Gary Ng, Product Marketing Manager, BlackBerry considers what to look for when selecting an emergency mass notification system (EMNS) solution
Who Uses EMNS Platforms?
Imagine a scenario where you are woken up in the middle of the night by the public warning siren that has gone off in your town. You pick up your mobile phone from your nightstand and see a news alert streaming across your device screen informing you that a major chemical plant incident has just occurred in a neighbouring town. You immediately spring out of bed and tune in to the television for further instructions.
Within minutes, your supervisor from work (who coincidentally lives in the same neighbourhood as you) calls you and asks, “Did you hear the news?”, followed by the question, “Our office colleagues know what to do tomorrow, right?” You think to yourself, “Yes, they should know, since we just recently conducted our table-top exercise for a similar scenario.”
But do your colleagues really remember what to do? You then realise that only the Department representatives were the ones who attended that exercise. That accounts for only five percent of the local office. And the default mode of communication is the good old BCM call-tree list. And we are talking about the middle of the night.
The above would probably be a business owner or a crisis manager’s worst nightmare. Don’t be surprised, because according to the 2019 Gartner Security and Risk Management Survey, only 37 percent of respondents indicate that they have a full implementation of an emergency mass notification system (EMNS) solution set up in their organisations[1]. However, due in large part to the ongoing COVID-19 crisis, EMNS platforms are now seeing an uptrend in usage, beyond the traditional emergency use cases. Today, human resource professionals, medical physicians, public transport operators, finance professionals, educators, and so on have joined the traditional team of IT, disaster recovery and crisis managers in utilising EMNS solutions.
But with a plethora of solutions in the market today, how do business leaders and communities decide which is most suitable for their needs? Before deep diving into a list of criteria, there is a need to ask four main questions.
Four Questions to Ask When Selecting an EMNS
1) What Keeps You Awake? As a business owner, what can potentially disrupt your business operations or create a dent in your firm’s reputation? While we can develop response and recovery measures to address the threat of natural disasters or other potential man-made threats (example, active shooter incidents, building fire emergencies, etc.), there may be other potential risks we may not have planned for. In this instance, the first probable response is to reach out to your most important stakeholders, provide assurance or instructions, and seek acknowledgement from your stakeholders as part of your communications strategy. Being able to account for your team members will then allow you to better size up your next best response to a critical event, collectively.
2) Who Regulates You? Businesses operating in specific sectors may be subjected to regulatory requirements. For example, organisations operating critical information infrastructures (CIIs) may be expected to report cybersecurity incidents within a specified timeframe to “sector regulators”, with relevant details that should include the extent or progress of containment and resolution. The expectation is not only confined to the speed of escalation and reporting to the regulator(s), but there is pressure within the organisation’s IT or cybersecurity team(s) to provide a complete situational picture of the incident while facilitating swift resolution. Given the nature of such a threat, business leaders will be taking an unnecessary risk by relying solely on email and SMS communications. Instead, a secured platform that can facilitate incident response via a common operating picture through automated alerting and collaboration with relevant stakeholders would be a better option.
3) Who Are You Responsible For? When a critical event has the potential to result in the loss of lives (or any near equivalent), companies have an expected duty of care to their staff and other concerned stakeholders. This should not be confused with accounting for only those operating in the physical premises, but anyone who is contracted by the company needs to be accounted for (yes, remote workers and outsourced service vendors should be included). Businesses still relying on the manual call tree system will experience the excruciating pain of reaching out to staff one by one or must wait for the “next identified tier leader” to reply. Instead, communications platform that can quickly push out alerts, record acknowledgements and facilitate critical information sharing with first responders can significantly reduce response and recovery time.
4) Does Anyone Need to Know? When a critical event occurs (or is about to occur), do the senior management team or Board members need to receive first-hand information? How about other staff and essential vendors within the company? Relying on emails and SMS alone can be problematic, particularly when critical events occur in the middle of the night or on a holiday weekend. If critical events require authorisation for certain responses to proceed, surely it should not wait till the next morning. To mitigate this risk, a reliable and robust EMNS platform should be considered to ensure prompt dissemination and response.
EMNS Minimal Requirements
Considering the above essential questions to ask, a EMNS platform solution should minimally be able to provide the capability to allow for last minute “live” critical plan changes (as a critical event can be extremely dynamic) on an accessible and secured platform; enable swift notification in the event of activation; provide a means of accountability tracking; facilitates critical information gathering and management from operational and tactical response teams; and, most importantly, be able to facilitate joint collaboration with identified stakeholders.
All these should be managed on a secured and reliable platform that adheres to industry-recognised security standards and resilience best practices. Where required, a dedicated managed services team should be ready to assist businesses should there be a need.
Needless to say, the procured EMNS solution should not be strictly limited to traditional emergency and security-related use cases. That way, businesses can maximise their return on investment.