Example Crisis Action Plan (1)

(Company Watermark) EXAMPLE PLAN
- 1 -
Table of Contents Prepared by Herschel Campbell
DISCLAIMER: This is an example plan that I created for the purposes of use as a
future template for other crisis action plans and for the culminating project of my
Crisis Action Planning course at American Military University. All information,
designs, and templates included are the property of the owner and author Herschel
Colin Mor Campbell and may not be distributed, copied, or otherwise utilized
without the author’s permission. Intellectual or proprietor theft of this information
will result in prosecution for intellectual and property theft. The author reserves all
rights to this material and is only displaying it for resume and professional
purposes. 6/28/2015
Crisis Mitigation and Emergency Action Plan
for
Oil Services Global Security Center (OSGSC)
(FICTICIOUS COMPANY – EXAMPLE PLAN ONLY)
FOR OFFICIAL USE ONLY Created: 6/13/2015
OS Corporate | SECURITY | OSGSC | 9999 Street St. | Somewhere, TX 77777 | USA
P: +1 555-555-5555 | F: +1 555-555-5556

- 2 -
Activation Instructions
Disclaimer: The information included in this document is for the sole purpose of Oil
Services (OS) and is not intended for distribution, duplication, or use by any other
agency, entity, or individual other than OS. Use or distribution of this material
without the consent of OS is not authorized and may result in subsequent legal
action.
Activation: The value of Oil Services Global Security Center (OSGSC) operations to the
safety and security of OS worldwide business necessitates that every effort be made to
ensure continuity of OSGSC services to the rest of OS. The crisis action contingencies
contained within are to be put into place when probable or certain disruption of normal
OSGSC operations is imminent and poses a risk of infringing upon the ability of OSGSC
to complete its stated mission objectives. Activation authority rest with the OSGSC
Manager, however this is be delegated through the chain of command to the OSGSC
Supervisor and OSGSC Senior Analyst in the event that the OSGSC Manager or OSGSC
Supervisor is not reachable.

- 3 -
Table of Contents
1. Introduction
a. Mission
b. Purpose
c. Applicability
d. Policy
e. Objectives
f. Assumptions
g. Organization
2. Critical Organizational Functions
3. Threat Forecast
a. Natural and Man-made Events
b. Product and Process Events
c. Production and Technical Events
d. Public Relation Events
4. Mitigation Strategy and Crisis Event Levels
5. Pre-Crisis Mitigation Actions and Emergency Event Contingency Plans
a. Man-made Events
i. Active Shooter/Disgruntled Employee/Bomb Threat
ii. Cyber Attack/Disruption
iii. Fire/Arson
iv. Missing Person
v. Medical Emergency
vi. Rioting/Civil Disturbance
b. Natural Events
i. Disease or Epidemic Event
ii. Flood/Storm Surge Event
iii. Hurricane
iv. Tornadoes
v. Tsunami
c. Production and Technical Events:
i. Temporary Power Loss
ii. Extended Power Loss
iii. Temporary Loss of Communications
iv. Extended Loss of Communications
v. Renovation/Building Repair
vi. Server Maintenance
d. Public Relation Events:
i. Accusations of Malfeasance, Improper Conduct, or the Release of
Sensitive Information by the OSGSC

- 4 -
6. Teams & Authorities
7. Recovery and Restoration
a. After Action Reporting
b. Human Resource Links
c. Example After Action Report
8. Appendices
a. Appendix A – Team Contact Information
b. Appendix B – Emergency Procedures
c. Appendix C – Team Assignments & Taskings
d. Appendix D – Plan Maintenance
e. Appendix E – Approvals

- 5 -
Introduction
Mission Statement
The OSGSC ensures the continuity and safety of OS’s global assets and business
travelers by monitoring around the clock activity of all operations worldwide. The
OSGSC uses a state-of-the-art operations center to track and identify threats and
vulnerabilities that affect our operations and provide our employees, business units, and
senior leadership continual information on the impact of the event, mitigation strategies,
and potential, occurring, or expected influence and effect on OS operations.
Purpose
The OSGSC services OS’s X number of employees with expert threat and situational
analysis on world, regional, and local events in over X countries globally. In addition, the
OSGSC supports the safe travel of over X business travelers to over X high-risk
destinations monthly. The OSGSC also provides analysis that leads to early warning and
mitigation of events, which could negatively affect the X facilities, and X rig sites OS
operates worldwide. The following crisis action plan is written with the sole purpose of
ensuring the continuity of these services and safety of employees under all circumstances.
Applicability
This plan applies specifically to the functionality of the OSGSC. It contains directions
that are designed solely for application to the OSGSC and its specific mission set. This
plan is designed to ensure mission success and continuation of services in the event of a
crisis that threatens the operational stability of the OSGSC. Actions prescribed in the Pre-
Crisis Mitigation Actions and Emergency Event Contingency Plans section of this plan
are designed as a guide only and may need to be modified to reflect circumstances
unaccounted for or unforeseen. The overarching goals of this crisis plan are to ensure
worker safety and the continuity of OSGSC operations while minimizing any long-term
impact from a crisis, emergency or event to OS.
Policy
The purpose of the OSGSC Crisis Action Plan is to ensure functionality of the OSGSC
while maintaining workplace safety and security. In keeping with the overall OS Crisis
Management Program, crisis, emergencies, and events are described and broken down by
their effects on four broad categories:
 People – The effect of a crisis, emergency, or event on the individuals employed,
associated, or directly influenced by OS. This could include employees,
contractors, customers, or local population.
 Environment – The effect of a crisis, emergency, or event on the environment
either locally or globally.

- 6 -
 Assets – The effect of a crisis, emergency, or event on the buildings, materials,
structures, or properties owned, leased, or operated by OS.
 Reputation – The psychological and sociological effect of a crisis, emergency, or
event on the reputation or perceived character of OS operations and public image.
This could refer to negative or damaging public relations effects from a crisis,
emergency, or event attributed to OS malfeasance or the handling of such an
event by OS.
Objectives
The overarching objective of this crisis action plan is to have in place a contingency for
all conceivable crisis events in which the actions of the OSGSC are negatively impacted
or threatened in such a way as to affect the OSGSC’s ability to perform day-to-day
operations. The Threat Forecast, Crisis Mitigation, and Planning Scenario sections of this
plan outline the perceived threats to OSGSC operations and outline a guide to mitigate
and if necessary overcome crisis, emergencies, or events which could impact the OSGSC
mission.
Assumptions
This plan makes four key assumptions regarding the ability to implement each
contingency.
1. This plan assumes that the present staff size will be in place at the time of crisis. It
will be assumed that the OSGSC has no less than X trained analysts, X senior
analyst, X supervisor, X manager, X systems specialist, X crisis manager, one
security specialist, and 1 director of security as illustrated under sub-heading
Organization (See Figure 1).
2. This plan assumes that the present staff are all briefed and trained to be familiar
with the workings of this crisis action plan. All OSGSC employees will have
access to the plan and be provided with a hard copy upon request. Crisis response
teams within the OSGSC will be formed and each individual will know the role
he/she is expected to carry out in any given crisis scenario covered by this crisis
action plan.
3. Where evacuation, secondary site location, or work from home is required, this
plan assumes that the desired backup location is readily available and accessible.
Further, it is assumed that transportation to the backup location is readily
available and accessible. Finally, it is assumed that adequate power,
communications infrastructure, and computer technology exists at the designated
backup location so as to continue the OSGSC mission set without significant
degradation or delay.

- 7 -
4. Monetary funding to support the OSGSC in the event of a crisis will be available.
This includes the funding to pay for the transportation of workers to potential
offsite or secondary locations, internet and power availability, network access,
and any other subsequent cost measures associated with the continuation of
OSGSC services for the duration of any given crisis event.
Organization Structure, Roles, and Responsibilities
The OSGSC organizational structure is composed of the OS Director of Security, OS
Crisis Manager, OS Security Specialist, OSGSC Manager, OSGSC Systems Specialist,
OSGSC Supervisor, OSGSC Senior Analyst, and eight Operational Analysts. Appendix
1, Figure 1 and Figure 2 detail the Chain of Command for the OSGSC and the OSGSC
Team Structures. The individual roles of each function are as follows:
OS Director of Security: The OS Director of Security oversees security operations for
all OS operations. OSGSC specific duties include providing direction, guidance, and
operational oversight for overall OSGSC operations.
OS Crisis Manager: The OS Crisis Manager oversees crisis management and prevention
for all OS operations. OSGSC specific duties include providing a dialogue and direction
between greater OS crisis management and OSGSC operations, liaison between business
units and OSGSC for purpose of crisis mitigation and prevention, and providing technical
support and guidance to OSGSC employees on companywide crisis mitigation and
prevention efforts.
OS Security Specialist: The OS Security Specialists works with the OS Crisis Manager
and the OSGSC to ensure clear understanding of the security picture of overall OS
operations and to liaison between business units and the OSGSC to ensure maximum
utilization of OSGSC resources towards security risk mitigation of travelers and business
units.
OSGSC Manager: The OSGSC ensures that the OSGSC mission is completed in
accordance with the directives and expectations of the OS Director of Security and the
executive level decision makers of OS.
OSGSC Systems Specialist: The OSGSC Systems Specialist performs IT and system
maintenance and support for the OSGSC staff. This includes upgrades and software
updates to the computers, creation/integration of new programs and features onto VC,
and troubleshooting for computer and system issues.
OSGSC Supervisor: The OSGSC Manager oversees daily operations of the OSGSC and
ensures production and dissemination of threat intelligence, risk assessment, and risk
event notification products from the OSGSC to the greater OS Company and business
units is maintained.

- 8 -
OSGSC Senior Analyst: The OSGSC Senior Analyst is in charge of OSGSC product
quality control, as well as timely and accurate production and dissemination of threat
intelligence, risk assessment, and risk event notification products.
Operational Analysts: The X OSGSC Operations Analysts comprise the day-to-day
intelligence and analysis workers who research, write, and distribute threat intelligence,
risk assessment, and risk event notification products from the OSGSC to the greater OS
Company and business units for the purpose of safe and effective worldwide operations.
These analysts are broken into two man teams, with X-hour shifts, working X-on, X-off,
X-on, X-off rotations. See Appendix 1, Figure 2 for OSGSC Team Structures.
Critical Organizational Functions
The OSGSC is responsible for analysis, monitoring, and information distribution of
global events, which affect one of four primary categories: Business Intelligence, Travel
Management, Crisis Management, and Physical Security. Specific responsibilities include
but are not limited to: pre-travel briefings, threat monitoring, event-specific risk
assessments, travel monitoring, 24/7/365 emergency hotline availability, traveler, natural
disaster, and terrorist alerts, industrial accidents, asset monitoring, access control, and
CCTV monitoring.
The primary products of the OSGSC are global security alerts and the daily intelligence
operations summary (DIOPSUM). These items inform executive decision makers on
emerging issues and threats. They are also important documents for providing situational
awareness to Regional Security Managers (RSM) and travelers.
Secondary products include intelligence assessments and reports, personnel tracking
missions, indication and warning charts, and route analysis for travelers in high-risk
destinations. These functions are tasked as necessary to facilitate OS operations in areas
that are higher risk and require closer examination and preparation to safely perform oil
and gas services.
In order to successfully provide these services, the OSGSC requires 24/7/365 access to
the OS network, telephone and high-speed internet services, and Visual Command (VC).
Any events that disrupt access to the OSGSC Operations Center or telephone, internet or
OS network access pose a significant threat to the continuity of OSGSC services.

- 9 -
Threat Forecast
Identified threats to the OSGSC can be generally divided into man-made and natural
events, production and technical events, and public relations events. In the 21st
Century
the growing threat to a communications and technology dependent entity such as the
GSC, is anything that can disrupt or disable electronics and communications capabilities.
For the OSGSC, the greatest threats are those weather phenomena that could render
OSGSC control and command functions such as VC, OS network, Internet service, or
telephone communications inoperable. Such an event would essentially disable the GSC
from its primary mission of informing travelers and business units, both at home and
abroad, of existing and emerging threats to physical operations and security.
Man-made Events:
Active Shooter/Disgruntled Employee/Bomb Threat
Cyber Attack/Disruption
Fire/Arson
Missing Person
Medical Emergency
Rioting/Civil Disturbance
Natural Events:
Disease or Epidemic Event
Flood/Storm Surge Event
Hurricane
Tornadoes
Tsunami
Production and Technical Events:
Temporary Power Loss
Extended Power Loss
Temporary Loss of Communications
Extended Loss of Communications
Renovation/Building Repair
Server Maintenance
Public Relation Events:
Accusations of Malfeasance, Improper Conduct, or the Release of Sensitive
Information by the OSGSC

- 10 -
Mitigation Strategy and Crisis Event Levels
Mitigation in this plan is designed to work in a bottom up approach, with an escalating
chain of command structure that rises up the levels of the organization concurrent with
the severity of a crisis, emergency, or event. The goal is to accomplish crisis, emergency,
or event resolution with as little footprint and impact to overall business operations as
possible. Each crisis, emergency, or event addressed is assigned a level 1, 2, or 3 rating
based on the severity of the situation. The rating system corresponds to the level of
involvement required within the OSGSC organization.
Level 1 – crisis, emergency, or event requiring intervention/interaction by
OSGSC Analysts or Senior Analyst only. An after action report may or
may not be required to be sent to the OSGSC Manager and OSGSC
Supervisor depending upon the nature of the event. An example could
include but is not limited to a loss of power for a short duration or damage
to the building that does not require evacuation. Level 1 events are short
duration events with low level of impact on OSGSC operations. The
threshold for a Level 1 event will be an event negatively affecting
operation capabilities for greater than 2 hours but less than a 12-hour
period.
Level 2 – crisis, emergency, or event requiring intervention/interaction by
OSGSC Analysts, Senior Analyst, Supervisor, and Manager. At a
minimum, an after action report will be developed and sent to the OSGSC
Manager and OSGSC Supervisor. This report may be sent to the OS
Director of Security, OS Crisis Manager, and/or the OS Regional Security
Managers depending upon the nature of the event. An example could
include but is not limited to a fire on the premises or technical issues that
affect the operating ability of the OSGSC. Level 2 events are considered
medium duration events with moderate level impact on OSGSC
operations. The threshold for a Level 2 event will be an event negatively
affecting operation capabilities for greater than 12 hours but less than a
24-hour period.
Level 3 – crisis, emergency, or event requiring intervention/interaction by the
entire OSGSC team, to include the Analysts, Senior Analyst, Supervisor,
Manager, OS Director of Security, and OS Crisis Manager. An after action
report will be created and submitted to the OS Director of Security, OS
Crisis Manager, and OS Regional Security Managers. An example could
include but is not limited to a hurricane, large fire, cyber-attack, civil
unrest, or extended power outage. Level 3 events are considered long
duration events with high-level impact on OSGSC operations. The
threshold for a Level 3 event will be an event negatively affecting
operation capabilities for greater than a 24-hour period
(INSERT Crisis Level Chart FIGURE HERE)

- 11 -
Pre-Crisis Mitigation Actions and Emergency Event Contingency Plans
The following section lists all the known crisis events currently identified as potential
threats to OSGSC operations. Within each subsection is a summary of the threat and its
risk to the GSC as well as a list of existing mitigation features. Recommendations to
build upon existing mitigation features are also included. This section will receive yearly
reviews upon implementation of this crisis action plan.
Man-made Events
Active Shooter/Disgruntled Employee/Bomb Threat – Level 3 Event
An active shooter/Disgruntled Employee/Bomb Threat event is a low probability event
with the potential for damage to equipment and loss of life. Despite the rise in lone-wolf
attacks and the potential for disgruntled employees, this event is deemed unlikely to
occur due to a multitude of present mitigation factors.
Existing Mitigation Features:
1. Active security system
2. 24/7 CCTV monitoring
3. 24/7 Security Personnel
4. Key Fob System for access control
5. Perimeter gate and fence system
6. Accountability policy
7. Recall roster
8. Company cell phones (optional)
9. Upon termination of employment, all OS employees must return their key fob,
company phone, and be removed from building access lists, email distribution
lists, and network access
Recommendations:

- 12 -
1. Annual active shooter drill/Computer based training (CBT)
2. Annual simulated alert generation and notification to all GSC team members
3. Personal laptops with network access to GSC employees in the event it
becomes necessary to work from home or an off-site location.
Contingency Plan
1. For bomb threats follow all directions of security personnel on-site
2. For active shooter/disgruntled employees:
a. Notify 911/law enforcement as soon as possible
b. Do not attempt to intervene or stop an ongoing attack
c. Lock GSC doors/secure the room if able
d. Contact on site security if able
e. Minimize noise in the GSC
f. Inform OSGSC Manager, Supervisor, and Senior Analyst of the
situation as soon as possible
3. Upon resolution of the event
a. Ensure accountability of all staff
b. Report all clear to GSC management
c. Complete a post event after action reporting form (See Recovery and
Restoration)
Cyber Attack/Disruption – Level 1-3 Event
Cyber-attacks are an increasing concern from both malicious independent actors and
other corporate business entities. A cyber-attack on the OSGSC has the potential to inflict
serious harm to the operational capability of the OSGSC to communicate with regional
security managers, travelers, and internally among OSGSC workers. A sufficient attack
could potential leave the GSC without the means to effectively carry out its mission.
1. Active IT and Technical Support Team on campus
2. Regular “Red Team” phishing attempts for educational and evaluation
purposes
3. OSGSC Specific IT Specialist on staff
4. OSGSC employees network access and email privileges are revoked upon
termination of employment
5. Routine server maintenance and update instillation
6. Backup on and off-site facilities with access to the Cloud and data sharing
software
Recommendations:
1. Annual CBT training on cyber awareness

- 13 -
2. Bi-annual simulated alert generation and notification to all GSC team
members
Contingency Plan:
1. Upon suspicion of a cyber-attack or disruption notify the OS IT department as
soon as possible
2. Notify the GSC Systems Specialist as soon as possible
3. Notify the GSC Manager, Supervisor, and Senior Analyst as soon as possible
4. Record the date and time of the event
5. Upon resolution of the event complete a post event after action reporting form
(See Recovery and Restoration)
Fire/Arson – Level 2-3 Event
Fire/Arson events have the potential to render the OSGSC inoperable for an extended
period. However, due to their infrequent occurrence and current mitigation features, a
fire/arson remains a low probability event.
1. CCTV
2. Fire alarms
3. Fire Extinguisher
4. Key fob access restrictions and security personnel
5. Surge Protectors
software
Recommendations:
1. Annual fire drills
2. CBT or other individual training for fire extinguisher operation

- 14 -
Contingency Plan:
1. If the fire is small enough to be extinguished with the portable extinguisher
employees may put it out then proceed to step 3, otherwise activate the fire
alarm system
2. Evacuate to the designated assembly point (See Appendix A, Figure 4)
3. Call 911/emergency services
Missing Person – Level 2-3 Event
Somewhere, Texas is the third highest crime rated city in Texas as of 2013, with 5.9
murders per 100,000 people. Additionally, hurricanes, tornadoes, flooding, and traffic
accidents all occur in this area and could lead to missing persons. Additionally, OSGSC
employees may travel to high-risk destinations as part of normal job duties. This can
present a unique challenge to personal safety. The OSGSC has several mitigation features
to protect and watch for the accountability of its staff.
2. Recall roster
For Oversees/High Risk Destination Travel:
1. Accountability policy as indicated in OS high risk destination travel
guidelines
2. Planned itineraries with CWT and coordinated with the regional security
managers
3. Company cell phones
4. Optional geo-location check in app for the individuals company cell phone

- 15 -
Recommendations:
1. Annual accountability/recall roster exercise
Contingency Plan:
1. In the event an employee is more than one hour late to work with no contact
a. Attempt to contact employee utilizing the GSC recall roster (See
Appendix A, Figure 2)
b. Call/email each proceeding hour until contact is made
3. If oversees:
a. Coordinate with the regional security manager
b. If oversees, the GSC will contact HR and coordinate with appropriate
government agencies in the host country
c. The GSC will serve as a focal point for resources and coordination of
company efforts to locate and return the individual home safely
Medical Emergency – Level 2-3 Event
Workplace accidents are a common occurrence and can happen as the result of
carelessness, unavoidable hazard, unforeseen circumstances, or underlying medical
conditions. In the event that a GSC employee becomes injured, the GSC staff will make
every attempt to ensure that further injury is prevented and appropriate care is received.
1. First Aid Kit
2. On-site security
3. Safety features such as fire extinguishers and surge protectors
4. Pre-determined evacuation procedures and rally points (See Appendix A,
Figure 4)
Recommendations:
1. Annual refresher training on medical emergency contingency plan
2. Participation in routine fire/evacuation drills as prescribed by OS
Contingency Plan:
1. Ensure the employee receives first aid

- 16 -
2. Call 911 or emergency services if necessary
3. Note the time and date of the event
Rioting/Civil Disturbance – Level 2-3 Event
As previously noted, Somewhere, Texas is the third highest crime rated city in Texas.
Given the large mix of ethnic groups and the size of the city (4th
largest in the U.S.),
rioting/civil disturbance is a distinct possibility, despite being a low probability event. In
the event of large-scale rioting/civil disturbance, it may become impractical or unsafe for
the GSC to work on site or leave for home. There are several mitigation features in place
to facilitate continued GSC functionality.
1. Recall roster
software
4. Active security system
5. 24/7 CCTV monitoring
6. 24/7 Security Personnel
7. Key Fob System for access control
8. Perimeter gate and fence system
Recommendations:

- 17 -
1. Annual review of GSC contingency scenario in the event of a large scale
riot/civil disturbance
Contingency Plan:
1. The GSC Manager, Supervisor, and Senior Analyst will convene to determine
the viability of continued operations on site
2. Within 1 hour a decision will be made as to whether the situation affects or is
likely to affect the safety of the GSC on site location
3. If it is determined that off-site/work from home is the safest approach, the
GSC staff on duty will be provided with laptops and allowed to return home in
order to continue work from home
4. Bi-daily status checks on all GSC employees will be completed until the
situation resolves
5. Upon resolution of the event a GSC employee to be named by the GSC
management will complete a post event after action reporting form (See
Recovery and Restoration)
Natural Events
Disease or Epidemic – Level 3 Event
Although unlikely in the United States, the possibility does exist for a disease or
epidemic event to affect the Somewhere area. Somewhere is the 4th
largest city in the
United States and hosts a variety of travel mediums, including a port and multiple
airports, and a military base. The Ebola Outbreak in 2014 demonstrated that even hard to
catch, non-airborne diseases can be transported throughout the world, making nearly any
location a potential disease/epidemic outbreak location. Mitigation in this instance is
going to rely heavily on the ability of the GSC to operate remotely.
1. Recall roster
software
Recommendations:

- 18 -
Contingency Plan:
situation resolves
Flood/Storm Surge – Level 1-3 Event
Although the Beechnut location in Somewhere is 68 feet above sea level, much of the
city of Somewhere is prone to flooding. As recently as 2015, significant flood activity has
affected the city as well as OS operations. While the OSGSC experienced few problems
with recent flooding, this risk continually poses a threat to operations, whether from
normal rainfall, hurricanes, or storm surges, all of which have the potential to cause
flooding issues throughout the city. Complications from these events typically include the
inability of GSC employees to get to the GSC or power outages created by secondary
effects of the flooding and storms.
2. Backup power generators
3. Recall roster
software
Recommendations:

- 19 -
1. Annual review of GSC contingency scenario in the event of a wide spread
flooding/storm surge and hurricane events (before hurricane season begins)
members
Contingency Plan:
situation resolves
Hurricane – Level 3 Event
Hurricanes and tropical storms are a regular occurrence in the Somewhere area with
storms of tropical storm strength or higher occurring every 5 years on average.
Associated with these storms is the potential for flash floods, high wind, and tornado
activity. Hurricanes and tropical storms have the potential to threaten physical access to
the GSC via flooding and degrade or disable the GSC’s communications and power
supply. Hurricanes represent one of the most impactful and consistent threats to
continued OSGSC operations.
1. Planned Contingency to operate remotely from an off-site location in X
location (See Contingency Plan Section)
3. Recall roster
software
7. Elevation of 68 feet above sea level (unlikely to be directly impacted by surge
or bayou flooding)

- 20 -
Recommendations:
1. Annual review of GSC contingency scenario in the event of a wide spread
flooding/storm surge and hurricane events (before hurricane season begins)
members
Contingency Plan:
2. Within 48 hours of landfall, a decision will be made as to whether the
situation affects or is likely to affect the safety of the GSC on site location
order to continue work from home or be transported to the off-site location
a. If off-site location outside of the Somewhere area is deemed necessary
for the continuance of GSC operations:
i. A team of no less than 4 GSC employees will be selected and
provided with transportation to the off-site location
ii. The move to the off-site location will be conducted within 24
hours of landfall to allow time for remote set up and potential
evacuation of employees remaining in Somewhere
iii. Bi-daily status checks on all remaining GSC employees will be
completed until the situation resolves
iv. All GSC employees will receive guidance on how pay and
travel cost will be coordinated and provided for

- 21 -
Tornadoes – Level 2-3 Event
Tornadoes are violent and potentially life threatening events. Historically, the Greater
Somewhere Area records 5-6 tornadic events per year. Although most of these are small,
very short duration events, the heavy winds and intense rainfall associated with these
events have the potential to cause power and communications disruptions, as well as
structural damage to the OSGSC.
2. Recall roster
software
Recommendations:
1. Annual review of GSC contingency scenario in the event of a tornado
members

- 22 -
becomes necessary to work from home or an off-site location
Contingency Plan:
1. If a tornado warning is issued that is going to impact the GSC, employees will
shelter in place in the stairwell located on the first floor (See Appendix A,
Figure 5)
2. After the tornado passes, GSC staff will initiate a recall roster check to verify
the safe status of GSC employees
3. Damage assessments will be conducted and the Manager, Supervisor and
Senior Analyst will meet to determine the operability of the GSC and if
offsite/work from home status is warranted
Tsunami – Level 3 Event
Although extremely unlikely, there are mechanisms in the Gulf of Mexico that are
capable of generating a tsunami. Most notably, underwater landslides along the
Mississippi River Canyon, a fault line along the Cuban coast, and the Campeche undersea
escarpment off the coast of Mexico are thought to be capable of generating a Tsunami
event. The historical precedent for a tsunami hitting Somewhere is unclear but cannot be
ruled out. In the event that a tsunami did hit the city, the likelihood is that only coastal
areas would be affected. Due to the elevation of the GSC and the distance from the shore,
it is unlikely that there would be any considerable damage from such an event. If,
however unlikely, a large tsunami were to strike the Somewhere Area, tidal surge from
the event could impact the bayou and cause flooding near the GSC. In such an event,
there are only a few existing mitigation features.
2. Recall roster
software

- 23 -
Recommendations:
1. Annual review of GSC contingency scenario in the event of a tsunami
3. Personal laptops with network access to GSC employees in the event it becomes
necessary to work from home or an off-site location
Contingency Plan:
1. If a tsunami warning is issued that is going to impact the GSC employees will be
evacuated to a safe distance as determined by state/government authorities
2. The GSC Manager, Supervisor, and Senior Analyst will meet to determine an off-
site location or authorize work from home status to allow for the continuation of
GSC operations
management will complete a post event after action reporting form (See Recovery
and Restoration)
Production and Technical Events
Temporary Loss of Communications – Level 1-2 Event
Temporary loss of communications refers to a loss of at least one communications
medium for a period lasting more than 2 but less than 24 hours. Because temporary loss
of communications occurs periodically this is considered a high probability event,
however, there are redundant/alternative methods of communication within the GSC,
making the loss of only one system a low impact. The GSC has three main mediums of
receiving and sending communications: Internet/network, landline telephone, and
cellphone service. Limited operations can continue with the loss of any two of these
mediums, however the loss of all three will render the GSC inoperable, and the loss of
more than one will severely degrade the operational capabilities of the GSC. The GSC
has several mitigation features designed to lessen the severity of temporary loss of
communication events.
1. Recall roster
2. Existing OSGSC dedicated IT staff
3. OS company IT staff

- 24 -
software
Recommendations:
1. Annual review of GSC contingency scenario in the event of a communications
loss/extended communications loss
Contingency Plan:
1. Utilizing the recall roster, contact the GSC Manager, Supervisor, and Senior
Analyst as soon as a problem with any of the communications capabilities
(Internet/network, GSC telephones, or cellular communications) is detected
a. If unable to utilize cellphones, email, or landlines, verify that the situation
is building wide with the security personnel at the front desk of the lobby
(See Appendix A, Figure 3)
b. If at least one communications medium remains functional, contact OS IT
support to determine if the situation is temporary, maintenance related, or
systemic
c. If IT is aware of the situation:
i. Ask for the estimated time until the system is operational
ii. Ask what services will be affected
iii. Communicate these findings to the GSC Management
d. In the event the temporary loss affects all communications capabilities and
is building wide/systemic, continue to attempt communications every 30
minutes until communications capabilities resume
2. A focus on determining how long communications will be lost will become
priority and notifications will be sent out to the regional security managers and
specific corporate executives (to be determined by the GSC Manager) explaining
the situation
and Restoration)

- 25 -
Extended Loss of Communications – Level 3 Event
In the event that communications capabilities are degraded for more than 24 hours, a
temporary loss of communications event becomes an extended loss of communications
event. This is a high impact event due to its ability to severely degrade the mission
capabilities of the GSC. Without communications capabilities the GSC cannot perform its
mission and an alternative site might become necessary.
1. Recall roster
software
Recommendations:
1. Annual review of GSC contingency scenario in the event of a communications
loss/extended communications loss

- 26 -
Contingency Plan:
1. Attempt to run through the contingency steps for a temporary communications
loss
2. Should a temporary communications loss continue or extend past 24 hours, it will
become an extended loss event, and the GSC Manager, Supervisor, and Senior
Analyst will meet to determine if off-site/work from home operations should be
considered
3. A focus on determining how long communications will be lost will become
priority and notifications will be sent out to the regional security managers and
specific corporate executives (to be determined by the GSC Manager) explaining
the situation
and Restoration)
Power Loss – Level 1-2 Event
Temporary power loss is defined as a power loss to the GSC lasting for no fewer than 2
hours and no more than 12 hours. Temporary power loss is not considered a high threat
event because of the mitigation features currently in place; however, it does require
monitoring, as a longer duration power loss has the capability to threaten the GSC’s
communications abilities.
1. Recall roster
software
Recommendations:
1. Annual review of GSC contingency scenario in the event of a power
loss/extended power loss

- 27 -
Contingency Plan:
1. Utilizing the recall roster, contact the GSC Manager, Supervisor, and Senior
Analyst as soon as a power outage occurs.
2. If backup generators are working, check to see if communications capabilities
(Internet/network, GSC telephones, or cellular communications) are still
functional
a. If unable to utilize cellphones, email, or landlines, verify that the situation
is building wide with the security personnel at the front desk of the lobby
(See Appendix A, Figure 3)
b. If at least one communications medium remains functional, contact OS IT
support to determine if the situation is temporary, maintenance related, or
systemic
c. If IT is aware of the situation:
i. Ask for the estimated time until the system is operational
ii. Ask what services will be affected
iii. Communicate these findings to the GSC Management
d. In the event the temporary power loss affects all communications
capabilities and is building wide/systemic, provide updates to GSC
Management every 30 minutes until power is restored and/or
communications capabilities resume
3. A focus on determining how long power will remain out and if communications
capabilities will be lost will become priority, and notifications will be sent out to
the regional security managers and specific corporate executives (to be
determined by the GSC Manager) explaining the situation
and Restoration)

- 28 -
Extended Power Loss – Level 3 Event
Any power loss lasting more than 24 hours will be considered an extended power loss
event. This event has the potential to severely degrade the operational capabilities of the
GSC. Without power, the GSC cannot perform its mission and an alternative site might
become necessary.
1. Recall roster
software
Recommendations:
1. Annual review of GSC contingency scenario in the event of a power
loss/extended power loss

- 29 -
Contingency Plan:
1. Attempt to run through the contingency steps for a temporary power loss
2. Should a temporary power loss continue or extend past 24 hours, it will become
an extended loss event, and the GSC Manager, Supervisor, and Senior Analyst
will meet to determine if off-site/work from home operations should be
considered
3. A focus on determining how long power will be lost will become priority, and
notifications will be sent out to the regional security managers and specific
corporate executives (to be determined by the GSC Manager) explaining the
situation
and Restoration)
Renovation/Building Repair – Level 1 Event
Building renovations and repairs can potentially disrupt the normal operations of the
GSC, but are infrequent and often involve extended planning before occurring. As such,
these events are typically have a low frequency of occurrence and are low impact. A
basic plan will be maintained to mitigate any issues that may arise from complications
during renovation or building repair that cause extended delays in returning to normal
operations.
software
Recommendations:
Contingency Plan:

- 30 -
1. Prior to beginning of renovation or repairs to the OSGSC, the GSC Manager,
Supervisor, and Senior Analyst will meet to discuss off-site/work from home
mitigation steps
2. Should a renovation or repair extend beyond the expected completion date, the
GSC Manager, Supervisor, and Senior Analyst will reconvene to discuss further
mitigation strategies
and Restoration)
Server Maintenance – Level 1 Event
The GSC servers receive routine maintenance as part of the normal server maintenance
for the company. In the past, unanticipated server repairs/services have resulted in
temporary loss of server use. Such an event usually lasts a short period (typically less
than 12 hours).
software
Recommendations:
Contingency Plan:

- 31 -
1. If able, the GSC Manager, Supervisor, and Senior Analyst will meet to discuss
off-site/work from home mitigation steps prior to beginning of server repair or
maintenance to the OSGSC
2. Should a server repair or maintenance extend beyond the expected completion
date, the GSC Manager, Supervisor, and Senior Analyst will reconvene to discuss
further mitigation strategies
and Restoration)

- 32 -
Public Relation Events
Accusations of Malfeasance, Improper Conduct, or Release of Sensitive or
Confidential Information by the OSGSC – Level 2-3 Event
Accusations of malfeasance or improper conduct are a serious accusation and can greatly
damage the perception of the OSGSC in the eyes of both the public and the independent
business units of OS. Because of the potential for serious ramifications, even seemingly
minor accusations of malfeasance or improper conduct by employees of the GSC must be
investigated. Examples of malfeasance or improper conduct can include but are not
limited to improper or unprofessional behavior in the workplace, sexual misconduct,
dereliction of duty, falsification of reports, and release of confidential or sensitive
information.
1. Quality control checks by the Senior Analyst to ensure product accuracy, quality,
and analysts accountability
2. Routine supervision by the OSGSC Supervisor to ensure mission completion and
timeliness
3. Overall mission guidance and evaluation from the OSGSC Manager to ensure the
OSGSC is conducting operations in accordance with the goals and direction of OS
executive level decision makers
Recommendations:
1. Quarterly meetings between the OSGSC Senior Analyst, OSGSC Supervisor, and
OSGSC Manager with each individual analysts to review performance and
provide feedback
2. Annual training/review of employee workplace expectations
3. Annual training/review of company confidentiality agreements/expectations
Contingency Plan:
1. Should an event occur in which an OSGSC employee is suspected of malfeasance
or improper conduct the individual will meet with OSGSC Management
2. Appropriate OS channels will be utilized to investigate the matter
3. No OSGSC employee will comment or discuss the matter without consent of
OSGSC Management
and Restoration)

- 33 -
Teams and Authorities
The primary team for organizing and responding to any potential crisis will consist of the
OSGSC Manager, OSGSC Supervisor, and OSGSC Senior Analyst. They will coordinate
their efforts with the OS Crisis Manager, OS Security Specialists, and OS Director of
Security to ensure that plans are implemented and carried out in accordance with the
strategy highlighted in this crisis action plan and the direction and intent of the executive
level decision makers for OS. All implementation authority and direction for OSGSC
operations ultimately resides with the OSGSC Manager. The OSGSC Manager will
decide when an event becomes a crisis, when the crisis management plan will be
implemented, and when the crisis event is considered resolved. For more information,
please see Appendix C.
Recovery and Restoration
After Action Reporting
Successful crisis mitigation and crisis management is a collaborative effort that requires
constant vigilance and continued effort to identify and close gaps in coverage and
planning. It is therefore of the upmost importance that at the conclusion of every crisis
event the OSGSC fill out an After Action Report (AAR) to identify areas of strength as
well as areas that need improvement. The form below is to be filled out and completed at
the end of every crisis event. Lessons learned from each After Action Report will be
incorporated into the regularly scheduled bi-annual review of this plan. In addition, it is
the duty and responsibility of all OSGSC staff to point out areas of weakness or needed
improvement in this plan to OSGSC Supervisor. For more details on AAR procedures see
Appendix B – Activation Procedures
Human Resource Links
Some effects of crisis events can have long lasting implications for the health and
wellbeing of OSGSC employees. The following links provide access to the heath,
wellness, and financial services of OS. These resources should be encouraged for use by
any employees or their families negatively impacted by crisis events.
(List Links Here)

- 34 -
Example After Action Report Form
(Insert Form Here)
Appendices
Appendix A – Organizational Breakdown, OSGSC Team Contact Information,
Emergency Procedures Graphics
Figure 1 – OSGSC Chain of Command:
(INSERT FIGURE HERE)
Figure 2 – OSGSC Team Structures/Contact Information:
Figure 3 –Building Schematic:
Figure 4 – Fire/Fire Drill Rally Point
Figure 5 – Tornado Drill/Shelter Point(s)

- 35 -
Appendix B – Activation Procedures
Activation of the crisis action plan is at the discretion and control of the OSGSC
Manager. In the OSGSC Manager’s absence or unavailability, the subsequent chain of
command will follow the outlined in Appendix A, Figure 2. All events described in the
crisis action plan are to be implemented as soon as feasibly possible to ensure prompt
response and quick mitigation. Most events will have little or no notice before activation
must begin. For hurricane, disease or epidemic, renovation, and server maintenance
events activation will commence no earlier than 48-hours before the event is expected to
begin affecting GSC operations. Crisis events will be considered formally concluded 24
hours after the end of their impact. All crisis events will require completion of an After
Action Report (See Recovery and Restoration), to be completed no later than 48 hours
after their conclusion.
Appendix C – Team Tasking
Off-site (Non-Somewhere) OSGSC Team
This team will consist of no fewer than four OSGSC analysts and the OSGSC Systems
Specialist and will conduct off-site operations in the event that the primary GSC location
is in operable. The team will be selected at the discretion of the OSGSC Supervisor and
with the concurrence of the OSGSC Manager. At least one member of the OSGSC
Management staff will accompany the team for any sustained off-site operations.
OSGSC Crisis Management Team
The OSGSC Crisis Management Team will consist of the OSGSC Manager, OSGSC
Supervisor, OSGSC Senior Analyst, OS Crisis Manager, and OS Director of Security.
Primary decision making authority will rest with the OSGSC Manager. The OS Crisis
Manager and OS Director of Security will serve as representatives of OS and liaison
between the executive level decision makers for the company and the OSGSC Manager.
The efforts of the OSGSC Crisis Management Team will focus first on the safety of the
OSGSC employees and second on the sustainability of OSGSC operations during a crisis.
Appendix D – Implementation and Updates
This plan is designed to be implemented upon approval from executive level decision
makers for OS, the OSGSC Manager, OS Crisis Manager, and the OS Director of
Security. Routine review of the plan will take place every six months unless otherwise
directed by the OSGSC Manager. Edits and corrections to this plan will occur at the
designated six-month intervals, or when directed by the OSGSC Manager, or if errors or
gaps in guidance and direction are identified as part of after action reporting procedures.
Such changes will be made at the direction of the OSGSC Manager, by the original
author of this crisis action plan or another GSC employee at the discretion of the OSGSC
Manager.

- 36 -
Appendix E
This document will go into effect after review and approval by the OS Director of
Security, OSGSC Manager, and OSGSC Supervisor. Upon signature and date of the
above named individuals, this document will be the official OSGSC crisis mitigation and
management policy. This document will be reviewed bi-annually and edited for changes
as prescribed by the OSGSC Management. Additional changes will be made whenever
discrepancies or gaps in crisis planning are detected and at the discretion of the OSGSC
Management.
_______________________
John Doe
OS Director of Security
_______________________
Jane Doe
OSGSC Manager
_______________________
John Doe
OSGSC Supervisor
Effective: _____________

Example Crisis Action Plan (1)

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (10)

En vedette

En vedette (16)

Similaire à Example Crisis Action Plan (1)

Similaire à Example Crisis Action Plan (1) (20)

Example Crisis Action Plan (1)