Mike Plottel – GoCrisis Senior Associate
Requirements for an emergency response plan (ERP) to be SMS-compliant will depend on the size, nature and complexity of an organization as well as its area of operations and applicable regulations. It is essential to understand relevant regulations and to use guidance material published by the regulatory authority to ensure compliance and full integration with the Safety Management System. Whether or not a program is regulated, crisis managers should aim to achieve best practice in their ERP design as identified in the global principles of Safety Management Systems, namely: policy, objectives and management commitment; planning for potential crisis events based on risk profile; regular testing, evaluation, analysis and improvement of the ERP; and training and communication processes to ensure stakeholders are prepared to execute the plan. Organizations can never anticipate every crisis so they must leverage their risk profile to identify the most likely crisis scenarios as well as those outlier risk events that pose a profound or existential threat to the organization. Crisis management planners must therefore build ERPs that are both comprehensive and adaptable and must exercise them regularly to support a process of continual improvement.
Is your emergency response plan SMS-Compliant? The short answer is … perhaps. Whether your emergency response plan (ERP) complies with Safety Management System (SMS) regulations will depend upon the size, nature and complexity of your organization as well as its activities, area of operations and applicable regulatory regime. The emergency response plan is an integral and critical component of an organization’s business resilience program. To be effective the ERP must be properly documented, effectively implemented, accessible by key personnel, integrated with the organization’s overall safety and business objectives and exercised regularly. If the organization operates under a regulated Safety Management System, the ERP may also be required to comply with additional regulatory criteria.
Where regulated, the ERP will be a component or an element of the organization’s Safety Management System. When building its ERP the organization should consult applicable regulations and guidance material published by its regulatory authority to ensure compliance. If the organization is not subject to SMS regulation, or if guidance material is only general in nature, then the ERP can be developed to conform, where applicable, with the best practices articulated in basic SMS principles. A Safety Management System can be defined as an organized set of programs, principles, processes and procedures that integrate operations, technical systems, financial and human resources for the purpose of managing risks to a level as low as reasonably practicable. An ERP is designed to manage the impacts of a risk event to a level as low as reasonably practicable and should conform with the four pillars of a Safety Management System:
Specific requirements for an emergency response plan will vary with jurisdiction and industry. A good example of this is seen in the airline sector as it operates worldwide across many jurisdictions, is considered a high-consequence industry, is heavily regulated and, unfortunately, has experienced significant crises from which to learn and evolve its crisis management framework. Aviation regulations are coordinated by the International Civil Aviation Organization (ICAO) which sets regulatory standards and recommended practices. Each ICAO member state (country) then enacts its own legislation and regulations, including those addressing SMS and emergency preparedness. Whilst ICAO provides some detailed recommendations for ERP content in its Safety Management Manual,1 individual states have adopted a range of requirements in their regulations and advisory materials. State ERP requirements vary from high-level regulations to more detailed supporting standards. Canada is a good example of a state that provides comprehensive ERP standards; in fact, Canada has made emergency preparedness a stand-alone component in its aviation SMS regulations and identified eleven elements in its standards that must be incorporated into an airline’s ERP.2 A summary of those elements is shown in the Appendix along with suggested content for each. Where applicable, each element must identify associated processes, procedures and responsible managers.
An SMS-compliant ERP is informed by the organization’s risk profile and incorporates processes and procedures to mitigate the effects of its highest-risk outcomes. But to design an effective ERP, crisis managers must also consider the highly unlikely outlier risk scenarios that, should they occur, may have devastating consequences for the organization. An example might be the total loss of a manufacturing facility or the unexpected insolvency of a key supplier. Emergency response planning must therefore consider certain high-consequence events regardless of how unlikely they are to occur; in essence, those high-impact, low-likelihood events that can pose a profound or existential threat to the organization. It is impossible to plan for every risk event so crisis managers must build adaptable ERP processes that can address a variety of scenarios. But which outlier scenarios should be considered? Which high-impact, low-likelihood events need to be within the capabilities of an ERP? McKinsey & Company have recently published a good article on this dilemma.3 To identify the most important high-impact, low-likelihood risks McKinsey suggests a two-dimensional pressure test. By identifying the potential effect of an outlier risk event in terms of its impact to the organization’s core value proposition as well as the certainty of that impact, crisis managers can determine which of these outliers need to be considered in their emergency response planning. Those that score high in both dimensions can pose a profound or existential threat to the organization and should be managed, either proactively or reactively. Proactive management can take the form of immediate actions or setting triggers for future actions. Examples might be creating greater supply chain resiliency or establishing a process to suspend certain operations when a severe weather event is forecast. Reactive planning might include processes to mitigate the effects of a global pandemic or civil unrest in a country where important satellite operations are located. By identifying unlikely, yet important, risk events the ERP can be structured to respond effectively, either through predetermined procedures or its ability to pivot and adapt.
To summarize, whether or not an ERP is mandated by Safety Management Systems regulations, it can be developed to comply with best practices and the basic principles of SMS to provide an effective response to an organization’s most impactful crisis events. If the plan is regulated, crisis managers should consult relevant regulations and associated guidance material to ensure compliance. If guidance material is scarce, or if the ERP is not mandated, the basic principles of Safety Management Systems can be used to provide an effective framework for ERP development. Finally, although crisis managers cannot plan for every risk event, an effort must be made to identify and plan for high-consequence, low-probability events that could pose an existential threat to the organization.
1. ICAO Safety Management Manual, 3rd ed. 5-App 3-1
2. Canadian Commercial Air Service Standard 725(3) Airline Operations – Airplanes
3. McKinsey & Company, The disaster you could have stopped: Preparing for Extraordinary Risks, McKinsey Insights, December, 2020
Canada’s Commercial Air Service Standard 725 (Airline Operations – Airplanes) specifies eleven detailed elements required of an emergency response plan. Each is listed below with a brief explanation of content that might be included for airlines and for other types of organizations. Where applicable, each element must identify associated processes, procedures and responsible managers.(a) air operator policy
(b) air operator mobilization and agencies notification
(c) passenger and crew welfare
(d) casualty and next-of-kin coordination
(e) accident investigation on behalf of the air operator
(f) air operator team’s response to the accident site
(g) preservation of evidence;
(h) media relations;
(i) claims and insurance procedures;
(j) aeroplane wreckage removal
(k) emergency response training