In high risk, high reward research environments facilities staff, environmental health and safety, and risk managers understand the need for pre-incident plans at several levels.
First, nothing can go wrong! Unlike many other business functions, the R&D and manufacturing environments pose distinct challenges. For instance, a company’s next “block buster” drug is in the pipeline, clinical trials could be going on and vivarium’s used for animal testing can all potentially be affected by an unforeseen physical event, whether fire, weather, or man-made. The leading pharmaceutical companies understand the need for proper pre-incident planning based on a standard and use cloud-based software like Blazemark®.
Risk Managers who negotiate their property and casualty insurance and Workers Compensation, need to demonstrate that their company is actively managing risk. While keeping employees safe, the real driver in a research and development environment is “none of the research is insurable.” If something goes wrong, the company’s next billion-dollar, block-buster drug potentially goes out the door and the competition can then get to market first.
More and more of the forward-thinking companies understand that their corporate IT systems are constantly under threat. While we occasionally hear about a “ransomware” attack, or denial-of-service attack on corporations (one major global pharma IT department was out for weeks), there are many other much more significant attacks that occur on a daily basis that are equal or worse to the typical hacking that we normally hear about. Theft of “Intellectual Property Rights” (IPR) which are many companies real assets and figure heavily into their valuations, are often targeted. Theft of IPR and attacks on corporate IT systems can often times be “state sponsored,” or for a variety of reasons other non-governmental or even non-main stream corporate entities can be trying to hack into corporate systems to gain a competitive advantage looking for trade secrets. For example, other organizations that have a grudge, gripe, or do not like a business using animals will go to great lengths to get information on animal testing locations with a goal of gaining physical entry to a facility.
So, what happens when the above scenarios play out on the corporate IT network? Your IT systems can go down or get slow. What happens when your pre-incident plans, emergency operations plans, business continuity plans and everything else that you need in any type of emergency event are on the targeted system? You could be out of luck.
The solution to the above, as many clients tell us, is to keep the pre-incident plans and other emergency information off of the corporate network in an environment that likely surpasses, from a security standpoint, the company’s own internal IT environment. Many companies like using a set of well-known software products to run their business. Problem with this approach is all of the bad guys know which products that are likely to be in use and easy to hack (think Microsoft Browsers and other products).
If an emergency event occurs and the corporate networks are compromised and unavailable, then all of the emergency planning and everything else that is stored on line for emergency use is of zero value. A better approach is to compartmentalize your emergency plans and keep them in a separate and secure environment like Blazemark so that when things do go wrong, you still have a fighting chance of taking care of the emergency at hand with Blazemark and minimize the further disruption of the business by keeping the event at the lowest manageable level.
Bart Krauss started his public service career in 1979 and has expertise in high-risk security environments, emergency services, and information technology. Currently, he is a Principal with Fire Planning Associates who’s lead product is Blazemark, a cloud-based Preplanning System. Bart also serves as President of the Upper Makefield Fire Department in Washington Crossing Pennsylvania.