CPP 2022 Domain 7: Crisis Management

Question 1

What is emergency planning/response?

Answer 1

The planning and activity associated with detecting, containing, and dealing with the immediate impact of an event.

Source: POA, Crisis Management, Chapter 1 Introduction, page 1

Question 2

What is crisis management?

Answer 2

The process of supporting emergency management/response and business continuity operations while dealing strategically with the numerous issues that could impact the long-term viability of the organization.

Source: POA, Crisis Management, Chapter 1 Introduction, page 1

Question 3

What is business continuity?

Answer 3

The processes and procedures put in place to move from functioning during the crisis to functioning as normal operations after a business interruption.

Source: POA, Crisis Management, Chapter 1 Introduction, page 2

Question 4

What are the four elements of emergency management?

Answer 4

Mitigation,
Preparedness,

Response,
Recovery.

Source: POA, Crisis Management, 1.1, page 2

Question 5

This element of emergency management is the process of putting protective measures in place to reduce the likelihood of a disaster occurring or to reduce the impact if a disaster does occur.

Answer 5

Mitigation.

Source: POA, Crisis Management, 1.1, page 2

Question 6

This element of emergency management encompasses any activities, programs, and systems developed and implemented prior to an incident that may be used to support and enhance mitigation of, response to, and recovery from disruptions, disasters, or emergencies.

Answer 6

Preparedness.

Source: POA, Crisis Management, 1.1, page 2

Question 7

This element of emergency management deals with executing the plan and performing duties and services to preserve and protect life and property as well as provide services to the surviving population.

Answer 7

Response.

Source: POA, Crisis Management, 1.1, page 2

Question 8

This element of emergency management ensures that the processes, resources, and capabilities of the organization are reestablished to meet ongoing operational requirements.

Answer 8

Recovery.

Source: POA, Crisis Management, 1.1, page 2

Question 9

What is the goal of crisis management?

Answer 9

To protect the core assets of the organization (reputation, brand, financial wellbeing, trust, physical and intellectual property, and key relationships) from as much harm as possible caused by a business-interrupting event.

Source: POA, Crisis Management, 1.2, page 4

Question 10

What should an emergency or crisis management plan do?

Answer 10

Define the term and scope of a crisis or emergency in terms relevant to the organization;
Establish a group or team to perform specific tasks before, during, and after a disruptive event;

Establish a method for using available resources or obtaining additional resources at the time of an event;
Provide a means for moving normal operations into and back out of crisis mode of operations;
Provide a plan and framework to continually test and maintain the plan and response capabilities.

Source: POA, Crisis Management, Chapter 2 Introduction, page 9

Question 11

How should an emergency and response team be structured?

Answer 11

The emergency coordinator assumes responsibility for the plan.
A committee of representatives from critical departments should be appointed to help the coordinator organize the plan.

Alternate designations for the primary decision maker and anyone else charged, by name or position, in the plan must be made.

Source: POA, Crisis Management, 2.1.1, page 10

Question 12

What are common features of Incident Command Systems (ICS)?

Answer 12

Command,
Operations,

Planning,
Logistics,
Administrative/finance.

Source: POA, Crisis Management, 2.1.2, page 11

Question 13

The crisis management team should have members from what areas or departments?

Answer 13

Executives,
Human resources,

Public affairs/communications, 
Safety/security, 
IT, 
Legal, 
Finance or other shared service, 
Critical operational departments. 

Source: POA, Crisis Management, 2.3.1, page 14

Question 14

At what three levels can crisis management teams operate?

Answer 14

Operational,
Tactical,

Strategic.

Source: POA, Crisis Management, 2.3.2, page 16

Question 15

What are the goals of continuity planning?

Answer 15

Save lives and reduce chances of further injuries or deaths,
Protect assets,

Restore critical business processes and systems,
Reduce the length of the interruption of business,
Protect reputation damage,
Control media coverage,
Maintain customer relations.

Source: POA, Crisis Management, Chapter 3 Introduction, page 17

Question 16

What is the relationship between the business continuity team and the crisis management team?

Answer 16

The business continuity team is treated separately and as a support for the overarching crisis management team.

Source: POA, Crisis Management, 3.1, page 18

Question 17

What should business continuity plans and procedures do?

Answer 17

Establish the appropriate notification and communications protocol;
Be specific regarding the immediate steps that should be taken during a disruption;

Be flexible to respond to unanticipated threat scenarios and changing conditions;
Focus on the impact of events that could potentially disrupt operations;
Be developed based on stated assumptions and interdependencies;
Be effective in minimizing consequences through appropriate mitigation strategies.

Source: POA, Crisis Management, 3.2, page 19

Question 18

How should threats and vulnerabilities to the business be identified, evaluated, and prioritized?

Answer 18

Through a risk assessment.

Source: POA, Crisis Management, 3.2, page 19

Question 19

How can the likelihood of crisis incidents occurring be estimated?

Answer 19

By assessing the organization’s changing profile and the security measures already in place.

Source: POA, Crisis Management, 3.2, page 20

Question 20

How can the consequences of an incident be assessed?

Answer 20

Based on knowledge of the assets at risk.

Source: POA, Crisis Management, 3.2, page 20

Question 21

What is management’s role in developing a business continuity plan?

Answer 21

Management must be directly involved in the identification and evaluation of the organizational assets as part of the plan development.

Source: POA, Crisis Management, 3.2.2, page 23

Question 22

What is the goal of emergency and crisis plan exercises?

Answer 22

To measure the staff’s ability to effectively respond, recover, and continue to perform assigned business activities when faced with specific disruptive scenarios.
To ensure that technology resources function as planned and that staff members are adequately trained in their use and application.

Source: POA, Crisis Management, 3.2.3, page 24

Question 23

What are four types of exercises?

Answer 23

Orientation,
Tabletop,

Functional,
Full scale.

Source: POA, Crisis Management, 3.2.3, page 25

Question 24

What is the purpose of a business impact analysis (BIA)?

Answer 24

To identify and evaluate the potential impact of a disruptive event to an organization’s operations.

Source: POA, Crisis Management, 3.4, page 30

Question 25

What should be addressed in a BIA?

Answer 25

Identify the potential impacts over time of disruptions on activities and resources;
Identify legal, regulatory, and contractual requirements for activities and resources;

Estimate the maximum tolerable downtime that can be withstood while still maintaining viability;
Evaluate resource requirements, activity, and external interdependencies to resume operations within established timescales.

Source: POA, Crisis Management, 3.4, page 30

Question 26

What are some typical BIA activities?

Answer 26

Confirming the scope of the BIA with management,
Identifying sources of information,

Deciding on methods for data collection,
Gathering data,
Analyzing impact, time, and interrelationship information,
Presenting recommendations and justification for evaluation,
Preparing information for use in BCM strategy development.

Source: POA, Crisis Management, 3.4, pages 30-31

Question 27

The results of the BIA provide the basis for what?

Answer 27

Setting recovery time objectives.

Source: POA, Crisis Management, 3.4, page 31

Question 28

What is an all-hazards approach to emergency planning?

Answer 28

This approach provides for a basic emergency operations plan (EOP) with sections that apply to multiple emergency situations plus hazard specific checklists for event types.

Source: POA, Crisis Management, 4.1, page 35

Question 29

What is the benefit of an all-hazards approach?

Answer 29

The all-hazards approach works well in many situations because quite often planning requirements are similar regardless of whether the incident is a natural threat, a human threat, or an accident.

Source: POA, Crisis Management, 4.1, page 35

Question 30

What should be addressed in emergency response planning?

Answer 30

Shelter,
Data search,

Assembly areas, 
Special item removal, 
Alerting of neighbors, 
Shutdown procedures, 
Security, 
Emergency rendezvous point. 

Source: POA, Crisis Management, 4.3, pages 36-37

Question 31

What reoccupation considerations should be included in an emergency response plan?

Answer 31

Decision,
Search,

Clients and customers.

Source: POA, Crisis Management, 4.3, page 37

Question 32

What principles related to the protection of life should be applied when setting priorities in an EOP?

Answer 32

Evacuation and shelter,
Personal protection,

Rescue and relief.

Source: POA, Crisis Management, 4.3, page 38

Question 33

What is considered short-term as it relates to evacuation and shelter-in-place?

Answer 33

One hour or less.

Source: POA, Crisis Management, 4.4.1, page 39

Question 34

What three things should be considered in evacuation planning?

Answer 34

Alternate exits,
Routes,

Assembly points.

Source: POA, Crisis Management, 4.4.1, page 40

Question 35

Who should be responsible for shutdown operations?

Answer 35

People familiar with the process.

Source: POA, Crisis Management, 4.6, page 42

Question 36

What is the purpose of the emergency operations center (EOC) or crisis management center (CMC)?

Answer 36

It designates a place where personnel can maintain full concentration on directing and coordinating the emergency response.

Source: POA, Crisis Management, 4.7.1, page 43

Question 37

Where should an alternate EOC/CMC be designated?

Answer 37

In a building other than the one that contains the primary location in case it is damaged, destroyed, or becomes inaccessible.

Source: POA, Crisis Management, 4.7.1, page 43

Question 38

What accommodations should the EOC/CMC have?

Answer 38

Enough space to accommodate the CMT,
Redundant communications capabilities,

Backup power,
Independent supply of potable water,
Sanitary arrangements that are not depending on the normal water system,
Lodging and feeding for CMT members and support personnel in the event of an extended emergency.

Source: POA, Crisis Management, 4.7.1, page 43

Question 39

What questions should be asked of emergency response agencies that may respond to incidents?

Answer 39

Where is it?
What support can it provide?

Under what conditions will it respond?
How fast can it respond?
What does it need from the planning organization?
How can it be contacted?
Is there a written agreement between the organization and agency?
Have representatives of the agency visited the facility, participated in drills, or responded to past emergencies at the facility?

Source: POA, Crisis Management, 4.7.3, page 45

Question 40

What is the benefit of emergency response agencies visiting a facility?

Answer 40

To be aware of the layout and peculiarities of the facilities to which they may have to respond.

Source: POA, Crisis Management, 4.7.3, page 45

Question 41

What should in-house medical personnel be asked in order to evaluate their capabilities to support the medical portion of an emergency plan?

Answer 41

Capabilities of their staff,
The conditions under which they can be called upon to provide emergency support,

What medical supplies must be provided to properly treat the injured.

Source: POA, Crisis Management, 4.7.4, page 46

Question 42

What information should be obtained from local hospitals?

Answer 42

The number of emergency patients each can accommodate and the types of treatment available.
The number of ambulances in the area.

Source: POA, Crisis Management, 4.7.4, page 46

Question 43

What are some typical aspects of a crisis management plan?

Answer 43

Crisis management team,
Crisis management activation and escalation,

Crisis command and management succession,
Crisis recovery logistics and resources,
Crisis communications.

Source: POA, Crisis Management, 5.1, page 53

Question 44

The crisis plan should consider what in outlining plan activation?

Answer 44

How team members will be notified of a crisis activation,
Who can call up the crisis team,

Where the team meets,
How meetings are conducted,
How a crisis is declared,
How executives are notified that the crisis team has been activated.

Source: POA, Crisis Management, 5.1.1, page 54

Question 45

What are three designations for equipment identified in a crisis plan?

Answer 45

Equipment set aside for emergency/crisis use only,
Equipment in regular use but also designated for use in crisis events,

Equipment that would need to be procured.

Source: POA, Crisis Management, 5.1.3, page 54

Question 46

What is the focus of crisis communication?

Answer 46

Communicating messages regarding a disruptive event.
Communicating broader messages to support the organizational resilience, survival of the organization’s business model, and future strategic business plans.

Source: POA, Crisis Management, 5.2, page 56

Question 47

What are some typical roles on a crisis communications team (CCT)?

Answer 47

Senior communications advisor/lead,
Crisis communications team lead,

Crisis communications team,
Incident command staff.

Source: POA, Crisis Management, 5.2.2, pages 57-58

Question 48

What five things should be documented in a crisis communications plan?

Answer 48

Identify affected or key audiences,
Identify audience concerns,

Develop messages specific to audience concerns,
Determine a spokesperson/messenger for each audience,
Select tactics to deliver each message.

Source: POA, Crisis Management, 5.2.3, page 58

Question 49

What are the categories of crises?

Answer 49

Natural or environmental,
Human,

Active,
Cyber-based.

Source: POA, Crisis Management, Chapter 6 Introduction, page 63

Question 50

What is the purpose of a threat management team?

Answer 50

To coordinate and manage the overall response, including oversight, of both the internal and external responders.

Source: POA, Crisis Management, 6.1, page 63

Question 51

What are three post-incident phases?

Answer 51

Immediate,
Short-term,

Long-term.

Source: POA, Crisis Management, 6.1, page 65

Question 52

Considerations in this post-incident phase include life safety, accounting for all individuals onsite, and communications with employees, families, the public, and the media.

Answer 52

Immediate phase.

Source: POA, Crisis Management, 6.1, page 65

Question 53

Considerations in this post-incident phase are preserve the crime scene, monitor individuals for signs of psychological trauma, assist individuals with reunification and other incident-related efforts.

Answer 53

Short-term phase.

Source: POA, Crisis Management, 6.1, page 65

Question 54

Considerations in this post-incident phase include conducting post-incident debriefs with internal and external responders and stakeholders, replenishing supplies, and continued communications with appropriate groups.

Answer 54

Long-term phase.

Source: POA, Crisis Management, 6.1, page 65

Question 55

What are some planning considerations for inclement weather?

Answer 55

Ensure participation of the major stakeholders of the potentially impacted assets.

Source: POA, Crisis Management, 6.2.2, page 66

Question 56

What are some planning considerations for earthquakes?

Answer 56

Ensure sufficient earthquake response team membership to ensure that earthquake response trained personnel are always available at each facility.
Study earthquake hazard maps and seismic building codes and standards to understand the risk.

Source: POA, Crisis Management, 6.7.1, page 72

Question 57

What are some planning considerations for fire?

Answer 57

Security should be involved in the planning of evacuation protocols and assembly locations since security often is a key component in evacuations.
Security should also establish strong relationships with local fire departments.

Consult local requirements for prevention, response, and mitigation.

Source: POA, Crisis Management, 6.8.1, page 76

Question 58

What are some planning considerations for medical emergencies?

Answer 58

Security officers should undergo regular first aid training and remain familiar with critical response equipment.
The level of medical training depends on the availability of professional medical intervention close to the facility and the level of any specialized care that the facility’s risk profile might have.

A plan should be put into place on how to respond, including where to meet first responders, notification protocols, and procedures to streamline response.

Source: POA, Crisis Management, 6.9.1, page 77

Question 59

What are some planning considerations for a pandemic?

Answer 59

Objectives that should be considered include:
Reduce transmission among employees, customers, visitors, and partners,

Maintain critical operations and services,
Minimize economic impact of the event,
Maintain operational efficiency under increased level of essential employee absenteeism.

The crisis team should also align with the World Health Organization (WHO) pandemic phases to determine a response.

Source: POA, Crisis Management, 6.11.1, page 80

Question 60

What are some planning considerations for workplace violence?

Answer 60

What are some planning considerations for workplace violence?

Question 61

What are some planning considerations for domestic violence?

Answer 61

A plan should include what actions should be taken if the perpetrator makes any contact with the employees or organization.
Increased surveillance may be required.

Employees should be encouraged to notify security of any protective orders they seek or threats they receive.
Solutions include access control and visitor management.

Source: POA, Crisis Management, 6.13.1, page 92

Question 62

What are some planning considerations for active threats?

Answer 62

Plans should include the following sections:
Prevent, protect, mitigate, response, recover.

Prevention and survivability of an attack heavily depend on:
Robustness of prevention program, facility layout, access control, alerting technologies, training of staff, and response of security or law enforcement.

The all-hazards approach is the most effective way to prepare for responding to an attack.

Source: POA, Crisis Management, 6.14.1, page 97

Question 63

What are some planning considerations for civil unrest?

Answer 63

The crisis management team can choose a protective approach that best first the situation to deescalate and prevent harm based on the understanding of the threat.

It is not security’s responsibility to stop people from protesting.

Make contact with the protest ‘captains’ and work together in the time, place, and manner of the protest.

Source: POA, Crisis Management, 6.16.1, page 105

Question 64

What are some planning considerations for bomb threats?

Answer 64

To respond effectively, the organization must recognize that it has been threatened, capture information about the threat, report it to the relevant authority within the organization, evaluate the threat, and respond appropriately.

Threat evaluation is a complex management decision that requires procedures, planning, training, and rehearsal.

Source: POA, Crisis Management, 6.17.1, page 110