To this end in March 2008, “The National Security Strategy of the United Kingdom” was produced for “Security in an interdependent world”, its aim being to address and manage a diverse though interconnected set of security challenges and underlying drivers:
- International terrorism
- Weapons of mass destruction (CBRN)
- Conflicts and failed states
- Pandemics
- Trans-national crime
- Climate change
- Competition for energy, etc.
The challenge is therefore of a different nature from anything the world has faced before, such that the UK Government can never guarantee that attacks will not happen in the future, but does realise that its security effort should be based on four main workstreams each with a clear objective:
- Pursue
- Protect
- Prepare
- Prevent
Planning for the worst and hoping for the best would seem to be a reasonable approach. Unfortunately the worst event may not be the basis of your planning, or calculated, as most managers might consider it to be, by not realising the severity of potential threats and hazards that could arise.
All of this in the knowledge that your individual enterprise must play a major part in the overall planning.
Within your plans, it may not be quite obvious that no enterprise, organisation or business is ordinary, although it is likely to exist at some point within a supply chain, where its goods or services become a necessary component of someone else. This is of course a two way street and supply chain dependencies and reflective weakness are a major issue when considering “what-if” and inclusion within plans?
When considering the legal obligations for protection of employees, as it is of great importance to employers, should the need to protect or defend the environment that staff work within factor into this? For instance; should employers take into account such areas as building/complex defence, and employee protection from a range of hazards such as an epidemic, flooding through to terrorism? Unfortunately, the UK, having been subjected to decades of terrorism has many believing their well formed and existing contingency plans are sufficiently adequate for today’s threats.
As with all hazards and threats a suitable risk assessment should be undertaken, but with recent developments the terminology may require you to consider each term differently, as follows:
| EXISTING TERM or Phrase |
NEW TERM or Phrase |
| Risk |
Vulnerability |
| Business Continuity |
Resilience |
| Crisis Management |
Defence and mitigation plans |
| Disaster Recovery |
Failure in Preventative controls |
| Emergency response |
Self dependency |
| Evacuation |
Shelter in Place |
| Hot Site (IT) |
Work at Home |
| Supplier |
Order taker |
| Fear |
Absentee |
| Hoax |
Test |
| Safe Travel |
Trained traveler |
| Key employee |
Any employee |
| Employee safety |
Survival training |
| Muster Point |
Terrorist Target |
| Hot Zone |
Wide area exclusion zone (Central Business District) |
| Decontamination |
Exposure Prevention |
| Facility Manager |
First responder |
| First Responder |
Those affected |
| Security Guard |
Incident Response technician |
| Insurance cover |
Policy exclusions |
The following examples show how two similar threats are currently assessed differently by emergency services and established enterprises and business’s
Vulnerability & Threat Assessment for Emergency Services
| Threat |
Vulnerability |
Action to reduce vulnerability |
| Terrorism CBRN |
Low |
Training, Personal Protective Equipment (PPE), dynamic risk assessments prior to entering “Hot Zone” |
| Pandemic |
Low |
Key personnel only to receive chemoprophylaxis, training in travel and building operation to increase infection control. |
Conventional Risk & Hazard Assessment by Corporate Business
| Threat |
Vulnerability |
Action to reduce vulnerability |
| Pandemic |
High |
None |
| Terrorism CBRN |
High |
None |
| Hazard |
Risk |
Action to reduce Risk |
| Fire & Smoke |
Low |
Fire alarms, smoke detectors, Fire extinguishers, wet or dry risers, clearly marked escape routes. Training and exercising evacuation. Fire marshals identified. Non flammable building components, sprinkler systems. Non use of lifts. No Smoking policy. |
From these examples it can be seen that conventional risk and hazard techniques are inappropriate in the developing threats and that “defence and resilience” planning should replace “response and reaction”. The Assessments links give guidelines that will assist in the development of a resilient plan.