Last reviewed 11 May 2016
Mike Sopp examines the increasing requirement for laboratories to have suitable emergency plans in place in order to respond to unwanted events.
Despite good risk management practices to eliminate or reduce threats to as low as reasonably practicable, laboratories can be faced with the potential for risks to materialise to such an extent that special arrangements are required to manage the threat of serious and imminent danger to life.
In addition, by the nature of the activities involved in laboratories, there are threats to the environment and wider community that may have to be taken into consideration when planning for an emergency situation.
Increasingly, laboratories are being required through regulatory requirements and wider stakeholder demands to have suitable and robust emergency plans in place to respond to the immediate and ongoing impacts of an unwanted event.
When developing any plan, it is vital that a plan owner (preferably a senior responsible officer) is appointed and a planning team is developed. This team can then:
define the purpose, objectives and scope of the plan
develop and approve a planning process and timetable programme
decide the management structure and content of the plan
define the process for testing and reviewing the plan.
Key to the process of setting objectives, scoping and timetabling is the collection, collation and dissemination of relevant information. For example, threat and risk assessments, business impact assessments, legislative requirements, previous incidents, etc will all influence the planning process.
Clearly, decisions will have to be made as to what plan is required and whether separate plans may be required.
As a simple example, there are various pieces of health and safety legislation that all require “arrangements to deal with accidents, incidents, and emergencies” not least those for fire safety and hazardous substances. The laboratory should be determining if these are dealt within a single plan or whether several plans may be needed.
Similarly, the laboratory may have to give consideration to environmental impacts an unwanted event may create, as well as communication requirements with stakeholders and business continuity requirements following an event.
Modern planning practice is now also suggesting there could be a need to escalate incidents to a “crisis situation” which is defined as an “abnormal and unstable situation that threatens the organisation’s strategic objectives, reputation or viability” which may require additional planning.
The actual process of plan development and approval will very much depend upon the laboratory’s business operating model and organisational arrangements. However, the general principle is that planning should be a cross-cutting process with representation of all significant stakeholders, so as to utilise all necessary experience and knowledge.
Structure and contents
Current best practice guidance recommends that organisations should, as part of the planning process, establish a management structure to “respond to a disruptive incident using personnel with the necessary responsibility, authority and competence to manage an incident”.
The purpose of such a structured hierarchy is to allow the laboratory to confirm the nature and extent of the incident, take control of the situation, contain the incident, and communicate with key stakeholders. Typically, such a structure is based upon the emergency services structured approached (commonly known as the gold, silver, bronze hierarchy).
Within this structure, each person can be given a separate role with, for example, gold being the most senior person/s in the laboratory, making strategic decisions particularly if an incident has escalated into a crisis.
Silver duties will normally be those that link operational arrangements with the strategic gold level. The designated silver may be responsible for collating information and making operational decisions.
Bronze functions are operational and may include the implementation of specific plans (for example communications, evacuation, business continuity, etc) or the undertaking of specific roles such as safety, security welfare, etc.
In terms of the content of the emergency plan, this will obviously be quite specific but current guidance suggests the following headlines to inform the content.
Purpose, objectives and scope of the particular plan.
Activation criteria and procedures (eg fire alarm actuation).
Implementation procedures (evacuation, shutdown of plant, etc).
Roles, responsibilities and authorities.
Communication requirements and procedures.
Resource requirements (including facilities).
Information flow and documentation processes.
The procedures for invocation of plans should allow for the relevant plans or parts thereof to be invoked in the shortest possible time required. The plan should include a clear and precise description of the following.
Authorities and/or systems for invocating the response.
Communication methods to mobilise the response personnel.
Location or rendezvous for response personnel.
For some plans such as a fire emergency plan, invocation and mobilisation would be through an alarm actuation and require immediate mobilisation of resources.
The emergency planning process should identify suitable facilities that can act as the control point for the incident. The control point can act as a communication centre as well as the liaison point for the laboratory, particularly for “blue-light responders”.
Laboratory staff members will be expected to take the most appropriate action in respect of any function they may have in the emergency plan. However, as plans may only be invoked rarely, it is sometimes useful to develop “Job Cards” that can provide basic information as to the actions that would be expected to be implemented by the various duty holders.
Testing and review
A laboratory’s emergency planning arrangements cannot be considered reliable until exercised or tested. An exercise programme has a number of purposes.
Practising the laboratories ability to respond to an incident.
Verifying that the plan incorporate all critical elements.
Highlighting assumptions which need to be questioned about the plan.
Instilling confidence and team work among exercise participants.
Validating the effectiveness of the plan.
Demonstrating competence of those with specific responsibilities.
The exercising and testing of plans can be undertaken in a number of ways including through discussion-based forums, table-top or live exercises or a combination of all three. Exercises should be carefully planned and agreed with all relevant parties to be involved. Every exercise should have clearly defined aims and objectives with the scale and complexity of exercises being appropriate to these aims and objectives. The process of developing an exercise programme can be summarised as follows.
Discuss with top management perceived areas of weakness that would benefit from visibility of exercising.
Decide on suitable type of exercise activity (eg to test a specific plan or element of a plan).
Review documentation relating to previous exercises to avoid repetition and to identify areas of concern.
Devise timetable of exercise activities that ensures over a period of time all relevant personnel take part in the exercise.
Senior management support for undertaking any exercise will be paramount and it may be advisable to develop a short brief explaining the purpose of the exercise. A positive attitude towards exercising makes the process more acceptable and enables strengths to be acknowledged and weaknesses to be seen as opportunities for improvement rather than criticism.
A post-exercise debriefing and analysis should be undertaken, which considers the achievement of the aims and objectives of the exercise or test. As part of the planning process, those who will require debriefing should be identified.
Debrief/s should be undertaken as soon as is practicable after the exercise. All those who participated should be given the opportunity to express their views in a non-threatening atmosphere, so that participants can be honest about their experiences and problems they may have encountered.
A post-exercise report should be produced. This should cover the aims and objectives of the exercise, the scenario as well as the positive and negative observations from the exercise. It should contain recommendations for the future and a timetable for their implementation.
The Business Continuity Institute: Good Practice Guidelines 2013 Global Edition is available at www.thebci.org.
British Standards Institution:
BS ISO 22301: Societal Security — Business Continuity Management Systems — Requirements
BS11200: Crisis Management — Guidance and Good Practice
BS ISO 22313: Societal Security — Business Continuity Management Systems — Guidance