Q.1 Differentiate among Emergency Management, Disaster Mitigation and Disaster Management by highlighting salient features of each.

a) Emergency Management

An ongoing process to prevent, mitigate, prepare for, respond to, and recover from a usually unforeseen incident that threatens life, property, operations, and/or the environment.

Risk Assessment, Prevention, and Mitigation Planning Occupant Emergency Plans (OEPs) First-Responder Training Evacuation Planning Shelter-in-Place Planning Emergency Management Plan ERT/SAOCs Emergency Operations Center SOPs NIMS/ICS Adoption and Implementation Training, Testing and Exercising plans Public Access AED Program External MOUs/MOAs

Emergency management has following components;

Preparedness

Preparedness is a continuous cycle of planning, managing, organizing, training, equipping, exercising, creating, monitoring, evaluating and improving activities to ensure effective coordination and the enhancement of capabilities of concerened organizations to prevent, protect against, respond to, recover from, create resources and mitigate the effects of natural disasters, acts of terrorism, and other man-made disasters

Response

Response includes the mobilization of the necessary emergency services and first responders. This is driven by the type and kind of emergency and is likely to include a first wave of core emergency services, such as firefighters, police and ambulance crews. They may be supported by a number of secondary emergency services.

A well rehearsed emergency plan developed as part of the preparedness phase enables efficient coordination of rescue and response.

Recovery

The aim of recovery is to restore the affected area to its previous state. It differs from response in its focus; recovery efforts are concerned with issues and decisions

that must be made after immediate needs are addressed. Recovery efforts are primarily concerned with actions that involve rebuilding destroyed property, re-employment, and the repair of other essential infrastructure. Efforts should be made to "build back better", with a goal to reduce risks inherent in the community and infrastructure.

b) Disaster Mitigation

Mitigation is the use of strategies to reduce risks prior to, during, and post-disaster. It is related to short-term and long-term measures; for example, preventing or reducing risk to property or lives by improving the inherent capacities of people and strengths of habitats, infrastructure, and critical facilities.

Mitigation refers to policies or activities that will reduce an area’s vulnerability to damage from future disasters. Normally, mitigation refers to actions taken before a hazard becomes a disaster (Mileti).

For example, to reduce the risk of landslides you could erect a strong fence around the hazardous loose rock on the hill to prevent debris from falling on the settlements in the foothill; alternatively, you could reduce the impact of the landslide by either moving the communities from the foothills, strengthening the houses to withstand impacts of the falling stone, or growing a dense forest between the settlements and the hills, prior to occurrence of disasters. Valuables could also be insured if they are vulnerable. All actions involved in reducing risks or impacts are part of mitigation.

Mitigation essentially involves four basic actions:

Preventing hazards from occurring (only possible in person-induced hazards or biological hazards)

Reducing risks Reducing impacts or consequences Distributing

Types of disaster mitigation

Disaster mitigation measures may be structural (e.g. flood dikes) or non-structural (e.g. land use zoning). Mitigation activities should incorporate the measurement and assessment of the evolving risk environment. Activities may include the creation of comprehensive, pro-active tools that help decide where to focus funding and efforts in risk reduction.

Other examples of mitigation measures include:

Hazard mapping Adoption and enforcement of land use and zoning practices Implementing and enforcing building codes

Flood plain mapping Reinforced tornado safe rooms Burying of electrical cables to prevent ice build-up Raising of homes in flood-prone areas Disaster mitigation public awareness programs

c) Disaster Management

Disasters can be defined as some dangerous situation or event that can happen unexpectedly anywhere at anytime. The word disaster originated from the French word 'desastre', which is a combination of words ‘des’ (bad) and ‘aster’ (star) and therefore disaster indicates bad star. Disasters that cause serious threat to normal life, property, environment as well as the process of development may be rapid or slow and can be classified as natural disaster, man-made disaster and hybrid disaster. Natural disasters are those which result from natural forces like earthquakes, floods, tsunami, cyclones, volcanic eruption etc. Man-made disasters like blast, terrible accidents, gas calamity, etc are caused from human beings interaction with artificial environment. Hybrid disasters (eg. epidemics) are those disasters that result from a compound of both natural or man made disaster. The increasing population, deforestation, industrial growth etc can be sighted as the reasons for both natural and human made disasters.

Disaster management also called as Emergency Management is all about dealing with all kinds of disasters. Its major objective is to reduce the shocking effects of a disaster on the affected community and to help them return to normal life within a short period. Disaster management is a multi disciplinary area covering a wide range of issues like monitoring, evaluation, search and rescue, relief, reconstruction and rehabilitation operations. This highly responsible profession includes the plans and actions before, during and after the disasters. It is a combination of mechanisms such as timely warning, alerts, fast response and efficient coordination. Even though we cannot stop or avoid natural disasters, it is possible to resist aftermath calamities of such disasters.

Disaster management is the method of controlling a disaster by using skillful ways. Its techniques or methods are based on the economic status of a country and hence it varies from country to country. Disasters are managed better and quicker by the developed countries than the developing countries. Developing countries are reporting high number of deaths related to disaster, and Pakistan has second place in it due to its geographical position, climate and geological setting. The course is beneficial for social workers.

Q.2 Elucidate five key steps to risk management. You may highlight any case study from local environment in support of your answer.

The key steps of risk management are given as :

1. Identify the risks

The purpose of this step is to identify what could go wrong (likelihood) and what is the consequence (loss or damage) of it occurring.

Key questions to ask include:

What can happen? List risks, incidents or accidents that might happen by systematically working through each competition, activity or stage of your event to identify what might happen at each stage.

How and why it can happen? List the possible causes and scenarios or description of the risk, incident or accident.

What is the likelihood of them happening? What will be the consequences if they do happen? Risks can be physical, financial, ethical or legal.

Physical risks are those involving personal injuries, environmental and weather conditions and the physical assets of the organization such as property, buildings, equipment, vehicles, stock and grounds.

Financial risks are those that involve the assets of the organization and include theft, fraud, loans, license fees, attendances, membership fees, insurance costs, and lease payments, pay-out of damages claims or penalties and fines by the government.

Ethical risks involve actual or potential harm to the reputation or beliefs of your club, while legal risks consist of responsibilities imposed on providers, participants and consumers arising from laws made by federal, state and local government authorities.

2. Decide who might be harmed, and how

Don't forget:

young workers, trainees, new and expectant mothers, etc who may be at particular risk

cleaners, visitors, contractors, maintenance workers, etc who may not be in the workplace all the time

Members of the public, or people you share your workplace with, if there is a chance they could be hurt by your activities.

3. Evaluate the risks and decide whether existing precautions are adequate or more should be done

Consider how likely it is that each hazard could cause harm. This will determine whether or not you need to do more to reduce the risk. Even after all precautions have been taken, some risk usually remains. What you have to decide for each significant hazard is whether this remaining risk is high, medium or low.

First, ask yourself whether you have done all the things that the law says you have got to do. For example, there are legal requirements on prevention of access to dangerous parts of machinery. Then ask yourself whether generally accepted industry standards are in place. But don't stop there – think for yourself, because the law also says that you must do what is reasonably practicable to keep your workplace safe. Your real aim is to make all risks small by adding to your precautions as necessary.

If you find that something needs to be done, draw up an 'action list' and give priority to any remaining risks which are high and/or those which could affect most people. In taking action ask yourself:

a. can I get rid of the hazard altogether? b. if not, how can I control the risks so that harm is unlikely?

In controlling risks apply the principles below, if possible in the following order:

try a less risky option prevent access to the hazard (e.g by guarding) organize work to reduce exposure to the hazard issue personal protective equipment provide welfare facilities (e.g washing facilities for removal of

contamination and first Aid)

4. Record your findings

If you have fewer than five employees you do not need to write anything down, though it is useful to keep a written record of what you have done. But if you employ five or more people you must record the significant findings of your assessment. This means writing down the significant hazards and conclusions. Examples might be 'Electrical installations: insulation and earthing checked and found sound' or 'Fume from welding: local exhaust ventilation provided and regularly checked'.

You must also tell your employees about your findings.

Suitable and sufficient - not perfect!

Risk assessments must be suitable and sufficient. You need to be able to show that:

a proper check was made you asked who might be affected you dealt with all the obvious significant hazards, taking into account

the number of people who could be involved The precautions are reasonable, and the remaining risk is low.

Keep the written record for future reference or use; it can help you if an inspector asks what precautions you have taken, or if you become involved in any action for civil liability. It can also remind you to keep an eye on particular hazards and precautions. And it helps to show that you have done what the law requires. There is an example at the end of this guide which you may find helpful to refer to, but you can make up your own form if you prefer.

5. Review your assessment and revise it if necessary

Sooner or later you will bring in new machines, substances and procedures which could lead to new hazards. If there is any significant change, add to the assessment to take account of the new hazard. Don't amend your assessment for every trivial change, or still more, for each new job, but if a new job introduces significant new hazards of its own, you will want to consider them in their own right and do whatever you need to keep the risks down. In any case, it is good practice to review your assessment from time to time to make sure that the precautions are still working effectively.

Case Note

On a recent project, I was given a perfect opportunity to raise any risks that I thought would affect the project before we started production. The specification had been completed so we knew what we had to deliver as well as the timeline. I dutifully followed the process outlined in the rest of this chapter. I put together a document that contained the 6 key risks that the project was facing. For each key risk I presented a risk memo that outlined the risk, the impact on the project, the potential cost of non containment, a solution and contingency plan. It was a bit more than the client was expecting. I thought that the client would be happy to know the risks upfront and be able to take action.

After the initial shock of seeing all the things that could go wrong, we had awareness. Half the battle won. The other half, action didn't quite happen. Although the actions for each risk were detailed, very few of them were followed up (the majority of the actions were the responsibility of the client). When the risks started to impact on the project, the client wasn't happy. They had accepted the risk, but hoped it would not surface and did not take any action to prevent it occurring. Unfortunately when the risk did arise, it took more work to repair the damage done than if preventative measures had been put in place. As the project manager, although I had raised awareness, I hadn't continued to report on the risks so that the client was in a false state of security assuming that the risk was no longer there.

Risk Assessment

The goal of risk assessment is to identify the risk factors that are a part of the activity being undertaken. Basically, it's about working out what could go wrong. For example, the task could be attending a client meeting. The possible risk factors would include

Distance from office to client's premises Number of people having to attend meeting What materials are required for meeting (eg. Laptop, projector…etc) Availability of cabs Availability of public transport Time of meeting, eg. Midday, peak hour

The more risk factors there are with a given task, the more that can go wrong.

Risk Evaluation

Once you have identified the risk factors, then you have to work out what impact they can have on the task. Following the previous example, what would be the impact of arriving at the meeting late?

Would you lose the account? Would you get fired by your boss? Would it have an impact on your next review? Nothing, the client didn't mind.

If the impact is low, the risk doesn't require much attention.

Risk Reduction

Risk reduction can also be considering risk containment or minimisation. What term you use doesn't matter as long as you are consistent. There are two parts to risk reduction

Plans or actions that can be taken to reduce the risk Introduction of strategies that will minimize the impact of the risk

In getting to our client meeting on time we could take the following actions

Leave earlier (allow more travel time) Shift the meeting to non peak travel time Call the client to let them know we are running late

The idea is to avoid the risk altogether but if that's not possible, have plans in place that can minimize the impact.

Risk Monitoring

Risk monitoring has two dimensions to it. Firstly it's about keeping an eye on the risks that you've already identified to see if anything has changed, if the impact has increased or decrease, which could require action. And secondly, to see if there are any new risks that have arisen during the project.

For example, while we're on our way to the client meeting, we could be keeping an eye on the time while listening to traffic reports for any potential traffic delays. The most important thing to remember is that just because we have identified risks upfront, that don’t mean new ones won't emerge.

Risk Reporting

Risk reporting is about ongoing awareness and the effectiveness of any actions or strategies taken to contain or reduce risk. For example calling your colleagues about traffic delays or train cancellations. The goal of risk reporting is to keep an eye on the existing risks to help any new ones arising.

Example risk assessment for a poultry farm

Setting the scene

The farm manager did the risk assessment in this poultry farm, which employs him and five others (two people work part-time). There are eight poultry sheds, with 20 000 broiler chickens per shed.

Next to the sheds is a mess room with a toilet and washing facilities (hot and cold water), clothing lockers and a small kitchen for making hot drinks, preparing food etc.

The farm has been surveyed for asbestos and no traces were found.

How was the risk assessment done?

The manager followed the guidance in Controlling the risks in the workplace.

a. To identify the hazards, the manager: looked at HSE’s web pages for agriculture, hazardous substances and for

small businesses to learn where hazards can occur; Walked around the farm, noting what might pose a risk. Occasional activities,

such as changing light bulbs, were also considered; talked to workers to learn from their knowledge and experience; and Looked at the accident book, to understand what previous problems there

had been.

b. The manager then wrote down who could be harmed by the hazards and how.

c. For each hazard, the manager wrote down what controls, if any, were in place to manage these hazards. They were then compared with the good practice guidance on HSE’s website. Where existing controls were not considered good enough, the manager wrote down what else needed to be done.

d. The manager discussed the findings with staff and displayed the risk assessment in the mess room for everyone to see. The actions identified as being necessary were implemented. As each action was completed, the manager ticked it off.

e. The manager decided to review and update the risk assessment every year or straightaway if major changes in the workplace happened.

Q.3 Discuss the significance of training for Disaster mitigation. What are the different training methods available for capacity building?

ANS

Significance of training for Disaster mitigation

Effective training and dissemination of information is crucial in order to ensure effective response during an incident.

It is important that where necessary training covers familiarisation with all sites for which an organization is responsible. In the event of an on-going emergency staff may be asked to assist at sites they are less familiar with. Information must be available in a format that is easily understood.

It is vital that training develops people’s confidence and their ability to respond effectively in an emergency.

It is important to train for flexibility so that effective response is not dependent on the presence of one or two key individuals and also to enable those responding to take regular breaks during a prolonged incident. It is important to ensure that others are able to perform key roles.

The aim of disaster mitigation training is to build the capacity of National Societies’ staff and volunteers, and that of International Federation delegates, to improve preparedness and response at all levels before during and after disasters and to give all components of the Movement the means to work together in a coordinated manner. The focus of disaster management training is generally on improving the technical skills of the participants, but also on personnel and team management.

It aims to encourage an exchange of experience and knowledge and the creation of networks amongst the disaster managers. It also aims to improve coordination of disaster response and the quality and availability of disaster management tools.

During the warning and alert phase, it is important to be able to receive, understand, and interpret communications, as well as disseminate information to the affected communities. The coordinator or the manager in charge should be familiar with the existing situation in terms of rules and regulations, demographics, geography, and available resources. He should also have knowledge of the institutional strength and structure he belongs to in order to seek necessary assistance or approvals for additional resources. All of these actions require a certain amount of knowledge, information, training, and skill development.

Training is essential for acquiring this knowledge and skills. Experience can teach lessons and improve your skills and knowledge, but it cannot teach you how to do things correctly. In the case of disasters, there are always some unique experiences that may never be repeated, but training and practice can still make you more efficient. Experience may make you a better decision maker, but training can prepare you for informed and calculative decisions as opposed to the intuitive and subjective decisions that experience may bring. Training can bridge the gaps in your knowledge and experience.

Training is different from education. Training is goal-oriented and job-specific, while education is cognitive learning, generic, and a long-term endeavour. Training enhances practical skills for the job at hand while education improves your knowledge base. However, information, knowledge, education, and training are all linked together and are complimentary to each other. Before undertaking training you should recognize and establish the need for it.

Training methods for capacity building

Developing measures for risk reduction depends on the strength of local people – individually, organizationally, and institutionally. Their capacities can be strengthened through several different methods, which can be loosely categorized as follows.

a. Training for Skill Transfer and Technology Transfer

Technology-training programs provide essential information that local people and institutions need in order to reduce risks effectively. While appreciating existing local strengths and coping mechanisms, program designers also recognize non-indigenous coping mechanisms, technologies, or approaches that may be valuable to the local situation. The objective of these programs is to bring the “missing” technology or knowledge to the individuals, institutions, or community. There are different methods for achieving this objective.

For example:

Local representatives may obtain training in the countries, region, or states where the technology is available.

The technology may be disseminated at the level it is needed through model training programs or technology centres.

Formal training programs may be developed to incorporate these technologies minto national and local training institutions by training the trainers.

Introduction of special courses in the technical and humanities syllabi or MBA programs across the countries.

E–learning courses may be introduced through open universities and distance learning institutions.

b. Community Organization and Formation of Community Groups

Local communities often have the traditional technology or knowledge required to reduce their own vulnerability, but may be missing some key community or social structures that prevents them from realizing the benefits of vulnerability reduction at the community level. The objective of community organizing is to empower local people to act together and to overcome barriers to successful community action. These programs depend on the ability to create an active community “spirit” for change. In many instances, the first requirement is to create an environment that fosters, rather than discourages community spirit.

c. Information and Means to Access Information

Sometimes the local community knows how to reduce vulnerability and has an active base of individuals willing to work on reducing community risks. Their capacity may be limited, however, by lack of access to funds or equipment that would allow them to put their knowledge, skills, and plans into action. Information on the means to access funding, technology, or individuals/institutions may be key to launching a risk reduction program in such a community.

Such threshold funding can involve credit schemes; long-term, low interest loans and base grants; and material and equipment grants. National banks or international agencies may be willing to fund such initiatives. Alternatively, there may be national programs and schemes of development to fund and provide required tools and equipment for undertaking projects that lead to reduction in risks and vulnerability.

One example of this approach is the micro-credit delivery system of the Grameen Bank in Bangladesh and elsewhere in the Indian sub-continent. This program provides small loans to individuals for self-help schemes and small business ventures that produce enough money for borrowers to pay off the loans. Borrowers have used this method as a way to develop self- sustaining businesses. For risk-

reduction activities with an economic payback, initial funding may be the critical element that is lacking in order to implement the activity.

d. Awareness Campaigns through Media and Other Means

At times communities lack neither organization nor funding; rather, they may lack adequate information on the nature of a hazard. Awareness campaigns enable community members to act in a well-informed manner. These campaigns range from specific radio and news announcements about evacuation routes in situations of hurricanes and/or flooding to the inclusion of general information about hazards and recommended responses in the public school curricula. These programs may include:

public awareness media campaigns and interviews with experts on hazard mitigation

awareness-raising workshops and seminars school and workplace programs quiz competitions, slogan competitions, and poster competitions for school

children newsletters and advertisements about safety

A good example of an awareness campaign is the emergency procedures and information produced by the department of Health, Safety, and Environment at the University of British Columbia in Vancouver, Canada (Department of Health, Safety, and Environment; University of British Columbia).

One such initiative in India is the illustrated brochure on Dos and Don’ts in Construction of Safe Housing, produced and distributed in the local languages for the general public to understand the basic structural safety measures in non-engineered housing (“Natural Disaster Mitigation Do’s and Don’ts”).

Q.4 Explain various stages of Disaster Management Life Cycle in detail.

Disaster Management Life Cycle

THE DISASTER EVENT

This refers to the real-time event of a hazard occurring and affecting the ‘elements at risk’. The duration of the event will depend on the type of threat, for example, ground shaking may only occur for a few seconds during an earthquake while flooding may take place over a longer period of time.

There are five basic phases to a disaster management cycle (Kim & Proctor, 2002), and each phase has specific activities associated with it.

RESPONSE

The response phase includes the mobilization of the necessary emergency services and first responders in the disaster area. This is likely to include a first wave of core

emergency services, such as fire-fighters, police and ambulance crews. They may be supported by a number of secondary emergency services, such as specialist rescue teams.

We work in all Phases of Disaster management and through our supported teams we respond in moments after a disaster hits as as well as the other phases to try to reduce the chance of it happening in the first place or to reduce the impact of a disaster. We can respond worldwide to LEDCs (Less Economically Developed Countries) as well as MEDCs (More Economically Developed Countries.

In addition volunteers and other non-governmental organizations (NGOs) such as the local Red Cross branch or St. John Ambulance may provide immediate practical assistance, from first aid provision to providing tea and coffee. A well rehearsed emergency plan developed as part of the preparedness phase enables efficient coordination of rescue efforts. Emergency plan rehearsal is essential to achieve optimal output with limited resources. In the response phase, medical assets will be used in accordance with the appropriate triage of the affected victims.

RECOVERY

The aim of the recovery phase is to restore the affected area to its previous state. It differs from the response phase in its focus; recovery efforts are concerned with issues and decisions that must be made after immediate needs are addressed. Recovery efforts are primarily concerned with actions that involve rebuilding destroyed property, re-employment, and the repair of other essential infrastructure.

An important aspect of effective recovery efforts is taking advantage of a 'window of opportunity' for the implementation of mitigative measures that might otherwise be unpopular. Citizens of the affected area are more likely to accept more mitigative changes when a recent disaster is in fresh memory. The recovery phase starts when the immediate threat to human life has subsided. In the reconstruction it is recommended to reconsider the location or construction material of the property.

In long term disasters the most extreme home confinement scenarios like war, famine and severe epidemics last up to a year. In this situation the recovery will take place inside the home.

Planners for these events usually buy bulk foods and appropriate storage and preparation equipment, and eat the food as part of normal life. A simple balanced diet can be constructed from vitamin pills, whole-meal wheat, beans, dried milk, corn, and cooking oil. One should add vegetables, fruits, spices and meats, both prepared and fresh-gardened, when possible.

DEVELOPMENT

Development phase aims to restore the communities to the pre-earthquake status. During this phase, the social and other infrastructure is restored and economy revitalized. The rehabilitation/reconstruction phase typically starts at the end of relief phase and may last for several years.

The short term plans of the recovery process are clearance of debris, building housing units, restoration of the lifelines and infrastructures, while the long-term objective is to build a safer and sustainable livelihood. Past experiences show that the efforts are sustainable only with community / government partnership, while NGOs and international organizations role is reduced after a certain period.

MITIGATION

Mitigation efforts attempt to prevent hazards from developing into disasters altogether, or to reduce the effects of disasters when they occur. The mitigation phase differs from the other phases because it focuses on long-term measures for reducing or eliminating risk Personal mitigation is mainly about knowing and avoiding unnecessary risks. This includes an assessment of possible risks to personal/family health and to personal property.

An example of personal non-structural mitigation would be to avoid buying property that is exposed to hazards, e.g. in a flood plain, in areas of subsidence or landslides. Homeowners may not be aware of their home being exposed to a hazard until it strikes. Real estate agents may not come forward with such information. However, specialists can be hired to conduct risk assessment surveys. Insurance covering the most prominent identified risks are a common measure.

Personal structural mitigation in earthquake prone areas include installation of an Earthquake Valve to instantly shut off the natural gas supply to your property, seismic retrofits of property and the securing of items inside the building to enhance household seismic safety such as the mounting of furniture, refrigerators, water heaters and breakables to the walls, and the addition of cabinet latches. In flood prone areas houses can be built on poles, like in much of southern Asia. In areas prone to prolonged electricity black-outs a generator would be an example of an optimal structural mitigation measure. The construction of storm cellars and fallout shelters are further examples of personal mitigative actions.

PREPAREDNESS

In the preparedness phase, emergency managers develop plans of action for when the disaster strikes. Common preparedness measures include:

The Communication plans with easily understood terminology and chain of command

Development and practice of multi-agency coordination and incident command

Proper maintenance and training of emergency services Development and exercise of emergency population warning methods

combined with emergency shelters and evacuation plans Stockpiling, inventory, and maintenance of supplies and equipment

An efficient preparedness measure is an emergency operations centre (EOC) combined with a practiced region-wide doctrine for managing emergencies. Another preparedness measure is to develop a volunteer response capability among civilian populations. Since, volunteer response is not always as predictable and plan-able as professional response; volunteers are often deployed on the periphery of an emergency unless they are a proven and established volunteer organization with standards and training.

On the contrary to mitigation activities which are aimed at preventing a disaster from occurring, personal preparedness are targeted on preparing activities to be taken when a disaster occurs, i.e. planning. Preparedness measures can take many forms. Examples include the construction of shelters, warning devices, back-up life-line services (e.g. power, water, sewage), and rehearsing an evacuation plan. Two simple measures prepare you for either sitting out the event or evacuating. For evacuation, a disaster supplies kit should be prepared and for sheltering purposes a stockpile of supplies.

Q.5 Write short notes on following:

i. Post Disaster Phase

The post-disaster phase includes activities in recovery, rehabilitation, and reconstruction, often building on preparation activities undertaken during the previous response phase. It also affords an opportunity to develop disaster risk reduction measures, which can be fully implemented during a subsequent pre-disaster phase.

Post-disaster recovery may best be pursued by strengthening existing institutions or by creating time-bound specialist bodies with the sole mandate of completing short- to medium-term reconstruction activities.

Disaster recovery

Disaster recovery has three distinct but interrelated meanings. First, it is a goal that involves. The restoration of normal community activities that were disrupted by disaster impacts – in most people’s minds, exactly as they were before the disaster

struck. Second, it is a phase in the emergency management cycle that begins with stabilization of the disaster conditions (the end of the emergency response phase) and ends when the community has returned to its normal routines. Third, it is a process by which the community achieves the goal of returning to normal routines. The recovery process involves both activities that were planned before disaster impact and those that were improvised after disaster impact.

Disaster impacts

These are the physical and social disturbances that a hazard agent inflicts when it strikes a community. Physical impacts comprise casualties (deaths, injuries, and illnesses) and damage to agriculture, structures, infrastructure, and the natural environment. Social impacts comprise psychological impacts, demographic impacts, economic impacts, and political impacts.

Incident stabilization

This is the point in time at which the immediate threats to human safety and property resulting from the physical impacts of the hazard gents have been resolved and the community as whole can focus on disaster recovery.

Disaster recovery stages and functions

The identification of disaster recovery as an emergency management phase has led some authors to divide it into stages but there has been little agreement on the number and definition so recovery stages. It is now generally accepted that disaster recovery encompasses multiple activities, some implemented sequentially and others implemented simultaneously. At any one time, some households and businesses might been engaged in one set of recovery activities where as others are engaged in other recovery activities. Indeed, some households and businesses might be fully recovered months or years after others and there might be others that never recover at all. Thus, it is more useful to think of disaster recovery in terms of four functions: disaster assessment, short-term recovery, long-term reconstruction, and recovery management. The recovery phase’s disaster assessment function should be integrated with the emergency response phase’s emergency assessment function in identifying the physical impacts of the disaster. Short-term recovery focuses on the immediate tasks of securing the impact area, housing victims, and establishing conditions under which house-holds and businesses can begin the process of recovery.

Long-term reconstruction actually implements the reconstruction of the disaster impact area and manages the disaster’s psychological, demographic, economic, and political impacts. Finally, recovery management monitors the performance of the disaster assessment, short-term recovery, and long-term reconstruction functions. It also ensures they are coordinated and provides the resources needed to accomplish them.

ii. Vulnerability Assessment

Once the plausible threats are identified, a vulnerability assessment must be performed. The vulnerability assessment considers the potential impact of loss from a successful attack as well as the vulnerability of the facility/location to an attack. Impact of loss is the degree to which the mission of the agency is impaired by a successful attack from the given threat. A key component of the vulnerability assessment is properly defining the ratings for impact of loss and vulnerability. These definitions may vary greatly from facility to facility. For example, the amount of time that mission capability is impaired is an important part of impact of loss. If the facility being assessed is an Air Route Traffic Control Tower, a downtime of a few minutes may be a serious impact of loss, while for a Social Security office a downtime of a few minutes would be minor. A sample set of definitions for impact of loss is provided below. These definitions are for an organization that generates revenue by serving the public.

Devastating: The facility is damaged / contaminated beyond habitable use. Most items/assets are lost, destroyed, or damaged beyond repair/restoration. The number of visitors to other facilities in the organization may be reduced by up to 75% for a limited period of time.

Severe: The facility is partially damaged / contaminated. Examples include partial structure breach resulting in weather/water, smoke, impact, or fire damage to some areas. Some items/assets in the facility are damaged beyond repair, but the facility remains mostly intact. The entire facility may be closed for a period of up to two weeks and a portion of the facility may be closed for an extended period of time (more than one month). Some assets may need to be moved to remote locations to protect them from environmental damage. The number of visitors to this and other facilities in the organization may be reduced by up to 50% for a limited period of time.

Noticeable: The facility is temporarily closed or unable to operate, but can continue without an interruption of more than one day. A limited number of assets may be damaged, but the majority of the facility is not affected. The number of visitors to this and other facilities in the organization may be reduced by up to 25% for a limited period of time.

Minor: The facility experiences no significant impact on operations (downtime is less than four hours) and there is no loss of major assets.

Vulnerability is defined to be a combination of the attractiveness of a facility as a target and the level of deterrence and/or defense provided by the existing countermeasures. Target attractiveness is a measure of the asset or facility in the eyes of an aggressor and is influenced by the function and/or symbolic importance of the facility. Sample definitions for vulnerability ratings are as follows:

Very High: This is a high profile facility that provides a very attractive target for potential adversaries, and the level of deterrence and/or defense provided by the existing countermeasures is inadequate.

High: This is a high profile regional facility or a moderate profile national facility that provides an attractive target and/or the level of deterrence and/or defense provided by the existing countermeasures is inadequate.

Moderate: This is a moderate profile facility (not well known outside the local area or region) that provides a potential target and/or the level of deterrence and/or defense provided by the existing countermeasures is marginally adequate.

Low: This is not a high profile facility and provides a possible target and/or the level of deterrence and/or defense provided by the existing countermeasures is adequate.

The vulnerability assessment may also include detailed analysis of the potential impact of loss from an explosive, chemical or biological attack. Professionals with specific training and experience in these areas are required to perform these detailed analyses.

iii. Business Continuity Plan

What is Business Continuity Plan?

Business Continuity refers to the activities required to keep your organization running during a period of displacement or interruption of normal operation.

Whereas,

Disaster Recovery is the process of rebuilding your operation or infrastructure after the disaster has passed.

According to Business Continuity Institute’s Glossary

“Business continuity plan is A collection of procedures and information which is developed, compiled and maintained in readiness for use in the event of an emergency or disaster.”

Why we need Business Continuity Plan?

Disaster might occur anytime, so we must be prepared. Depend on the size and nature of the business, we design a plan to minimize the disruption of disaster and keep our business remain competitive.

Due to the advancement of Information Technology (IT), business nowadays depends heavily on IT. With the emergence of e-business, many businesses can't even survive without operating 24 hours per day and 7 days a week. A single downtime might means disaster to their business.

Therefore the traditional Disaster Recovery Plan (DRP), which focuses on restoring the centralized data center, might not be sufficient. A more comprehensive and rigorous Business Continuity Plan (BCP) is needed to achieve a state of business continuity where critical systems and networks are continuously available.

When we need Business Continuity Plan?

We need Business Continuity Plan when there is a disruption to our business such as disaster. The Business Continuity Plan should cover the occurrence of following events:

a) Equipment failure (such as disk crash).

b) Disruption of power supply or telecommunication.

c) Application failure or corruption of database.

d) Human error, sabotage or strike.

e) Malicious Software (Viruses, Worms, Trojan horses) attack.

f) Hacking or other Internet attacks.

g) Social unrest or terrorist attacks.

h) Fire

i) Natural disasters (Flood, Earthquake, Hurricanes)

Who should participate in Business Continuity Planning?

With the shift of IT structure from centralized processing to distributed computing and client/ server technology, the company’s data are now located across the enterprise. Therefore it is no longer sufficient to rely on IT department alone in

Business Continuity Planning, all executives, managers and employee must participate.

Normally Business Continuity Coordinator or Disaster Recovery Coordinator will responsible for maintaining Business Continuity Plan. However his or her job is not updating the Plan himself or herself alone. His or Her job is to carry out review periodically by distribute relevant parts of the Plan to the owner of the documents and ensure the documents are updated.

Where to carry out Business Continuity Plan during disaster?

Cold Site

An empty facility located offsite with necessary infrastructure ready for installation in the event of a disaster.

Mutual Backup

Two organizations with similar system configuration agreeing to serve as a backup site to each other

Hot Site

A site with hardware, software and network installed and compatible to production site, Remote Journaling Online transmission of transaction data to backup system periodically (normally a few hours) to minimize loss of data and reduce recovery time

How to prepare Business Continuity Plan?

Business Continuity Planning Phases

1. Project Initiation

- Define Business Continuity Objective and Scope of coverage.

- Establish a Business Continuity Steering Committee.

- Draw up Business Continuity Policies.

2. Business Analysis

- Perform Risk Analysis and Business Impact Analysis.

- Consider Alternative Business Continuity Strategies.

- Carry out Cost-Benefit Analysis and select a Strategy.

- Develop a Business Continuity Budget.

3. Design and Development (Designing the Plan)

- Set up a Business Recovery Team and assign responsibility to the members.

- Identify Plan Structure and major components

- Develop Backup and Recovery Strategies.

- Develop Scenario to Execute Plan.

- Develop Escalation, Notification and Plan Activation Criteria.

- Develop General Plan Administration Policy.

4. Implementation (Creating the Plan)

- Prepare Emergency Response Procedures.

- Prepare Command Center Activation Procedures.

- Prepare Detailed Recovery Procedures.

- Prepare Vendors Contracts and Purchase of Recovery Resources.

- Ensure everything necessary is in place.

- Ensure Recovery Team members know their Duties and Responsibilities.

5. Testing

- Exercise Plan based on selected Scenario.

- Produce Test Report and Evaluate the Result.

- Provide Training and Awareness to all Personnel.

6. Maintenance (Updating the Plan)

- Review the Plan periodically.

- Update the Plan with any Changes or Improvement.

- Distribute the Plan to Recovery Team members.