1. DRMG approach, principles and objectives
The DRMGs are
- The DRMGs are guiding principles to help or advice a certain organisation* in the creation/assessment/improvement of its own guidelines/procedures.
- The DRMGs are guiding principles to help or advice a certain organisation in developing a critical view on its own crisis management activities (management of resources, procedures, training, etc.) based on resilience management concepts.
- The DRMGs can be complementary to existing guidelines/procedures/practices in a certain organization, but they do not replace them.
- The DRMGs are intended/directly addressed to for policy makers, decision makers and managers at different levels in a organization. They can only indirectly affect the activities of front line operators or first responders in crisis management.
The DRMGs are not
- The DRMGs are not prescriptive.
- The DRMGs are not intended to replace guidelines/procedures already existing in a certain organization.
- The DRMGs are not directly addressed to front line operators or first responders in crisis management (although their activities will be indirectly impacted by the DRMGs, if their practices and procedures have been revised or designed based on the DRMGs).
* organisation, in this context, is a private or public company, an authority or government agency either at international, national or local level
The nature of resilience in crisis management: overview, fundamentals
Recent crises, disasters, and accidents challenging established risk management strategies include 11 September 2001, the SARS and H1N1 pandemic outbreaks in 2003 and 2009, the Indian Ocean tsunami in 2004, Hurricane Katrina in 2005, the Eyjafjallajökull eruption (2010, total losses of approximately 1 billion euros), the Deepwater Horizon disaster (2010, 11 fatalities and environmental damage from the equivalent of almost 5 million barrels of oil) and the Fukushima Daiichi major accident (2011).
The use of the term Resilience has emerged during the last decades as an alternative concept for society to deal with many challenges. Based on agreement on, and a commonly increasing awareness of, the inherent shortcomings in the prevalent approach to risk and crisis management, the concept of resilience is however used differently in diverse areas and at different organisational and temporal scales. DARWIN focuses on a proactive approach for dealing with disturbances and the realisation that surprises are an inherent characteristic in these challenges. Reducing the consequences of complex vulnerabilities is therefore an important approach rather than reducing the probability for a specific risk to occur. Some trends that have influenced this call for an operationalised resilience approach are:
- The changing nature of societal risks and increased focus to address complex risks and interdependencies in society.
- The changing nature of today’s and future crises in terms of their predictability of the occurrence and impacts, complexity of the consequences as well as interdependency of the countermeasures put in place.
- The awareness of the limitations in prevalent risk analytical approaches that has focused on the predictability of the occurrence and impacts of risks that has downplayed rare events, systemic risks, emerging risks and risk controversies.
- The insufficient ability and increasing demands to learn and evolve from experience from these types of crises and limitations of prevention and planning.
- The decreased tolerance to single crises and the need for the traditional fly-fix-fly manner of learning from crises to be supplemented with a more holistic and proactive systems view on prevention, anticipation and flexible responses.
- The changing regulatory and public view on safety to individuals no longer having the ability to manage the risks around them, where people are demanding greater responsibility from the regulator to secure oversight, from operators to learn from events, and to balance safety-risks, time-to-market, and budgetary pressures.
- The increase in real-time information flow to and from the public due to the complexity of the risks and crises as well as the accessibility of data through social media, thus changing the role of the population in responding to the event and their expectations from governing and response entities.
- The cascading effects which spread across geographical boundaries (nations, states or local authorities) and/or policy boundaries (between organizations, administration levels, different types of critical infrastructures), where a crisis can become trans-boundary and even develop into a global shock through non-linear processes due to increased mobility, globalisation, and interdependencies in production and operation.
- The complexity and risk of propagation of everyday performance variability and cascading to other systems, which could lead to trans-boundary crises. This coupling and complexity makes prevention, mitigation, and preparation very challenging.
- The complexity of modern crises that often require the involvement of many actors, above and beyond emergency services, thus demanding effective co-ordination for a successful outcome. There have been evolutions on risk management methods and strategies to adapt to these changes. Still, crises continue to evolve challenging the most recent risk management and robust systems.
In the context of these trends in modern-day crises and accidents, the DARWIN project bases its development of Resilience Management Guidelines on two major strands of research: The Resilience Engineering perspective, and the body of knowledge on Community Resilience. These two research strands are briefly outlined here, to provide an overview of what resilience is in the context of crisis management generally and the DARWIN project in particular.
Resilience Engineering (RE) is the discipline that aims to provide design and development processes, strategies and capabilities to accomplish resilient performance in complex socio-technical systems. Resilience Engineering has been developed by researchers from the fields of Safety Science, Cognitive Systems Engineering, and Human Factors (Engineering) since the beginning of the 2000s. An early description of resilient and brittle (the opposite of resilient) performance of socio-technical systems was an analysis of the 2003 space shuttle Columbia accident. The first edited book on the subject was published after a meeting of safety scientists discussing new perspectives on safety and a number of RE symposia and books, have followed since. Notable drivers of Resilience Engineering are the need for extension of the explanatory power to understand complex accidents and incidents but also the need to understand successful outcomes (e.g., the aircraft ditching in the Hudson river).
Resilience Engineering aims to understand and cope with complexity. Complexity may be addressed in terms of coupling, interactions, tractability, and the potential for cascading effects. Coupling (loose/tight) refers to the time-dependency of a process, the flexibility of action sequences, the number of ways to achieve a goal, and the availability of slack in operational resources. Interactions are defined as the number of variables and causal relations in the system’s processes and interconnected subsystems. Tractability refers to the extent to which the detailed functioning of a dynamic system can be described and understood. Cascading is the extent to which small variations (which are unpredicted and undetected) combine into hazardous situations.
Also the Community Resilience, emergency and disaster management literature has acknowledged the importance of the concept of resilience for some time. For example, discussions of public organisations in risky dynamic environments emphasise these organisations’ need for a balance between anticipation, meaning assessment of vulnerability and safety and (planning for) preventive action, and resilience, meaning (planning for) flexible response (’bouncing back’) after a damaging event. In this view, resilience is the capacity to cope with unanticipated dangers after they have become manifest, learning to bounce back. This ability is distinguished from and needs to be balanced with the ability of anticipation (which here is not part of resilience). Flexible mutual adaptation to changing conditions and the acknowledgement of a common goal are seen as critical characteristics of organisations that are effective in their joint response to a harmful event. Resilience has however been described as being more than flexibility and improvisation, and that it is displayed in the form of successful adaptation and accommodation. In other words, a flexible organisation is in this view not resilient until this organisation adapts and accommodates its social, organisational and technological systems to lessons learned from situations when improvising occurred.
One of the more recent definitions of resilience in the disaster management strand of research is: “Resilience is the capacity of a social system (e.g., an organization, city, or society) to proactively adapt to and recover from disturbances that are perceived from within the system to fall outside the range of normal and expected disturbances”. The need for resilience is described in community and disaster resilience literature mainly as resulting from the limits of planning, the difficulties in multi-organization communication, challenges in management, increasing the need to enhance improvisation, coordination, flexibility, and endurance.
Crisis management: risk and resilience as complementary approaches
At a European level, the disaster management cycle addresses prevention, preparedness, response and recovery. It has emphasis on a risk management approach addressing national risk assessment and mapping considering a multi-hazard and multi-risk approach. Risk management deals with the coordinated activities to direct and control an organisation with regards to risk. It includes different forms of actions including structural, organisation and community measures to avoid (prevention) or to limit (mitigation, preparedness and response to) adverse events.
Traditional risk management approaches focus on prediction, prevention and protection against expected events. Models and methods are used to assess risk associated with specific failures and to propose measures to avoid them. Methods widely used include fault tree analyses (FTA); common cause analyses (CCA); event tree analyses (ETA); a combination of ETA and FTA is represented by bow-tie analyses. A typical risk matrix is used to represent risk categories in terms of probability and severity, and risk acceptability. The focus on risk reduction measures identified by these methods, e.g., the risk matrix, addresses risks with high likelihood and high consequences. These approaches cover known system disturbances as initiating events. Consequently, procedures, training, regulations, and methods for operation are put in place to protect from known disturbances and mitigate their consequences.
The nature of risks and crises has changed but the methods have not. Currently, the attention of the risk analyst is not on unexpected events. Risk methods to analyse interdependencies between critical infrastructures have been proposed in recent years. However, the balance of level of complexity and simplicity is challenging (Utne, Hokstad, & Vatn, 2011). Moreover, there is little experience on imaging scenarios that change assumptions and situations that can escalate off-the-scale (Topper & Lagadec, 2008). As a complement to traditional risk management, resilience engineering focuses on knowing what to expect in the sense of anticipating threats and opportunities such as potential changes, disruptions and their consequences. This capability provides inputs to the capabilities to monitor and respond.
While organisations need to maintain the capacity to deal with traditional crises using a risk management approach, innovations are required to deal with new type of crises. These innovations are not seen as a replacement but as a complement to existing capacities. Therefore, organisations need to deal with the trade-offs preparing to crisis through predefined plans and procedures to address expected situations as well as developing adaptable and flexible capabilities to prepare to unexpected situations.
Resilience management addresses the enhancement of the abilities of an organisation to sustain adaptability and continue operations as required to a changing context. It includes “everyday operation” as this information is essential to ensure that the organisation functions under expected and unexpected situations alike. This information includes how multiple activities work together to produce successful outcomes for different kinds of systems and organisations at different levels. It combines technical structures and social systems and interplay of different kind of systems and organisations at different levels, which traditional risk management approaches have difficulties to address.
At community level, the human component is central, because in the majority of disasters, resilience depends first on the actions of the people operating at a neighbourhood scale, but also on the actions of the different levels of organisations. To frame the difference of resilience from a brief treatment of the traditional view of the four stages of emergency and disaster response is presented below (there is extensive literature on the subject):
- Mitigation/prevention often consists of systematic risk assessment, considering the conditions that generate risk. Interdependencies among environments are mapped, considering the physical (gives rise to destructive events), built (vulnerable to risk), and social (affected by severe events) environments. This has traditionally been organised in a distributed fashion where citizens, businesses and practitioners share the task of reducing risk. Mostly, a top-down prevention (from government, regulators/inspectorates, to operations) approach has been implemented of designing prevention mechanisms for known risks, regulation and inspection, detailed task lists and plans, and building on lessons from previous events.
- Preparation is necessary because not all disasters can be prevented. Disasters as a result of the nature and characteristics of the physical environment cannot be prevented, and there are strong arguments that also in the complex socio-technical built environment accidents are “normal”, although most could theoretically be prevented. This stage takes the form of designing and establishing policies, organisational structures, and resources, making sure that responders are trained and facilities ready, based on careful and informed assessment of potential risks and interdependencies. A challenge is however that the nature of the next contingency is unknown, and therefore difficult to prepare for, which the concept of resilience aims to address.
- Response operations have the purpose of averting or containing a threat, minimising damage, and/or preventing critical systems’ breakdown. Typical challenges are the ability to understand the immediacy of response strategies and communication that is likely to be hampered by time pressures and fundamental uncertainty, and the fact that coordination mechanisms, responsibilities and authorities often are unclear or not appropriate for the specifics of the response. The response capacity also depends on results, focus, and investment in mitigation/prevention and preparation to allocate resources and expertise in a timely manner.
- Recovery strives for quick return to normalcy. In the aftermath the aim is to derive lessons to be learned, with may also involve accountability and political-administrative investigation that may take considerable time and effort. Another challenge is that the decisions to avoid recurrence may lead to unintended consequences due to the complexity and unpredictability of interactions between the physical, built, and social environments.
The table below summarises contribution of resilience research and development to current risk management practices when dealing with crises.
|Risk management||Changes||Resilience management|
|Organisations have investment and implemented protective infrastructure||Changing in the nature of crises||Organisation invest in the ability to maintain operation and continuity of operations for different kinds of system, organisations at different levels|
|Command and control: Appropriate institutional structures, clear mandates supported by policies||Management processes that can be adapted to situational demands||Preparation for flexible and agile management and organisational processes (e.g. through training and other efforts at establishing common ground)|
|Risk assessment based on historical events, identification and analysis of threats and hazards and vulnerabilities||Detecting emergent risk require significant efforts.||Forward looking analysis to complement risk assessment|
|Scenario based emergency planning, maintenance of equipment and supplies||Address trade-off between highly specialized expert centres or ensuring proximity of response services||Capability planning and network building to ensure various capabilities and capacities are mobilized|
|Training to test plans and procedures e.g. table-top exercises or large-scale exercises||Train in leadership and network coordination not to test understanding of plans but the ability to innovate in an stressful situation.
Strategic crisis management training to be able to improvise and innovate and flexibilityStrategic engagement from centres of agencies dealing with crises
|Detection and crisis development monitoring: Early warning systems based on monitoring forecasting, warning messages to activate predefined plans (emergency or contingency)||Non-linear dynamics, hidden interdependencies and complexity of modern crises make difficult to detect||Strategic foresight: Sense making capabilities, capability to “think outside the box” and come with innovative scenarios that might occur, use of weak signals before and during crises using multidisciplinary expertise.|
|Command and control according to hierarchical break-down of tasks and responsibilities||Trade-off between emergency response at local level and centrally managed at national level. Role of civil society (e.g., NGOs) is growing.||Managing a response network. Crisis identification and monitoring role of expertise and polycentric governance. Policentricity emphasizes the co-existence of many decision centres with different level of autonomy. It uses local knowledge as well as common pool of resources. Flexible and agile management and organisational processes of the response, adaptive to organisational demands|
|Standard Operating Procedures (SOPs) designed and enforced||More flexibility according to situational demands||Flexible and multipurpose crises management teams and facilities|
|Strict lines of responsibilities||More flexibility according to situational demands, focus on common ground and cooperative crisis management||Common concepts across agencies to inform leadership with high adaptive capacities|
|Sectorial approaches||Need for a more holistic and broader view of risk and opportunities through a multi-threat approach||Similar tools and protocols that could be used for multi-crisis
International cooperationManagement of large-response networks
|Crisis communication organized in a top-down manner from local/regional/national government agencies to the general public in a normative way to influence behaviour||Use of social media, focus on dialogue and a view of seeing the general public as a resource for aiding the response||Crisis communication on the basis of mutual dialogue and a strategic awareness of crises including a multitude of new media|
|Feedback to improve SOPs||Enhanced learning capabilities||Feedback. Using lessons learned to rearrange or re-structure the way the organisation works|
The DARWIN Resilience Management Guidelines (DRMGs) consist of guiding principles to help or advice a certain organisation in the creation, assessment or improvement of its own guidelines. Such principles should help the organisation in developing a critical view on its own crisis management activities (management of resources, procedures, training, etc.) based on resilience management concepts. The organisations we refer to in DARWIN can be either private or public companies, authorities or governmental agencies (either at international, national or local level) which are considered as a critical infrastructure or part of it or which are relevant for the functioning of a critical infrastructure.
It is important to underline that the DRMGs could become complementary to guidelines, procedures and practices already present in a certain organisation, but they are not intended to replace them. The assumption is that the necessary knowledge and competences to establish organisation specific guidelines can only be available inside the organisation itself. On the other hand - as mentioned above - the adoption of the DRMGs by the relevant stakeholders in a certain organisation will guide the revision, improvement or even creation of new guidelines, but always as an initiative internal to the organisation.
Consistently with this nature, the DRMGs are mainly addressed to policy makers, decision makers and managers at different levels in an organisation. They can only indirectly affect the activities of front line operators or first responders in crisis management, since these actors are users of those guidelines, procedures, practices that may have been redesigned or generated ex novo, after the adoption of the DRMGs by their organisation. As mentioned above, the DRMGs are principles based on resilience management concepts, which indicate criteria to increase the resilience of an organisation. In this respect, they do not consist of step-by-step prescriptions. They need to be interpreted in the specific context of their application and to be adapted to the specific goals and characteristics of the organisation in which they are adopted.
How to use the guidelines
Work has, for the moment, largely focused on the development of the guidelines. However, part of the guidance provided by the DRMG should support end-users in implementing the interventions proposed in their management practices. Such guidance will be provided in greater detail in the next deliverable, D2.4, in part because it will be an output of the development of domain-specific guidelines in T2.2 and T2.3. However, this section will describe the basic structure and type of content available in the guidelines and their basic components, the Concept Cards.
CCs propose interventions that can be implemented in order to reach the capabilities identified in crisis management practices and scientific literature. The guidelines build on the CCs by organizing and relating them. This aspect of the guidelines is a consequence of the fact that resilience management capabilities are not independent. For instance, the management of adaptive capacity requires that coordination is properly supported between operational units; these two types of resilience management capabilities are different, but interdependent. Each CC consists of a set of pieces of information that provide support to the understanding and implementation of the interventions proposed. The following elements of content are provided:
- Background information to describe the objectives and rationale underlying the resilience management capability addressed, as well as associated benefits, challenges and actors of crisis management.
- Descriptions of interventions, organised by phases of crisis management (before, during and after). These description often include “triggering questions” that aim to capture essential issues users should think or try to address. These questions also aim to help users adopt a resilience-oriented perspective, which might differ from typical views on risk and safety. The interventions often refer to strategies, methods, tools and practices that are selected from literature or experience, and presented succinctly (main elements of implementation, relevance for the CC, and reference to external sources for additional information). When possible, CC rely on illustrative examples and hints to provide additional guidance, estimate maturity in terms of technology readiness levels (TRL), and discuss cost of implementation.
- Categorisation information that associates the CC with high-level themes or categories, resilience abilities, functions of crisis management, and types of actors. Most of the time, CCs are associated with multiple items in each category, which as a result, serve as a tagging mechanism more than a hard classification. An important purpose of the categorisation information is to serve as a navigation mechanism and suggest associated content in order to facilitate the implementation of the CC in the general guidelines context. For the same purpose, relationships with other CCs are provided when relevant.