Executive Summary

Requirements for an emergency response plan (ERP) to be SMS-compliant will depend on the size, nature and complexity of an organization as well as its area of operations and applicable regulations. It is essential to understand relevant regulations and to use guidance material published by the regulatory authority to ensure compliance and full integration with the Safety Management System. Whether or not a program is regulated, crisis managers should aim to achieve best practice in their ERP design as identified in the global principles of Safety Management Systems, namely: policy, objectives and management commitment; planning for potential crisis events based on risk profile; regular testing, evaluation, analysis and improvement of the ERP; and training and communication processes to ensure stakeholders are prepared to execute the plan. Organizations can never anticipate every crisis so they must leverage their risk profile to identify the most likely crisis scenarios as well as those outlier risk events that pose a profound or existential threat to the organization. Crisis management planners must therefore build ERPs that are both comprehensive and adaptable and must exercise them regularly to support a process of continual improvement.

Size, Nature and Complexity

Is your emergency response plan SMS-Compliant? The short answer is … perhaps. Whether your emergency response plan (ERP) complies with Safety Management System (SMS) regulations will depend upon the size, nature and complexity of your organization as well as its activities, area of operations and applicable regulatory regime. The emergency response plan is an integral and critical component of an organization’s business resilience program. To be effective the ERP must be properly documented, effectively implemented, accessible by key personnel, integrated with the organization’s overall safety and business objectives and exercised regularly. If the organization operates under a regulated Safety Management System, the ERP may also be required to comply with additional regulatory criteria.

The Four Pillars of Safety Management Systems

Where regulated, the ERP will be a component or an element of the organization’s Safety Management System. When building its ERP the organization should consult applicable regulations and guidance material published by its regulatory authority to ensure compliance. If the organization is not subject to SMS regulation, or if guidance material is only general in nature, then the ERP can be developed to conform, where applicable, with the best practices articulated in basic SMS principles. A Safety Management System can be defined as an organized set of programs, principles, processes and procedures that integrate operations, technical systems, financial and human resources for the purpose of managing risks to a level as low as reasonably practicable. An ERP is designed to manage the impacts of a risk event to a level as low as reasonably practicable and should conform with the four pillars of a Safety Management System:

• Policy: The ERP should include crisis management objectives, identify key personnel and their responsibilities and accountabilities, and articulate senior management commitment to the plan; it should identify external agencies critical to a crisis response and specify coordination procedures with those agencies; and it must specify crisis management documentation and a process to review and control ERP documents.
• Crisis (risk) management: The plan should identify potential risk events, or categories of events, based on the organization’s risk profile (more about this later); it should specify mobilization procedures, response procedures and resources; and it should integrate with the crisis management and business continuity plans, including identification and maintenance of back-up operational facilities.
• Assurance: The ERP will specify a process for ensuring its effectiveness and continual improvement through periodic testing, evaluation, analysis and updating; the nature and frequency of emergency response exercises; and a process for integrating crisis management planning into the organization’s daily operations, including its change management process.
• Promotion: The ERP should specify the requirements and process for conducting training needs analyses and providing initial and recurrent training to ensure all participants perform their roles competently; a process for maintaining awareness of the ERP throughout the organization; and a process for updating the ERP and disseminating changes to affected stakeholders.

Detailed Regulatory Requirements

Specific requirements for an emergency response plan will vary with jurisdiction and industry. A good example of this is seen in the airline sector as it operates worldwide across many jurisdictions, is considered a high-consequence industry, is heavily regulated and, unfortunately, has experienced significant crises from which to learn and evolve its crisis management framework. Aviation regulations are coordinated by the International Civil Aviation Organization (ICAO) which sets regulatory standards and recommended practices. Each ICAO member state (country) then enacts its own legislation and regulations, including those addressing SMS and emergency preparedness. Whilst ICAO provides some detailed recommendations for ERP content in its Safety Management Manual,¹ individual states have adopted a range of requirements in their regulations and advisory materials. State ERP requirements vary from high-level regulations to more detailed supporting standards. Canada is a good example of a state that provides comprehensive ERP standards; in fact, Canada has made emergency preparedness a stand-alone component in its aviation SMS regulations and identified eleven elements in its standards that must be incorporated into an airline’s ERP.² A summary of those elements is shown in the Appendix along with suggested content for each. Where applicable, each element must identify associated processes, procedures and responsible managers.

A Word About Outliers

An SMS-compliant ERP is informed by the organization’s risk profile and incorporates processes and procedures to mitigate the effects of its highest-risk outcomes. But to design an effective ERP, crisis managers must also consider the highly unlikely outlier risk scenarios that, should they occur, may have devastating consequences for the organization. An example might be the total loss of a manufacturing facility or the unexpected insolvency of a key supplier. Emergency response planning must therefore consider certain high-consequence events regardless of how unlikely they are to occur; in essence, those high-impact, low-likelihood events that can pose a profound or existential threat to the organization. It is impossible to plan for every risk event so crisis managers must build adaptable ERP processes that can address a variety of scenarios. But which outlier scenarios should be considered? Which high-impact, low-likelihood events need to be within the capabilities of an ERP? McKinsey & Company have recently published a good article on this dilemma.³ To identify the most important high-impact, low-likelihood risks McKinsey suggests a two-dimensional pressure test. By identifying the potential effect of an outlier risk event in terms of its impact to the organization’s core value proposition as well as the certainty of that impact, crisis managers can determine which of these outliers need to be considered in their emergency response planning. Those that score high in both dimensions can pose a profound or existential threat to the organization and should be managed, either proactively or reactively. Proactive management can take the form of immediate actions or setting triggers for future actions. Examples might be creating greater supply chain resiliency or establishing a process to suspend certain operations when a severe weather event is forecast. Reactive planning might include processes to mitigate the effects of a global pandemic or civil unrest in a country where important satellite operations are located. By identifying unlikely, yet important, risk events the ERP can be structured to respond effectively, either through predetermined procedures or its ability to pivot and adapt.

Summary

To summarize, whether or not an ERP is mandated by Safety Management Systems regulations, it can be developed to comply with best practices and the basic principles of SMS to provide an effective response to an organization’s most impactful crisis events. If the plan is regulated, crisis managers should consult relevant regulations and associated guidance material to ensure compliance. If guidance material is scarce, or if the ERP is not mandated, the basic principles of Safety Management Systems can be used to provide an effective framework for ERP development. Finally, although crisis managers cannot plan for every risk event, an effort must be made to identify and plan for high-consequence, low-probability events that could pose an existential threat to the organization.

References

^1. ICAO Safety Management Manual, 3rd ed. 5-App 3-1

^2. Canadian Commercial Air Service Standard 725(3) Airline Operations – Airplanes

^3. McKinsey & Company, The disaster you could have stopped: Preparing for Extraordinary Risks, McKinsey Insights, December, 2020

Appendix

Canada’s Commercial Air Service Standard 725 (Airline Operations – Airplanes) specifies eleven detailed elements required of an emergency response plan. Each is listed below with a brief explanation of content that might be included for airlines and for other types of organizations. Where applicable, each element must identify associated processes, procedures and responsible managers.(a) air operator policy

• management commitment to the crisis management program; program fundamentals, including care for those affected, minimizing follow-on impacts, coordinating with stakeholders, working with authorities and communities affected, determining causes to prevent reoccurrence, and exercising and refining ERP procedures on a regular basis

(b) air operator mobilization and agencies notification

• responsibility and process for initiating a response and mobilization of resources
• identification of response teams, including support roles such as IT, Security, Communications, Real Estate, Finance, etc.
• identification and notification of outside stakeholders and agencies
  • external agencies might include federal Accident Investigation Boards (AIBs) such as the NTSB, airport authorities, insurance brokers, police services, family assistance resources, crisis management partners, environmental protection authorities, legal representatives, media consultants, etc.
• responsibility and requirements for establishing an Incident Command Centre and an Emergency Operations Centre when required

(c) passenger and crew welfare

• a process for responding to the needs of persons directly affected by the crisis as well as their families and loved ones
• may include resources and processes for establishing a Family Assistance Centre and deploying Special Assistance Teams
• ancillary and support services such as transportation, communication, accommodation, payment of living expenses, etc. should also be considered as should resources for the organization’s members

(d) casualty and next-of-kin coordination

• a processes to coordinate with appropriate agencies such as hospitals, law enforcement, coroner, AIB, humanitarian services and crisis management partners
• a process to provide appropriate facilities for families and friends of those affected by the crisis

(e) accident investigation on behalf of the air operator

• a process for an internal investigation that respects limitations imposed by AIB, police, and coroner investigations
• a process as to when and how to engage with external investigations (it is always advisable to specify a single point of contact with the AIB)
  • Accident Investigation Boards will invite key stakeholders to be part of their official investigation (stakeholder engagement with the AIB will vary depending upon the legislative jurisdiction)

(f) air operator team’s response to the accident site

• a physical response to the site may or may not be required
• a physical response may be as simple as a technical services GO team or it could involve mobilization of several teams to conduct an internal investigation or to support a state investigation
• mobilization may also include members of the organization responsible for site maintenance and remediation

(g) preservation of evidence;

• critical procedures for immediate action to avoid the loss of perishable evidence and longer term procedures to support investigations
• e.g. taking pictures of damage, identifying witnesses, setting up environmental monitoring, securing records and manifests, etc.
• the ERP should also include appropriate and verifiable chain of custody procedures

(h) media relations;

• a process to provide communication training for the CEO and a small number of executives who may act as spokesperson for the organization
• a process to provide the spokesperson with current and verified information
• processes for crisis communication in all relevant media
• a procedure for engagement of media consultants where applicable

(i) claims and insurance procedures;

• insurers are key stakeholders who should be notified in the initial activation process and may be engaged in various aspects of the crisis response

(j) aeroplane wreckage removal

• a process for damage containment, removal and site remediation where applicable
• procedures for specialist services, equipment rental, storage space, government permits
• additional procedures as required by law

(k) emergency response training

• a process to identify key participants, their required competencies and delivery of appropriate training
• a process for maintaining a general awareness of the ERP and its role within the organization
• a process for exercising the ERP regularly to identify opportunities for improvement
  • at least one full mock exercise should be required annually