Month May 2021

ESFs Aren’t for Everyone

Tim Riecker, The Contrarian Emergency Manager 4 Comments

Through the years I’ve had numerous conversations with states, cities, and others about organizing their emergency operations plans (EOPs) around Emergency Support Functions (ESFs). In every conversation I’ve suggested against the use of ESFs. Why?

Let’s start with definitions. One definition of ESFs provided by FEMA states that ESFs ‘describe federal coordinating structures that group resources and capabilities into functional areas most frequently needed in a national response’.  Another states that ESFs are ‘a way to group functions that provide federal support to states and federal-to-federal support, both for Stafford Act declared disasters and emergencies and for non-Stafford Act incidents.’ The National Response Framework (NRF) states that ESFs are ‘response coordinating structures at the federal level’.

The key word in these definitions is ‘federal’. ESFs are a construct originally of the Federal Response Plan (FRP) which was in place from 1992 to 2004. The FRP was a signed agreement among 27 Federal departments and agencies as well as the America Red Cross that outlined how Federal assistance and resources would be provided to state and local governments during a disaster. The ESFs were carried into the National Response Plan in 2004 and the National Response Framework in 2008.

While the NRF, CPG 101, and other sources indicate that other levels of government may also organize their response structure utilizing ESFs, I think any attempts are awkward and confusing at best.

Jumping to present day, the following ESFs are identified in the NRF:

  1. Transportation
  2. Communications
  3. Public Works and Engineering
  4. Firefighting
  5. Information and Planning
  6. Mass Care, Emergency Assistance, Temporary Housing, and Human Assistance
  7. Logistics
  8. Public Health and Medical Services
  9. Search and Rescue
  10. Oil and Hazardous Materials Response
  11. Agriculture and Natural Resources
  12. Energy
  13. Public Safety and Security
  14. Cross-Sector Business and Infrastructure
  15. External Affairs

The ESFs work for the Federal government by providing organizations to address the legal, regulatory, and bureaucratic coordination that must take place across various agencies. These organizations are utilized before (preparedness), during (response and recovery… though ultimately most of these transition to the Recovery Support Functions per the National Disaster Recovery Framework), and after (AAR) a disaster as a cohesive means of maintaining relationships, continuity, and operational readiness. Each of the ESFs maintains a lead agency and has several supporting agencies which also have capabilities and responsibilities within the mission of that ESF.

Where does this fall apart for states and other jurisdictions? First of all, I view Emergency Support Function/ESF as a branded name. The ESF is a standard. When someone refers to ESFs, it’s often inferred that they are speaking of the Federal constructs. ESFs are defined by the Federal government in their current plans (presently the NRF). When co-opted by states or other jurisdictions, this is where it first starts to fall apart. This creates a type of ‘brand confusion’. i.e. Which ESFs are we speaking of? This is further exacerbated if names and definitions of their ESFs aren’t consistent with what is established by the Federal government.

Further, the utilization of ESFs may simply not be the correct tool. It may be the same agencies responsible for transportation as well as public works and engineering. So why have two teams comprised of personnel from the same agencies – especially if bench depth is small in those agencies. Related to this, I’ll say that many jurisdictions (which may even include smaller states, territories, or tribes) simply don’t have the depth to staff 15 ESFs. This is why an organization should be developed for each jurisdiction by each jurisdiction based on their needs and capabilities. It’s simply silly to try to apply the construct utilized by our rather massive Federal government to a jurisdiction much smaller.

Next, I suggest that the integration of ESFs into a response structure is simply awkward. I think in many ways this holds true for the Federal government as well. Is ESF 7 (Logistics) an emergency support function or is it a section in our EOC? The same goes for any of the other ESFs which are actually organizational components often found in response or coordination structures inspired by the Incident Command System.

All that said, the spirit of ESFs is valuable and should be utilized by other jurisdictions in other levels of government. These are often referred to as Functional Branches. Similar to ESFs, they can be used before, during, and after a disaster. Your pre-disaster planning teams become the core group implementing the plans they developed and improving the plans and associated capabilities after a disaster. As functional branches, there is no name confusion with ESFs, even though there is considerable similarity. You aren’t constrained to the list of Federal ESFs and don’t have to worry about how they define or construct them. You can do your own thing without any confusion. You are also able to build the functional branches based on your own needs and capabilities, not artificially trying to fit your needs into someone else’s construct. I’ve seen a lot of states use the term State Support Function or SSF, which is certainly fine.

I will make a nod here though to a best practice inspired by the ESFs, and that is having certain standing working groups for incident management organizational elements (i.e. communications, logistics, information and planning, and external affairs) that may not be organized under the operations section or whatever is analogous in your EOC. Expand beyond these as needed. Recall that the first step in CPG 101 for emergency planning calls for developing a planning team. There is a great deal of benefit to be had by utilizing stakeholder teams to establish standard operating guidelines, job aids, etc. in these functions or others in your EOC or other emergency organizational structure. Often it’s the emergency manager or a staff member doing this, expecting others to simply walk in and accept what has been developed. If people want to work in a Planning Section for your jurisdiction, let them own it (obviously with some input and guidance as needed).

I think ESFs are a valuable means for the US Federal government to organize, but don’t confuse the matter or develop something unnecessary by trying to carbon copy them into your jurisdiction. Examine your own needs and capabilities and form steady state working groups that become functional entities during disaster operations.

© 2021 Tim Riecker, CEDP

Emergency Preparedness Solutions, LLC®

EOCs and IMTs

Tim Riecker, The Contrarian Emergency Manager 3 Comments

The world of incident management is foggy at best. There are rules, sometimes. There is some valuable training, but it doesn’t necessarily apply to all circumstances or environments. There are national models, a few of them in fact, which makes them models, not standards. Incident management is not as straight forward as some may think. Sure, on Type 4 and 5 incidents the management of the incident is largely taking place from an incident command post. As you add more complexity, however, you add more layers of incident management. Perhaps multiple command posts (a practical truth, regardless of the ‘book answer’), departmental operations centers, emergency operations centers at various levels of government, and an entire alphabet soup of federal operations centers at the regional and national levels with varying (and sometimes overlapping) focus. Add in operational facilities, such as shelters, warehouses, isolation and quarantine facilities, etc. and you have even more complexity. Trying to map out these incident management entities and their relationships is likely more akin to a tangle of yarn than an orderly spiderweb.

Incident Management Teams (IMTs) (of various fashion) are great resources to support the management of incidents, but I often see people confusing the application of an IMT. Most IMTs are adaptable, with well experienced personnel who can pretty much fit into any assignment and make it work. That said, IMTs are (generally) trained in the application of the incident command system (ICS). That is, they are trained in the management of complex, field-level, tactical operations. They (usually) aren’t specifically trained in managing an EOC or other type of operations center. While the principles of ICS can be applied to practically any aspect of incident management, even if ICS isn’t applied in the purest sense, it might not be the system established in a given operations center (in whatever form it may take). While IMTs can work in operations centers, operations centers don’t necessarily need an IMT, and while (formal) IMTs are great resources, they might not be the best solution.  

The issue here certainly isn’t with IMTs, though. Rather it’s with the varying nature of operations centers themselves. IMTs are largely a defined resource. Trying to fit them to your EOC may be a square peg/round hole situation. It’s important to note that there exists no single standard for the organization and management of an EOC. NIMS provides us with some optional models, and in practice much of what I’ve seen often has some similarity to those models, yet have deviations which largely prevent us from labeling what is in practice with any of the NIMS-defined models in the purist sense. The models utilized in EOCs are often practical reflections of the political, bureaucratic, and administrative realities of their host agencies and jurisdictions. They each have internal and external needs that drive how the operations center is organized and implemented. Can these needs be ultimately addressed if a single standard were required? Sure, but when governments, agencies, and organizations have well established systems and organizations, we’ll use finance as an example, it simply doesn’t make sense to reorganize. This is why we are so challenged with establishing a single standard or even adhering to a few models.

The first pathway to success for your operations center is to actually document your organization and processes. It seems simple, yet most EOCs don’t have a documented plan or operating guideline. It’s also not necessarily easy to document how the EOC will work if you haven’t or rarely have activated it at all. This is why we stick to the CPG-101 planning process, engaging a team of people to help determine what will or won’t work, examining each aspect from a different perspective. I also suggest enlisting the help of someone who has a good measure of experience with a variety of EOCs. This may be someone from a neighboring jurisdiction, state emergency management, or a consultant. Either way, start with the existing NIMS models and figure out what will work for you, with modifications as needed. Once you have a plan, you have a standard from which to work.

Once you have that plan, train people in the plan. Figure out who in your agency, organization, or jurisdiction has the knowledge, skills, and abilities to function within key positions. FEMA’s EOC Skillsets can help with this – even if the positions they use don’t totally map to yours, it’s not difficult to line up most of the common functions. Regardless of what model you are using, a foundation of ICS training is usually helpful, but DON’T STOP HERE. ICS training alone, even if your EOC is ICS-based, isn’t enough. I can practically guarantee your EOC uses systems, processes, or implementations unique to your EOC which aren’t part of ICS or the ICS training your personnel received. Plus, well… if you haven’t heard… ICS training sucks. It can be a hard truth for a lot of entities, but to prepare your personnel the best way possible, you will need to develop your own EOC training. And of course to complete the ‘preparedness trifecta’ you should then conduct exercises to validate your plans and support familiarity.

All that said, you may require help for a very large, long, and/or complex incident. This is where government entities and even some in the private sector request incident management support. Typically this incident management support comes from established IMTs or a collection of individuals providing the support you need. The tricky part is that they aren’t familiar with how you are organized or your way of doing things. There are a few ways to hedge against the obstacles this potentially poses. First, you can establish an agreement or contract with people or an organization that know your system. If this isn’t possible, you can at least (if you’ve followed the guidance above) send your plan to those coming to support your needs, allowing them at least a bit of time in transit to study up. Lastly, a deliberate transition, affording some overlap or shadowing time with the outgoing and incoming personnel will help tremendously, affording the incoming personnel to get a hands-on feel for things (I recommend this last one even if the incoming personnel are familiar with your model as it will give an opportunity to become familiar with how you are managing the incident). Of course all of these options will include formal briefings, sharing of documentation, etc.

Remember, though, that there are certain things your agency, organization, or jurisdiction will always own, especially the ultimate responsibility for your mission. Certain internal processes, such as purchasing, are still best handled by your own people. If your operations are technical and industry-specific, such as for a utility, they should still be managed by your own people. That doesn’t mean, however that your people can’t be supported by outside personnel (Ref my concept of an Incident Support Quick Response Team). The bottom line here is that IMTs or any other external incident support personnel are great resources, but don’t set them up for a slow start, or even failure, by not addressing your own preparedness needs for your EOC. In fact any external personnel supporting your EOC should be provided with a packet of information, including your EOC plan and procedures, your emergency operations plan (EOP), maps, a listing of capabilities, demographics, hazards, org charts for critical day-to-day operations, an internal map of the building they will be working in, and anything else that will help orient them to your jurisdiction and organization – and the earlier you can get it to them the better! Don’t forget to get your security personnel on board (building access cards and parking tags) and your IT personnel (access to your network, printers, and certain software platforms). Gather these packets beforehand or, at the very least, assemble a checklist to help your personnel quickly gather and address what’s needed.

© 2021 Tim Riecker, CEDP

Emergency Preparedness Solutions, LLC®

Measuring Return on Investment Through Key Performance Indicators

Tim Riecker, The Contrarian Emergency Manager 1 Comment

Return on investment (ROI) is generally defined as a measurement of performance to evaluate the value of investments of time, money, and effort. Many aspects of preparedness in emergency management offer challenges when trying to gauge return on investment. Sure, it’s easy to identify that m number of classes were conducted and n number of people were trained, that x number of exercises were conducted with y number of participants, that z number of plans were written, or even that certain equipment was purchased. While those tell us about activity, they don’t tell us about performance, results, or outcomes.

More classes were conducted. So what?

We purchased a generator. So what?

The metrics of these activities are easy to obtain, but these are rather superficial and generally less than meaningful. So how can we obtain a meaningful measure of ROI in emergency preparedness?

ROI is determined differently based on the industry being studied, but fundamentally it comes down to identifying key performance indicators, their value, and how much progress was made toward those key performance indicators. So what are our key performance indicators in preparedness?

FEMA has recently began linking key performance indicators to the THIRA. The Threat and Hazard Identification and Risk Assessment, when done well, gives us quantifiable and qualifiable information on the threats and hazards we face and, based upon certain scenarios, the performance measures need to attain certain goals. This is contextualized and standardized through defined Core Capabilities. When we compare our current capabilities to those needed to meet the identified goals (called capability targets in the THIRA and SPR), we are able to better define the factors that contribute to the gap. The gap is described in terms of capability elements – planning, organizing, equipping, training, and exercises (POETE). In accordance with this, FEMA is now making a more focused effort to collect data on how we are meeting capability targets, which helps us to better identify return on investment.

2021 Emergency Management Performance Grant (EMPG) funding is requiring the collection of data as part of the grant application and progress reports to support their ability to measure program effectiveness and investment impacts. They are collecting this information through the EMPG Work Plan. This spreadsheet goes a long way toward helping us better measure preparedness. This Work Plan leads programs to identify for every funded activity:

  • The need addressed
  • What is expected to be accomplished
  • What the expected impact will be
  • Identification of associated mission areas and Core Capabilities
  • Performance goals and milestones
  • Some of the basic quantitative data I mentioned above

This is a good start, but I’d like to see it go further. They should still be prompting EMPG recipients to directly identify what was actually improved and how. What has the development of a new plan accomplished? What capabilities did a certain training program improve? What areas for improvement were identified from an exercise, what is the corresponding improvement plan, and how will capabilities be improved as a result? The way to get to something more meaningful is to continue asking ‘so what?’ until you come to an answer that really identifies meaningful accomplishments.

EMPG aside, I encourage all emergency management programs to identify their key performance indicators. This is a much more results-oriented approach to managing your program, keeping the program focused on accomplishing meaningful outcomes, not just generating activity. It’s more impactful to report on what was accomplished than what was done. It also gives us more meaningful information to analyze across multiple periods. This type of information isn’t just better for grant reports, but also for your local budgets and even routine reports to upper management and elected officials.

What do you think about FEMA’s new approach with EMPG? What key performance indicators do you use for your programs?

© 2021 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®