Scientists around the world were stunned late last month when seven of Italy’s leading experts on natural disasters were sentenced to six years in jail each for the crime of manslaughter. What made this judgment so shocking was that the charges were brought as a result of accusations that the scientists had offered “an unjustifiably optimistic assessment to the local population” of the chances that there would be a large earthquake in the region.
The seven defendants, all of whom belong to Italy’s National Commission for the Forecast and Prevention of Major Risks, had been asked to voice their opinion of safety in the region following a chain of hundreds of small quakes and determined that there was no major threat of a larger event. Shortly after this announcement a 6.3 magnitude earthquake led to the death of some 300 people in the city and surrounding areas.
What does this mean to those of us who deal with business continuity planning, crisis management or disaster management? If a strategy of ours results in a company losing money, could we be held financially liable? If human error or unseen holes in a disaster plan result in injury or death, could we, too, be jailed some day?
Some may scoff at the idea, but if you asked those Italian scientists prior to the earthquake, I’m sure they would have scoffed. No one has a magic crystal ball that can predict the future. Just like those scientists, all we’re really doing in these industries is making very educated guesses. The chance of a costly error, or things simply not going according to plan, is always present.
Knowing this, what can you do to protect your business, and yourself?
In an article discussing the L’Aquila convictions, Continuity Central’s David Honour offered his advice:
- If you are an external consultant, part of the answer lies in ensuring that you have sufficient professional liability insurance and that you have checked that the small print does not exclude areas which might impact upon you.
- For in-house business continuity professionals, protection might come from joining a relevant union; you might also be able to have protective clauses written into your terms of employment, including specific information on the importance of making risk-based decisions to the role and the possibility that these decisions may prove to be incorrect without this being the result of an error or omission.
- For both in-house and external business continuity professionals some protection can also be provided by explaining the basis for risk-based decisions within formal documents that you produce; for example as an appendix to a business continuity plan. The limitations of professional tools such as the business impact analysis and risk assessments should also be clearly spelled-out.
Insurance and the protection of a union can certainly contribute, but the heavy hitter of this list is David’s final tip. It has to be very clear to everyone involved that any plans or predictions are not concrete, but in fact based on the information available and created with the tools and knowledge at hand.
It is also extremely important to define what best practices and industry standards are for your line of work, and ensure that your policies and actions reflect them precisely. As always, document everything, and keep it organized enough that you can easily link cause to decision, because some day you may be asked to defend your choice of instruction in a court of law.
Using crisis management software prior to and during a response will provide vital legal and compliance documentation. The time-stamped audit log in MissionMode's Situation Center incident management software documents what was done, when it was done, which tasks were completed, and who was involved. It serves as an unambiguous record of activities and communication.