Resilience

 

 

https://sm.asisonline.org/Pages/Security-Cares-Aids-the-Dallas-Community.aspxSecurity Cares Aids the Dallas CommunityGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652017-09-25T04:00:00ZShow Daily staff<p>​ASIS International launched Security Cares as a community and safety initiative designed to benefit local businesses. Managers of small to medium-size businesses, along with cultural and community institutions, have been invited to attend the 63rd Annual ASIS Seminar and Exhibits.</p><p>Many of these businesses have not traditionally considered themselves to be targets of acts that could disrupt their business operations or adversely affect their employees, customers, or patrons. But incidents reported almost daily by media are changing this perspective.</p><p>Security Cares is a targeted effort to provide community leaders with actionable alternatives. ASIS will be delivering free education programs and providing access to security thought leaders and solution providers. By providing information on the fundamentals of the security profession and preparedness, ASIS can help build safer, more resilient environments. </p><p>This multi-day program, from Wednesday to Thursday, will feature free, expert- led instruction on various security-related topics including:</p><p>• Active shooter/assailant preparedness and response</p><p>• Fundamentals of a workplace violence plan</p><p>• Tips to enhance mail room safety</p><p>• Guidance for working with law enforcement and first responders</p><p>• Best practices for instituting cybersecurity initiatives</p><p>While large corporations may have sophisticated security programs, small businesses and community institutions— such as churches, nonprofits, schools, clinics, and museums—don’t always have the resources or know-how to adequately mitigate risks to their people, property, and assets.</p><p>Through Security Cares, ASIS provides easily implementable prevention and preparedness strategies and best practices, as well as access to a global pool of the top leaders in the security management profession.</p><p>Launched in 2016, this initiative takes place annually at the ASIS International Annual Seminar and Exhibits as part of a commitment to give back to the various communities where this event takes place.</p><p>Through opportunities to interact with a cross-section of the more than 20,000 attendees that visit the host city, ASIS can ensure that the community receives a lasting benefit from the collective wisdom and product knowledge on display. </p>

Resilience

 

 

https://sm.asisonline.org/Pages/Security-Cares-Aids-the-Dallas-Community.aspx2017-09-25T04:00:00ZSecurity Cares Aids the Dallas Community
https://sm.asisonline.org/Pages/Book-Review---Soft-Targets.aspx2017-09-01T04:00:00ZBook Review: Soft Targets
https://sm.asisonline.org/Pages/Preparing-for-Protests-.aspx2017-09-01T04:00:00ZPreparing for Protests
https://sm.asisonline.org/Pages/A-Shift-in-Global-Risk.aspx2017-08-01T04:00:00ZESRM: A Shift in Global Risk
https://sm.asisonline.org/Pages/How-to-Protect-Your-House-of-Worship.aspx2017-08-01T04:00:00ZHow to Protect Your House of Worship
https://sm.asisonline.org/Pages/Book-Review-In-Pursuit-of-Foresight.aspx2017-06-12T04:00:00ZBook Review: In Pursuit of Foresight
https://sm.asisonline.org/Pages/Power-Play---Resilience-and-Infrastructure.aspx2017-06-01T04:00:00ZPower Play: Resilience & Infrastructure
https://sm.asisonline.org/Pages/Book-Review---Resilience-in-Asia.aspx2017-06-01T04:00:00ZBook Review: Resilience in Asia
https://sm.asisonline.org/Pages/The-Most-Resilient-Countries-in-the-World.aspx2017-05-11T04:00:00ZThe Most Resilient Countries in the World
https://sm.asisonline.org/Pages/After-an-Active-Shooter.aspx2017-05-01T04:00:00ZAfter an Active Shooter
https://sm.asisonline.org/Pages/Responding-to-San-Bernardino.aspx2017-05-01T04:00:00ZResponding to San Bernardino
https://sm.asisonline.org/Pages/Cinco-Acontecimientos-que-Moldearon-la-Gestión-de-Crisis.aspx2017-04-12T04:00:00ZCinco Acontecimientos que Moldearon la Gestión de Crisis
https://sm.asisonline.org/Pages/Ramping-Up-Resilience.aspx2017-03-01T05:00:00ZRamping Up Resilience
https://sm.asisonline.org/Pages/The-Road-to-Resilience.aspx2017-02-01T05:00:00ZThe Road to Resilience
https://sm.asisonline.org/Pages/World-Water-Woes.aspx2017-01-01T05:00:00ZWorld Water Woes
https://sm.asisonline.org/Pages/Reducción-de-la-Violencia-en-América-Latina.aspx2016-10-11T04:00:00ZReducción de la Violencia en América Latina
https://sm.asisonline.org/Pages/A-Hospital’s-Life-Safety-Lessons.aspx2016-10-01T04:00:00ZA Hospital’s Life Safety Lessons
https://sm.asisonline.org/Pages/Five-Post-Incident-Concerns.aspx2016-09-01T04:00:00ZFive Post-Incident Concerns
https://sm.asisonline.org/Pages/Resilience-Trends.aspx2016-09-01T04:00:00ZResilience Trends
https://sm.asisonline.org/Pages/A-Strategic-Response.aspx2016-08-01T04:00:00ZA Strategic Response

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/A-Shift-in-Global-Risk.aspxESRM: A Shift in Global Risk<p>​The quest to better understand the sources of global risk, and the effect those sources of risk may have on security, is of continuing importance to many practitioners of enterprise security risk management (ESRM). </p><p>And now, global risk has entered into a new era, with people around the world facing more political instability, more economic challenges, and the prospect that more national policy decision making will be driven by emotion rather than reason, a new study finds. </p><p>The study, The Global Risks Report 2017, is the 12th edition of one of the flagship reports issued annually by the World Economic Forum. The report postulates that the new era of risk began last year, a watershed time for instability when increasing economic populism and political polarization came to a head in unexpected election results and the disquieting rise of former fringe nationalist parties. </p><p>“The year 2016 saw profound shifts in the way we view global risks. Societal polarization, income inequality, and the inward orientation of countries are spilling over into real-world politics,” reads the study, which was conducted with the help of academic advisors from the University of Oxford, the National University of Singapore, and the Wharton Risk Management and Decision Processes Center at the University of Pennsylvania. </p><p>The report argues that five “gravity centers” will shape global risks moving forward, and it sketches out the challenges that will result from each of them.  First, continued slow economic growth, in tandem with high debt and demographic changes, will create an environment conducive to financial crises and growing inequality. Second, corruption and unequal distribution of the benefits of growth will convince a growing number of people that the current economic model is not working for them.</p><p>Third, the transition towards a more multipolar world order will put a greater strain on global cooperation. Fourth, the fourth industrial revolution—Internet-connected technologies—will continue to transform societies, their economies, and their ways of doing business. Fifth, more people will seek to reassert identities that have been blurred by globalization, so decision making and election choices will be increasingly influenced by emotions rather than reason.</p><p>There is no one silver bullet solution to these challenges. But the report argues that the problems “create the opportunity to address global risks and the trends that drive them.” In that spirit, the study sets out several actions that leaders should take to push forward in creating a more secure and stable world. </p><p>The report argues that political leaders need a deeper commitment to fostering inclusive development and equitable growth, on both a national and global scale, instead of allowing increasing economic inequality to further destabilize societies. And while the report praises innovation, it also argues for better management of technological change, so the growth of new uses for technology causes less disruption and leaves fewer behind. </p><p>Finally, at a time when multinational institutions like the European Union and NATO are under unprecedented attack, the report calls on leaders to redouble efforts to protect and strengthen systems of global collaboration. Destabilizing international events—which range from migration flows created by the Syrian war to major weather events that impact several countries to a potential global water crisis—all warrant more cooperation between countries.  </p><p>“It is ever clearer,” the report argues, “how important global cooperation is on the interconnections that shape the risk landscape.”</p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Supply-Chain-Strategies.aspxSupply Chain Strategies<p>​Take almost any product you have purchased in a store or used at home or work in the last week. Chances are, that object moved thousands of miles from where it was originally manufactured to the place where it was ultimately purchased or delivered to you. Organizations have intricate supply chain networks that are constantly moving every day around the world, and having an efficient supply chain security program ensures that movement of goods is not interrupted or compromised. </p><p>Security professionals must take a detailed look at the vendors who supply their assets and understand how those goods will be handled and ultimately implemented into their company’s operations or services. Following is a look at how a children’s hospital in Alabama applied supply chain security best practices to weather an unexpected storm, as well as provide for day-to-day operations. In addition, supply chain experts discuss lessons learned from their own experience of conducting risk assessments, following standards, and vetting suppliers and transporters to better protect company property. ​</p><h4>Alabama Children’s </h4><p>When a snowstorm hit Birmingham, Alabama, on January 28, 2014, the city was caught unawares. The snowfall, which quickly turned to ice, left thousands stranded on highways or in their offices. Children were stuck at school, their parents unable to pick them up. The event became known as “Snowpocalypse,” and news service AL.com called it “the winter storm that brought Birmingham to its knees.” </p><p>Hospitals were affected by the storm as well, including Children’s of Alabama. The pediatric center encountered vulnerabilities in its supply chain during that event it hadn’t previously considered, says Dennis Blass, CPP, PSP, director of safety and security at the hospital. </p><p><strong>Lessons learned. </strong>Every year the hospital conducts a hazards vulnerability assessment for its supply chain to find out where it can improve safety and security. “Once you identify your hazards and your vulnerabilities–the things that are dangerous to you or the things that you’re weak in–then you start peeling those back,” he says. “If we identify hazards that we need to correct, then we probably are going to create a management plan to correct those issues.” </p><p>Many displaced people in the community turned to the hospital for shelter when they had nowhere else to go. “We have a very prominent position in the Birmingham skyline, so if things look bad, the hospital looks like a place to go and get help–as it is,” Blass says. There were also clinic patients who had come to the hospital that morning for a routine checkup, planning to leave; many of them were stuck because of the snowstorm, which began around 10:30 a.m. local time.</p><p>Instead of being filled to the normal capacity of 300 people—the number of beds in the hospital—there were roughly  about 600 people who spent about 48 hours at the facility to ride out the storm.</p><p>The number of people at the hospital exposed one unforeseen vulnerability—obtaining clean linens from its supplier, which is separated from the hospital by a chain of mountains. “The supplier can wash the linens, but they can’t deliver them to us…we ended up making it, but that was a close call,” says Blass.</p><p>“We could handle supplies for patients, but we had a lot of people who just came to the hospital because it was a warm place to be,” according to Blass. “That had impacts on the amount of food that got consumed, and it had impacts on the amount of linens we went through. Just things that people need, supplies like toilet paper, things you don’t think a lot of.” </p><p>For those who weren’t patients, the hospital served smaller meals than normal; “sandwiches and soup, as opposed to meat and potatoes,” Blass says, to stretch resources. </p><p>The main drug supplier for the hospital is located in the same region, so obtaining critical medicine was not a concern during the storm. The hospital also has plenty of diesel fuel tanks, and can go for days without restocking. Only the insufficient linens, which must be sent off to a facility for proper sanitation before being returned to the hospital, turned out to be an issue.</p><p>“We did an after-action report on that experience, so we…put it in our emergency management plans for the future,” he notes.</p><p>The hospital’s emergency plans help ease any supply chain shortages. The institution follows the hospital incident command system (HICS) which assigns temporary duties to leadership during an emergency. For example, during the snowstorm, the chief operating officer of the hospital assumes the role of incident commander; an information officer is assigned to keep the community informed of hospital activities; and the plan also incorporates a medical officer, logistics chief, and planning chief. </p><p>During the incident, this system helped ensure proper patient care and as few gaps in the supply chain as possible. “Food was getting tight,” Blass says, and the food warehouses are not located near the hospital. “Because of the command structure, leadership can say, ‘okay you have a company credit card, we’ll contact the bank and raise your limit from $500 to $5,000 or whatever you need.’”</p><p>The U.S. Joint Commission, which certifies and accredits healthcare bodies, requires that hospitals have a group with representatives from various divisions that evaluates the standard of care they are providing to patients. Alabama Children’s has an environment of care committee that meets once a month to complete this requirement. “Our environment of care committee looks at things like safety, security, and resource management,” says Blass. “We have to meet the Joint Commission’s standard, and it surveys us every three years.” </p><p>Representatives on the team at Alabama Children’s include staff from the pharmacy, medical team, facilities, human resources, dining services, and more. This team ensures that there aren’t any gaps in the supply chain that would interrupt the hospital’s daily operations. As a rule, Blass says that having enough supplies for 96 hours will allow the facility to continue operating smoothly and efficiently. This includes a variety of items that the environment of care team must carefully think through and document. “You’re talking about water, fuel, basic sanitary supplies, and then you start talking about medicine and those things necessary for a hospital to run,” he says. </p><p>And there can be more than one type of each supply, a detail that, if overlooked, could mean life or death. “We have pumps that pump air, we have pumps that pump blood, we have pumps that pump saline, we have pumps that do many different things. You have to have all the things needed to make those supplies work for 96 hours,” he notes. </p><p>Keeping track of inventory is critical to determine whether the hospital has a sufficient supply of each item. Blass says that the hospital is moving toward a perpetual inventory system, where a new item is ordered as soon as one is pulled off the shelf. </p><p>There is a downside to stocking too many items, which is why it’s a delicate balance between having 96 hours’ worth of supplies and more than enough. “Space is expensive. And if you want to have enough water for four days, how much water is that? Where do you put it? How do you keep it fresh?” He adds that the hospital must be thoughtful in its policies and procedures on maintaining its inventory to avoid any issues.  </p><p>Thankfully, Blass notes, t​he 2014 snowstorm only lasted 48 hours. “The size of the surge exceeded our plan, but the length of the surge was shorter than our plans, so it all worked out,” he says. </p><p>And not every element of securing the supply chain is tangible; the information and communication pieces are also critical. “Every day we’re getting blood supplies in, and other kinds of materials that must be treated very carefully,” he says. Special instructions need to be followed in many cases. For example, there may be medicine that must be stored at a precise temperature until 30 minutes before it’s dispensed. That information must be communicated from the pharmacist to the supplier, and sometimes to security, who can give special access to the supplier when it delivers the drugs. </p><p>Blass is a member of the ASIS International Supply Chain and Transportation Security Council. He helped develop an American National Standards Institute (ANSI)/ASIS standard for supply chain security, Supply Chain Risk Management: A Compilation of Best Practices Standard (SCRM), which was released in July 2014. The standard provides supply chain security guidelines for companies, and has illustrations of what exemplary supply chain models look like.</p><p><strong>Best practices.</strong> Marc Siegel, former chair of the ASIS Global Standards Initiative, also participated in the creation of the ANSI/ASIS standard, which provides explanations of how to look at managing risk in the supply chain. “It’s based on the experiences of companies that have very sophisticated supply chain operations,” he tells Security Management. “The companies that put it together were really looking at having a document that they could give to their suppliers, to help them look at themselves and think of things that they should be doing and preparing for.” </p><p>Siegel is now director of security and resilience projects for the homeland security graduate program at San Diego State University. He promotes supply chain mapping, which takes a risk management–based approach to supply chain security. “Traditionally, a lot of security people have looked at supply chain as logistics security,” he says, “whereas companies with major supply chain considerations have been moving more into an enterprise risk management perspective.” These organizations take an across-the-board look at risks that could create a disruption in the supply chain, asking themselves what the specific things are that could interrupt or prevent them from manufacturing or delivering their product. </p><p>Siegel says there is a disproportionate focus on bad actors and intentional acts as threats to the supply chain, when more often it’s a natural disaster or accident that causes the most significant disruptions. “The broader risk management perspective is also looking at, ‘Is there a potential for a storm, is there a potential for political disorder, or instability in a region, that can cause a delay in processing?’” Only then, he says, are companies efficiently mapping out all the factors that could introduce uncertainty.</p><p>Maintaining a broader perspective will keep organizations from fixating on two of the most common hangups in supply chain security. “You have people who fixate on ‘everything is a threat,’ and you have people who fixate on ‘everything is a vulnerability,’ and if you only fixate on those two things you’re going to miss a lot of stuff,” Siegel says.</p><p>Blass agrees. “When we start that annual hazards vulnerability assessment, I’m going to look through the standard and notes I’ve written myself to make sure I’ve got everything covered,” he notes. “You can never rest and say, ‘well, we’re safe and secure and we don’t have to do anything else,’ because the threats keep changing.”   ​</p><p>--</p><h4>Sidebar: assess risk<br></h4><p> </p><div>​For the co​rporation that produces the F-35 fighter jet and other advanced technologies for the U.S. government, supply chain security is of utmost importance. “The threats that we face are universal in nature due to the size and the complexity of our supply chain,” says Vicki Nichols, supply chain security lead for Lockheed Martin’s Aeronautics business. </div><div><br> </div><div>Lockheed Martin Aeronautics assesses the supply chain in a number of categories, but Nichols works most closely with cargo security. “The threats there are cargo disruption, unmanifested cargo, and anti-Western terrorism,” she notes. </div><div><br> </div><div>The division conducts a risk assessment of its international suppliers. “We look at what type of products they provide us and how vulnerable that product is to manipulation or intellectual property theft, and we look at country risk,” she says.  </div><div><br> </div><div>The company sends a questionnaire to its suppliers, and comes up with an overall score for each of them based on 10 criteria, including country risk and transportation mode. In many cases, it also sends field personnel to evaluate the supplier’s facility. “If we know we have eyes and ears going in and out of the facility, and those people are trained to recognize red flags, then we know we have a lower threat because of our presence,” she says. </div><div><br> </div><div>After one such site check at a facility in Italy, Lockheed Martin Aeronautics determined that the use of technology was warranted to further enhance security. “The concern was that the area was known for introduction of unmanifested cargo—weapons, cargo disruption,” she notes. “We began to look at tamper-evident technologies, and track-and-trace devices that would allow us to know if someone had opened or tampered with the freight.”  </div><div><br> </div><div>Lockheed Martin has a corporate supply chain security council that meets at least once a month to provide updates and discuss any issues that arise. Representatives from the company include human resources, personnel security, physical security, and counterintelligence. Stakeholders from major partner organizations are also invited to participate.</div><div><br> </div><div>Lockheed Martin Aeronautics also works closely with law enforcement and federal intelligence sources who disseminate relevant information to the company. “We subscribe to some intelligence data that is cargo-specific, so we issue a spotlight report about three times a week just to keep people engaged and aware of the threats in the supply chain,” she notes. </div><div><br> </div><div>Supplier engagement is also critical, Nichols says, so the company stays in touch with about 120 suppliers internationally. </div><div><br> </div><div>Sometime in 2017, Lockheed Martin Aeronautics plans to purchase a software management tool that will release supplier questionnaires in the native language for countries it does business with. It will tap existing resources such as “Supplier Wire” to offer training to the supply base. “This will be another evolution on how we can engage, rather than just sending them to a website,” Nichols says. “I think it’s important for our supply base to see how seriously we take security, so they will take it seriously as well.”​</div><div><br> </div><h4>sidebar: consult standards<br></h4><p> </p><p>​Laura Hains, CPP, operations manager, supply chain security and consulting at Pinkerton, member of the ASIS International Supply Chain and​ Transportation Security Council, says that companies should research whether their partners and suppliers are following major supply chain security protocols, like those put out by ASIS, and others such as the Transported Asset Protection Association (TAPA) standards for trucking companies. “TAPA is one of the big authorities on trucking, so if a company says they are TAPA certified, that to me says that they follow protocol,” she says. </p><p>Other standards include the National Strategy for Global Supply Chain Security which U.S. President Barack Obama signed in 2012 and was designed to enhance public-private partnerships. Arthur Arway, CPP, author of Supply Chain Security: A Comprehensive Approach, says the framework seeks to combine input from government and industry on protecting the transport of goods to and from the United States. “I think the government is far more willing to seek out subject matter experts and all the different modes and companies that may transport goods into the United States for their help,” he says. Arway adds the document is relatively recent, and that it could take a while before it is widely adopted. </p><p>Though terrorism is an uncommon threat to the supply chain, it must always be a consideration. Hains gives the example of vehicular attacks. In Nice, France, on July 14, 2016, Tunisia native Mohamed Lahouaiej Bouhlel drove a 19-ton cargo truck into a crowd of Bastille Day festival-goers. That attack killed 86 people and injured more than 400. New York police also warned of possible vehicular terrorism against the 2016 Macy’s Thanksgiving Day Parade. “A small company truck—that could be a target,” notes Hains. “So everybody has to think about terrorism because it’s out there.”</p><p>Another standard at the national level seeking to combat terrorism within the supply chain is the U.S. Customs Trade Partnership Against Terrorism (C-TPAT). The program is voluntary for private industry, but Arway says the national standards as a whole are seeing global adoption.​</p><p>“Standards have come a long way in how they’ve been able to incorporate security into the movement of goods,” he notes. “Many countries have accepted these programs into their own supply chain security programs.”​</p>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Five-Incidents-That-Shaped-Crisis-Management.aspxFive Incidents That Shaped Crisis Management<p>​<span style="line-height:1.5em;"><strong>1. Deepwater Horizon. </strong>Eleven oil platform workers died and 5 million barrels of oil were released into the Gulf of Mexico when the Deepwater Horizon rig exploded off the Louisiana coast in 2010. BP’s attempt to blame other parties backfired, and the different organizations became adversaries. BP’s approach was seen as a refusal to take responsibility. Practice, practice, practice, especially with your partners. </span></p><p><strong>2. Exxon Valdez.</strong> Exxon Valdez’s 10-million-gallon oil spill in the Prince William Sound in 1989 continues to be a source of litigation and contention. The company initially declined media requests. When the chairman finally gave an interview, he was unprepared and unimpressive. Companies must have a bank of trained, prepared spokespeople to respond to inevitable media requests. Refusing to speak to the media is never an option. </p><p><strong>3. Piper Alpha.</strong> In July 1988, an explosion on Occidental’s Piper Alpha Platform in the North Sea killed 167 men. Occidental had no local response team, so the local police took the role of informing families about injuries as well as fatalities (under U.K. law, it is always the role of the police to inform families of fatalities, but not of injuries). Because the process was slow, the company was accused of not caring about employees or their families. Major incidents require a coordinated response. </p><p><strong>4. Pan Am.</strong> The bombing of Pan Am Flight 103 over the town of Lockerbie, Scotland, in 1988 killed 243 passengers, 16 crew members, and 11 people on the ground. Because the incident was a terrorist attack, Pan Am made a conscious decision that it was not going to communicate about the disaster because it was the “victim” not the “villain.” The media went to bereaved relatives instead. Pan Am’s silence ensured that it became the villain. Whatever the causes, companies need to take part in any rescue and response efforts. Companies cannot be victims.  </p><p><strong>5. Miracle on the Hudson.</strong> In 2009, US Airways Flight 1549 made an emergency landing on the Hudson River, allowing all 155 passengers and crew to be safely evacu­ated. The airline chose to focus on and leverage the heroic actions of the crew members and publicly praised their “five outstanding aviation professionals.” While the story may have been different had there been fatalities, the incident enhanced the company’s reputation. You can set the narrative for your crisis.  </p><p><em><strong>Andrew Griffin</strong> is the CEO of Global Crisis M​anagement Consultancy Regester Larkin</em><br></p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465