Italy.

Case management emerges as a process of systematic problem solving

For those of us that had forgotten, the outbreak and spread of the coronavirus (COVID-19) to multiple continents should remind us that the risk of a critical global health incident must be factored into crisis and business continuity planning – and not just for companies with exposed supply chains.

The risk of the novel coronavirus to global supply chains is significant, experts say. And it’s easy to see why. For one, there is no historical precedent for the potential impact of the coronavirus on increasingly complex, global supply chains.

As of mid-February, over 64,000 cases of the novel coronavirus (COVID-19) have been reported, with wartime measures increasingly becoming the norm throughout mainland China. The reach of the coronavirus, however, is global. The World Health Organization (WHO) has already declared a public health emergency of international concern.

Protecting places of mass gathering means controlling risk. Safety and security risk, however, can come from virtually any aspect of the operation, a daunting prospect for venue owners and operators. And that risk tends to increase – not shrink – as the size and complexity of the operation grows.

Hiring employees to perform remote and isolated work often helps businesses improve their productivity. But lone work isn’t without operational risk. For one, managing the safety risk to lone worker populations is part and parcel of a PCBU’s (Person Conducting a Business or Undertaking) duty of care obligation.

Even mere months ago, business leaders might have been forgiven for thinking that in this age of advanced healthcare systems and technologies, the risk of public health incidents to their business’ viability remained remote. By now, though, the ongoing Wuhan coronavirus should have disabused them of the notion.

A full 100 percent of companies experienced at least one critical event in the last two years, according to a 2018 Forrester study. And the effects of those crises can be catastrophic, especially for small and medium-sized enterprises who run a higher risk of business closure.

As crises grow in kind and intensity, organizations need to take an intelligence-gathering and constant-monitoring approach to building their crisis management competency. This largely cyclical mode of lifecycle crisis management tends to be more strategy-oriented than the tactics-first approach implicit in the popular pre-crisis, crisis, and post-crisis models. For instance, the British crisis management standard, BS 11200, adopts a fairly cyclical framework that includes the following stages:

When it came to major safety and security threats, 2019 was one for the record books. Unfortunately, 2020 is shaping up to be no better, giving conclusive proof to firms – if they needed it – that it’s well past time to seriously consider from where top threats will come for your organization this year.

Implementing asset management principles enables PCBUs (Persons Conducting a Business or Undertaking) to quickly realize new value from existing assets. But those same principles also yield unexpected benefits for Safety programs, as well. Not sure what they are, or how to accrue them?

When surveyed, senior facilities managers admit that their respective organizations are unprepared to deal with the security risk to the built environment. That is even as risk, including threats like workplace violence, environmental incidents, and active shooter incidents, continues to grow.

In this modern, heavily mediatized age, we’ve become painfully familiar with the most common, crisis communications gaffes: the public announcements that are quickly back tracked; the press conferences more notable for the (mis)behavior of officials than the content of the statements made; and the live interviews of angry families deriding a lack of candor and communication from officials.

In 2018 corporate security incidents came for everyone. Unfortunately, 2019 proved no better. But despite the fact that corporate security incidents invite public scrutiny more swiftly than ever, the number of organizations with an appropriate (security) crisis management and communications plan remains stuck around the 50 percent mark worldwide.

Safety teams have long understood employee health and safety to lie at the intersection of health protection and promotion. In turn, those teams have developed sophisticated programs to enhance worker wellbeing and prevent injury and illness.

Nowadays, firms can expect some form of value-destroying corporate crisis at least twice a decade. And even those numbers might be too optimistic. In fact, a 2018 Forrester survey found that a full 100 percent of companies experienced a critical event in the last two years. Many dealt with multiple.

In 2018 corporate security incidents came for everyone. So far, 2019 hasn’t been much better. Through it all, one of the year’s bigger, under-covered trends has been the underinvestment in security personnel. How serious is the issue?

The modern workforce is changing and changing fast. Nowadays, most firms – from industry incumbents to plucky startups – employ third-party contractors to perform essential business tasks.

Ensuring compliance with regulatory requirements is critical to your business. But crisis and business continuity planning – often mandated by law – shouldn’t be a box-ticking exercise. Unfortunately, too many firms fall into the trap. What risks do those companies face treating crisis preparedness as a compliance-first practice?

For some time now, the research points up clear challenges in interagency response to large-scale emergencies, citing delays in getting assistance and rescue underway, delays in decision making, and lack of clarity in command and control structures, etc. The key question is why, what factors explain the situation on the ground.

Security incidents have become increasingly common in schools and universities. And bomb threats, in particular, are on the rise. Just look at the data.

It’s always been common for practitioners to treat safety and security as different properties – not just entities requiring different systems but distinct vocabularies and frameworks, as well. But increasingly the question is asked, how tenable is continuing to silo safety and security management? The answer: not tenable at all.

What integrated safety and security management capabilities do you need?

The story is well known. Hazardous substances were long bedrocks of the industrialized, global economy. But subsequent advances in environmental and health science caused a reevaluation of the use of hazardous waste in industry. In turn, governments installed thoroughgoing regulatory regimes to safeguard the health of workers, especially in heavy industry.

As many of you know, we decided, after a short sabbatical, to revive our User Conference initiative, so as to share best practices in safety and security management that we’ve learned over time, best practices which have also informed the development of our next-generation product, Noggin 2.0.

During an incident, emergency managers need to deploy materials, supplies, technologies, and people to the emergency site as quickly and efficiently as possible. Unfortunately, getting resources to the right place at the right time is only half the battle.

Spare a thought for your lone workers. After all, they’re likely your highest-risk employees. And without your active intervention, they might end up in harm’s way.

Decision making is hard in any context – never more difficult than during a crisis, when stress impairs decision making most severely. Crisis teams and their leaders understand this all too well.

Enhancing the future for health and safety professionals, SAFETYconnect 2019, brings new papers from local and international experts to the expo floor. A premium exhibition featuring the latest products, services, and technology solutions in the ever-changing WHS sector, the two-day event attracts senior WHS and business professionals from a broad range of industry sectors, including transport, construction, education, infrastructure, manufacturing, mining, utilities, government, and more. And the best part…

As a Safety leader, you’ve probably built a strong portfolio in the organisation. So too has your counterpart in Security. And now both of you see key safety and security priorities, like keeping employees safe at work or mitigating threats to facilities and people, reflected at the highest levels.

Boards of Directors have weighed in. A staggering 60 percent of them believe that disruptive risks are “much more important” today than they were five years ago.

Safety incident reporting rates remain persistently low, despite the costs (measured in eventual safety incidents) being so high. The question for Safety teams is why, why are their safety reporting rates stuck in the doldrums?

Focus on physical security controls in ISO 27001

Serious about securing your valuable assets, digital as well as physical? Well, international standards prescribe baselines for securing those assets. The ISO 27001 information security management systems standard, in particular, focuses on securing information assets.

Safety reporting rates remain stubbornly low, especially in high-risk sectors, like construction, mining, shipping, etc. Taken alone, these low reporting rates would be reason enough for concern. Remember, chronic underreporting and the devaluing of near-miss analysis don’t conduce to creating a thriving safety culture. But underreporting safety incidents have major cost implications, too. Here’s the cost of underreporting safety incidents.

Beyond business continuity planning, the need to move to a business continuity management system

As a practice, Business Continuity Management aims to maintain essential functions in the event of a disaster or other, major disruption. Organizations get that. After all, they’ve poured time and money into developing business continuity management plans.

Business process management implementations, useful as they are, aren’t ends. They’re means. Organizations engage in those implementations to effect larger transformations. After all, businesses are looking to gain concrete outcomes, results like better alignment, increased agility, flexibility, and innovation, cost reduction, deprecation of legacy applications, better compliance management, etc. The question is: how can workflow automation help organizations secure those business benefits?

The premier, comprehensive homeland security event in the nation, the 2019 National Homeland Security Conference brings together an impressive array of homeland security professionals. 

In Australia, environmental health and safety risk is getting critical. On the contemporary events broadcast, A Current Affair, respiratory physician, Dr Ryan Hoy singled out the silicosis crisis, calling it “unprecedented” – even warning that silicosis was worse than asbestosis.

When crises strike, leaders convene crisis management teams comprised of internal experts. You know, senior managers with the requisite professional and technical expertise to deal with the critical event at hand.

The case for interoperability, especially the efficient transfer of relevant data between agencies, couldn’t be clearer. For one, any number of after-action reports have cited a lack of interagency cooperation as contributing to mission setbacks, even historic failures. 

The data shows that automating and streamlining business processes help organizations realize extraordinary productivity gains. There’s a revenue implication, here, too. Firms get to reduce costs driven by process inefficiencies. But how do workflows and business process management materialize into topline business gains. Our workflows and business process management primer gives you the rundown.

Take a look at the figures. Eighteen percent of all violent crimes occur in the workplace. Victim deaths are especially high in retail.

Nowadays, more people are working than ever before. And with the advent of remote work, those people are working from anywhere, at any time.

Security operations centers offer some pretty clear business benefits: improved situational awareness and visibility, reduced long-term security costs, and less operational security siloing. But despite the manifold benefits, SOC adoption isn’t universal. Far from it: in fact, according to EY’s Global Information Security Survey, 2017-2018, just half (or so) of all surveyed organizations have an SOC. What’s going on with the rest?

When it comes to spending on compliance, companies aren’t shy. Every year, the average multinational will easily shell out millions on compliance, according to reporting in Harvard Business Review. In heavily-regulated sectors, that number is even higher. 

Accident reports show that as many as 90 percent of industrial accidents are attributable to human error. But poor procedures and processes can make those human errors well-nigh inevitable, especially in the world of hazardous work. And that’s why teams involved in non-routine work need to implement stringent work controls to keep everyone safe and reduce risk.

Crisis can happen at any time, arising from a single devastating event or a series of unattended issues. Either way it comes about, crisis, once underway, presents a serious threat to a business’s core objectives, reputation – even its viability.

From profits to press to badly-need infrastructure projects, major events can bring any number of lasting benefits to organizers and host sites. Conversely, the risks of running a major event are acute and variegated. So too are the penalties for botching it: public opprobrium, reputational damage, possibly even legal challenge and regulatory blowback. For organizers, effective all-hazards planning is the only solution to help mitigate topline risk and keep attendees safe. But with so many variables involved in major-event management, it’s easy to ask, how to get started?

By now, we know the grizzly details of the March 15 terror attacks at the Al Noor Mosque and Linwood Islamic Centre in Christchurch, the deadliest mass shooting incident in New Zealand history. All told, fifty people were killed, and scores injured at the hands of a self-described white supremacist.

A run-through of what happened

How prepared are organizations to tackle critical issues and major crises? That’s the question we at Noggin and our partner Deloitte have been posing to invited guests in our inaugural series of breakfast seminars, exploring the theme of overconfidence and crisis preparedness.

By now, most know at least the outlines of the story. In October 2018, Lion Air Flight 670 crashed into the Java Sea on a domestic route from Jakarta to Pangkal Pinang in Indonesia. All 189 passengers and crew on board were killed. Weeks later, engine failure forced a Norwegian Air Shuttle flight to make an emergency landing in Iran. And more recently, on March 10, 2019, Ethiopian Airlines Flight 302 crashed just minutes after takeoff from Addis Ababa, Ethiopia on its way to Nairobi, Kenya. As in the case of the Lion Air crash, all 150-plus passengers and crew on board perished. The common factor between the seemingly isolated incidents? The aircraft in all three flights belonged to a relatively new line of planes: the Boeing 737 Max 8.

We’ve all been following major shifts in occupational health and safety. And perhaps, no one recent change has been bigger than the introduction of ISO 45001. The new ISO standard supplants OHSAS 18001 to give organizations of any size and in any market a systematic, integrated way to manage work safety risk.

Year after year, the likelihood of a business-destroying critical event only seems to increase. Yet somehow, business continuity planning–the collection of resources, actions, procedures, and information, designed to prepare organizations to maintain essential functions in the event of a disaster or other major disruption–hasn’t made it to the top rung of C-suite priorities. 

Physical security incidents cause staggering levels of material damage and cost organizations big bucks. In the construction industry, for example, businesses lose between $300 million and $1 billion every year due to the theft of equipment and other high-value materials, according to data from the U.S. National Insurance Crime Bureau. 

Business continuity management (BCM) has been around for some time now, roughly since the 1970s, according to most accounts. Back then, the field was a mere offshoot of crisis management. But now its scope has narrowed substantially to a holistic management process for identifying potential threats to an organization and the operational impacts those threats pose.

Critical events have become increasingly disruptive facts of corporate life. A recent Forrester report documented that all companies experienced a critical event in the last two years. In fact, many dealt with multiple incidents, the average being more than four discrete critical events in a two-year period.

In the last decade, Australia and New Zealand launched broad-based reforms to retool their occupational health and safety systems. Australia implemented a rigorous harmonisation regime: its commonwealth Model Work Health and Safety Act now forms the basis of the majority of state WHS laws. New Zealand, then, used Australia’s Model Act as the basis for its regulations.

2019 has only just begun, and already we’ve got a strong contender for crisis management challenge of the year – queue the 2018 corporate crisis PTSD.

The business disaster data suggests yes – emphatically yes.

Organizations underestimate the emergency disaster threat to business viability at their peril. According to the U.S. Federal Emergency Management Agency, anywhere between 40 to 60 percent of small businesses never reopen following a national disaster.

We’ve said it time and again, but comprehensive, crisis management planning, while essential, is only the first step towards crisis preparedness. No matter how brilliant, dynamic, or intuitive your crisis plan is, when the time comes to execute, staff still needs to be comfortable performing assigned tasks. And that entails, regular training in crisis-like conditions. How, then, to create those conditions?

It’s December, and the new year approaches. But before we usher in 2019, let’s take a look back on the year in corporate crisis.

These aren’t the old days. Business leaders have finally gotten serious about managing topline risk at their companies. Just in time, too. Risk storm clouds have been gathering for a while now.

For retailers, the holiday season means big bucks. Last year's, the most robust in a decade, saw sales top $690 billion in the U.S. alone. Add in European sales, and that figure jumps up to one trillion dollars.

AIIMS is the Australasian Inter-service Incident Management System. The nationally recognized incident management structure in Australia, AIIMS has wide command, control, and coordination applicability in fire, land management, and other emergency situations, as well as for non-emergency incidents.

How prepared are organizations to tackle critical issues and major crises? That’s the question we at Noggin alongside our partner Deloitte posed to invited customers in an inaugural series of breakfast seminars exploring the theme of overconfidence and crisis preparedness.

California is ablaze. Northern California’s Camp Fire has already become the deadliest in the state’s history. The Woolsey fire, rampaging through heavily-populated Los Angeles and Ventura counties, is comparable in size to the city of Denver. For crisis leaders, it’s past time to dust of those corporate crisis plans and get serious about severe weather preparedness.

With a couple of tweets – how else? – President Trump inserted himself directly into the California wildfire crisis, blaming “poor forest management” as the cause of the “massive, deadly, and costly forest fires” and threatening, for good measure, to pull funding (presumably for federal firefighting assistance).

How much did corporate reputations slump during the financial crisis? A lot, at least according to industry actors at the time. For instance, when polled in 2009, 85 percent of executives agreed that the public’s trust in business had diminished.

Been managing volunteers, especially disaster response volunteers, for the last few decades? Then, you’ve probably noticed a shift. There’re fewer long-term volunteers; new volunteers are harder to come by than ever; and your base of existing volunteers is serving historically short stints.

By now, the case for interoperability, especially the efficient transfer of relevant data between agencies – otherwise known as interoperability in information management – is clear. Just take a look at many post-emergency, after-action reports; most cite a lack of interagency cooperation as contributory to mission setbacks, or even failures. Of course, one of the best examples in recent memory: poor interagency cooperation between New York City responders during 11 September.

When it comes to disaster response, full-time staff usually gets heavy reinforcement from volunteers. Indeed, in the event of an emergency, volunteers, especially spontaneous, converging volunteers, are often the first on the field, providing much-needed first responder support, including search and rescue, first aid, damage and need assessment. It’s also not uncommon that volunteers numerically dominate the response effort. In Australia, for instance, rural fire services often average career staff to volunteer ratios that easily exceed 1:130.

Let’s face facts. Features only improve products when actual customers use them. Too often well-intentioned features create more complexity than value. That’s never more so the case than when those features are introduced with cumbersome design elements, which users need to wade through in order to get where they need to go. After all, users are humans. And there’s only so much design stimuli we can absorb at any one time.

So far this year, the U.S. has already been hit by six storms, excluding the recent Hurricane Florence, that were each severe enough to inflict at least $1 billion in damages. Together, these storms caused more than thirty deaths.

Hurricane Florence—which recently struck the Southeast U.S. leading to severe flooding in the Carolinas—caused an estimated $20 billion in damages, possibly higher given that estimates on the monetary cost are still being estimated, and led to more than forty deaths.

Tesla CEO Elon Musk is grabbing headlines for his tweets—one of which even set in motion an investigation by the U.S. Securities and Exchange Commission—and for smoking marijuana in a video interview with stand-up comedian Joe Rogan.

Selling goods on the market? Then you know the product recall threat can’t be understated. Defective products are already a leading cause of liability loss, according to insurance giant, Allianz. And the overall toll of consumer goods incidents to (just) the U.S. economy: $1 trillion plus per year. You can’t make this stuff up.

Resource management is all about getting the right people and things to the right places at the right time. Officially, it’s the organizational function dedicated to coordinating and overseeing tools, processes, and systems that help provide managers with appropriate resources in an appropriate timeframe.

How big have chat apps gotten? Just look at the data. Survey findings show that three quarters of us now prefer using chat to other forms of electronic communication. In concrete numbers, the biggest free messaging services, WhatsApp, WeChat, and Facebook Messenger, have around a billion active users apiece. And those users aren’t just in a couple of high-income countries. WhatsApp and Messenger users, in particular, are pretty spread out across advanced and emerging markets.

They’ve done it. Your company has finally made that investment in crisis management planning. You’re one of the point people tasked with creating a crisis management plan.

What matters in your crisis preparation efforts? Well, understanding the stages of crisis management, for starters. Those, of course, include pre-crisis, crisis response, and post-crisis recovery. It’s during the vital pre-crisis stage that your crisis management team will undertake the bulk of its crisis management planning, putting in place the processes and procedures to deal with the effects of disruptive incidents.

Perhaps you’ve noticed, but under stress, you’re not exactly making the best decisions. Don’t worry, it’s not just you. A chorus of researchers in the fields of psychology, sociology, and neuroscience all agree that stress hurts our decision making capabilities, because it changes the way our brain works. It’s just chemical.

Why the differences matter

Even though crisis has fast become a fact of corporate life, too many organizations still think they’re immune. Case in point: nearly a third of companies have no crisis management plan in place. That is despite the unmistakable risks associated with crisis: harm to stakeholders, losses to the organization, or even business extinction. Why would companies take the risk?

How to structure your Crisis Management Team (CMT), and what you should consider

You’ve just seen a competitor thrown into crisis, or maybe you’ve only barely weathered your own. Either way, now you’re convinced, more than ever, that you need a full-fledged crisis management function at your own business. It’s finally time to get started. The only question remains, who serves on the crisis management team?

The Case of Australia and New Zealand

Like most advanced economies, Australia and New Zealand relied heavily on substances now deemed hazardous during industrialization in the nineteenth and twentieth centuries. As a result, both countries now have relatively high, per-capita rates of hazardous waste. In response, both countries have installed relatively stringent regulatory regimes to safeguard environmental and worker safety. But some of those regimes have changed recently. This blog will provide an overview of recent changes in hazardous waste regulations.

We’re just over halfway through the year, and already 2018 has been chockfull (to bursting) with some of the worst public relations crises in recent memory. We thought we’d document the worst of the worst; but boy was it hard to choose. So in no particular order, here are the top eight public crises of the year, because you know, “eight rhymes with great”:

When it comes to incident and emergency response, effectively managing resources couldn’t be more important. Resources, i.e. materials, supplies, facilities, technologies, even people, are assets in every sense of the word. But they don’t get the job done in isolation. That’s where capabilities come in.

By now, you’re probably past questioning whether a corporate reputation management function makes sense for your firm. After all, seven out of ten crisis-experienced board members say it takes anywhere from one to five years to recover from a reputational crisis.

Emergencies happen suddenly. They flare up, instantly posing a threat to life, critical infrastructure, and the environment at large. And once they get going, they don’t stay static. Emergencies are highly fluid events by definition.

If you take a bird’s eye view, the state of volunteerism seems pretty healthy. The volunteer rate in the U.S., for instance, stands at around 63 million people, roughly a quarter of the total population. And that’s only a few basis points down from the 29 percent that government statisticians recorded when they first started tracking rates of volunteerism back in the early 2000s. The importance of those volunteers to the health of the economy (not to mention the mission of their nonprofit organizations) can’t be overstated either. Some estimates show that volunteers contribute upwards of $150 billion in services.

Photo by MONUSCO/Sylvain Liechti  [CC BY 2.0 (https://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons 

Welcome to our newest blog series ‘Get to know Noggin OCA’. This series will highlight features of our enterprise resilience software platform, Noggin OCA, that help all types of business manage disruption, smarter. The next 4 blogs will focus on the key features that help organizations efficiently and effectively manage resources during an emergency. 

Photo by Matt More/FEMA  [CC BY 2.0 (https://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons 

Efficiently deploying resources in time-sensitive emergency situations isn’t easy. Just take search-and-rescue (SAR). Time is absolutely crucial in those operations, as the possibility of success rapidly dwindles with the passing of days, if not hours.

If you’re not in Marketing, you might have missed this stat. But according to researchers, a staggering 80 percent of adults are at least somewhat more likely to consider buying products and services recommended by friends, family, and authentic online consumers.

Think stress clouds your judgment and impairs decision making? Sorry, but if you’re not a neuroscientist, sociologist, or psychiatrist, you don’t even know the half of it. We're not any of those things, but we thought it would be worthwhile to dig into some of the research in the field. We want to share some of the findings, because they’re of particular interest to crisis management practitioners out there.

It’s not uncommon to hear senior business leaders refer to brand and reputation as if they were one and the same. Sure, there’re plenty of similarities. But there’re even more fundamental differences, such that mistaking the two distinct concepts can get your business into a lot of trouble.

The origins of the ongoing AT&T pay-for-play crisis reach back to October 2016. It was then, during the last weeks of the U.S. presidential election, that AT&T, the nation’s second-largest wireless provider and third-largest home internet provider, announced that it would be acquiring Time Warner, the world’s third-largest media conglomerate after Comcast and the Walt Disney Company.

When you ask around, people tend to know what bad business decisions look like – the botched product launch, the acquisition that went pear shaped, the bad hire, the list goes on. What’s more, upon reflection, people tend to understand the factors that contributed to those bad decisions. As a rule, we tend to scrutinize our mistakes, sometimes more than we do our successes. Things aren’t that different in the crisis management context, where the post-mortem is built into the lifecycle. But although crisis teams all know what bad decisions look like, they can’t necessarily visualize effective crisis decision making. So we’re here to help, by expanding on a few signs of effective crisis decision making.

By all indications, the threat of corporate crisis keeps growing. For one, fines for corporations across all industries have risen, signaling that further financial crisis could be in the offing. Also, crisis-related media headlines involving the Forbes 100 are up 80 percent over the last decade. All of this points to the fact that crisis has become the new normal across diverse industries and markets. So what’s going on?

In search of a central cause of corporate crisis? Look no further than a lack of situational awareness, a systemic issue across industry. But for such an important concept, it’s not that well understood. And so here’s a primer on situational awareness that answers why exactly companies need to improve theirs.

Crisis can just as easily arise from a single devastating event, as it can from a series of unattended critical events. But either way it happens, crisis can present a serious threat to a business’s core objectives, reputation – even its viability. What’s more, crisis, once underway, doesn’t just burn bright, then suddenly extinguish. That’s because crisis is by definition multilayered and multidimensional. In order to properly prepare for, manage, and recover from crisis, companies need a strong crisis management function, one that anticipates crisis. So what’s the key – continuously improving your crisis management planning and preparedness through a crisis lifecycle management approach. Let’s dive in.

Somewhere between “Draft 2” and “Draft 73,” it can be easy to lose control over your all-important report. It can happen as a result of having many hands in the cookie jar: multiple edits, deletions, insertions or course-corrections.

Without a proper version control system in place, and the right tools to help you keep track of changes to a document, you’ll get lost in the Bermuda Triangle of document management, potentially spending more time trying to tell the documents apart than was spent to create the original in the first place.

 
Touted as the “first ever factual thriller on British television¹,” Hunted, a ShineTV reality programme, chronicles the journey of 14 ordinary Brits, given £450 and told to vanish. The goal: evade capture for 28 days.