[an error occurred while processing this directive]

Terrorism - an Important Consideration for Your BIA
Ensuring True Protection for Your Company and Employees

By Pat Moore, CBCP FBCI


You perform a risk analysis to identify any exposures your organization may have internally and externally due to physical or geographical environments. You prepare a business impact analysis to identify financial and operational impacts resulting from a loss causing costly business interruption. Similarly, you must also stay abreast of domestic and international political climate changes in those areas in which your organization and/or supply chain operates. Unfortunately, as we all know too well, domestic and international terrorism of all types are on the rise worldwide, and the operations of any organization, as well as its executive management, could be at risk.

Although there are many forms of domestic and international terrorism, there are also numerous prudent steps that can be taken to minimize the risks of these events. For example, in the area of 'safety', does your BIA address whether or not your organization has provided proper policies and training to your personnel who travel? Are personnel traveling with 'clean' passports that do not show travel to controversial countries? If the corporation itself is a 'controversial' one worldwide, then perhaps business cards, luggage cards or items with company logos, which are considered 'controversial', should be altered when traveling in those geographical areas. Other guidelines include:

• Dress casually, not like an executive.
• Leave an airport's public area quickly-they carry higher terrorist risks.
• Avoid carriers from terrorist-targeted countries.
• Avoid intermediate stops-terrorists can plant explosives and deplane.
• Request airline and hotel reservations personally, without corporate affiliation.
• Do not use the company name on a landing card.
• Under occupation, use 'businessperson', not CEO.
• Be prudent in your choice of restaurants/bars.
• Do not reveal personal information to casual acquaintances.
• Should you be present during an emergency, such as a 'coup', remain in a safe harbor that is not a military target.
• In countries with severe terrorism or crime, vary the times you leave your hotel or residence and leave by various entrances. Return to your hotel by sundown. Carry phone numbers of the police and your embassy.
• Keep your company and others abreast of your itinerary and any changes.
• Have a practiced procedure for staying in touch with company, government or family.
• Avoid political discussions in 'controversial' locations.
• Research terrorism issues and events, historical data and profiles on terrorist organizations and individuals.

The National Domestic Preparedness Office (NDPO) of the FBI may be the best 'one stop shopping' site for state and local emergency planners with information on weapons of mass destruction issues. They publish "The Beacon", a monthly newsletter that provides a forum for government and the first response community. Other good sources for information are The International Association of Counterterrorism and Security Professionals - www.securitynet.net; the Terrorism Research Center at http://www.terrorism.com and the Emergency Research and Response Institute at www.emergency.com.

In addition, kidnap and ransom insurance is a pre-requisite to doing business in many parts of the world. Shareholders will be very quick to ask why your organization might have paid $1 million for a ransom when this sum of money could have been paid by the proper insurance policy. Kidnapped employees or their families have sued companies in the past, and the risk is particularly high if intelligence reports indicate kidnapping risks were high in known areas of travel.

In your 'site review' vulnerability analysis, you must also assess your evacuation and 'invacuation' procedures to look at options and make choices that realistically address issues of 'denied access'; loss of normal facility egress areas, and potential closing of roads; rail; water routes and airspace. You will also potentially be dealing with issues of crowd control, possible militants, snipers, etc. that will require you to consider what is 'realistic, 'desirable' and 'needed'.

Our employees and management are generally not professional heroes and just as we exercise our data recovery plans, we may need to challenge the pre-planned assumptions about the timings and success of safe personnel evacuations in all of our facilities until we have practiced them under all conditions.

Different industries have different vulnerabilities in terms of getting products and services to market, especially during a terrorist incident. In a manufacturing or distribution environment for example, a BIA terrorism assessment needs to carefully review the impact of a terrorist event upon raw materials, supplier relationships, supplier location, raw material volume, shelf life, transportation and special handling and stability issues, as well as loss of a 'specialized workforce'.

Other concerns which also need to be addressed include (at minimum):

• Conducting a counter-terrorism exercise, antiterrorism exercise or consequences of terrorism exercise complete with law enforcement, fire, medical and emergency management participation through your in-house liaison to these authorities.
• Assessing a scenario perhaps where an explosion resulted in 150 burn and orthopedic victims, and whether or not your organization knows where they could be hospitalized and has procedures in place to transport them to the appropriate location and keep their families informed of their status.
• In a hostage situation, who is your principal negotiator, and how much experience or training has he or she had? How long would it take this person to get to the scene?
• If a terrorist is threatening to contaminate your water supply, where can you get an experienced, multi-disciplinary crisis response team?
• How can you monitor and prepare for any potential danger posed by extremist political groups in your area?
• What should your organization's policy be on negotiating with a person threatening a terrorist act?
• Do you have an economic recovery plan for a terrorist act in your jurisdiction?
• Can you track and present as part of litigation (which is sure to follow), a complete chronology of actions taken by the responders under your control?
• What is the 'chain of command' and subsequent incident management plan within your organization in the event of a terrorist threat or attack to your organization?
• What type of secession planning does your organization have in place (and has practiced) in the event you lose your key senior management executive team?

The issues identified above represent only a portion of the business impact analysis you will want to perform in addressing the risk of terrorism to your organization, personnel or supply chain, and in revalidating your recovery and continuity strategies. Additional information and a special workshop on this topic are available to organizations through this author.


About the Author
Pat Moore, CBCP (Certified Business Continuity Professional), FBCI (Fellow of the Business Continuity Institute), Contingency Planning & Management's 1999 Hall of Fame inductee, and winner of the Federal Emergency Management Agency's (FEMA) "Outstanding National Business Person" award for 1999 - 2000, has been one of the world's leading educators on business and service continuity planning since 1982. Recently (February 28, 2002) retired from Strohl Systems in King of Prussia, PA where she was Vice President of Business Continuity Planning Education since November 1994, Pat now lives in Marble Falls, Texas and on an independent basis, continues to provide conference, corporate and community presentations, education, training and consulting worldwide, as well as publishing articles and chairing and participating in numerous industry forums and committees. Contact information: pmooretex@aol.com or (830) 598-1587

This article may not be reprinted, reproduced or distributed in part, or in total, in any medium, without the express written consent of the author.

Copyright Pat Moore 2002 - All Rights Reserved.

[an error occurred while processing this directive]