During the past few years, my Security 500 research has identified the move of business resilience under the security umbrella in many organizations. Business resilience is defined as business continuity, emergency management and disaster recovery. The question is squarely in front of our profession now: Could any level of preparation ready an organization for the March 11 earthquake and tsunami in Japan as well as the resultant nuclear catastrophe that continues to unfold?

“More and more security practitioners are being assigned the lead responsibility or a major role in business continuity, crisis management and emergency response, so our knowledge experts put together some guidance that can be utilized in the aftermath of this crisis in Japan,” says Bob Hayes, CEO of the Security Executive Council.

Anticipating that events of this magnitude are the responsibility of government agencies and not the purview of private organizations may be shortsighted. Among the lessons learned after Hurricane Katrina were that private companies, including WalMart and Target, were more resilient and restored to restore supply chains and provided vital resources, such as bottled water and medicines, to affected areas than the government. The fact was that “Browny” and FEMA were not doing, “A heck of a job.”

No surprise that a recent CNN news poll indicated that only 20 percent of responders have faith in the government’s ability to respond to emergencies.

That means your organization must take its fate into its own hands and be prepared for the worst case scenario (with a best case budget). Fortunately, we are not often faced with disasters of the magnitude and aftermath that Japan is experiencing, but disruptive events are happening on a regular and less intense basis, especially in the international arena.

As you know, your brand and business reputation are at great risk based on your organization’s response and resilience. The BP gulf disaster is Exhibit A.

Rad Jones and Jerry Miller, the Security Executive Council’s faculty members, who are also affiliated with MSU, have created a Crisis Management tabletop exercise that provides your crisis management team with simulated critical incidents. The exercise takes participants through a discuss, determine, solve decision support process that lay the groundwork for preparing for and responding to an actual event.

Bob Hayes shares, “In the past when incidents of national or global consequence occur such as the H1N1 Pandemic, or now the Japanese earthquake and Tsunami, the SEC tries to share meaningful and actionable material with the security community at large in order for all to respond more quickly and with a higher degree of confidence. In this case our partnership with MSU and their experts who have carried this issue and knowledge to communities for years through DHS and FEMA, made perfect sense to share their knowledge with as many as possible.”

The exercises work with your organization to able to deal with:

There is some organizational leadership and corporate politics to business resilience. Security is in the uncomfortable position of not being able to do nothing and everything. There is a comfortable ‘be prepared’ without crying wolf medium that your board and/or CEO cannot define, but they expect you to find it and present it.

Tabletop exercises present world scenarios and deliver cost effective best practice plans and practice. And they help you focus on realistic scenarios most highly correlated with business and reputational risk.

The Security Executive Council’s tabletop program is designed to be both efficient and effective by meeting the following objectives:

Key to a highly functioning crisis management team is the communication, understanding and teamwork that results from the exercises themselves. The Security Executive Council program not only helps your organization, but shares the best practices and learnings from all of the organizations that participate.