Disaster contingency plan: Responding to major incidents

The UK has been hit by three terrorist attacks in less than three months; the latest of which happened at London Bridge last weekend, where seven people were killed.

Three attackers wearing fake suicide bomb vests stormed London Bridge in a hired van before emerging with 12-inch knives and stabbing people in pubs and restaurants in the area. At least 48 injured people were taken to local hospitals and more than 80 medics were sent to the scene.

The attack came two weeks after a suicide bomber set off an explosion at an Ariana Grande concert at the Manchester Arena, killing 22 people and injuring 119 others.

That incident occurred two months after Khalid Masood drove a car at pedestrians on Westminster Bridge, killing four and injuring more than 50, before fatally stabbing a police officer at the gates to the Houses of Parliament.

The Government has published “Run Hide Tell” guidance for the public in the event of a firearms or weapon attack, which advises those feeling under threat to run to a place of safety, hide rather than confront, and to call the authorities as soon as is realistically possible.

There is also a Stay Safe Film, which provides information to the public on the steps they can take to keep themselves safe in the event of an attack.

For employers, terrorist attacks can throw up a number of issues: employees may have been directly or indirectly affected by the incident, or proximity to the terrorist event may cause major disruption to business.

While it is not possible to prescribe an action for every type of disruption, there are steps organisations can take support their response to incidents – whether they are as major as a terrorist attack or something less serious, such as a leak or a power cut.

Having a disaster contingency plan can help different functions in the business cope with any problems that arise.

Different levels of response

The type of response to a disaster will depend on the number of people affected and the scale and duration of disruption.

Organisations could use a scale to categorise an incident, ranging from low-level (an inconvenient incident that can be dealt with internally) to something that involves closing the business or one or more of its offices for some time.

At the more serious end of the scale, managers should work with a crisis management team to allocate any priority work to essential staff in a recovery centre. Other employees may be able to work from home or hot-desk at another office.

In the occasion of a severe incident such as a terrorist attack, where possible, a crisis management team should arrange for all critical data and other equipment or stock to be removed from the affected site and relocated. Staff should be kept informed of developments, with regular updates on the expected date of full recovery.

In the longer term, in the case of catastrophic events affecting many employees, organisations might consider holding a larger group meeting, crisis seminar or webinar.

This could provide practical information but also cover employees’ potential psychological reactions and provide staff with the opportunity to join a formal debriefing at a later stage.

What should a contingency plan cover?

Employers should remember to include the following elements when drawing up or reviewing an organisation’s contingency plan:

• alerting emergency services;
• evacuating the premises;
• providing first aid;
• identifying casualties and missing employees;
• considering all employees’ health and safety needs;
• how to communicate with staff on next steps;
• limiting damage to property and equipment;
• informing insurance companies;
• redirecting communications if office locations have been compromised; and
• securing the premises.

What does a crisis management team do?

Appointing a crisis management team made up of representatives from across the business can help organisations ensure different aspects of business recovery are covered in the event of an emergency.

The actions this team should be responsible for might include:

• assessing the impact on the organisation of the incident;
• prioritising which elements of the business are critical and must be re-established sooner rather than later;
• recovering use of the sites affected or managing relocation to different premises;
• setting up secure pages on the company intranet where employees can be kept informed of developments;
• arranging phone, email or social media channels for employees to confirm their whereabouts in the event of a major disaster. Some employers may have a business continuity app that can send out notifications or manage messages from employees;
• ensuring communications with customers or clients can be maintained;
• how essential assets can be recovered from the site, in conjunction with IT recovery plans, and considerations of how employees will recover personal items; and
• plans for supporting staff after the disaster, including the provision of counselling where appropriate.