The SBA and Agility Recovery do great work and offer some excellent guidance and tools for small businesses.
TR
Month July 2014
Business Continuity and Emergency Management Standards and Requirements
When building a business continuity or emergency management program – or the foundation of that program in a business continuity or emergency management plan – there is a lot of research that needs to be performed before much work can even begin. Some of the most critical research is the identification of the standards and requirements which apply to your program/plan. Note a significant difference in terminology between requirement and standard. Requirements are generally items that are in passed into law or included in regulation. Standards are typically developed by standards organizations or accrediting bodies and are generally looked upon as best practices within an industry. Standards are also more likely to be regularly updated whereas requirements (laws) are generally updated on a less often basis.
Where should you look for requirements and standards which apply to you? Much of it is based upon what industry you are in and where you are located.
Start locally. Research local laws and codes which may have requirements for certain industries. Local emergency management planning codes that I’ve seen include industries that use or produce specific chemicals, healthcare facilities, day care programs, and the hospitality industry (hotels and resorts), to name a few. These codes may require certain planning or notification elements which you must address. You should search the codes/laws of your city/town/village as well as your county. The clerks or emergency management officials for those jurisdictions should be of great help to you. States usually also have specific planning requirements found in state law and/or regulation which cover requirements for local jurisdictions as well as many of the industries mentioned previously. Contact your state emergency management agency as well as the state agency that regulates your industry for the best information.
Local and state laws comprise most of the requirements you will find – however certain industries may have federal laws or regulations which must be followed – many of these come from the EPA. Nationally, however, you are more likely to find standards. FEMA’s standard for emergency planning (which largely applies to jurisdictions but can certainly be used by other organizations) is found in Comprehensive Preparedness Guide (CPG) 101 – Developing and Maintaining Emergency Operations Plans. While there is no up front legal requirement to follow CPG 101 from FEMA, it may be a requirement of grant funding – yet another requirement you must explore and address. Certain industries seeking ISO (International Standards Organization) accreditation may need to follow various ISO standards on emergency management and safety. Overall, if your industry has a professional association or accrediting body, they are an excellent resource for you.
But isn’t there some standard that applies broadly to everyone? Yes – that is NFPA 1600. The National Fire Protection Association (NFPA) creates standards which apply to many industries and are often legally adopted as code by jurisdictions. The NFPA itself does not create law or regulation but they drive many of the standards we see across the nation in many applications including chemical production and handling, engineering, electrical, plumbing, building and development codes, fire codes and others. NFPA documents are developed through a consensus standards development process approved by the American National Standards Institute (ANSI). NFPA 1600 is the Standard on Disaster/Emergency Management and Business Continuity Programs. Typically access to NFPA documents requires membership or a fee per document (their material is copyrighted), however NFPA 1600 is seen as so critical and broad-reaching that the NFPA offers access to the document free of charge.
NFPA 1600 is comprehensive yet open enough for individual application. You won’t see from NFPA 1600 any detailed guidance in how to write a plan, but you will see the steps of a planning process and key benchmarks they recommend be addressed in a plan. In addition to planning, the standard also addresses program management, training and exercises, and program improvement. Intended to be used as a tool, the standard also includes program evaluation checklists and references other best practices in emergency management and business continuity including DRII (Disaster Recovery Institute International) and United Nations programs. An annex within the standard even addresses family preparedness programs intended for employees.
While the standards you must follow are dependent upon your location and industry, NFPA 1600 can be applicable to all organizations and should be referenced in the building and maintenance of your emergency management and business continuity plan. For those of you dependent upon access to information on your mobile devices, they even have a free NFPA 1600 mobile app (I reference it often!).
Adherence to requirements and standards helps ensure that your program meets or exceeds all expectations and best practices. Even if you are not legally obligated to do so, following standards, such as NFPA 1600, provides you with a comprehensive program which will help you better prepare for, respond to, and recover from disaster.
If you need help navigating your emergency management requirements or standards, contact Emergency Preparedness Solutions. Visit our website at www.epsllc.biz.
© 2014 Timothy Riecker
“How Industrial Disasters Discriminate”
Interesting article from Al Jazeera America: How industrial disasters discriminate; The socioeconomic dimensions of chemical explosions
Don’t Just Prepare for Disasters Passed
As mentioned in an earlier post, I’ve been reading Rumsfeld’s Rules, a bit of a memoir by former Congressman, Secretary of Defense (twice over), and CEO Donald Rumsfeld. Much of the book is highlighted by quotes which have influenced him in various stages of his life. One of his anecdotes references the Maginot Line, a multi-layered defensive system created by the French after World War I along their border with Germany, intended to protect France from any future invasion from Germany. The Maginot Line would have proven a rather effective defense, had Germany used similar strategies in World War II as they had in World War I. Obviously the Nazis were quite successful in their invasion of France, quickly conquering and occupying the nation. The difference was that the Nazis were fighting a new war, whereas France was preparing to fight the last war – which is the quote Rumsfeld references with this anecdote.
What can we learn from this in emergency management and homeland security? It can’t possibly apply to us, can it? Obviously we base many of our plans and preparations on disasters of the past. We have an in-depth trove of information from sources like LLIS which allow us to learn from past disasters. Much of our hazard analysis is based upon what occurred in the past. We study past disasters, examining them from inception through recovery, arm-chair quarterbacking all facets of response – from command, to organization, to logistics. From this we learn what practices to embrace and what needs to be improved upon. Since we’re quoting, it was Benjamin Franklin who said “Experience the best teacher.”
To the contrary, we have a rather prolific saying in emergency management that no two disasters are alike. So why all this effort to examine the past? There is a lot to be learned from the past. As previously mentioned, we spend a lot of time and effort examining earlier disasters so we can learn from them. While every disaster is different, there are also many commonalities – all of which we can better prepare for. The past also puts disasters and their magnitude in context for us. We can’t be stuck in the past, however. While the next disaster may have similarities to one passed, there will be differences. It is our job and our responsibility to predict to the greatest extent of our efforts what the impacts will be of future disasters, as well as the hazards they will stem from. Yes we must learn from the past, but we must always look to the future.
How do we look into the future? Reconvene your planning groups and discuss this new context. Engage members to continually reassess what is changing – in the climate, the geography and landscape, and the new or changed technological hazards in our areas. We must look beyond our borders both literally and figuratively as I outlined in a previous post, and consider all possibilities. Use exercises which introduce scenarios new to us instead of those based upon disasters of the past to help us contextualize this and better prepare.
My challenge to you – Take an honest look at your plans, policies, procedures, and training – are you preparing to fight the last war or the next one?
© 2014 Timothy Riecker
What is Resilience?
The topic of resilience is something I’ve wanted to write about for a while. This morning it struck me that today was the day. I was spurred to it today by the LLIS page on the Community Resilience Core Capability. I have a few references that I organized then opened up WordPress to starting writing… only to find that earlier today Claire Rubin beat me to it! Claire Rubin, the ‘Recovery Diva’ is a well respected researcher, consultant, and educator in the field of emergency management. She’s been in this business for quite a while and like me, likes to share resources and her thoughts on various topics in emergency management. She also runs a blog on WordPress. Follow her blog… it’s well worth it! In her posting on Resilience today she really just provided a link to a document for us to chew on for a bit. The document, a topical paper on Resilience, was published by the GSDRC, a partnership of research institutes in the UK. This is a must read for emergency management folks.
So why write on the topic of Resilience in the first place? There are many, myself included, who often wonder exactly what it is. I think most of know intuitively, but it feels like it’s not a tangible thing that we can put a finger on. Are Resilience and mitigation one in the same? I would say no. Resilience includes but transcends mitigation. Community Resilience is a core capability within the mitigation mission area of the National Preparedness Goal’s Core Capabilities, but only because it’s the best place to put it, in my opinion. A Resiliency strategy should address capabilities across all mission areas.
What is Resilience? The Core Capabilities give a very brief description:
“Lead the integrated effort to recognize, understand, communicate, plan, and address risks so that the community can develop a set of actions to accomplish Mitigation and improve resilience.” Didn’t we learn in grade school to not use the word we are defining in the definition?
The GSDRC document has a much more comprehensive definition:
“Disaster resilience is the ability of individuals, communities, organizations, and states to adapt to and recovery from hazards, shocks, or stresses without compromising long-term prospects for development.”
The GSDRC references another definition, perhaps the one I like best, originating from the Hyogo Framework for Action (a UNISDR document) as follows:
“Disaster resilience is determined by the degree to which individuals, communities, and public and private organizations are capable of organizing themselves to learn from past disasters and reduce their risks to future ones, at international, regional, national, and local levels.”
The concept of learning from past disasters – either your own or those experienced by someone else – seems to me to be a critical component to Resilience. Without experiencing the impacts of disasters, or at least learning from others about them, we don’t know what to prepare for. Preparedness is another key component of Resiliency. We have to create plans, train our community, and exercise those plans to become more Resilient. Mitigation is certainly an important aspect of Resiliency – we must engineer risk reducing measures to become more Resilient.
I was fortunate to attend the 2013 IAEM conference in Reno and sit through a presentation from Dr. Dennis Mileti one day following lunch. He spoke largely on Resiliency, first mentioning community focuses necessary for reducing loss including land use management, building codes, public education, warning systems, insurance, and preparedness efforts. He also spoke on the barriers we face in Resilience which include a lack of understanding of risk, poor community prioritization, and poor leadership and management in these efforts. It’s interesting that the barriers are all largely ‘people problems’.
In the pursuit of my Master’s degree, my class had a considerable dialogue on climate change. For the last few decades we have fought climate change through various mitigation efforts. While these efforts have largely made our planet a better place to live, climate change – due to both human impacts as well as the natural progression of global climates – is happening. We can’t stop it, so we need to adapt to what is coming. This adaptation is Resiliency – part mitigation, part preparedness. It’s even in how we recover – remembering that recovery is not just rebuilding, it’s a series of conscious decisions in how we rebuild. (FYI the Diva posted some references on communities relocating after a disaster instead of rebuilding where they were).
In New York State, there is a current initiative called New York Rising. You will see from the information on their site that they are piloting this in five counties who were impacted by severe storms in 2013, including counties in my area. They are using disaster recovery as a starting point and worked toward a strategic plan to make communities more resilient. It seems pretty simple, but it’s a good starting point. Community engagement and buy-in is an important aspect of Resiliency.
The concept of Resiliency still seems rather amorphic, but it is certainly the culmination of many deliberate activities. Like any activity, we need to be able to measure it and gauge where we are in our own progress (and of course funders will want to know this as well). The GSDRC document (page 20) briefly outlines proposed metrics/indicators of resilience. The ones they outline are largely subjective and open to individual interpretation, so some schema for assigning a value to each would need to be developed (and perhaps already has) to really allow us to analyze Resiliency performance.
Resiliency has become a new buzz word in emergency management. I hope it’s one that is here to stay. The longer it is here, the better definition we will be able to assign it and the better we will be able to measure it. As Peter Drucker said, “If you can’t measure it, you can’t manage it.” Once we are better able to measure it (and its many components and influencing factors) the better able we will be to work toward increasing our Resiliency.
What thoughts do you have on Resiliency?
© 2014 Timothy Riecker
Preparedness is a Marathon
Logo of the 2014 Utica Boilermaker
Today marked the 37th running of the Boilermaker, a 15k road race hosted by the City of Utica (New York) for over 17,000 runners from around the world. The race is a matter of pride for area residents, even those who do not run.
I considered this morning that there are many similarities between a marathon (yes, I’m aware the Boilermaker is in fact not a marathon at just over a third the distance of an actual marathon – work with me on this one) and what an organization, specifically a jurisdiction, must endure for preparedness.
First, preparedness is not a one-off activity, rather it is a culmination of activities. While the Boilermaker highlights its 15k road race, they have a number of very successful related events including a 5k road race, a three-mile walk, a wheelchair race, and a health and fitness expo.
Preparedness has an ebb and flow of activities just as a marathon has a variety of stretches, turns, and hills. Both marathons and preparedness should have a high degree of community engagement. The Boilermaker has a variety of corporate and local business sponsors, engages all services of the City of Utica and many assisting/mutual aid agencies, has a high degree of media coordination, and sees hundreds of volunteers aiding in everything from registration, pre- and post- race clean up, to providing water to athletes along the course. Our preparedness efforts should also follow this model of whole community engagement.
The most significant difference, however, is that marathons have an end while preparedness is cyclical.
The Preparedness Cycle – FEMA
The Preparedness Cycle must be worked on all the time and does not end. To keep morale high and to keep the whole community interested remember to celebrate the accomplishment of each activity just as runners and the community celebrate the completion of their race. That said, Utica is already preparing for next year’s race.
Congratulations to all of this year’s runners, and congratulations to jurisdictions and organizations beginning their marathon of preparedness.
© 2014 Timothy Riecker
Business Continuity – Telework Capabilities and Policies
This month’s issue of Homeland Security Today (volume 11, number 3 – April/May 2014) features, along with a variety of other excellent articles, an article titled Virtual Crisis Response by David Smith. Right up front they provide a thought-provoking factoid… The Congressional Budget Office estimates that the five-year cost of implementing telework throughout the federal government is about $30 million, which is less than the cost of a single day of shutting down federal offices in the DC area due to a snow storm.
Folks, this is 2014. We have the capability to telework off of nearly any device you could imagine and for a very low-cost. Like most, I have access to both work and personal email and files from anywhere… from my own laptop, from my smart phone, or from any other internet connected device. I have this capability as a small business owner using tools that we set up ourselves. I’ve worked for large corporations and state agencies that also have that capability, and even more with VPN and other tools available. When speaking with people who work for other companies or government agencies, however, I’m astounded by the lack of interest in allowing telework. I’m going to refrain from outlining the virtues of telework as a regular operation (don’t get me wrong, there are drawbacks as well), but telework does provide for a means of maintaining continuous business and government operations which many businesses and governments seem to be dismissing.
There are quite a few businesses and governments who maintain remotely accessible email and data as a means of enabling the conduct of business while traveling or working from an alternate site as a normal course of business – thankfully. Many of these entities, however, due to a lack of trust in their employees, union issues, or simply an inability to adapt do not allow employees to telework. This may have discouraged employees from even attempting to connect to these services from home, where they may likely be if some event – flood, snow storm, or otherwise – prevented them from going to work. Maybe you do have the capabilities but generally don’t allow telework. So how can you be sure that it will work in the event of a disaster? The answer is simple… you have to test it.
The Homeland Security Today article provides some info on the tech stuff you need to ensure a viable network. Follow their lead and talk to your tech people – either indigenous or consultants. I’m not a tech guy, so I won’t even attempt to give that kind of information. What I will tell you is that you need a business continuity telework policy along with plans and protocols to support it. These plans need to identify the same critical business functions you identified in your base business continuity plan and address how they can be maintained remotely. Just like any other plan we put in place, we need to train people to it and test it (exercise it). How do we exercise it? For starters, tell everyone (or at least key continuity staff) they don’t have to come into the office on Friday. No, they don’t get the day off – they have to work from home, but this is a test to make sure it is possible. Be sure to buy your help desk people something nice that day because they will be busy! There will be plenty of connection problems. Properly designed job aids will help facilitate this on the user end, but tech people will be needed to trouble shoot. Of course before you even get into this you will have to make sure that everyone has the capability to connect from home. Do they have high-speed internet at home? Do they have an appropriate device for connecting and working through the day?
Next, once you have everyone on the network, consider how you will communicate. Teleconference? Video conference? Remember that these people don’t have their work desk phones. What information needs to be exchanged? What is everyone’s role and can they perform it remotely? Can they gain access to all the data and files they need? Test the viability of the network, too… is your server in your office? What happens if you lose power to your office? Understand that some employees may experience utility outages during a disaster which may prevent some employees from accessing the network, but the goal is to get as many people on as possible to maintain critical business operations. Given this, your plan should address how you will maintain critical operations in the absence of some employees – even remotely.
Just like any other exercise, put together an after action report, and not just from the perspective of the IT folks either. Be sure to solicit input from the employees as well. What were your lessons learned and what improvements need to be made? Lastly, don’t just exercise this once. Do this at least a couple of times each year. Not only does this give you ongoing feedback of the plan, but it also helps to make sure employees can continue to connect remotely (especially new employees), and also helps to ensure that technology upgrades don’t interfere with remote access.
Do you have telework protocols integrated into your business continuity plan? Have you exercised them?
© 2014 Timothy Riecker
The POETE Analysis – Emergency Planning and Beyond
POETE stands for Planning, Organizing, Equipping, Training, and Exercising. These are the five elements that each jurisdiction should be examining their own capabilities by. By examining their capabilities through each of these elements, a jurisdiction can better define their strengths and areas for improvement.
The POETE analysis, often completed as part of a THIRA (Threat and Hazard Identification and Risk Assessment) is actually a component of the State Preparedness Report (SPR) (note that this was the definition of the acronym at the time of the original post. It is now Stakeholder Preparedness Report), which incorporates THIRA data into this annual submission. When properly conducted, a POETE analysis will examine a jurisdiction’s capability targets. These capability targets, through the THIRA process, are individually defined by each jurisdiction, based upon the capability definitions of each of the 31 Core Capabilities (Note: at the time of my original post there were 31 Core Capabilities. There are now 32). The Core Capabilities were identified in the National Preparedness Goal and are an evolution of the legacy Target Capabilities. Gone are the days when many jurisdictions struggled with the definitions of the Target Capabilities and trying to determine how they applied to jurisdictions large and small across the nation. The new Core Capabilities are divided amongst five mission areas – Prevention, Protection, Response, Recovery, and Mitigation. By referencing Core Capabilities in our preparedness efforts, we have a consistent definition of each area of practice.
When a jurisdiction’s stakeholders conduct a POETE analysis, each element is rated on a scale of 1 to 5 – a rating of 5 indicating that the jurisdiction has all the resources needed and has accomplished all activities necessary for that element within that capability area. Using the Core Capability of Fatality Management as an example the jurisdiction will identify a desired outcome and from that a capability target. CPG-201, the guidance published by DHS/FEMA for conducting a THIRA, outlines this process in detail and provides the following capability target for illustrative purposes:
“During the first 72 hours of an incident, conduct operations to recover 375 fatalities.”
The jurisdiction will examine their efforts and resources for each POETE element for this capability target. Below are thoughts on what could be considered for each element:
Planning: What is the state of their plans for mass fatality management? Do they have a plan? Is it up to date? Does it address best practices?
Organizing: Are all stakeholders on board with mass fatality preparedness efforts? Is there a member of the community yet to be engaged? Are lines of authority during a mass fatality incident clear?
Equipping: Does the jurisdiction have the equipment and supplies available to handle the needs of a mass fatality incident? Are MOUs and contracts in place?
Training: Do responders and stakeholders train regularly on the tasks associated with managing a mass fatality incident? Is training up to date? Is training conducted at the appropriate level?
Exercising: Have exercises been conducted recently to test the plans and familiarize stakeholders with plans and equipment? Has the jurisdiction conducted discussion-based and operations-based exercises? Have identified areas for improvement been addressed?
The jurisdiction’s responses to these questions and the subsequent ratings provided for each POETE element will help them identify areas for improvement which will contribute to the overall capability. From personal experience, I can tell you that the discussions that take place amongst stakeholders which reveal both the efforts applied for each element as well as the frustrations and barriers to progress for each are generally quite productive and great information sharing sessions. It is important to capture as many of the factual elements of this discussion as possible as they add context to the numerical value assigned. Having the right people participating in the effort is critical to ensuring that inputs are accurate and relevant.
Once the POETE analysis is completed, what’s next? As mentioned earlier, the POETE analysis is actually a required component of the annual State Preparedness Report, which must be submitted to FEMA/DHS by each state and territory. Ideally, the results of the POETE analysis should be translated from raw data (numbers) to a narrative, explaining the progress and accomplishments as well as future efforts and barriers; in other words, the ratings should be factually explained and these explanations should feed an actionable strategic plan. The priority rating inherent in the THIRA process will help establish relative priority for each Core Capability within the strategic plan. While this is a requirement for states and territories, a comprehensive strategic plan for any emergency management and homeland security program at any jurisdictional level is obviously beneficial and would reflect positively in an EMAP accreditation.
POETE elements should be incorporated into other emergency management activities as well. When needs are identified and defined based upon Core Capabilities, these should be outlined in the jurisdiction’s multi-year Training and Exercise Plan, which should serve as a guiding document for many preparedness activities. The focus that a POETE analysis provides for each Core Capability can help identify training objectives which can help maintain and improve capability
Consider integrating them into your evaluation of exercises. While the Homeland Security Exercise and Evaluation Program (HSEEP) doctrine makes no mention of POETE, much of HSEEP is based upon capabilities. With a POETE analysis being an integral component of measuring our progress toward a capability, I would suggest including it into exercise evaluations. POETE elements can be included in Exercise Evaluation Guides (EEGs) to capture evaluator observations and should be outlined in the After Action Report (AAR) itself for each observation – giving suggestions for improvements based upon each POETE element. Consider how you could incorporate the POETE elements into an AAR as an outline identifying areas for improvement for the EOC management activities of the Operational Coordination Core Capability. As an example:
Planning: The jurisdiction should update the EOC management plan to incorporate all critical processes. Job aids should be created to assist EOC staff in their duties.
Organizing: Lines of authority were not clear to exercise participants in the EOC. Tasks were assigned to agencies but status of tasks was not effectively monitored.
Equipping: There were not enough computers for participating agencies. EOC management software did not facilitate tracking of resources.
Training: EOC agency representatives were not all trained in the use of EOC management software, creating delays in action and missed assignments. The EOC Manager and Planning Section Chief were well versed in the Planning Process and used it well to facilitate the Planning Process.
Exercising: Isolated drills should be conducted to test notification systems on a regular basis. Discussion based exercises will assist in identifying policy issues associated with suspension of laws and their impact on EOC operations.
The POETE analysis is a process which can help us identify strengths and areas for improvement within our emergency management and homeland security programs. While the POETE analysis can be time consuming, the information gathered for each Core Capability is valuable to any preparedness effort. With such a variety of federally-driven programs and requirements extended throughout emergency management and homeland security, we can find the greatest benefit from those which have the ability to cross multiple program areas – such as the Core Capabilities – allowing us to consolidate the evaluation of these programs into one system, providing maximum benefit and minimizing efforts.
Have you conducted a POETE analysis for your jurisdiction? Did you find it a worthwhile process?
Looking for help with a POETE analysis? Emergency Preparedness Solutions, LLC can help! www.epsllc.biz
© 2014 Timothy Riecker
Business Continuity Training in the Mohawk Valley
I’m very pleased to be working with the Mohawk Valley Small Business Development Center (SBDC) in Utica, NY to present a seminar for small business owners and others who may be interested in how to prepare their businesses for disaster. I’ll be providing information and resources on the steps you should take to prepare your business and your employees. The seminar will be held on Thursday July 10 at the SBDC offices at SUNY IT from 9:00 – 10:30 am. To register please call 315-792-7547 or email palazzp@sunyit.edu. The workshop fee is $15.
There will also be a presentation on July 17 on Cyber Security conducted by Mr. James Carroll of Security Management Partners. Registration and fee information is the same.
I hope to see you there!
MV Business Continuity Flyer
Are You Inviting the Right People to Your Exercises?
A couple of days ago I started reading Rumsfeld’s Rules – Leadership Lessons in Business, Politics, War, and Life. Hopefully you have some familiarity with Donald Rumsfeld – the man was a naval aviator, US Congressman, aide to four US presidents, corporate CEO, and is the only person to ever serve as Secretary of Defense twice. Politics aside, Mr. Rumsfeld has had quite a prolific career. Throughout this career he has assembled a variety of mantra, proverbs, and sayings which he has used to help guide his career and serve as advice to others.
Early in the book, Mr. Rumsfeld talks about meetings. What he mentions struck me as solid guidance not only for meetings but also for exercises. He says “There is a balance that needs to be struck in determining who to invite to a meeting. You want those who need to be there to contribute substance to the discussion. But it can be useful to have people who may not be in a position to directly offer substantive input but will benefit from hearing how and why certain decision are being reached.” Very often exercise offer great opportunity for people to learn – not only the participants but ‘shadowers’ as well.
Mr. Rumsfeld continues on to say “Including a range of people can also ensure that a variety of perspectives will be considered and help identify gaps in information and views.” Consider that we build, conduct, and evaluate exercises primarily to test plans, polices, and procedures. This testing is best performed by a spectrum of individuals giving different ideas and perspectives. Someone may interpret a policy in a completely different way or have an approach to a problem that hasn’t been considered prior. These fresh ideas, even if flawed, should be brought out into the open for discussion and consideration.
If you’ve followed this blog for any amount of time, you probably know that I prefer smaller meetings and have stressed that participants in exercises should be of a manageable number. As Mr. Rumsfeld says, there is a balance that must be struck. You want to be inclusive, but large numbers lend themselves to over-discussion and tangents. For meetings do you expect the person to add value? Should they be there given their area of responsibility? Similarly in exercises is the individual associated with the objectives of the exercise? (Recall that in exercises we should always reflect on the objectives throughout the entire design process). When we add more participants to an exercise we need to ensure that they have something to participate in, so injects must be written for them and their activities must be evaluated.
A few years back my team was designing a table top exercise as a lead-in to a significant full-scale exercise. We did not want to start the full-scale with the initial response, as so many often times are, as the objectives of that exercise were to test the extended response and to examine issues beyond the initial response. That said, we felt it not fair for us to design such a large exercise by dictating what the first responders would do in the first 48 hours, rather we wanted them to tell us themselves. So we designed a table top exercise to provide us with their actions both ‘boots on the ground’ as well as policy-level including emergency declarations, evacuation areas, and mutual aid requests. We were quite fortunate that the design process for the exercise as a whole was very well received and many agencies wanted to participate – from federal, state, county, and local jurisdictions. The exercise was centered on the state capital, which tends to garner even more attention and participation and included a scenario that most agencies have not participated in prior. Needless to say, we had a lot of interest. Nearly every agency invited to the table top wanted to bring not one or two additional people but often times three or four. We discussed this matter with a few of the key agencies, asking of these were needed participants or observers. The answer we got was that they were both. Because of the technical nature of the incident, many agencies realized they needed their main spokesperson supported by one or more technical experts. We realized this was a fair and reasonable request, but we still needed to figure out how to accommodate them all!
We decided to permit each representative to have a ‘second chair’ – someone seated directly behind them who could advise on technical matters. Additional specialists were available to them in an adjacent room, which had the discussion live broadcast to them via closed circuit television. Specialists could be ‘swapped out’ at any time based on the needs of the discussion. This solution worked well for the exercise, keeping the number of direct participants manageable and meeting the needs of participants to have their specialists available to advise on technical matters – which truly helped inform their decisions and ultimately the outcome of the exercise.
Sometimes, though, you have to say ‘no’. Realize that as an exercise designer you MUST set a firm deadline on additional participants. Participants that are added late can set your design team back significantly by needing to ensure that they are written into the exercise and have sufficient activity to make their participation worth while for both them as well as the exercise as a whole – which can be particularly challenging if they are from a different jurisdiction or discipline altogether. I’ve had to turn down several interested parties and while it’s often difficult to say no, it’s often for the better – and your design team will respect you for it.
What thoughts do you have on ‘right sizing’ your meetings and exercises? Is there certain guidance that you use?
©2014 Timothy Riecker
The Contrarian Emergency Manager 