DRJ's Spring 2019

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 31, Issue 2

Full Contents Now Available!

Tuesday, 12 June 2018 19:42

Critical Event Management: What it is and Why You Need it

Written by  ANNIE ASRARI

Organizations face enormous risk from man-made and natural disasters. Cybercriminals from all over the world are ceaselessly poking and prodding at enterprises’ digital defenses. A recent influx of workplace violence has made on-site security policies more important than ever. Natural disasters such has hurricane Harvey and Maria has left travelling and local employees stranded, created havoc for supply chain, and left sites closed for extended periods. Today, many companies address these concerns within different departments and hope for the best. However, this type of siloed planning has proven to be largely reactionary and unable to keep pace with a fluid environment that requires both a physical and digital response. Any delay in response could result in millions lost to hackers or even fatalities. A centralized approach is necessary to properly plan, manage and remediate the modern crises that enterprises face every day.

 

The Benefits of a Consolidated View Into a Crisis

In today’s business environment, in addition to the increase in disruptive incidents continue to transpire at an unprecedented pace, the software tools used to manage operational risk, employee life safety and crises management (continuity, IT operations, etc.) have started to move from reactive and compliance-driven technology solutions to more proactive, intelligence-based-automation toolsets. These tools are designed to anticipate threats predictively to allow security, operations and risk professionals more time to react or even avoid the impact of these critical events.

However, with the proliferation of these new technologies and new sources of information, like social media, organizations have struggled to support a unified, efficient, distributed, automated and collaborative process for managing all of these critical events. Confounding matters, many organizations find themselves tasked with maintaining multiple, separate emergency, security, and IT command centers that each require 24x7 availability and utilize a different set of siloed tools and processes to monitor and triage threats.

The natural evolution of the industry is to empower companies and organizations with a holistic approach to crisis communications – critical event management (CEM). The term speaks to the reality that companies are facing today; i.e., the need to keep employees safe and the business running in the face of global or local crisis events.

Companies that build and execute a CEM strategy can dynamically assess, respond to and manage the resolution of the wide range of threats and disruptions which impact daily operations. CEM helps corporate and government organizations improve response time, minimize disruption and attain better management control in handling critical events.

There are several specific functions where CEM helps enterprise IT and security teams gather information and make the right decisions during a crisis situation:

  • Identify the event quickly

The key to executing an appropriate response to a crisis is knowing what is going on. Critical events are confusing and chaotic. Companies can’t begin to remediate a situation until they know precisely what is happening and where the event is taking place. For instance, an organization’s response to a terrorist attack will differ if it takes place near its HQ vs. in a foreign city where the business has an established office or operations.

Leveraging a more integrated operational approach in lieu of the disparate systems used today allows organizations to better asses what is happening in their offices, on their campuses, or near their traveling and remote employees. By integrating physical and digital tools, such as front line, social, trusted threat and weather intelligence, organizations have an end-to-end view of a situation including operational impact and response status information.

  • Locate employees in harm’s way

The fluidity of the modern workplace is a major challenge for businesses. The traditional desk is all but dead as today’s workplaces accommodate not only remote workers but also people moving between buildings on a single campus. Workers are infrequently stationary, so companies need to be able to locate workers quickly if a crisis occurs, particularly if they are a part of the response team. Aggregating data across multiple systems allows for dynamic location tracking and alerting of impacted personnel, response team members and key stakeholders. This includes employees, executives, emergency responders, boards of directors and others who require detailed information of the response effort.

Business travelers represent an additional complexity that CEM handles well, because in traditional security systems it can take hours – if not days – for companies to determine if all their people, including traveling and remote employees, are safe after a terrorist attack.

  • The right information at the right time

It’s not enough just to know where people are, however. CEM systems enable IT and security teams to be able to communicate with them. Linking access control and badging systems, biometric systems and Wi-Fi access points provide information on an employee’s whereabouts and empower security personnel to communicate specific directives – including site evacuation directions – to people directly. This benefit can serve as the difference between life and death in some situations.

Active shooter responses are heavily influenced by location. If an assailant is on the third floor of a specific building, for example, CEM enables security teams to alert everyone in the surrounding area to evacuate. People located on nearby floors may even be directed to hide or prepare to fight (following the “run-hide-fight” emergency response standard). CEM allows law enforcement to effectively manage the situation to keep people safe and out of the way until the threat has been remediated.

  • Analyze the aftermath

Once a critical event is over, benchmarks related to an organization’s notification responses and incident time-to-resolution can be recorded, measured and assessed. Each critical event can be analyzed to identify which tasks took too long or what resources were missing in order to improve response rates and develop best practices for the next major incident.

 When a crisis occurs, it’s much better to be in the driver’s seat executing pre-planned strategies to quickly reach a positive resolution. CEM’s ability to combine physical and cybersecurity policies and technologies enables organizations to develop a common operating picture of a situation and implement an effective resolution plan complete with predefined communication paths to senior management, on-site and remote workers, customers and any other effected parties. Current processes favor redundant tools over results. It’s time for organizations to integrate physical and cybersecurity functions to deliver better outcomes when a critical event takes place on their campus or abroad.

Asrari AnnieAnnie Asrari is a director of product management at Everbridge. In this role, she oversees the vision, strategy and execution of the Everbridge Open Ecosystem, the company’s extensive partners and integration ecosystem, powerful suite of APIs which power two-way integrations. In addition, Asrari is responsible for the Safety Connection solution, which is one of Everbridge’s core enterprise applications that is uniquely designed to help organizations quickly locate and communicate with their people during critical events.