Expect the unexpected, by Ronan Ball

13 Apr 06
Flooding, terrorism and an oil depot explosion have all wreaked havoc in the past few years. So how can public bodies use continuity planning to prepare for such disasters in the future? Ronan Ball has some advice

14 April 2006

Flooding, terrorism and an oil depot explosion have all wreaked havoc in the past few years. So how can public bodies use continuity planning to prepare for such disasters in the future? Ronan Ball has some advice

In the current social and environmental climate, the UK's public services face constantly changing risks and threats: some are accidental or deliberate acts and some are natural disasters.

For example, as we become more reliant on technology, a small leak dripping into an IT department could cause days of disruption to business and financial loss. Or with tornadoes in Birmingham, flash floods in Boscastle, Carlisle and Helmsley and the hottest day on record in Kent, extreme weather brought about through global warming is increasingly creating issues that public services must deal with.

In the past six years the average cost of flooding claims alone has risen by a staggering 120%, yet the number of incidents has not risen. It is the severity of cases that is hitting the bottom line.

So what can be done when a threat – be it environmental, technological or otherwise – becomes a reality, and you've got an emergency situation to deal with?

Minimising the knock-on impact of a disaster is vital for local authorities, which are responsible for such a wide range of public services. Pre-empting the threats and planning ahead is crucial. When disaster strikes, authorities don't want to be assessing the problem on the back foot when time is crucial. Business continuity planning is about giving authorities the edge and avoiding starting from a negative position.

Nearly all public sector organisations have some sort of plan to cope with IT problems because it is a fundamental part of their operating ability. The disruption to communications caused by a breakdown in IT means the organisation would effectively be cut off from the outside world.

The cost of contingency planning varies depending on the size of an organisation. Planning might be done separately for different departments; some organisations might employ a dedicated person. In all organisations, it will be ongoing. For these reasons, it is extremely difficult to quantify the overall financial costs of planning for disasters, but they are small in comparison with the potentially massive costs of unexpected events.

The only way to reduce these costs is to invest in continuity planning before an incident happens. Depending on the size of an organisation, a few lost days of business could certainly exceed the cost of establishing and maintaining a robust business continuity plan. Additionally, as local authorities will be aware, the impact of a disaster can have knock-on effects in ways that are difficult to measure financially and objectively but nonetheless cause huge inconvenience and strain on the local community.

Business continuity planning can be interpreted in different ways by different organisations. Local authorities traditionally have plans to deal with large fires or floods affecting the town hall, civic centre or depot buildings. However, under the Civil Contingencies Act, which came into force last March, all risks that could adversely affect the delivery of services now need to be addressed. Organisations need to plan for the biggest disaster they can imagine because in reality the scale of it can be unprecedented.

The Buncefield oil depot explosion in Hemel Hempstead in December is a prime example. The blast has been described as the largest in peacetime Europe and was heard up to 100 miles away. The emergency planning team at Hertfordshire County Council undoubtedly had well-thought-out plans for coping with a fire at the fuel depot, which would have included measures such as setting out the main routes for communications. This was demonstrated by how well the incident was dealt with. But no-one could have planned for the sheer scale of that explosion.

The case can highlight a valuable lesson at the heart of contingency planning, which is to constantly adapt and develop plans and expect the unexpected. For example, buildings that were half a mile away from the Buncefield depot explosion were damaged and many unrelated businesses were prevented from trading due to damage or inaccessibility. This will have highlighted to some the need to consider what is going on in the vicinity – what are the other businesses in the local area? Are any of them 'high risk'? What could happen to them that could have a knock-on effect for us? The considerations are slightly different for local authorities that have a duty to be constantly aware of potential risk areas that fall into their remit.

It is recommended that continuity plans are fully reviewed every six months to assess the current environment and any new risks or risks previously considered to have low impact or likelihood.

As the Buncefield case demonstrates, circumstances change all the time. Forty million litres of water and 600,000 litres of foam were used to quench the flames. As well as dealing with the fire, Hertfordshire local authorities had the mammoth tasks of relocating those whose homes were affected, closing roads and schools, assessing pollution risks and dealing with intense media scrutiny.

In the age of 24-hour news, attention from the media is inevitable when catastrophe strikes. Local authorities must have crisis communications plans in place to satisfy the constant pressure for updates. This pressure was also experienced by Devon and Cornwall local authorities when flash floods devastated the coastal village of Boscastle in August 2004. Fortunately no-one lost their life in the floods but there was extensive damage and homeowners wanted to start cleaning up as soon as possible. The council was advised that professionals should assess the health risks before this could start.

Like New Orleans after Hurricane Katrina, substantial infrastructure damage meant access to clean water and power supplies during the first few days was limited. These are examples of the type of risks local authorities need to think about when preparing for disasters. A robust disaster recovery plan was in place and was followed very professionally. Collaboration with risk-management specialists on the ground had also helped. There are lessons that can be learned in this country at all levels of local authority.

There is no definitive secret to formulating a robust disaster recovery plan. As the examples show us, business continuity planning has to be an organic process. The changing social and environmental climate needs to be taken into account, along with staff movements and changes within an organisation. Responsibilities within any plan must always be covered. The five-step risk management cycle (see above) is a useful business continuity template for any organisation.

The Civil Contingencies Act revolves around three main areas: the requirements to assess, plan and advise. A risk assessment must be carried out, a plan prepared and specialist advice obtained. Testing of any plan is vital and this needs to be done on a regular basis, at least once a year.

In summary, the key to successful business continuity preparation is systematic ongoing planning, and using tried and tested planning templates. No matter how well tested a continuity plan and how well prepared a local authority may be, every time a disaster strikes, there are always business continuity lessons to be learned.

Ronan Ball is head of single-tier authorities at risk management and insurance providers Zurich Municipal

PFapr2006

Did you enjoy this article?

AddToAny

Top