Code Red: The Critical Role of HR in Workplace Emergency Preparedness
Disasters are unpredictable, arrive quickly and hit hard. By installing a workplace emergency preparedness program, there is a way to get through the chaos relatively unscathed — and HR has a critical role in that process.
Chennai is home to a diverse group of international businesses: Hyundai, Ford, BMW, Nissan, TVS, and Renault-Nissan auto plants, as well as IT firms, including IBM, Accenture, WiproInfosys and Cognizant. So, when an enormous flood struck Chennai, India — its worst in 100 years — some very large industries were adversely impacted, per CNN (1). IT firms, in particular, are susceptible to labour disruptions. Infosys, for example, employs around 17,000 in two facilities located in Chennai, and Cognizant employs as many as 60,000 workers across 11 facilities in the city. The bottom line financial impacts are still being assessed, but according to the Business Standard (2) several IT firms warned that fourth quarter revenue would likely be impacted.
This tragedy illustrates the importance of emergency preparedness across an enterprise, especially for HR in labour-intensive firms. What approach works in these types of emergencies?
HR in Business Continuity Planning
Workplace emergency preparedness cuts across multiple disciplines. Leaders at the firm Protiviti (3) worked on the FEMA course dealing with Continuity of Operations. They argue that business continuity consists of four interrelated disciplines:
- Recovery of business operations.
- Information technology disaster recovery.
- Crisis management and communications.
- Pandemic risk management.
So where does HR fit in? If preparedness is the best strategy, as most recommend, HR should take the lead by mapping roles and responsibilities. For instance, while IT staff are concerned with the specifics of backup facilities and archives, HR must address whether skills redundancy, policies for travel by key personnel and employee transportation to back up facilities — to name a few — have been addressed.
Planning for HR engagement with business continuity planners doesn’t need to occur in a vacuum. The internationally accepted business continuity management standard is ISO 22301-2012 from the International Organization for Standardization (4). In North America the National Fire Protection Association’s NFPA 1600 and the American National Standard for Security (5) ANSI/ASIS SPC.1-2009 “Organisational Resilience Standards” also offer helpful guidelines.
The ANSI/ASIS SPC.1-2009 standard, for instance, recommends that an organisational resilience team should include “human resources, information technology, facilities, security, legal, communications/media, manufacturing, warehousing and other business critical support functions, with all under the clear direction of senior management or its representatives.”
Organisations that want to get serious about preparedness can follow the Good Practice Guidelines (6) of the Business Continuity Institute and even certify HR staff members.
Business Continuity and Compliance
For SHRM (7), Duane Morris, LLP summarised the issues that most often arise in emergency scenarios. These include pay, leave and related issues, and also the need to estimate the impact of downtime and restoration activities on labour costs, dependencies for shared services (especially IT), anticipated costs for hotel and food and advanced training.
Conducting company-wide or department-by-department exercises to test the adequacy of business continuity plans will also likely involve HR. A discussion hosted at Georgetown University (8) cites some of the overlapping duties:
“Main exercise objectives include identifying weaknesses and shortcomings, verifying recovery objectives and procedures, validating global efficiency of plans, verifying the adequacy of emergency operations centres (EOCs) and alternate sites, and achieving specific recovery time objectives (RTOs) and recovery point objectives (RPO).”
The discussion mentions the importance of training for managers and supervisors, as well as clarity about roles and responsibilities for all personnel during an interruption event.
Preparedness vs. Cost
HR budgets will rarely allocate funding for unlimited preparation, backup equipment, secondary locations, training exercises or consultants. So where to invest the limited resources?
That’s where enterprise risk management (ERM) frameworks such as that initiated by the Committee of Sponsoring Organizations of the Treadway Commission (9) may prove indispensable. Just as the IT-centric NIST Special Publication 800-37 informs information security risk preparedness, HR leaders must balance potentially unique ERM risk profiles and enterprise risk appetite against available preparedness resources.
HR is a key preparedness player. Imagine a sysadmin who is on vacation and unable to travel to a data centre location. If a disaster hits and no one else in the organisation is trained to restart the backup site, recovery efforts could be delayed or severely impaired. In this instance, the missing piece is a human, not IT resource.