An Open Letter to the Presidents of our Universities - Part II
Posted on Thu, Jan 19, 2012
From Setracon's President, Jeffrey Slotnick
In the first half of my letter I posed some questions, some risks, and some possible approaches. In this I will try to delineate further the approaches that might be taken to secure your university.
Having a well-trained Crisis management team, well written policies and procedures, exceptional communication ability, and a collaborative environment can assist an institution in eliminating or mitigating most events. Crisis management has four objectives:
• Reducing tension during the incident
• Demonstrating corporate commitment and expertise
• Controlling the flow and accuracy of information
• Managing resources effectively
Let’s look at each of these in detail.
Crisis Management Team (CMT): The crisis management team can change depending on the nature of the event. Besides key staff represented by senior campus professionals, there may be additional outside specialties required such as police, fire, or media relations personnel.
Most Crisis Management Teams include; legal counsel, investigators, public relations, investor relations, risk manager, Chief Security Officer, financial, mental health professionals, Chaplains, marketing, employee relations, and technical personnel.
The primary objective of any plan is to set up a flexible structure that is capable of responding to any type of crisis quickly, decisively and in a coordinated manner. This reduces the cost and the overall impact of the crisis. The CMT plan should establish relationships, responsibilities and continuity. It should include a notification system with a specific and up to date listing of current contact information on the team members, chain of command, and outside relevant agencies. Think about the old adage that “an ounce of prevention is worth a pound of cure”.
Good communication is the heart of any crisis management plan. Communication should reduce tension, demonstrate an institutional commitment to correct the problem and take control of the information flow. Crisis communications involves communicating with a variety of people which constitutes: the media, employees, neighbors, investors, regulators and lawmakers.
Public relations are one of the single most important elements of the crisis response. It is imperative to create guidelines for the designated spokesperson addressing the methods for working with the media and community leaders. Attorneys on the crisis management team should review media statements and proposed answers to protect against privilege waivers and potential admissions than can be used in litigation.
Good communication is facilitated through integrated electronic messaging systems coupled with established response protocols. We are not speaking about dusty three ring binders and copious amounts of paper. There exists today centralized Crisis Management consoles which utilize commercial off the shelf software which track data, store policies and procedures, required forms, protocols, create incident reports, integrate communications, and track the event. Because this is a network-based system it can be accessed from anywhere utilizing a remote computer, tablet, or smart phone. This means that Crisis Managers can be notified immediately, receive updates in real time, and respond from where ever they are located. This capability for immediate response significantly compresses the event cycle allowing the crisis management team to move from onset to recovery and a 'new normal' in rapid fashion, thereby reducing the financial impact of the event.
By implementing and advertising what we have accomplished it allows us to leverage our new position by building an environment of trust among all internal and external stakeholders, re-forming the organization’s mindset to being open, collaborative, and responsive even in the face of adversity, identifying obvious and obscure vulnerabilities of the organization which can have significant impact on reputation and financial standings, making wise and rapid decisions as well as taking courageous action, and finally learning from crisis to effect change.
In summary, once you have performed a baseline audit, created the context for a leadership response to any crisis, and implemented people, process and technology frameworks to operationalize your risk mitigation efforts, you are now poised to doing something audacious. Begin to teach your stakeholders, including your investors, what you have done. Begin to attach a value premise to 'security'; a premise that underlines your attention to risk just as you would be attentive to any other critical value proposition.
Mr. President: responding proactively and leveraging something everyone else is too afraid to address creates a potential competitive advantage. How that is done should also be part of 'The Great Conversation in Security' as well.