Documente Academic
Documente Profesional
Documente Cultură
PERCEPTION IN CORPORATES
1.0 Objective
The objective of this paper is to familiarize you with emergency and disaster planning
which involves a coordinated, co-operative process of preparing to match urgent needs with
available resources.
The aim being to identify the threats related to the corporates and how to formulate a
response plan. A disaster management plan needs to be a living document that is periodically
adapted to changing circumstances and that provides a guide to the resources, protocols,
procedures, and division of responsibilities in emergency response.
After completing this unit, you will be able to appreciate the full range of disaster risk
management processes and also be able to:
1.1 Introduction
Growing threats of terrorism, natural disasters and increasing instances of social unrest
have made physical security one of the biggest concerns for corporate India. A large number of
companies feel the existing security standards, legal, regulatory and compliance frameworks in
the industry were not adequate to support corporate security requirements in India. This is
according to a survey by PwC (Pricewaterhouse Coopers Private Limited) India and American
Society for Industrial Security (ASIS).
A majority of the survey respondents felt that that the industry is not fully equipped to
promptly respond to natural disasters, which is clear indicator for organizations to take a serious
look at business continuity/crisis management strategies of organizations to effectively respond
to corporate security threats and natural disasters such as floods and earthquakes.
However, many organizations have woken to the implications of physical security over the
past few years and there has been a conscious effort from organizations in form of additional
and proactive measures to ensure better safety arrangements. While five years back physical
security assessment was rare and uncommon, today almost 46 percent per cent of the
organizations surveyed in India conduct a physical security risk assessment once a year,
whereas 17 percent do it monthly.
Dinesh Anand, Partner and Leader-Forensic Services India (a leading firm which provides
forensic services and cyber security to the corporate world) says, “Over the past few years,
corporate India has witnessed a steady increase in the number of physical security threats and
breaches. While we have very little control over occurrences such as floods, earthquakes and
terror attacks, we do have control over the ways we can safeguard our businesses and people
against them. Unfortunately physical security takes a back seat in business operations and most
of the steps taken by organizations are reactionary rather than preventive. Organizations need
to pay attention to the potential physical security risks and do something about them.”
It is critical for security professionals and management to be aligned and work together to
identify potential strategic security threats and prepare a plan for resilience and sustenance of
their business. There is a strong need for public-private partnerships and involvement of
industry veterans in the policymaking process, besides the need for setting up a compliance
standard for baseline requirements and benchmarks for physical security. Towards this end, the
Private Security Agencies (Regulation) (PSAR) Act, 2005 also needs to be reviewed.
The reports unveils that cyber crime and corporate espionage have been rated as two of the
most serious threats to organizations in the coming years. This indicates the need for stronger
collaboration between the domains of cyber security and physical security on account of
interlinkages between the information and physical world. Terrorism being the second important
threat, organizations need to beef up their training and awareness programmes and work in
close collaboration with the law enforcement agencies.
At the outset we need to understand the need for the specific requirement for disaster
security planning and threat perception as far as corporates are concerned. Today the corporate
security office has emerged as one of the most critical corporate voice in identifying
preparedness vulnerabilities to leadership, transmitting the message of security awareness and
practices (behavior) to corporate employees as well as promoting a culture of anticipation of
future disasters. Simply put, “Good security is good business.” Security is at the core of human
continuity preparedness only when corporations recognize the value and need to foster a
“community of safety” rather than merely protect buildings. When security is not focused on
individual employee behaviors, day-to-day and in response and recovery from a disaster in
response and recovery from a disaster or terrorist event, human continuity preparedness; and
there fore citizen preparedness—is less effective.
The physical security environment in India is still evolving and there is a wide gap
between government policies and their implementation. Providing actionable security
intelligence was considered as a key enabler by a majority of the respondents and more than
half of the respondents (54 percent) reported the need for stringent but simplified laws and
regulations for industry and for promoting the use of common industry practices.
Security and risk management are principally concerned with the protection and
conservation of corporate assets and resources. The task of protection continues to be an
increasingly complex one in a time when technology is creating new products (and thus risk) at
an explosive rate. Add this to the crime rate -- now aggravated by domestic and international
terrorism -- and the importance of risk analysis and evaluation to design proper protection and
response becomes self-evident.
In keeping with the paradigm shift in its approach to disaster management brought about
by the Government of India and the recurring phenomenon of natural disasters impacting all
sectors of socio-economic life, including the corporate sector, and inflicting heavy economic
losses, focused attention has been given to risk mitigation endeavors to systematically reduce
the vulnerabilities. The new approach stems from the premise that development in any sector,
more so in the corporate world, cannot be sustainable and viable unless risk reduction and
mitigation measures are built into the development processes and that investments in mitigation
are much more cost-effective than expenditure on relief, rehabilitation and reconstruction.
Recognizing the gargantuan proportions of the challenge posed by recurring incidence of
natural catastrophes, association and involvement of corporate sector and their representative
nodal organizations for initiating disaster risk management measures has been considered as
integral to success of disaster management initiatives.
The corporates in every country have always played a major role in post-disaster relief,
rehabilitation and reconstruction efforts in the affected regions. Disaster relief and management
is now part of their Corporate Social Responsibility (CSR). In India, the contribution of the
corporate sector has been notable especially in the aftermath of the devastating super-cyclone
in Orissa in 1999 and the Bhuj earthquake (Gujarat) in 2001. The industrial and corporate
organizations like the Confederation of Indian Industry (CII), the Federation of Indian Chambers
of Commerce and Industry (FICCI), the PHD Chambers of Commerce and Industry and other
industry and area-specific manufacturers and traders associations have been in the forefront of
providing much-needed succor to the affected populace for ameliorating their sufferings. The
Confederation of Indian Industry (CII), with a direct membership base of nearly five thousand
industrial and corporate houses and an indirect associate membership of around fifty thousand
companies from 283 national and regional sectoral associations, was the first industry
organization to constitute a Disaster Management Committee in May 2001 as part of its
corporate set-up to advise and assist its member industries in initiating disaster risk reduction
steps to insulate industrial establishments, infrastructure and processes from the vagaries and
damaging potential of natural and man-made (industrial/technological) disasters.
CII had undertaken extensive relief, rehabilitation and reconstruction work in the
aftermath of Orissa super-cyclone and Bhuj Earthquake – adopting villages and contributing to
the reconstruction of social and community assets. Apart form addressing natural disasters, CII
has established an Environment Management Division (EMD) involved in research and
propagation of environmentally sound industrial systems and processes. It has been deeply
involved in advising and developing systems and methodologies for safer and disaster-free
handling of chemicals and other hazardous substances in production processes and
procedures. The EMD has also been assisting the industries in development and
implementation of on-site and off-site disaster management plans for ushering into an
environment friendly industrial scenario, especially in the light of experience of the Bhopal Gas
Tragedy. In addition, many area-specific industrial and commercial associations have also been
contributing towards the well-being of the community around them by adopting socioeconomic
practices aimed at improving the living conditions and generally benefiting the people at large.
For example, the Ankleshwar Environment Preservation Society in Ankleshwar, Gujarat along
with Ankleshwar Industrial Association has set up joint effluent treatment plants for medium and
small-scale industries in the industrial belt with predominantly chemical industries and has also
taken up disposal and treatment of solid and hazardous waste generated by industries and the
cities with their own expertise and finance. Industries at Ankleshwar have shown that through a
proactive and collaborative approach, environmental problems can be addressed in a
constructive manner.
The corporate sector possesses huge resources – human, material, technical and
financial – and has significant presence in every region in the country. It also works and
interacts with the community very closely and has an important stake in the well-being and
prosperity of the community as its own progress and viability is largely dependent upon a
resilient and safe community. The accountability of the corporate sector in terms of its Corporate
Social Responsibility (CSR) has also increased as the value and reputation of a company is
being increasingly adjudged by its social behavior and by its contribution to the economic well-
being and development of the communities in which it operates. However, in keeping with the
change in focus to the pre-disaster aspects of prevention, mitigation and preparedness to mount
an all round assault on vulnerabilities and building of capacities at all levels, a lot of
emphasis has been laid on integrating the disaster risk reduction and risk management aspects
into the functioning and processes of industries. With a view to achieve this objective, active
collaboration with representative industrial organizations like the CII, FICCI etc. is being forged
for assessing and meeting the needs of corporates to have their assets and infrastructure
analyzed from the point of view of retrofitting of existing structures and ensuring safety of
upcoming industrial assets and establishments against the vagaries of nature and human
related crisis/disasters and security threats.
In recent years, a new consensus of the concept of resilience has emerged as a practical
response to the threats faced by organisations and from the key stakeholders, including boards,
governments, regulators, shareholders, staff, suppliers and customers to effectively address the
issues of security, preparedness, risk, and survivability.
CSR permeates every aspect of the functioning of corporate sector. The corporates always
look for ways and means to enhance the brand value of their company and their products. It is
in this context that corporate social responsibility makes good business sense. It is a business
strategy that works. Nowadays, the value and reputation of a company are increasingly being
seen as its most valuable assets for retaining the loyalty and trust of the public to ensure a
bright and sustainable future. The business corporations, because of their high visibility, are
being adjudged not merely on the basis of their bottom lines but also on their social behavior. By
integrating CSR into its business strategy as a core value, the corporates not only make a
significant contribution to a better society but are also recognized for doing so. This has obvious
benefits for the company. In fact, enormous rewards are there both for the business/industrial
community as well as the society. The companies are motivated to achieve profitability,
sustainable growth and human progress by placing corporate social responsibility in the
mainstream of their business practice.
As part of their corporate social responsibility, the companies are encouraged to conduct
business responsibly by contributing to the economic health and development of communities in
which they operate; create healthy and safe working conditions to attract and retain a quality
workforce; manage risk more efficiently and minimize the negative impact of its activities on the
environment and its resources; be accountable to all stakeholders through dialogue and
transparency regarding economic, social and environmental impacts of business activities;
operate a good governance structure and uphold the highest standards and ethics while
conducting business. The corporate sector is an integral part of the society. As a member of the
community, it is its responsibility to contribute to sustainable development and to integrate social
and environmental concerns in its business operations as well as in its interaction with other
stakeholders It can play a leading role in supporting and building the knowledge, capacity and
skills of the community in comprehensive risk-based disaster management activities ranging
from prevention, mitigation and preparedness to response and recovery.
It can offer human and financial resources and can also be a precious source of technical
know-how, as for example in the case of identification and research on technological solutions
to prepare for and respond to natural disasters. In addition, the recovery of the community
cannot be complete if the business community itself is seriously affected as disasters can have
serious negative fall-out on the corporate sector. For them to acquire capacity in disaster risk
management would also entail protection of their employees and dependents. Corporate
sectors’ cooperation in reducing people’s vulnerabilities to natural disasters would also help it in
protecting its market catchment areas. In the aftermath of a catastrophe, the resources of the
community are more likely to be utilized in protecting and rebuilding livelihoods rather in
acquiring goods and services offered by the corporate sector. Thus, their involvement in
minimizing the impact of a natural event or in facilitating speedy and sustainable recovery
should be viewed as a form of investment in protecting and securing its own “sources of
livelihood”.
As an inalienable part of its CSR, the corporate sector can play an essential role in
leading and supporting the community in comprehensive risk management activities and in
mobilizing human and financial resources as well as materials for utilization during a disaster
situation. In addition to this, the corporate sector can be a precious source of technical
knowledge, as for example in the case of identification and research on technological solutions
to prepare for and respond to natural disasters. On the whole, corporate sector has the potential
for strengthening and promoting its own safety and protection against natural catastrophes as
well as in assisting the community at large in reducing its vulnerability to disasters.
At the global level, nearly 700 major catastrophes take place every year affecting billions
in different countries. The disasters periodically visit the same geographical regions and set the
development clock back by decades. It is similar to taking two steps forward and one step
backwards. In some countries, this equation even gets reversed. The repeated occurrence of
natural catastrophes undermines the economic viability of the communities as well as the
corporate sector – further impoverishing the impoverished and sapping the very soul. It is
estimated that 28 developing countries, including India, suffered direct losses of over 1billion
USD each during the past twenty years.
Threat awareness (knowledge of threats) and assessment (determination of risk) are the
drivers of corporate decisions on terrorism and disaster preparedness and response as well as
the resources it assembles and deploys in responding to its perceived and actual risk
environment. There is a requirement for the organization and its business to direct its threat
assessment to expected events: e.g., catastrophic accidents, workplace safety, internal threats
of employee stealing or tampering, kidnapping, travel security, disgruntled employees, product
contamination.
Threat perception, in contrast to assessment and awareness, is largely a psychological and
behavioral process based on perception and belief. Threat awareness and assessment have
largely been analyzed and conceived of in an operational context. The recognition of threat
perception as an additional level of planning is necessary to human/employee preparedness
and planning. A number of factors influence security and disaster threat awareness,
assessment and perception:
1.7.2 Brand: Corporations consistently draw attention to their “brand”, in the context of
threat assessment. For corporate response planners, “brand” had a range of meanings
including specific product or product line, a service, or even the reputation of the company.
Brand is an important element of corporate identity. A corporation’s perception and beliefs about
their brand is a major factor in how they protect, plan for, respond to, and recover from disaster.
Brand is a core part of an enterprise that has broad meaning to people both within and outside
of the corporation. Brand is a set of attitudes and characteristics that defines the corporation in
people’s minds and serves as a point of reference. Threat assessment often focused to the
value of this emotional aspect of brand. In some instances, the threat assessment based on
interpretation of “brand” leads to a lowered perception of threat, while in others, the corporate
brand is seen as a potential reason for attack. The interpretation of “brand” is an organizing
principle that determined the steps corporations take to prepare for adverse events including
natural or industrial disasters or anticipated acts of terrorism.
In one of the studies, one corporation believed that their brand was recognized (within their
own industry) as being synonymous with a particularly high level of care for their employees.
This company devoted considerable energy to providing individual employees with evacuation
kits and personal protective equipment. This activity was not merely a symbolic gesture, but
evidence of the extent to which corporate leadership was invested in the idea that their brand
meant care for employees. As one security director remarked, “Good security is good business.
Good security protects the brand.” Another corporation assessed their threat for terrorist attack
as low because they regarded their brand as not widely recognized. They felt that many of the
corporations they supplied were more vulnerable because their products had greater brand
recognition. Thus, the company that perceived its brand as unfamiliar centered its concerns on
product contamination in the context of day-to-day business more than the likelihood of a major
terrorist attack on their products. Another corporation recognized that its name, while not that of
a product, was still a recognized brand, and removed signage containing its corporate logos
from its plants in vulnerable, foreign locations. Brand can represent multiple threats for a
corporation, and even itself be the object of attack.
1.7.3 Points of Failure: Corporations tend to organize their threat assessment and
preparedness planning around the concept of potential points of failure — critical points of
business supply, function or vulnerability to disruption. For example, critical transportation
nodes, outsourced functions, remote and international sites with questionable security
protection are all recognized as vulnerabilities in their risk environment. Businesses differ on the
number and types of points of failure they identify. Preparedness from this vantage can be only
as good as an organization’s imagination as to what the actual potential points of failure might
be. Little attention is given to additional human/employee preparedness at these points of
failure.
1.7.7 Training: Corporations have training programs invariably aligned to more general
discussions about safety, health, leadership, and communication. Some of these areas and
topics do involve trainable skills, especially in relation to a disaster or terrorist attack. In some
companies, training is focused on the safety of everyday operations and is conducted regularly.
In these companies, there is very little training specifically geared to terrorist events, threats and
security breaches. Many of the skills taught in safety training are applicable to only one kind of
preparedness (e.g. only earthquake or flooding or fire).
1.7.8 Cost: Expense is a barrier to more extensive training for specific terrorism and
disaster preparedness. Some corporations have the money to implement expensive exercises
and to secure the services of outside consultants who can develop, conduct, and evaluate
sophisticated exercises. However, these exercises are for senior management who strategize
from the top down, and are not intended for employee preparedness. Drills devoted to employee
preparedness, such as evacuation drills, are not uniform and frequently are not taken seriously
by the employees themselves. When preparedness is optional the issues of cost, and therefore
affects on the bottom line, are substantial. If mandatory or required by regulation this
competitive loss is equalized across and industry.
1.7.9 Fear of Increasing Anxiety: Some corporate managers fear that training for terrorist
and disaster events can raise employee’s anxiety. However, the informants interviewed by the
study team were not able to identify any specific examples of this having occurred. In contrast to
this view, corporations that directly experienced labor problems, earthquakes or floods believe
that conducting regular drills and communicating openly about preparedness issues empowered
employees and made them less fearful. Furthermore, security leadership in these corporations
that were affected recognized that training builds behavior that will maximize positive outcomes
in the event of a terrorist attack or a disaster. Preparedness is not instinctive; rather, it is a set of
learned skills and behaviors.
Preparedness, at the “macro” level, and for the individual employee, is motivated by threat
awareness, threat assessment, and threat perception. Defining events—a corporation’s
historical experience with crisis and understanding of past responses—shape the identification
of potential future threats and efforts to prepare for these events. Other factors influencing threat
identifi-cation include geographical location (particularly the location of corporate headquarters)
and degree to which the corporate “brand” is perceived as a potential terrorist target. Points of
failure (e.g. as critical nodes for material supply, vulnerable geographic locations, or relatively
unsecured or unprotected corporate functions or processes) are organizing principles upon
which corporations based concerns about future business disruption and hence, preparedness
efforts.
1.8.1 Damage to Assets and Physical Property: This is probably the most prominent
risk that businesses need to consider. When natural disasters strike, they often do substantial
damage to physical assets. Company buildings and property may be damaged, or equipment
could also be ruined. For instance, Eurogamer recently reported that UK based videogame
developer Hello Games recently lost everything after a nearby river broke its bank resulting in a
natural disaster. Computers, monitors, furniture, doors and a wall were all lost due to water
damage and to make matters worse, insurance didn’t cover the incident because the firm was
located in a flood zone.
1.8.2 Damage to Raw Materials: Natural resources are another direct organizational loss in
many disasters. For example, cold weather can destroy crops or a wild fire could destroy timber
being collected and stored. As is the case with physical damage to assets, businesses can
calculate precisely the damage done by disasters to raw materials.
1.8.3 Supply Chain Disruptions: Unlike the previous two loss categories, supply chain
disruptions are indirect organizational losses that may be a bit more difficult to calculate. The
more corporations rely on supply chains, the greater the effect of a disruption. For example, if a
manufacturer relies on shipments of raw materials, production could be severely delayed if a
main road gets washed out due to a flood. In turn, this could lead to delayed shipments of
finished goods to retailers, which may even affect contractual obligations. Of course, if supply
chains aren’t so tightly run and aren’t as important, then the damage may not be as severe.
1.8.4 Workers are Unable to Do Their Job: This is another indirect organizational loss.
During severe weather events, people may not be able to attend work or even if they can, they
may not be able to operate at peak efficiency. Power outages, Internet outages, inability to use
the appropriate tools and other similar issues may cause downtime, which can lead to
significant losses.
Disasters therefore can cause a lot of issues for companies, in terms of both direct and
indirect losses. This is why businesses must make natural disasters a top priority in their risk
management efforts. According to the University of Boston infographic, organizations can
effectively manage natural disaster risk by simply investing in disaster preparedness.
Businesses should consider all the different impacts of man made and natural disasters, ranging
from lost sales, damage to property and income or to regulatory fines. From there, steps such
as uninterruptible power supplies to better site selection and disaster preparedness can be
taken to mitigate – if not outright prevent – many of the dangers associated with corporate
threats.
The critical task for businesses, particularly those operating in vulnerable regions of the
world, is to ensure they have crisis management plans and experienced real-time crisis
response personnel in place to mitigate the potential impacts of a natural disaster and return to
normal operations as quickly as possible.
Emergency response.
Business continuity.
Supply chain.
Crisis communications
Human impact.
While each component of effective crisis preparation and response is critical, it is often
the human side of a disaster — particularly the impact on employees and their families — that is
the most difficult to manage and, ultimately, the most important when returning an organization
to some semblance of business as usual.
Preparedness, rehearsals and effective response and crisis management plans and
procedures are therefore a necessity in any organization. A reality check to determine whether
the current crisis management and response plans are adequate to help the management deal
effectively and manage information needs and situations as they arise must be done regularly
and the management needs to assess--
Because a crisis can strike at any time and an immediate response is required, a Crisis
Response Team should be available 24/7 to provide counsel and personalized support to the
organization and senior leaders. Good planning and foresight will help manage the crisis,
mitigate the potential damage, protect corporate reputation, and, ultimately, safeguard the
organization. A well structured plan will also provide access to a full range of additional real-time
response solutions that are available to further assist recovery, including loss assessment,
claims management, claims advocacy and damage control.
The ability to manage a crisis successfully is the result of understanding risks and
vulnerabilities, comprehensive planning, regular exercises, and a strategy for maintaining these
capabilities. A systematic approach to help manage crises can be achieved by-
Corporates are a prime target as far as hacking is concerned and cyber security assumes
immense importance in the overall security planning and threat perception.
To give an example as far as corporates and cyber security are concerned, Walmart, one of
the top companies in the Fortune 500 list, hasn't been immune to cybersecurity breaches.
According to an investigation by Wired in 2009, hackers broke into the computer system used
by the company's development team to steal information from cash registers. That data then
found its way onto a computer in Eastern Europe. In 2009, Wal-Mart's Chief Privacy Officer said
the company was doing its best to "segregate the data, to make separate networks" and to
"encrypt it fully" to safeguard from future data hacks. In one of the tech industry's racier
scandals of 2014, hackers broke into the iCloud accounts of a number of Hollywood celebrities
and made off with nude photos. Celebrities targeted included Jennifer Lawrence of "Hunger
Games" fame, model Kate Upton and actress Kirsten Dunst. At the time, Apple released a
statement saying the breach wasn't system-wide, but rather due to specifically targeting the
celebrity accounts. "None of the cases we have investigated has resulted from any breach in
any of Apple’s systems including iCloud or Find my iPhone," according to a statement. The
timing, however, wasn't the best for the company, with its announcement of the new iPhone 6
phones slated for a few weeks later.
The biggest mistakes companies make with data security are failure to understand the true
threat against their employees, suppliers and ultimately, their data.
What is a data breach? The definition seems obvious for any organization. A data breach
occurs when data that was supposed to be protected from unauthorized access is exposed.
What may not be as clear cut is all of the ways that sensitive data can be compromised. These
include malicious attacks, accidental mistakes, and employee incompetence. Confidential
information can fall into the wrong hands during electronic file transfers, accessing lost or stolen
devices, or as a result of hackers' infiltration into a company's servers. Even sending an
unsecure email could qualify as a data breach, depending on the information it contained.
Data security breaches normally take place because of the following reasons:
Every corporate, industry, manufacturer, office complex, commercial center and establishment
(viz airports, railways, airlines, malls etc ) needs to have well structured SOP's and disaster
management plans in place so that when the need arises, swift response is inherent to foresee,
reduce, mitigate and react to any eventuality. The requirement is to prepare a disaster
management plan for its area of operations according to the circumstances prevailing in the
area; co-ordinate and align the implementation of its plan with those of other organs of state and
institutional role players; and regularly review and update its plan.
The aim of any response plan is to ensure that disaster recovery solutions are rapidly
deployed. Disasters are a ramping threat in today’s efficiency-driven business world. Modern
corporations make use of tightly run supply chains to minimize redundancy and maximize their
budgets. On top of that, with urban centers becoming hotspots for burgeoning businesses, the
fact that a single company can be crammed into a single, multi-floor building can lead to issues
if a natural disaster demolishes that one spot. The plan should:
Form an integral part of the local disaster management and security plan.
Anticipate the likely types of disaster (natural/man made) and security breaches
including cyber attacks and terrorism related incidents that might occur and their
possible effects.
Identify the communities, infrastructure, employees and corporate structure at
risk.
Provide for appropriate prevention and mitigation strategies.
Identify and address weaknesses in capacity to deal with possible disasters,
unrest and security breaches.
Facilitate maximum emergency preparedness.
Establish the operational concepts & procedures associated with day-to-day
operational response to emergencies by local, state and national authorities.
Contain contingency plans and emergency procedures in the event of a disaster, providing
for – The allocation of responsibilities to the various role players and coordination in the carrying
out of those responsibilities; Prompt disaster response and relief; Disaster recovery and
rehabilitation focused on risk elimination or mitigation; The procurement of essential goods and
services; The establishment of strategic communication links; The dissemination of information.
The purpose of the plan is to outline policy and procedures for both the pro-active disaster
prevention and the reactive disaster response and mitigation phases of Disaster Management. It
is intended to facilitate multi-agency & multi-jurisdictional coordination in both pro-active and
reactive programs.
1.13 Recommendations
Corporate security should be positioned, and should have the knowledge and interest for a
leadership role for human continuity preparedness. Education of this group regarding the means
to building “a community of safety” will enhance their ability to perform in this capacity and build
a vision of this role.
Medical Directors, Health Officials, Hospitals and Health Ministry are under-identified as a
critical component of corporate human continuity. Their distance from corporate decision
making should be reduced as it currently limits their contribution to assessing threat of, planning
for, and responding to the health implications of terrorism—especially bioterrorism and
infectious disease outbreaks with population-health implications (e.g. SARS, Avian flu).
Defining events are central to the manner in which preparedness is integrated into or absent
from corporate human continuity preparedness. Changing preparedness and response behavior
must build upon the experience, lessons, and language of defining events. Finding unified
concepts, operations, and cultural supports that resonate with existing corporate disaster
paradigms for each corporation as well as language that addresses human continuity aspects of
disaster response is needed. In general, talking about “terrorism preparedness” per se is not
easily understood in the corporate world, nor easily implemented. In order for terrorism
preparedness to be understood and implemented it requires “translation” into the defining event
language of a specific corporation’s history experience with a disaster or critical event.
Since corporations are part of communities in which they conduct operations around the
globe they are components of local, state, federal and private networks. Coordination at the
local level across these boundaries is necessary for human continuity planning for terrorism,
disasters and critical incidents. From fire planning to daycare and inoculation for biological
events (influenza to bioterrorist agents) the boundaries of corporations and their communities
are porous and require resourcing and planning to meet human continuity and preparedness
objectives. Education on the issues of community planning and response are particularly
needed for the core preparedness functions (e.g. security, employee assistance, medical,
human resources and communication).
1.14 Summary
In the aftermath of the recent tsunami crisis too, the response of the government, the civil
society, the voluntary organizations and the corporate sector has been exemplary in spite of the
geographical constraints and the extent and sweep of operations and has earned appreciation
from the international community. The governmental efforts have received commendable
support from individuals, organizations, the corporate sector and the society at large. The crisis
has brought out the best in our society and the entire nation has risen as one entity to meet the
grim challenge posed by this unprecedented catastrophe of gigantic proportions through
voluntary and meaningful contribution from every stakeholder. However, effective disaster
management is a long-drawn battle against the formidable forces of nature and necessitates
devising a comprehensive strategy and work plan based on the lessons learned and
experiences gained from every disaster.
The shortcomings and gaps need to be addressed and successes built upon. The
Government of India as well as other stakeholders including the corporate sector have
reaffirmed their commitment and resolve to achieve the objective of moving towards a disaster
resilient and safe nation. The task is arduous and the challenge ominous. However, the
roadmap is well-defined and clear. No effort will be spared and no constraint would be allowed
to impede the progress towards creating a safe and disaster-free nation and the challenge
thrown by successive disasters will be converted into an opportunity for further strengthening
disaster risk management measures.
1.15 References
http://naturalhazardscience.oxfordre.com/view/10.1093/acrefore/9780199389407
.001.0001/acrefore-9780199389407-e-12
Smith, S. ‘AVA’s Dynamic Tree Analysis’, Proceedings of the Twelfth National
Computer Security Conference, Baltimore, MD, 1989.
Weiss, J. ‘A System Security Engineering Process,’ Proceedings of the
Fourteenth National Computer Security Conference, Washington, D.C.,
1991.
(b) FII
(c) MCA
Ans: (b)
Data security breaches normally take place because of the following reasons-
Ans: (a)