Major incident training put in place by a large commercial property investor because of terrorist attacks proved its value in the face of US hurricanes. By John Smith
The picture we were looking at showed the graphic effect of a Category 5 hurricane driving a 28 foot (8.5m) storm surge driving an even higher wave effect and striking a 12 storey building in Tampa Bay, Florida. The water level rose to the seventh floor of the building; all below was submerged.
This was not real, but a manipulated picture produced by Holly Wade of the local county emergency management programme. Her presentation was part of a training session on planning for hurricanes for our resident incident management team. This was four years ago, and until just a year ago, one of our companies, Invest Financial, occupied the seventh and eighth floors of this building.
Our meeting with Holly was part of a programme of major incident management training we have been carrying out in our businesses around the world for the last 10 years.
As part of its role as a major financial services company, Prudential plc is one of the largest commercial property investors in the United Kingdom. We havea massive property investment portfolio, which includes around £12 billion worth of property, including large office complexes, retail parks and shopping centres. We had decided to train staff to handle potential crises because of our experiences during the Irish Republican Army (IRA) attacks between 1992 and 2001. We had some 30 buildings damaged including St Mary Axe and Bishopsgate in the City of London, Arndale Centre in Manchester, Omagh in Northern Ireland and Ealing High Street in west London.
We felt there was a need to develop a robust procedure to manage incidents, and looked for the best training we could find. We were fortunate. London Metropolitan Police, known as the Met, was looking for organisations to add a business viewpoint to its own training. At that time, The Met was probably the most experienced counter-terrorist police force in the western world and its police incident management training was excellent. It had formed the London Emergency Services Liaison Panel, which provided a protocol to coordinate the operations of the emergency services and with them had developed the now well known Gold, Silver, Bronze incident management structure.
In brief, the Gold level is the strategic level and decides the overall direction of the way the incident is to be managed; the Silver level operates tactically and will be much closer to the scene, while the Bronze level is wholly operational and concerned with the incident detail.
The Met had developed a sophisticated major incident training programme, unlike the usual desktop exercise offering. It involved a carefully designed and structured mixture of instruction and seminar-based scenario play, offered at Gold, Silver and Bronze management levels.
The course took two days and was led by experienced senior police officers. Presentations by participants were subject to comment, first by their peers and then by a team of experts, including lawyers, journalists and subject matter specialists. The Met’s analysts and planners produced scenarios which looked at possible future threats, as well as building on the lessons learned from previous experience of rail and air crashes, terrorist incidents and floods. The pressure and pace were varied to reflect the realities of an incident, and the courses were exhausting.
Business perspective
I attended a Silver/Bronze Course and then a Gold course. Despite being, as I thought, a reasonably experienced incident manager, I learned a great deal, but was also able, (in fact, required), to put over the business viewpoint in a way that, I understand, influenced police thinking and planning at the time.
After the Gold course, we discussed the use of these methods in a commercial context. Much of the content was highly relevant, and the Gold, Silver Bronze management system translated well to the flat management structures in business. One of the key problems for us, especially in our investment estate which included a large number of shopping centres, was the relationship with the emergency services. There was relatively little communication between the commercial world and the emergency services, and no combined training. Now, the relationships between the blue light services, as the police, fire and ambulance are known collectively, and the commercial world are much closer, at street level at least.
As we had common interests in the preservation of the lives of our customers, staff and other members of the public, and in minimising the effect of terrorism and natural disasters, we decided to work together. We asked CCTC, a training company formed by former senior police officers, to design a course at Silver and Bronze level for us. What they produced, with our input, followed the same basic structure and pace as the Met courses, but emphasised the importance of pre-planning and of managing the consequences of an incident, together with how to work closely with the blue light services.
It is crucial to fix incident management procedures and techniques firmly into the minds of those responsible for the response. Detailed planning for business continuity is obviously essential, but in incident management, a detailed plan may get left on the shelf or at best used for reference. We have found this one of our own most useful lessons and one we push very hard. Key individuals, and their alternates, are given the skills, the training and the authority to make key decisions when necessary. While we expect them to have access to ‘the plan’, slavish adherence and checklists are not part of the plot. Managers are expected to manage.
We commenced a roll out of training across our businesses in the United Kingdom, including all our shopping centre managers and going on to key staff, including security and cleaning contractors. Eventually, we brought in managing agents and even some competitors in our training. The scenarios we have looked at, and, indeed, have trained people to handle, seemed like a nightmare at the time, but sadly, all have since come to pass.
“In August 2004, we received warnings that Hurricane Charley was expected to strike the west coast of Florida. We set up
the Gold, Silver and Bronze teams as planned.
The programme is based on an all hazards approach to cover many kinds of incidents, principally terrorism, but also includes IT failure, fire, floods, explosions, weather conditions, power failure, suspect packages and civil commotion.
It was, perhaps, most telling when we reviewed our incident management procedures immediately after 11 September 2001 and concluded that although the shape of terrorism had changed, there was nothing we wished to change. We constantly review this decision, but so far it remains unaltered.
It is not, nor should it be, easy to get the time of managers and key staff because they are needed in the day-to-day running of the businesses. Fortunately, the Prudential board is supportive, but even then, business units take some persuasion. We have found the best advocates are those who have done the training.
Hurricanes
The management team of our Tampa based Invest Financial business carried out the incident training in July 2003. They took part in the course enthusiastically, and, somewhat warily, we used a major hurricane as the scenario. As always, we brought in local expertise, including Holly Wade. She gave a memorable presentation. Most of our senior team at Invest Financial are women. Holly commenced by asking how many were mothers, then pointed out that all mothers are emergency planners and then emergency managers. The comparison of the preparations for a family day out with preparing a business for a hurricane or other emergency had us all in fits of laughter, and no one forgot it; she was brilliant. Despite the laughter, her message was clear: we had to assume loss of the building and denial of access for a protracted period afterwards.
As we worked through the scenario, critiquing the results together, the Invest Financial team became deeply involved, and the session became a think tank on business survival in a hurricane. New solutions were proposed, examined carefully and then accepted or rejected. It was hard work and very good fun. We always made it clear that the onus was on the business to decide where it would take things next. Lynn Neidermeyer, the CEO, decided to review the plan completely. The result was a much shorter, but more useable piece of work.
In August 2004, we received warnings that Hurricane Charley was expected to strike the west coast of Florida. We set up the Gold, Silver and Bronze teams as planned. Gold consisted of the chief financial officer and chief information officer of our US businesses, based in Lansing, Michigan. The chief executive of Invest Financial’s parent business based in Santa Monica, California led Silver with members from Santa Monica, Lansing and the United Kingdom. Lynn Neidermeyer in Tampa headed the Bronze team.
As Charley came up the Gulf of Mexico, we pre-positioned specialist IT staff to service the mobile office trailers which were part of the plan. Some staff were moved out to set up small support teams in other parts of the business unthreatened by Charley. Charley was a Category 2 but was predicted to become Category 5 by the time it made landfall, and it was heading directly for Tampa. This looked serious. Hillsborough County instructed immediate evacuation of the area likely to be flooded, including our building.
We called up the trailers, which began their journey, and positioned more staff out of the danger area. Charley increased in strength to Category 4 and came closer, but suddenly veered off to the east and made landfall 100 miles (60km) of south of Tampa. When it reached the building, the storm surge was still high enough to carry waves over the causeway, although our floors were unaffected.
Although we had a near miss and no lasting damage, we had learned a great deal. As we had invoked the trailers, we decided to do a live test — we knew that there were more hurricanes forecast over the summer. The trailers worked perfectly and communications were established quickly, but Lynn and her team found very rapidly that working in them in the heat of a Florida summer, was thoroughly uncomfortable, despite an apparently appropriate dress code. There was also plenty of news film of hurricane damage, and from that we realised that it could easily become impossible for trailers or staff to get to any of the pre-arranged meeting points.
A key factor in any plan is flexibility. We had not long bought Invest Financial and its parent, and there were already plans in place to standardise more of our IT systems. These standardisation plans were accelerated significantly and IT staff worked hard to complete the job quickly.
Between 13 August to 26 September 2004, our Tampa business suffered four major hurricanes — Charley, Frances, Ivan and Jeanne. Over this period, we continually reviewed and developed the plan to cope with each individual hurricane and with the sheer strain of four major disruptions to business. Staff were despatched to other sites across the United States, and new staff were trained on our systems.
Throughout the period our customers were unaware of the efforts being made by staff to keep the business on track and functioning. No business was lost, and we remained up and running throughout. The Gold, Silver, Bronze management system worked well, and Lynn said later that the knowledge that they had the full and unstinting support of people from across the group made a tremendous difference, especially in the hardest times.
In April 2006, Invest Financial moved to a new building, well outside the flood danger area.
Key elements that made it successful
Followed plan – prepared for the worst
• Constant communication between incident management team members
• Pre-planned conference calls
• Pre-determined meeting place in the event phone lines down or cell towers out
• Support from parent organisations. (Standardisation initiative enabled us to
rely on each other for support through
critical times.)
• Reviews and debriefs
• Clear realisation, after four incidents,
what was and was not critical
• Continuous follow-up on welfare of our staff
Postscript
John Smith is head of group security at Prudential.
Email: john.smith@prudential.co.uk