How do you like your toast? Lightly crisped to caramel-colored perfection, or dark and coarse with burned bits for flavor? Regardless, you may have to prepare it at home because many employers of today are adopting employment practices that ban small appliances such as toasters, tea kettles, and portable heaters at work. This is just one example of the seemingly never-ending HR tasks of interpreting and applying the various safety standards required in the workplace.
Protecting workers from identified job hazards (and themselves) is not the only focus of an employer's risk management efforts. While fire risks and personal safety are important, HR is also called upon to:
Many of the risk management efforts of the past have placed a heavy emphasis on complying with the standards established by the Occupational Safety and Health Administration (OSHA). Covered in more detail in the labor law appendix, OSHA continues to consider and adopt various safety standards designed to prevent incidents in the workplace (see Figure 7.1).
The National Institute for Occupational Safety and Health (NIOSH) exists to study trends, patterns, and the science of workplace safety. NIOSH often makes recommendations to OSHA for standards that should be adopted. State and local governments and unions play a part in obligating employers to worker safety. For example, in the Central Valley of California, where summer temperatures frequently exceed 100 degrees, agricultural workers were experiencing high incidents of heat illness, heat stroke, and death. The problem became so severe that California adopted a Temporary Emergency Standard for employers, bypassing the regular process for approving new safety standards. In order to comply, affected employers must provide training for employees, and access to water, shade, and rest under hot conditions.
The European Union also has adopted a framework for occupational safety and health standards. The European Agency for Safety and Health at Work issue OSH directives (EU-OSHA). Similar to the American OSHA standards, these directives provide guidance to employers in the areas of evaluating, avoiding, and combating safety and health risks to employees and the company. Unions and works councils also take responsibility for designing and enforcing workplace safety provisions.
For countries without legal regulations governing employment safety and health programs, international HR practitioners will need to adapt practices in areas of health and safety that are culturally relevant to protect both the workers and the employer from risk and liability. Dealing with outdated equipment and a poorly trained workforce often is addressed through an international health and safety management program.
Regardless of the existence of laws governing employer safety requirements, the prudent HR professional has in place steps to address workplace risk. As with most other HR activities, these steps are the result of a needs assessment.
How do we know what laws apply to our organization? What clear and present dangers lurk in the figurative cubicles of our facilities? What is the root cause of injuries at our workplace? Who is at risk for global illnesses, and how do organizations prevent them? How can HR prove to legal agencies that the organization is taking steps to prevent injuries and accidents from occurring? The answers to these questions can be found by doing the all-important HR task of conducting needs analyses, conducting risk assessments, or conducting threat assessments. Regardless of what the process is called at your company, there are a variety of tools and resources available that you need to know about in order to accomplish this task. These are covered next.
A safety self-inspection documents an employer's effort to identify hazards and take corrective steps. The goal of these efforts is to correct hazards and prevent incidents. For this reason the findings may be used to:
OSHA has on its website a self-inspection checklist that employers may modify to fit their individual needs. From a general perspective, OSHA recommends that employers review the following:
Equipment, job planning, layout, heights, floor loads, projection of materials, materials handling and storage methods, training for materials handling equipment.
Floors, walls, ceilings, exits, stairs, walkways, ramps, platforms, driveways, aisles.
Waste disposal, tools, objects, materials, leakage and spillage, cleaning methods, schedules, work areas, remote areas, storage areas.
Equipment, switches, breakers, fuses, switch boxes, junctions, special fixtures, circuits, insulation, extensions, tools, motors, grounding, national electric code compliance.
Type, intensity, controls, conditions, diffusion, location, glare and shadow control.
Type, effectiveness, temperature, humidity, controls, natural and artificial ventilation and exhausting.
Points of operation, flywheels, gears, shafts, pulleys, key ways, belts, couplings, sprockets, chains, frames, controls, lighting for tools and equipment, brakes, exhausting, feeding, oiling, adjusting, maintenance, lockout/tag-out, grounding, work space, location, purchasing standards.
Training, including hazard identification training; experience; methods of checking machines before use; type of clothing; personal protective equipment (PPE); use of guards; tool storage; work practices; methods for cleaning, oiling, or adjusting machinery.
Purchasing standards, inspection, storage, repair, types, maintenance, grounding, use and handling.
Storage, handling, transportation, spills, disposals, amounts used, labeling, toxicity or other harmful effects, warning signs, supervision, training, protective clothing and equipment, hazard communication requirements.
Extinguishers, alarms, sprinklers, smoking rules, exits, personnel assigned, separation of flammable materials and dangerous operations, explosion-proof fixtures in hazardous locations, waste disposal and training of personnel.
Regular and preventive maintenance on all equipment used at the worksite, recording all work performed on the machinery, and training personnel on the proper care and servicing of the equipment.
Type, size, maintenance, repair, age, storage, assignment of responsibility, purchasing methods, standards observed, training in care and use, rules of use, method of assignment.
Motor vehicle safety, seat belts, vehicle maintenance, safe driver programs.
Medical care facilities locations, posted emergency phone numbers, accessible first aid kits.
Establish and practice procedures for an emergency evacuation (e.g., fire, chemical or biological incident, bomb threat); include escape procedures and routes, critical plant operations, employee accounting following an evacuation, rescue and medical duties, and ways to report emergencies.
Employer self-inspections should be conducted on a regular basis. For example, you could do a daily walk-through of the facility to ensure that no immediate hazards exist such as blocked emergency exits or slip/trip hazards. On a monthly or quarterly basis you may want to complete a full-scope inspection, such as the one recommended by OSHA. On a semiannual or annual basis, it may be prudent to work with your insurance carrier, fire department, building inspector, or other external resource to ensure your workplace remains free from notable hazards.
OSHA defines the term hazard as “the potential for harm.” A job hazard analysis is a tool used to evaluate hazards that are job specific. By evaluating these hazards, employers can take steps to control the exposure and thus reduce the likelihood of an injury, illness, or accident. As with most assessments, a focus on prevention will include:
In order to complete a job hazard analysis, it is important to involve the employees who are doing the work. Employees understand best the potential risks associated with the environment or equipment relevant to the job tasks. Their supervisor is also a good resource, as he or she may have a unique perspective to contribute on how a hazard may be eliminated. If a hazard cannot be completely eliminated, ask the supervisor and employees for solutions related to the hazard controls found in Figure 7.2.
Deciding which jobs to evaluate may seem a daunting task to the HR professional working at a company with hundreds of job classifications. A best practice is to analyze injury and accident records to look for jobs that have higher incidents of injury. Along with frequency, look for which body parts are most commonly affected. Sort the data three ways—at the organizational, department, and individual levels. Next, identify high-hazard jobs in which fire or chemicals are used. Review positions that involve risk taking, heights, or ladder use, paying special attention to environments in which employees work in extreme heat or cold. These are all excellent places to start the job hazard analysis process. Don't forget to review near-miss reports as well.
OSHA has identified the following questions to ask when conducting a job hazard analysis:
A sample job hazard template is found in Table 7.1.
Table 7.1 Sample Job Hazard Form
Job Location Food Distribution Warehouse |
Analyst Safety Sandy |
Date |
Task Description Warehouse employees drive an electric pallet jack to place boxes of soda syrup onto a pallet for loading onto a delivery truck to customers. The syrup weighs between 30 and 50 pounds per box. |
||
Hazard Description The product is stored on a 12-tie pallet that is loaded four boxes high. When received, the pallet is stored flush up against a warehouse wall. When employees deplete the first row of boxes, they must reach across the tie and pull the product toward them, and then stack it onto the jack by hand. Hazards include:
|
||
Hazard Controls Engineering Pull the storage pallet away from the wall so the employees may access the product on all sides. Administrative Conduct safety training in proper lifting techniques, including safe reaching. PPE
|
Investigating all incidents—injuries, accidents, and near misses—is a practical way for HR to identify the threats and exposure to all workers.
Incident investigations are an important component of any organizational safety program. Often conducted by an individual supervisor or member of a safety committee, these investigations focus on determining if an unsafe act or unsafe condition has caused an injury, accident, or near miss. The unsafe act or unsafe condition is known as the indirect cause of the accident. The direct cause is the “unplanned release of energy, or hazardous material.” See Figure 7.3 for a visual representation of this concept from OSHA. When investigating injuries, it is important to identify both the direct and indirect causes of harm. This information is used to ensure that any future preventive efforts address the fundamental element(s) that contributed to a safety incident. Prevention efforts may be focused on eliminating an unsafe condition (see previous discussion of hazard controls) or addressing an unsafe act committed by a worker. Addressing employee unsafe acts is most commonly achieved through training, coaching, and/or discipline. A word of caution when using discipline, especially if an employee was injured: The discipline must address the employee's unsafe behavior, not discipline the employee for getting hurt. The discipline may be interpreted as an act of retaliation against an employee for getting hurt or reporting an injury. Employee morale is also affected when injured workers are disciplined. See the “In Real Life” feature example.
Steps to an appropriate incident investigation may go as follows:
The first priority when responding to the scene of a workplace accident is to secure the area so nobody else gets hurt. The second priority is obtaining care for any injured party. In many cases, achieving both of these outcomes may require the designation and training of first responders. The depth and scope of first responder responsibilities may vary. A risk assessment will help the proactive HR professional determine the need, define the responsibilities, establish the procedure, and train the workers.
Another way to identify risks associated with the business of work is to review historical data. When looking at past incidents, patterns tend to emerge. This bears out even at a national level, and trickles down through industry statistics and geographic clusters. Take a look at the feature to practice interpreting data.
Calculating incident rates is another way an employer may identify the needs of a workplace safety and health program. OSHA defines an incident rate as the number (frequency) of injuries, illness, or lost workdays per 100 full-time workers. Rates are calculated using the formula:
where:
After an employer has assessed the types of risks to its employees and company, the next step is to design programs and plans for prevention and response.
An injury and illness prevention plan or program (IIPP) is part of an overall safety management program designed to reduce or eliminate workplace injuries and illnesses. Employers with 10 or fewer employees are not generally required to have a written plan in place. In order for an IIPP to be successful, OSHA recommends that:
The work-relatedness of injuries affects inclusion of the event in the incident rate calculation, recordability for OSHA record-keeping purposes, and compensability under an employer's workers' compensation insurance. For an injury to be work-related, the employee had to have been injured or become ill while acting within the scope of his or her job. For example, let's say a receptionist is driving to the post office as part of her regular duty to pick up mail. She is in a car accident and breaks her foot. This injury would be considered to be work-related because she was acting on behalf of her employer at the time of the event. Compare this example with an employee who is driving to work as part of her normal commute and is in a car accident, also breaking her foot. This latter incident would not be work-related, as she was not acting on behalf of her employer at the time.
These distinctions are important, particularly when complying with OSHA's record-keeping requirements. Most employers with 10 or more workers must complete the OSHA 300 log for any recordable illness or injury, and post the summary from February through April.
Employers are not required to record first aid—only events. OSHA defines first aid very specifically:
See Figure 7.4 for the decision tree of when to record an injury or illness that occurred at the workplace.
In 2017, a new rule took effect requiring some employers to submit their injury data electronically. OSHA will analyze this information for use in trend identification and prevention efforts. The information may also be posted on the OSHA website to “encourage employers to improve workplace safety and provide valuable information to workers, job seekers, customers, researchers and the general public.” See Figure 7.5 for the compliance schedule.
Employers have a responsibility to return injured workers to their preinjured state, or to compensate injured workers if they cannot be rehabilitated. This is an absolute right of all employees, and employers are therefore required to carry workers' compensation insurance (paid for by the employer) as part of an overall safety management program. Things you should know about workers' compensation insurance include:
Business travelers and expatriates have unique needs for an employer's health and safety programs. Employers have a global duty of care to keep international assignees safe. A crisis management plan takes into account factors such as language barriers, access to medical services, availability of emergency response, and infrastructure components that will drive the ability of an employer to respond to an international threat or industrial accident. International HR practitioners should know and communicate to assignees the proper agencies to contact, such as the Bureau of Consular Affairs of the U.S. Embassy, and who the employee should contact internally in the event of an emergency.
Kidnap and ransom insurance is another practical tool employers may use to assure international assignees that the employer takes the risk of hazardous assignments seriously. Brokers who provide this type of policy are available to help organizations create a crisis management plan, and partner with resources abroad to provide communication, negotiation, medical, and emergency travel service when needed.
A return to work (RTW) program is the effort by the employer to help injured or ill employees get back to work in a transitional capacity until they are able to return to full-duty work. RTW is not only for those with a work-related injury. These programs can be built to respond to the many types of disabilities that may keep some people from getting back to work at all.
RTW programs benefit both the employer and the employee. For example:
Wage replacement is often paid for through the company's workers' compensation insurance carrier. This adds to the overall cost of the injury, and thus affects the employer's experience modifier on which annual premiums are calculated. An RTW program finds tasks, duties, and responsibilities that accommodate an employee's limitations, and the employee is thus paid through regular payroll rather than collecting an insurance payment while on lost time. For non-work-related injuries, bringing people back to work in a restricted capacity has been shown to lower the overall lost time, keeping work flow, customer, and morale disruptions to a minimum.
For the employee, workers' compensation and disability insurance law has built in maximum payment amounts. In New York, for example, the maximum amount injured workers may earn while off work is two-thirds of their average weekly wage. This may cause financial hardship for the employee. In an RTW situation, an employer may choose to pay the employee's full wage to incentivize the employee to come back to work so the employer gains the benefit of a reduced total claim amount. In some cases, however, the employer may be able to lower the injured worker's wages to account for the lighter duty. This is a strategic consideration for discussion when planning an RTW procedure.
An important member of a return to work program is the licensed physician. The doctor diagnosing and treating the injured worker must have access to an objective summary of the employee's regular tasks, duties, and responsibilities on the job in order to accurately determine restrictions. This allows the physician to provide clear instructions to both the employer and the employee on what work may be done in a modified capacity, or not at all. For this reason, HR should be prepared to send over a current, accurate job description describing the essential functions, physical requirements, and mental abilities that are part of regular job duties.
In some cases, there is a discrepancy between what employees think they are able to do and what the doctor says they are able to do. In these cases, an independent medical exam (IME) may be necessary. Performed by a neutral third-party physician, the IME is used to provide an objective view of the employee's condition.
Reasonable accommodation is the process of the employer working within the restrictions conveyed by the doctor. It has legal implications under the Americans with Disabilities Act, in which employers are obligated to engage in an interactive dialogue to determine if the employee is qualified to work.
Despite all the different ways employees can be injured at work, employers can take very effective steps to reduce exposures. These steps begin with planning. The most valuable output from the planning process is not always the written plan. The process of assessing risk, talking with employees, and reaching out to the experts serves to create depth in organizational behaviors for managing risk. For this reason, HR should not be locked in the back office filling in the blanks on a template in response to a consultant's urging. HR must advocate for thoughtful, engaged action to produce effective programs that have management and employee support. Detailed plans, policies, and procedures allow employers to demonstrate compliance with various labor laws, communicate expected standards of behavior to employees, and develop prevention and intervention procedures where appropriate.
Natural and man-made disasters occur in all parts of the world, and present very real threats to employee well-being and business survival. Acts of terrorism, acts of workplace violence, and natural disasters such as hurricanes have prompted companies to expand the role of human resources to prepare for disasters.
Ready.gov is a website developed by the Department of Homeland Security (DHS) that has several excellent examples of plans and actions employers may take to be ready in a crisis.
The threat assessment in this planning competency relates to identifying business impact. As described by the DHS, HR must consider and analyze the tangible and intangible impact of:
Figure 7.6 shows the four main steps described by the DHS to take to prepare a business continuity plan:
See Table 7.3 to review OSHA's requirements for emergency response and fire prevention plans.
Table 7.3 OSHA Response Plan Requirements
Source: Occupational Safety and Health Administration (OSHA).
All of OSHA's safety standards have emergency action plan requirements. Following are examples from the General Industry Standards for emergency action plans and fire prevention plans: | |
Emergency Response Plan | Fire Prevention Plan |
1910.38 (a) through (f) Emergency action plans:
|
|
The FBI describes some disaster events as “media-intense.” For example, the highly visible post office shootings in the 1980s and 1990s prompted the pejorative phrase going postal to reference a disgruntled employee. The terrorist attack on September 11, 2001, was the largest incident of workplace disaster in American history. In the event of a disaster, a response plan should explore how any media inquiries will be addressed.
The post office and 9/11 references are both examples of disasters classified as workplace violence. These are covered next.
Workplace incivility can very quickly lead to harassing and bullying behaviors. Rude coworkers and lack of courtesy contribute to an overall environment of tension and strain. In a climate where incivility and disrespect are the norm, negative interactions and conflict can quickly escalate into hostile, bullying, or violent behaviors.
Workplace violence plans and programs should be primarily focused on taking proactive steps to minimize the likelihood of a violent incident on the job, and plan for a coordinated response should an event take place. The first step is to create and encourage a company culture where professionalism and courtesy rule all interactions, and managers are trained in conflict deescalation when necessary.
In order to be effective and taken seriously, top management must support prevention efforts. In some cases this means taking serious steps to drive culture changes in a toxic environment. A lack of trust within a company may also require top-level intervention to avoid workplace violence. Organizational cultural issues such as abusive managers will act as barriers to any practical efforts of HR to address and, most important, prevent workplace violence issues.
An example of the practical efforts of an HR professional to address workplace violence threats is to help select and develop a program. A threat assessment is one tool that may be used to accomplish this effort. In addition, working with local law enforcement agencies or professional threat assessors will educate HR on the needs of the organization. These professional resources are able to offer advice on how best to deal with escalated events characterized by weapons, hostage situations, or terrorist threats. Gathering legal advice and concerns regarding potential loss and liability will also be an important step in developing the company prevention and response plans. Legal resources that will be charged with defending any policy or program should also be part of the planning or review process.
Preventive steps include written policies, employee training, and response planning to minimize the effect of an incident.
A written policy should be in place that defines the behavioral expectations for all employees. This includes a list of prohibited conduct, such as:
Domestic violence is another area that should be addressed in a policy. The Centers for Disease Control (CDC) refers to intimate partner violence (IPV) as physical, sexual, or psychological harm by a current or former partner or spouse. The CDC estimates that victims of severe IPV lose thousands of days of paid work each year as the result of violent episodes.
An employer may choose to address the threat of workplace violence through a statement of zero tolerance in its handbook. The policy may establish how the employer will respond if an employee is convicted of a crime of violence, reserving the right to discipline/discharge workers under certain conditions. An effective policy will define the reporting procedure for employees who believe they have been victims of workplace violence, the investigation procedure, the rights and responsibilities of affected employees, and a description of how the employer will deal with issues of confidentiality and privacy.
Training offers many opportunities to employers who wish to have a comprehensive workplace antiviolence program. Training teaches employees about acceptable and unacceptable workplace behaviors. A training session should review warning signals that often precede violence, and teach the employees how to report their concerns.
Supervisor training is an important component of an employer's violence prevention efforts. Teaching supervisors how to manage and deescalate conflict may reduce the likelihood of a situation getting out of control. Educating supervisors on the legal liability issues associated with workplace violence—including personal liability should they become a harasser—can help communicate why they are critical to an organization's prevention efforts. Helping supervisors recognize warning signs of violence gives them the ability to intervene early, while giving them a clear, supportive procedure to guide their efforts.
All training should encourage employees to report suspicious behavior, or behavior of their coworkers that seems out of character or escalating in frequency or force. The employees need to know when to report and what to report, and be assured that the company takes their concerns seriously. Finally, employee training should make clear that employees who report concerns will not be retaliated against. Often, a combination of the employer's own policy and code of safe practices along with an external resource such as a professional training program is effective for communicating the workplace antiviolence program elements.
Despite an organization's best attempts, workplace violence incidents unfortunately still occur. An employer must be prepared to respond to a crisis, whether it is related to domestic issues, an escalated workplace conflict, disgruntled former employees, or terrorism. For this reason, taking the lead in response planning is a critical function of human resources.
In 2015, an active shooter/attempted bombing situation took place in San Bernardino, California. The shooter was an employee who targeted his coworkers at an office holiday party, killing 14 and seriously injuring another 22. This and other tragedies leave many wondering whether these situations can be predicted. The surprising answer is that sometimes they can indeed be foreseen. There are consistent behavioral signals that may indicate a problem is escalating; OSHA notes that it is often more likely that a pattern or multiple indicators will be present. These may include:
Excessive sick leave, excessive tardiness, leaving work early, improbable excuses for absences
Supervisor having to spend an inordinate amount of time coaching and/or counseling employee about personal problems, redoing the employee's work, dealing with coworker concerns, and so on.
Making excessive mistakes, poor judgment, missed deadlines, wasting work time and materials
Alternating periods of high and low productivity and quality of work, inappropriate reactions, overreaction to criticism, and mood swings
Easily distracted and often has trouble recalling instructions, project details, and deadline requirements
More accident prone, disregard for personal safety as well as equipment and machinery safety, needless risks
Marked changes in personal grooming habits
Some of the more notable acts of workplace violence seem to be around workplace homicide. But a far greater percentage of violent incidents take the form of damage to company property, verbal abuse or aggression, and concealing or brandishing a weapon.
Again, these examples are a matter of degree, and should be framed in the context of other behaviors. However, direct threats should always be taken seriously.
Taking preventive steps within the scope of other functional areas may also serve HR's priority on prevention. Consider background checks to screen out any potentially violent new hires, a function of Workforce Planning and Employment. Or conduct employee surveys as part of an employee labor relations strategy to identify any unknown threats. Management coaching using techniques defined in the Human Resource Development chapter may be appropriate. And finally, workplace violence incidents are more likely to be caused by workers under the influence of drugs or alcohol. This means that an employer's protective efforts must include a substance abuse program.
Another plan HR must prepare is a substance abuse plan. There are many reasons why an employer should have plans and policies in place to address substance abuse in the workplace. The U.S. government has found that more than 70 percent of substance abusers have jobs, making this relevant across industries and states. Substance abusers tend to have lower productivity, increased absenteeism, more accidents, and higher health care costs.
Many employers start with a policy that addresses the use of both legal and illegal substances that affect work performance. Considerations include notifying the employee that the employer reserves the right to search employee belongings if an employee is suspected of possessing alcohol, controlled substances, or illegal drugs. It is also necessary to address the accommodation of an employee who is seeking treatment or rehabilitation for an addiction. A plan may define what steps an organization will take, including discipline expectations, referral to an employee assistance program, or time off from work to seek treatment.
Supervisors and managers should be trained to identify the signs of an employee who may be under the influence. In some cases training is required, such as the reasonable suspicion training under the Department of Transportation rules governing commercial drivers. Specifically, the Federal Motor Carrier Safety Administration requires:
…supervisors of commercial motor vehicle drivers who operate vehicles that require a commercial driver license to take 60 minutes of training on the symptoms of alcohol abuse and another 60 minutes of training on the symptoms of controlled substances use (120 minutes in total). The purpose of this training is to teach supervisors to identify circumstances and indicators that may create reasonable suspicion that a driver is using or under the influence of alcohol or drugs, supporting referral of an employee for testing.
—49 CFR 382.603
Signs and symptoms covered in training include:
Slurred speech, flushed face, staggering, fatigue, rolling or red eyes
Poor job performance, irritability, aggressiveness, missed work or tardiness
Depression, emotional instability, anxiety
Employer drug and alcohol testing policies include language related to postoffer, postinjury, and reasonable suspicion, sometimes called fit-for-duty testing.
Security audits will identify the types of physical hazards present at a place of work. Calling upon the expertise of facilities managers and HR, along with third-party experts looking for vulnerabilities, will produce a to-do list of meaningful tasks. Factors such as access, lighting, and traffic patterns are evaluated and assessed against potential risk.
Taking this step is important not only for employee protection, but also for company image. Wal-Mart has taken a beating in the media for having multiple layers of security against store theft, but paying lackluster attention to securing the stores' acres of parking lots. Several attacks on customers have been featured on the news, forcing Wal-Mart to defend its security priorities. HR is usually responsible for collecting requests for proposals (RFPs) for security services to help guard facilities if necessary.
Risk to a company's cash flow can be controlled specifically through its inventory levels. For example, $100,000 worth of cooling unit compressors lining the warehouse racks represents $100,000 of a noncash asset. For this reason, steps should be taken to help control the variability of purchasing and to moderate cash flow. While not an HR task per se, it may be necessary for HR to work with employees to develop plans and procedures to regulate the process.
“Password1.” Look familiar? It might, because a 2015 Trustwave Global Security report identified it as still the most common password in use today. This and other findings are troubling in the context of data security.
Industries such as retail and fast food remain high on the list of targets; specifically, criminals attempt to gain access to the information stored on the magnetic strip of a credit or debit card used for customer purchases. The Trustwave report found that 50 percent of the victims targeted were in the United States, followed by 24 percent in Australia and 14 percent in the United Kingdom. It's obvious that in a world of business being conducted more frequently online, employers have to pay attention to cyber liabilities.
The first step to reducing liability is to have a written policy clearly outlining the terms of acceptable use of all sensitive information. Data classification policies direct employees on what information is most sensitive, and allows them to follow proper procedures to protect it. Asking employees to sign confidentiality agreements is a paper defense against stolen trade secrets and other proprietary information. Technical solutions such as tiers of access can be a simple, effective way to reduce the risk of data theft. Educating employees on the importance of password protection can help as well. The Trustwave report shared that it takes one day to break an eight-character password compared to 591 days it takes to crack a 10-digit code. More complex firewalls must be investigated and adopted as recommended by experts, driven by the nature of work that HR is called upon to guard.
HR may also research and form a business case to management to purchase cyber liability insurance, which covers employee and customer information should theft occur.
Taking action when a breach is discovered is an urgent task for HR. Practices begin by notifying those who may have been affected by the breach. Some employers take the additional precaution of offering credit monitoring protection for 12 to 24 months to help protect victims of data theft from experiencing a tangible loss.
Additionally, most employers have a very low tolerance for system emergencies. Reliance on computers, voice over Internet Protocol (VOIP) lines, and network connectivity disruptions can shut down operations for any length of time. HR may participate in the effort to develop software, hardware, and behavioral strategies for data maintenance and recovery in the event of an emergency.
In the absence of employee compliance behaviors, a company's plans, procedures, and programs are mere paper tigers. Employees must know what is expected of them, and HR must take steps to test, audit, and measure the efficacy of the programs. In general, human resources should conduct:
There are four techniques an employer may use to manage the risks to the company.
Changing a work process to be safer is the ideal response to an identified hazard. Repositioning a computer server so the cords are shorter to eliminate a trip hazard is one example of hazard elimination. Another method is to substitute a less hazardous material or piece of equipment. For example, employers may switch to a water-based paint rather than a solvent-based paint to reduce employee exposure to hazardous chemicals. Physical changes are the most effective way to reduce injuries, particularly when you eliminate the choice. An employee who has access to company bank passwords must be relied upon to choose not to use them for nefarious purposes. Simply limiting who has access to this information reduces the risk of a financial loss.
Adding safety equipment such as machine guards, lockout/tag-out tools, or personal protective equipment is another way to respond to an identified hazard. So also is conducting employee training on proper use of equipment or tools. Checking for travel warnings prior to international business trips can also help employers make decisions that reduce or eliminate exposure.
Transferring risk may include outsourcing the work to a subcontractor or vendor. Some employers opt to purchase insurance so that if an incident occurs, they have some protection from liability. Not all risk can be transferred, but it is one technique that can be effective in shrinking the target. Examples include corporate governance insurance, professional liability insurance, and directors and officers liability insurance.
The final risk management technique is for employers to accept a risk as a cost of doing business, and not engage in effort above and beyond normal business practices. For example, business bad debt seems to be unavoidable for many companies. Rather than employing a full-time collections agent or pursuing debtors through costly legal proceedings, an employer may identify a percentage of loss that is acceptable. The employer may then use the total as a tax write-off at the end of the year.
Just as with any other HR function, employers must take steps to measure the success or failure of their workplace safety efforts. Conducting trend analysis using injury data from the past is one way to predict future hazards and identify whether current controls are effective. Workers' compensation costs are a tangible cash asset that can be controlled through careful monitoring and intervention. Department incident data can point HR to areas of threat, targeting resources to minimize exposure. By emphasizing and measuring the efforts of safety and health programs, employers and employees will be better off. Positive outcomes include safer workplaces, lower insurance costs, and increased productivity.
3.15.220.201