Selecting Technology for Your Control Centre

So you have taken the plunge and developed a crisis control centre to support strategic leadership in a crisis. You’ve got the facility identified long with the people. The last remaining question is about the technology you need to put into the centre to support the  team? When thinking about the selection of technology for your control centre here are 5 things to consider:

• Processes Come First: The first thing to know is that selecting the technology is not the first thing to think about. You need to make sure that you get the right processes defined before installing the correct technology to support them. If you focus on technology at the start, at the expense of getting the processes correct, you run the risk of finding out that your expensive technology doesn’t help your people do what they need to.

• Notification and Call Out: It will be important to be able to notify and call out team members quickly and easily.  This can be done over the phone or through call cascade lists but these methods are time consuming and run the risk of error.  Therefore it is useful to consider using automated systems to notify team members using either SMS, email or web based platforms. The widespread use of smart phones has enabled the development of specific applications designed to enable incident notification and call out. These can provide richer levels of information including pictures, audio and videos as well as location and diary details.

• Situation Management: One of the major functions of the control centre is to develop and maintain the situational picture. Technology can be employed to assist in the following ways:

• Information Management: Incoming and outgoing information will be required to be managed and separate telephony and email provision will be needed to support this. The accounts used should be able to be handed over as shift changes take place without compromising IT security policies.  The systems used should support the production and sharing of a contextualised situational picture, and not a simple chronological list. This picture must be capable of being added to or consolidated at the various response levels within the organisations, so that raw data is not simply passed up the chain prior to analysis and to ensure that the availability of sensitive data can be controlled. The situational picture must also be able to be shared easily with other teams and organisations.
• Action Management: The actions that result from the management of the situation need to be tracked and linked to the information and decisions that they resulted from.  This information should be readily available, in an easy to digest form, to control centre staff and to decision makers, both when in the office and when in remote locations.
• Displays: Displays will be required on desks but also as larger displays off desks so that others can see relevant information, such as the situational picture. It is also useful to be able to display information from the control centre directly into other meeting rooms, such as those used by senior decision makers or multi-agency groups, and to enable remote access by those not physically present.

• Records Management: All information, incoming and outgoing, forms part of the record of what has gone on.  Therefore the systems used must ensure that information is appropriately recorded such that an audit trail is possible. This could include the names of individuals or roles who have provided and inputted the information, details of times and dates, distribution information and information on changes and revisions that were made. It can also be useful to be able to quickly link information relating to similar dates, locations, themes, authors or sources.

• Scale and Future Proofing: No mater what technology and systems are installed one eye must always be kept on the future. Although it will be difficult to predict technology changes issues relating to scalability, training needs and replacement should be considered from the start. In doing so it can be helpful to build in a percentage increase in overall capacity above that initially required so as to prepare for future growth requirements.

Ergonomic Factors in Operating Control Centres

In a crisis your staff may have to spend a considerable amount of time operating in the crisis control centre that you have allocated for this purpose. They will be taking difficult decisions in stressful circumstances so how much thought have you given to the environment that they will be working in?

If you haven’t thought these things through then it may just be that you are adding to the crisis that your staff and managers experience. Here are a few top tips for ensuring a positive working environment for the incident or crisis control centre:

1. Workstation Configuration: Ensure that the workstations are set out in a manner that facilitates communications between team members and line of sight with key off desk information displays.
2. Workstation Size: People will have to conduct handovers or it may get so busy that more than one person is required at each post. Leave enough space at each workstation position for this to be catered for.
3. Reducing Distractions: Set workstations out so as to minimise distractions from entrances and exists.
4. Consoles: Makes sure that the required space for console use is provided, including for keyboards. Ensure that on desk visual displays are properly positioned for line of sight.
5. Maintenance: Make sure that technology can be accessed for maintenance while the workstations are in use. This may require rear workstation access for example.
6.  Noise Reduction: Remove the sources of noise that can be distracting. Think about headsets for phones and phones with light indication. Use noise screens if appropriate.
7. Contingency: Investigate the provision of services to the control room. Ensure that any single points of failure are catered for. Think about power supplies in particular.
8. Fire Protection: The rules governing fire protection and evacuation must be adhered to in your layout for the control centre.
9.  Cleaning and Waste: There will be a need to clean the control room and dispose of waste securely. Plan for this and for it to take place whilst the centre is in operation.
10.  Heat, Light and Air: Allow for temperature control in the facility along with the capability to vary the lighting levels. Reduced lighting may be more appropriate in hours of darkness for example. Make sure that the air is circulated and cleaned.

Designing Control Centres

There is something to the observation that many organisations fail to put in place all the processes and resources required to enable practical crisis management. Plans provide for a crisis team, often with a control centre location, but miss some of the other practical fundamentals around operating that facility. There is much more to overcoming the confusion, fog and resistance experienced when operating through a crisis than a few top people in a room huddled around a spider phone.

If managers are to lead successfully in a crisis they need support. ISO11064 Ergonomic Design of Control Centres defines the steps in designing a control centre. This effectively breaks the process down into the following phases:

Phase A: Understand and clearly document the role or purpose of the control centre and how it is to fit in with other structures. To arrive at this level of understanding requires time to be spent in research. The aim is to discover the user requirements that will make crisis management better and more structured through the control centre.

Phase B: Analyse the results of the research and try to make sense of them by formulating a series of propositions to cover (1) the system performance, (2) the allocation of functions, (3) defining the tasks and (4) designing jobs and organisational structures for the control centre.

Phase C: A conceptual layout design should be developed and include wider aspects such as the physical attributes of the centre, its furnishings and any specific facilities and amenities. 

Phase D: The detailed design phase ensures the conceptual design can be converted into a design sufficient to enable the centre to be built. This includes the development of operating documentation.

Phase E: Once the control centre is up and running and staff have been provided with the opportunity to receive training and to participate in exercises the job is not yet complete. There is a need to review the performance of the facility and the systems within it so as to be able to identify areas for improvement.

10 Common Exercise Errors

Being responsible for the design and delivery of an exercise can be a daunting prospect, especially if you are new to the task. You may feel a sense of trepidation as you contemplate exactly what it is you have been asked to do. Thoughts of previous exercises, good and bad, may enter you head as you recall how you and others felt during and after those events and wonder if you can emulate the success or avoid the traps.

Firstly there are the different, and perhaps conflicting, aspirations of the various parties involved. Senior management will have a view as to what they want to achieve, although not all will actually take part. Middle management may well have different views mixed with real concerns about what will be expected from them and the disruption the event will cause. Shop floor staff may be concerned that they will be exposed amongst peers or superiors or asked to carry out roles they are less familiar with. Add to this hurdles relating to logistics and the likelihood that things will not go exactly to plan on the day and you can see why a little anxiety is a natural state of any exercise director. To help ensure that your exercise is a success you need to avoid the following common errors:

Five Design Based Errors

1. Failure to Define the Aim: If you fail to define an aim and supporting objectives for your exercise you will find it very difficult to design a coherent and focused event. You will also be unable to evaluate performance, as you have no criteria.  
2. Poor Time Appreciation: Exercises, particularly more complex simulation or live events, take time to plan and prepare for.  Work back from the allotted date to ensure you have enough time and get a project plan in place.
3. Logistics: Plan logistics before you start to develop scenarios in detail. If you haven’t got the space, technology, equipment, refreshments and support staff to deliver your fantastic scenario then you’ve wasted your time.
4. Poor Communications: Tell people well in advance about the exercise, its format, aim and objectives but not the detailed scenario. Give them time to prepare and update them regularly.  There are very few exercises that really benefit from a no notice format. Think hard before you decide to go down that route.
5. Adopting the Hero Approach: Don’t go it alone. Get a team to help you. You will need people to help write the scenario, organise participants and deliver technical and logistical support. Find the experts to aid you and get them involved from the start.

Five Delivery Based Errors

1. Immediate Armageddon: Avoid the trap of going to DEFCON 1 right from the out.  Give people time to read into the exercise and find their feet. Escalation can follow quickly once that is achieved.
2. Exploring Rabbit Warrens: This is when the failure to define the aim becomes apparent and the participants, due to the exercise structure, explore rabbit warrens. This wastes time, is frustrating to the participants and ultimately means the real issues do not get addressed.  Know how you will pull heads out burrows if this happens.
3. Thinking it is Your Exercise: The exercise is for the participants not for you.  Avoid the temptation to force them down routes or to take choices that you think they should.  Assuming they are on the right track, and not down a rabbit hole, let their decisions have meaning. Be flexible enough to adjust the exercise as required but keep an eye that the aims and objectives are still being delivered.
4. Thinking it is a Committee Event: Exercise delivery requires strong facilitation. Make sure you listen to the views of others but be prepared to take timely decisions that keep the exercise on track.  The exercise director must lead the team that is delivering.
5. Capitulation: Do not let a strong willed individual in the participating team take control of the exercise.  They may be leading the team in the spot light but they are not delivering the exercise. That is your job. Call out and challenge disruptive behaviours such as over zealous criticism of realism or subversive attempts to simply by pass issues or problems thrown up by the scenario.

LEAD...FOLLOW...OR GET OUT OF THE WAY (PART 2)

The feedback for our post about crisis followership was much appreciated and we hope this update adds similar value to your preparations.  In that previous post we discussed a view on the nature of leadership, it's connection with followership and the art of being a good follower.  In this post we'll examine crisis through the lens of the leader and explain how this might help your preparations as crisis leaders.

Accepting that 'leadership' (noun) has three dimensions (leader, follower, context) and that these three  must be in harmony for 'leadership' to be present, it's clear that a leader must influence all dimensions, especially in a crisis. Impacting in an unbalanced way or failing to have any impact on these dimensions will restrict the effectiveness of the response to a crisis.

So What?

Accepting all that's been said thus far it's therefore an easy step to appreciate that the crisis leader must (yes, must) deliberately seek to influence all three dimensions for best effect. This is perhaps equally as true for the day to day challenges of leadership as it is for times of crisis.

Context.  Crisis leaders must exercise judgement and skill in influencing the context for a positive effect.  This requires them to understand the situation and its implications for their people, their organisation and the impacts on other interested parties (customers and regulators for example).  Leaders must make decisions based on this clarity of understanding with a view to generating actions and safeguarding against unintended consequences.  And those supporting leaders must identify when and how these actions are having an effect on the context(s) and feed this information back for further decisions.  All of this requires crisis leaders to be clear about the three questions of context: where are we now, where do we want to get to and how are we going to achieve this.

Followers.  This group was the subject of the previous post.  From a leader's perspective, connecting with followers both within and beyond the organisation in a way that resonates is key to altering the context in your favour.  It'll be a challenge for leaders to try and establish this rapport as the waves of crisis break over their heads; lay the groundwork to build these relationships and connections now.  Develop an understanding of followers'  expectations and of 'what makes them tick' and use this thoughtfully during times of crisis.

Leaders.  In the course of our work we often come across those who believe that a totally different model of leadership applies in times of crisis.  Its true that leaders must respond to the context(s) within which they are operating but it doesn't follow that anything goes as far as leaders' behaviour is concerned.  In fact the reverse is true; crisis intensifies the spotlight and pressure on leaders at all levels.  Remaining mindful of your behaviour, coping with pressure and maintaining a clarity of mind and of purpose is more important than ever.  Exercise the arts of leadership to lead by example and trust that your followers are skilled enough to help keep you on track.

By consciously operating within and upon the three dimensions of 'leadership', crisis leaders stand a better chance of success.  Practice makes perfect though; so we would encourage leaders to adopt this guidance in daily life and use the environment of scenario based tests and exercises to practice adapting to the changing context of a crisis.

Information – Friend or Foe?

The Information Risk and Treatment Balancing Act

Information is both a risk and a resource when thinking about organisational resilience, including business continuity. There are plenty of examples of information losses that have caused major embarrassment, cost a considerable amount of money to resolve and resulted in a loss of trust as well as clients. These have included hacking and cyber attack problems, lost memory devices, leaving files on the train or selling off filing cabinets with records still in them.  They even involve being photographed on the way to an important meeting carrying a document the content of which can be easily read from the photographs. Organisations involved have ranged from small business to multi-nationals and public sector bodies. The nature of information as a risk is well publicised, as a result, even if after the fact of its loss. The assessment and treatment of information risks is perhaps less well understood in practice as such losses continue to occur. How well thought through is your information risk strategy? Do you fully understand the nature of this risk and have you treated it properly? No one wants to see his or her organisation’s reputation in the gutter due to the loss of sensitive information, be it commercial or personal.

Information is also a key resource when it comes to business recovery. Systems and processes are not useable if the information they require is not available in an accurate, up to date and workable form. Often it may take longer to get information, with proven integrity, loaded back onto a system than to recover the hardware itself. Perhaps this was the problem when it came to the interruption to bank account access experienced in the UK and Ireland in the recent past. The concept of the Recovery Point Objective, the time by which information must be recovered to meet the Recovery Time Objectives of critical processes, is well documented but perhaps less well implemented. If you haven’t gotten into the weeds on this one your recovery strategies may well not deliver as you had hoped. In addition some recovery strategies themselves introduce information risks that may not have existed before the business disruption that caused the strategies to be invoked. Take for example home working. How secure is sensitive or personal information, including emails, when this is your selected recovery option? It is not clear that all organisations have assessed this risk and put in place appropriate steps to treat it. The UK Information Commissioner has had recourse, for example, to fine an organisation in the past for information uploaded onto the web accidentally from a home computer during home working.

There is legislation to cover information risks with the potential for significant fines and websites that name and shame those found responsible for the loss of personal and sensitive information. Currently the EU is reviewing this legislative framework and the outcomes of this work could significantly strengthen the approach taken with those organisations that compromise such information. Planning for this issue isn’t just about what do to when information may be lost but includes a more careful analysis of what information you gather in the first place, how you store it, for how long you keep it, who you allow to access it and how it can be recovered in time. Added to this is the complication of where information ends up and how people actually access it, sometimes without organisations perhaps being aware. This covers issues as diverse as portable laptops, photocopier memory storage and Bring Your Own Devices (BYOD) such as phones or tablets. The scale of the problem can be considerable.

A key place to start is with an information policy. Such a policy could useful set out the principles by which information is to be governed, from initial collation to storage and use/sharing. It should also include destruction and disposal guidance that can be applied to information no longer of use or technology that is not required or obsolete. Such guidance should also cover the eventuality of the invocation of recovery strategies as well as how damaged or irreparable equipment that could hold information is to be safely managed. You can find out much more about this issue at the ICO’s website. Go have a look and educate yourself on this risk and resource.

LEAD...FOLLOW...OR GET OUT OF THE WAY (PART 1)

Leadership?

When was the last time you were asked to define leadership?  Its the kind of thing we know what it feels like when its good or bad, but its hard (and maybe unnecessary) to define.  It might help to think of leadership as both a noun and verb; in other words its not just about what leaders do, its a phenomenon centred on interactions. Sometimes using these two lenses can be helpful, especially in challenging times.

Grappling with this concept I formed a view that there are three dimensions to leadership, namely the leader, their followers and the context(s) in which they are operating.  These three dimensions interact to produce 'leadership' (noun); when the leader and followers 'connect', working in tune with each other and with the context in which they find themselves, the result feels good and is effective.  When one dimension moves out of synch the whole suffers; leadership happens when all the dimensions align.  What then of the context of a crisis?  In Part 1 of this two part blog I'm going to briefly explore something of the art of followership in a crisis.

Followership

Leading commentators classify followers according to their level of engagement with the leader and with the organisation.  In 2008 Barbara Kellerman described four groups in her book "Followership": 

• Bystanders observe but deliberately stand aside, offering tacit support for 'whoever and whatever constitutes the status quo.'  
• Participants are engaged to varying degrees and will invest effort to 'try and have an impact.'
• Activists 'feel strongly about their leaders' and will work hard for or against them. Very engaged.
• Diehards are utterly dedicated to their perception of the leader and will give everything to act accordingly.

Followers wishing to have an impact ('the engaged') will use their engagement to actively support or undermine leaders; so from the leader's perspective followers may be good or bad, with positive or negative influences on 'leadership' (noun).

So What? 

So how might this rudimentary understanding help in relation to managing crisis?  I offer 5 points for consideration to add value to the quality of your followership in a crisis.

Crisis disrupts the balance.  By its very nature a crisis will disrupt the balance between the 3 dimensions of 'leadership'; its inevitable. This provides an additional challenge for leaders and followers alike. The context has changed and so may the roles and behaviours of everyone involved.  Adjustment from the norm will be required to re-synchronise the 3 dimensions; this doesn't constitute a free for all, but rather a concerted and well managed effort.  Its important for followers to understand these dynamics and react positively to enable meaningful progress in the early stages of a crisis.

Understand the context.  Different contexts require different types and speeds of action. The situation may require deference to experts, a degree of debate or just some quick decisions and action.  In the earliest stages of a crisis lengthy discussions to decide the optimal path are unlikely to help. Sometimes however, the situation (including a leader's behaviour), may require a more challenging approach from followers. Understanding the context and adjusting your followership behaviour accordingly are key.

Sometimes we lead, but all of us will follow sometimes. Part of understanding the context may also be recognising whether you are playing a leader's role or a follower's role.  As a C Suite Exec you may be in charge, or you may be following a designated CMT leader or perhaps deferring to a subject matter expert.  The same logic holds true throughout the organisation; where individuals may sometimes be leading, sometimes following. As a follower, its important to understand your role and recognise that this role may change throughout the crisis.

Stay in lane.  Its sometimes difficult for a 'day to day' leader to play a followers role.  As a follower who 'normally' leads, you may need to consciously suppress your desire to step in or to take over, especially in times of crisis; egos to the back, collective needs to the fore! 

Bystanders incubate crisis.  Prior to and during a crisis the less engaged followers will not say or do anything to change the status quo, no matter what they might really feel.  These followers incubate crisis.  By remaining silent or by failing to challenge leaders, crisis may be inevitable and some unchallenged decisions within a crisis may simply exacerbate the problem. Speaking up may be whats required, and recognising when its helpful to do so is vital.

So effective crisis management is also dependant upon effective followers who understand the context and adjust their behaviour and actions accordingly, recognising the need to play different roles accordingly, to maintain a balance with the leader and the context.  And similarly there are lessons for leaders, which will be explored in Part 2.