Here are my thoughts:

Monitor: You should absolutely monitor what is being said about your organization on Twitter, Facebook etc when you are faced with a crisis, incident, etc that goes public. Many news organizations now monitor Twitter and Facebook etc searching for stories, so you should be on there too. Ideally, this would be done by the PR/communications members of your crisis teams. Hopefully they are doing this already on a day to day basis, and perhaps posting information about your company during normal day to day operations. In a crisis they should be prepared to try and counter/correct misinformation on your company on the social networks. But remember, this type of communications can easily “Go viral”. My advice: outbound communications on these channels is risky and should be handled by trained PR/ Communications people

Accuracy: Remember that the openness of these media and the anonymity of users raises real concerns about the accuracy of the data on them. Professionals following Facebook and Twitter are following trends rather than individual posts. See the excellent article in the February 2011 edition of Security Management for more information, at www.securitymanagement.com

Authenticity: Be aware that some of the people posting misinformation about your company may be employees, contractors, etc. Review your policies on this, and make sure employees know certain types of activity on the web/social media are grounds for dismissal. Try to be as clear as possible in your policy, it will help you in the event you must take disciplinary action.

Security: There is a lot of talk about the vulnerability of these sites to hackers. Many large organizations are not using these channels for outgoing communications in a crisis because of the fear of misappropriation of messages, or the possibility of hackers breaking in to a Twitter or Facebook account and posting misinformation. Know how to shut your company accounts down before a crisis occurs so you can do it quickly.

Notification: I think there is a role here for notification, however, in a limited way. One can envision a scenario where you would “Tweet” team members and direct them to a secure messaging system for information- thus driving your legitimate crisis team members to a communication channel where they can be authenticated, and then providing them the info on the authenticated channel. One example of this would be a “Tweet” directing Crisis team members to the Forum in Crisis Commander- where they could access a secure blog on the incident. Your initial “tweet” should not contain a lot of details, just instructions to login to a secure channel.

This topic is going to remain open and hot for some time- follow up here for more information, and please post replies to this blog if you have questions or comments, or like/ dislike what you read here.

I recently attended a presentation by Howard Gwon, Chair Emergency Management Committee and Administrator, Emergency Management Response/Recovery for the Johns Hopkins Hospital (JHH) and JHU School of Medicine. Mr. Gwon discussed their response and its implications and outlined some changes they will be making.

I have attached Mr. Gwon’s presentation for your information, courtesy of the Johns Hopkins Hospital (JHH) and JHU School of Medicine. Below are my take-aways from the presentation:

· Have multiple modes of communication: JHH had 5: Text(EAS), Notifind, JHH email, loudspeakers, pagers (only one mode reached my wife, e-mail)
· Multiple update messages are required throughout the incident
· Plans must be in place before there is an incident of workplace violence – there is no time to plan during the event
· Send messages every 15 minutes to reassure people and let them know what was happening. Some people will not believe the messages that are being sent and think it is only a drill. It was difficult to send messages to all the pagers because their system could only send to 100 at a time.
· Have a member of your own Security and the Principal Information Officer at the location where the Police establish their Incident Command. That way the members of your staff can know what is happening and communicate information back to your Incident Command Staff.
· You will need to take care of the situation for 5 minutes at least before the Police will be able to arrive.
· Roads around your location may become a problem for staff to get to and enter your organization because the police may set up roadblocks to restrict people from coming into the affected area
· People will be using Twitter and Facebook to communicate about this event even if you have a policy that only one person is authorized to speak to the media.
· Many government agencies will come to your location not just the Police. You need a way of dealing with them.
· Have and wear badges so that you and the Police will know who is who.
· Decide who will take care of the victims and how to communicate with their families. It is important to tell employees that they should not help victims unless the area is safe to enter. This responsibility is already assigned to the paramedics employed by the local jurisdiction.
· JHMI held a Town Meeting right after this with all employees and then again four months afterward to let people know the action that had been taken

Of particular note to me is the reduced tolerance of aggressive, threatening behavior by employees, patients and their families etc. This ties in strongly with the Tuscon shooting incident, and I hope will drive us all to consider what changes in actions we should take towards those that exhibit this type of behavior.

1. Leadership and strategic communications: having a leader who can effectively frame  events in their context, and manage expectations from the very start of a crisis.  As someone once said, you can say anything to anyone, as long as you say it the right way.  Highly effective leaders provide context and direction in their communications to ensure they are heard the right way.

2. Delegation and networking:  This is really what we are all planning for, isn’t it?  To have clearly defined responsibilities among teams across the organization, and a network that we can access when things don’t go as planned.

3. Reputation management is Critical:  this is what we learned from Tylenol- transparency, expertise, commitment and empathy  and don’t forget honesty, are the keys.

4. Take a long term view:  Short-term oriented decisions can further harm reputations in a crisis.

5. Information Management is key:  Those of you using Crisis Commander know how important it is to have the right information available at the right time to make the right decisions.  Having a structured way to prepare, gather information and respond is absolutely critical.

The article ends by exhorting readers to make the necessary investments to manage risks and crises.  Click here to view the full article, it is well worth a read, and a forward around your organization.

The implementation of the new software is a critical step towards a safer London. City of London’s ‘Safer City Partnership’ is a UK-wide initiative whose current objectives include protecting people and businesses against a range of incidents, including pandemics, natural disasters, terrorism, anti-social behaviour, crime against people and economic crime. A team of officers from the City of London Corporation and City of London Police supports the work of the Safer City Partnership. The unit is located within the Security and Contingency Planning Group of the City of London.

The new Software-as-a-Service (SaaS) is called Crisis Commander and will initially be used to manage and control the City of London Corporation’s response to major incidents or any disruption within the Square Mile, such as pandemics, rail accidents, floods and power outages.

ECDC is an EU agency whose aim is to strengthen Europe’s defences against infectious diseases and its mission is to identify, assess and communicate current and emerging threats to human health posed by infectious diseases.

ECDC works in partnership with international health protection bodies across Europe to strengthen and develop continent-wide disease surveillance and early warning systems and the implementation of the new software is a critical step towards a safer Europe.

The new Software-as-a-Service (SaaS) is called Crisis Commander and will initially be used to manage and control ECDC’s response to infectious diseases and pandemic threats and allow ECDC to pool Europe’s health knowledge, so as to develop authoritative scientific opinions about the risks posed by current and emerging infectious diseases.

The new Software-as-a-Service (SaaS) is called Crisis Commander and will be used by between 10 and 25 staff, to help manage and control the company’s complete incident management and emergency response process.