Incident Management Advisors

It’s frustrating to see poor incident management practices. For years I’ve reviewed plans that have wild org charts supposedly based on the Incident Command System (ICS); have conducted advanced-level training with seasoned professionals that still don’t grasp the basic concepts; have conducted and evaluated exercises and participated in incident responses in which people clearly don’t understand how to implement the most foundational aspects of ICS. On a regular basis, especially since people know my focus on the subject, I’m told of incident management practices that range from sad to ridiculous.

Certainly not everyone gets it wrong. I’ve seen plans, met people, and witnessed exercises and incidents in which people clearly understand the concepts of ICS and know how to put it into action. ICS is a machine, but it takes deliberate and constant action to make it work. It has no cruise control or auto pilot, either. Sometimes just getting the incident management organization to stay the course is a job unto itself.

If you are new here, I’ve written plenty on the topic. Here’s a few things to get you pointed in the right direction if you want to read more.

ICS Training Sucks. There are a series of related posts that serve as a key stone to so much that I write about.

The Human Factor of Incident Management. This bunch of related articles is about how ICS isn’t the problem, it’s how people try to implement it.  

As I’ve mentioned in other posts, it’s unrealistic for us to expect most local jurisdictions to assemble and maintain anything close to a formal incident management team. We need, instead, to focus on improving implementation of foundational ICS concepts at the local level, which means we need to have better training and related preparedness activities to promote this. Further, we also know that from good management practices as well as long-standing practices of incident management teams, that mentoring is a highly effective means of guiding people down the right path. In many ways, I see that as an underlying responsibility of mine as a consultant. Sometimes clients don’t have the time to get a job done, but often they don’t have the in-house talent. While some consultants may baulk at the mere thought of building capability for a client (they are near sighted enough to think it will put them out of work), the better ones truly have the interests of their clients and the practice of emergency management as a whole in mind.

So what and how do we mentor in this capacity? First of all, relative to incident management, I’d encourage FEMA to develop a position in the National Qualification System for Incident Management Advisors. Not only should these people be knowledgeable in implementations of ICS and EOC management, but also practiced in broader incident management issues. Perhaps an incident doesn’t need a full incident management team, but instead just one or two people to help the local team get a system and battle rhythm established and maintained. One responsibility I had when recently supporting a jurisdiction for the pandemic was mentoring staff in their roles and advising the organization on incident management in a broader sense. They had some people who handled things quite well, but there was a lot of agreement in having someone focus on implementation. I also did this remotely, demonstrating that it doesn’t have to be in person.

In preparedness, I think there is similar room for an incident management advisor. Aside from training issues, which I’ve written at length about over the years (of course there will be more!), I think a lot of support is needed in the realm of planning. Perhaps a consultant isn’t needed to write an entire plan, but rather an advisor to ensure that the incident management practices identified in planning documents are sound and consistent with best practices, meet expectations, and can be actually implemented. So much of what I see in planning in regard to incident management has one or more of these errors:

  1. Little mention of incident management beyond the obligatory statement of using NIMS/ICS.
  2. No identification of how the system is activated and/or maintained.
  3. As an extension of #2, no inclusion of guidance or job aids on establishing a battle rhythm, incident management priorities, etc.
  4. An obvious mis-understanding or mis-application of incident management concepts/ICS, such as creating unnecessary or redundant organizational elements or titles, or trying to force concepts that simply don’t apply or make sense.
  5. No thought toward implementation and how the plan will actually be operationalized, not only in practice, but also the training and guidance needed to support it.

In addition to planning, we need to do better at identifying incident management issues during exercises, formulating remedies to address areas for improvement, and actually implementing and following up on those actions. I see far too many After Action Reports (AARs) that softball incident management shortfalls or don’t go into enough detail to actually identify the problem and root cause. The same can be said for many incident AARs.

When it comes to emergency management, and specifically incident management, we can’t expect to improve without being more direct about what needs to be addressed and committing to corrective actions. We can do better. We MUST do better.

New polling function in WordPress… Let’s give it a try.

©2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

A NEW NYS Public Employer Emergency Planning Requirement

On Labor Day, NYS Governor Cuomo signed a bill requiring public employers to develop a very specific emergency plan for future public health emergencies. This may include a continuation of the Coronavirus pandemic, or another emergency. Some details and guidance below…

WHO

The requirement applies to public employers, including:

  • State, county, and local governments
  • Public authorities (bridge, water, airport, etc.)
  • Commissions
  • Public corporations
  • Agencies
  • School districts
    • It’s important to note that the requirement for school districts has also been codified into state education law through this bill, to be included in school safety plans.

WHAT

The new law requires these plans to include the following:

  • A list and description of positions and titles considered essential
    • Note that the definition of ‘essential’ in the bill means employees who must work on site.
  • Protocols which will enable non-essential employees to work remotely
  • A description of how work shifts can be staggered to reduce overcrowding on public transportation and in the workplace
  • Protocols for procuring, storing, and distributing PPE
  • Protocols to prevent the spread of disease if an employee is exposed, symptomatic, or tests positive for the disease in question
  • Protocols for documenting hours and work locations of all employees for contract tracing
  • Protocols for coordinating with applicable government entities for emergency housing for employees, if needed

WHEN

Though there were no timeframes included in the bill itself, the Governor’s website provided two benchmarks of time. It states that plans are to be submitted to unions and labor management committees within 150 days, and all plans must be finalized by April 1, 2021.

The 150-day timeframe is obviously a bit confusing, as it doesn’t give a start date (i.e. 150 days from when?). I’ve sent inquiries to the Governor’s office, as well as my State Assemblyman and State Senator for clarification. Once I have an answer, I’ll provide it as a comment to this post. I will note that if the 150 day clock started on Labor Day, that alarm will go off on Friday February 4, 2021.

Once finalized, the plan must be included in any existing employee handbook and made otherwise available to employees. In terms of any kind of oversight or audit, there is no provision for such identified in the legislation. Aside from the requirement for school districts to meet this requirement being appended to state education law, this bill appends state labor law. As such, the NYS Department of Labor would have enforcement oversight, if they chose to or are directed to do so. That said, the bill does direct the NYS Department of Labor to establish procedures to allow for public employees to contact and inform the Department of any alleged or believed violations of the provisions of the law. Further, they are directed to establish a webpage and hotline to facilitate such.

HOW

Unfortunately, no existing planning requirement or standard will meet this requirement. While there are elements of continuity of operations planning in this, the focus is shifted and hits some very specific elements which are likely not included in many continuity of operations plans. That said, a new plan needs to be developed to meet this requirement. These elements certainly can be appended into a continuity of operations plan, but it’s important to note that these provisions are intended for future public health emergencies (not that some couldn’t be used for other hazards), and that, should any kind of audit occur, for those purposes it’s usually better to meet requirements through stand-alone documents.

As most public employees are members of labor organizations (unions), and the bill itself was endorsed by the AFL-CIO, there is a requirement for employers to submit the plans to unions and labor management committees for review. These entities have an option to provide comment, to which the employer is required to provide written responses prior to finalizing the plan.

There is some thought and coordination required to make this an effective and meaningful plan which also meets the legal requirements. Detail will need to be developed, specific to each public employer and their circumstances, for the protocols required in the plan. When developing procedure and protocol, be sure to:

  1. identify specifically what needs to be done,
  2. who the action agents are,
  3. what the ideal end state is,
  4. the timeframe in which it should be accomplished, and
  5. who has decision-making authority over those actions

Of course, in developing the plan, the best guidance I can give is to follow the planning process identified in FEMA’s CPG 101. Lastly, be sure to consider that the specific actions we have taken in response to the Coronavirus pandemic may not be the actions we take for another disease. Plans must maintain this flexibility.

NEED HELP?

Recognizing the challenges associated with developing this plan for small and large entities alike, my company – Emergency Preparedness Solutions (EPS) – has developed a template to support these planning requirements. We are making this template free for use by NYS public employers. I continue to have concerns with templates, cautioning against people simply ‘pencil whipping’ the document, but the developed template includes a lot of guidance and identifies content areas which need to be specifically developed by the public employer, so if the planning process is properly followed, I don’t expect that will be a problem with this template.

A BIT OF AN AD

Further, if jurisdictions want assistance in developing these plans, EPS is available to assist (contractually, of course). We’ve spent a lot of time reviewing these new requirements since they were signed and we’re already slated to discuss these in some webinars for specific public employer groups in New York State. Knowing that some small jurisdictions may be in a bit of a bind to meet this requirement, we are offering our services relative to this plan at not cost for the first 10 NYS public employers which employ between 1 and 10 full time employees if we have an executed contract by November 30th of this year – so be sure to contact us soon!

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

How BC is Acing the Pandemic Test (Guest Post)

I’m excited and honored to promote a new blog being written by Alison Poste. Alison has led major disaster response and recovery efforts in Alberta, Canada, including the 2013 floods and the Fort McMurray wildfires, and currently works as a consultant specializing in business continuity, emergency management, and crisis communications. Her new blog, The Afterburn – Emergency Management Lessons from Off the Shelf, takes a critical look at lessons learned and how they are applied.

I’ve pasted her first post below, but also be sure to click the link above to follow her blog. I’m really excited about the insight Alison will be providing!

– TR

~~

The pandemic has upended how those in the emergency management field have seen traditional response frameworks. Lessons learned from the pandemic response will be useful to governments and the private sector alike in the coming years.

The ICS framework for emergency response is well equipped to address the unique needs of any disaster, including a global pandemic. The rapid scalability of the structure allows the response to move faster than the speed of government. It provides the framework for standardized emergency response in British Columbia (B.C.).

The B.C. provincial government response to the coronavirus pandemic, led by Dr. Bonnie Henry, the Provincial Health Officer (PHO) has received international acclaim. It is useful therefore to learn from the best practises instituted early on in the pandemic to inform future events. 

In February 2020, the Province of B.C. published a comprehensive update to the British Columbia Pandemic Provincial Coordination Plan outlining the provincial strategy for cross-ministry coordination, communications and business continuity measures in place to address the pandemic. Based on ICS, the B.C. emergency response framework facilitates effective coordination by ensuring the information shared is consistent and effective. The Province of B.C. has provided a daily briefing by Dr. Henry and Adrian Dix, the B.C. Minister of Health as a way to ensure B.C. residents receive up to date information from an authoritative source.

While we may consider the COVID-19 pandemic to be a unique event, a number of studies have provided guidance to emergency response practitioners of today. The decisive action taken by the B.C. PHO on COVID-19, has focused on the twin pillars of containment and contact tracing. Early studies regarding the effect of contract tracing on transmission rates have seen promising results, however the tracing remains a logistical burden. As studies indicate, these logistical challenges have the potential to overwhelm the healthcare system should travel restrictions be relaxed, leading to the possible ‘importation’ of new infections. 

B.C. has instituted robust contract tracing mechanisms to reduce the spread of COVID-19 in alignment with best practises in other jurisdictions. When instituted methodically, contact tracing, consistent communication, and Dr. Henry’s mantra to “Be calm. Be kind. Be safe.” remain critical tools to ensure limited spread, a well-informed and socially cohesive population.

How has your organization helped to slow the spread of COVID-19?  As always, I welcome your feedback and suggestions for how to improve the blog.

Preparedness in the Pandemic Age

Planning, training, and exercises, as the foundational activities of preparedness, shouldn’t be stopping because of the pandemic. Preparedness is an ongoing activity which needs to forge ahead with little disruption – and there is always plenty to do! What must we do, though, to accommodate necessary precautions in the age of the Pandemic?

Let’s talk about planning first. The biggest relevant issue for planning is the conduct of stakeholder meetings. These may be larger group meetings to discuss and get buy-in on broader topics, or detailed small-group meetings to discuss very specific topics. Information, sometimes sensitive, is exchanged, presentations are given, and documents are reviewed. I’ve mentioned in various posts through the years the importance of properly preparing for meetings. Even for traditional in-person meetings, there are important things to consider, such as:

  1. Do you really need a meeting?
  2. Developing an agenda
  3. Having the right people in attendance
  4. Ensuring that all speakers and presenters are prepared
  5. Ensuring that all attendees are prepared to discuss the subject matter
  6. An adequate meeting space and support (technology, dry erase boards, etc)

All of these rules still apply in a virtual world, perhaps with even more emphasis. While we’ve obviously had video meeting technology for a long time, we’ve discovered this year that many people haven’t used it much or at all until earlier this year. The surge in use has also brought attention to the plethora of tools which can be facilitated through video conference platforms. While the simple sharing of video supports most of our meeting needs, we can share screens, conduct presentations, and use collaborative tools such as whiteboards and shared documents. Pretty much everything we do in an in-person meeting can be accomplished through video conference platforms – but those who arrange the calls need to take the time to become familiar with the tools and functionality; and if there is anything that needs to be done by participants (some of which are likely to be less tech-savvy) you need to be able to coach them through it. Some of these tools require integrations of other technology, such as cloud document storage or various apps. Remember that meetings should be interactive, so encourage people to use chatrooms to help queue up questions for presenters. If any documents or information are sensitive, be sure you are taking the appropriate precautions with how the meeting is set up, how participants are invited, and how documents are shared.

My tip… read reviews to determine which platform will best suit your needs and watch some tutorials on YouTube.

When it comes to remote training, so much of what I mentioned for stakeholder meetings will apply here. Being interactive is still incredibly important, as is the ability to integrate other technologies, such as videos, PowerPoint, and shared documents. When designing training that will be delivered remotely, if it helps, don’t think about the platform first – think about how you would do the training in person. Would you have breakout sessions for group work? That can be easily accomplished on video conference platforms, but it takes some preparation. Would you put things on a white board or chart paper? That can also be accomplished. Giving an exam? Having participants complete a survey or feedback form? Yes and yes. It can all be done, but preparation is key. Some instructors, especially in public safety, have gotten too used to simply showing up and delivering their material – not because they are lazy, but because they have done it dozens or hundreds of times. They have a routine. If you want participants to get a similar, or perhaps even better learning experience, some deliberate thought and preparation is required. Also, make sure you simply don’t become a talking head. Break things up and be dynamic. It’s easy for our own demeanor to elevate disinterest. I often stand (using a variable height standing desk) when giving presentations and conducting training. Being on my feet helps me push more energy into what I’m doing.

Tip… remember to give people breaks, just as you would in face-to-face training.

Lastly, exercises. A lot of this is a combination of the information I gave for planning and training. Exercise planning meetings need to be conducted, and every exercise has some extent of presentations, with discussion-based exercises having more emphasis on this obviously. To answer the big question – yes, most exercise can be conducted remotely! Obviously, discussion-based exercises are generally the lower-hanging fruit, so they can and should be happening remotely. Remember that exercises are supposed to be interactive experiences, so your exercise design absolutely must account for identifying the means and methods of engagement in the virtual environment. All the things I’ve mentioned already are prime options for this, such as breakout groups, shared documents, live polling, etc. Facilitators and evaluators can be assigned to specific breakout rooms or have access to all of them, allowing them to float from room to room.

What about operations-based exercises? Yes, there are options for conducting operations-based exercises remotely. First, we do need to acknowledge the obvious challenges associated with conducting drills and full-scale exercises via remote environments. Is it impossible? No, but it depends on what the focus of the exercise is. Something like a cyber-security or intelligence exercise may be more naturally brought into a virtual environment, depending on the exercise objectives or tasks. Games may be fully integrated into digital platforms already, which helps, but if they aren’t, these may need to be re-imagined and developed in a virtual environment. This can get expensive, so it really needs to be a properly thought through. Functional exercises, such as the typical command post exercise or emergency operations center (EOC) exercise, can absolutely be performed virtually. Many jurisdictions successfully ran their EOCs virtually during the height of the pandemic (many still are). If the actual activity can be performed virtually, it can (and should!) be exercised virtually. Again, preparation is key to ensuring that participants can do what they would normally do, while controllers and evaluators still have full access and visibility. Simulation Cells can be virtually integrated and most EOC management platforms are web-based. With some thought, we can bring most exercises into a virtual environment and still make them effective experiences while also meeting all HSEEP requirements.

Tip… For a virtual functional exercise, unless the time period of your exercise is set after the initial response, consider including an objective for the participants (and the tech support of their agencies, as needed) to set up everything that is needed in real time during the exercise – just like they would in real life. This would include all their video, file share, data tracking, etc. That set up is a considerable challenge of running a virtual EOC. If you didn’t want that activity to distract from your exercise, it’s also a great drill. Don’t let it just be tech support personnel, though, as EOC personnel should be expressing their needs.

Remote work environments have helped many organizations overcome challenges associated with the pandemic. Some organizations were better prepared than others to make it happen, but most seem to have achieved effective operational continuity. Hopefully your preparedness programs haven’t stalled out because people feel these activities can’t be done in a virtual environment. We also can’t use the excuse that we’re too busy because of the pandemic to not be preparing. While some niche organizations might still be quite busy, the pandemic response, for most, has become an integrated job duty for the medium term. We can’t let things fall to the wayside or we will never get back on track. The time is now!

I’d love to hear how you are using tech platforms to support preparedness efforts.

©2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

When the Solution Becomes the Problem

Ever think a problem was fixed just to find that the solution was really more of a problem or a totally different kind of problem. While this can certainly happen in our person lives, I see this happen a lot in my professional life, and I’m sure you do as well. Through my tenure in emergency management, I’ve seen a lot of ill-informed assessments, poorly written plans, misguided training programs, bad hires or contracts, unwise equipment purchases, and exercises that could really be called damaging. Not only is the time, money, and effort put into developing these a waste of time (aside from learning how not to do them), they can have ramifications that cause issues to be solved in the short term or down the road.

Poorly conducted assessments can result in a lot of problems. If the data, the analysis, or conclusions are wrong, this can have considerable consequences if that assessment was intended to inform other projects, such as plans, construction, hazard mitigation efforts, staffing, and more. I’ve seen people point to reports with the assumption that the data was complete, analysis was unbiased, and conclusions are correct, and with something akin to blind obedience. When an assessment is used to justify spending and future efforts, we need to ensure that the assessment is carefully planned and executed. Similarly, we’ve all seen a lot of decisions based on no assessment at all. This can be just as dangerous.

Bad planning is a problem that has always, and I fear will always, plague emergency management. Of course, there are some really stellar plans out there, but they seem to be the exception. There are an abundance of mediocre plans in existence, which I suppose are fine but in the end aren’t doing anyone any favors because while the plans themselves may be fine, they tend not to include much useful information, specifics on procedure, or job aids to support implementation of the plan.

Here’s an example of how disruptive bad plans can be: A few years ago, my firm was hired by a UASI to design, conduct, and evaluate a couple of exercises (one discussion-based, the other operations-based) to validate a new plan written for them by another firm. Being that the exercises were to be based on the plan, I took a deep dive into the plan. I honestly found myself confused as I read. I forwarded the plan to a member of our project team to review and, quite unsolicited, I received a litany of communications expressing how confounded he was by the plan. At the very best, it was unorganized and poorly thought out. The subject matter lent itself to a timeline-based progression, which they seemed to have started then abandoned, which resulted in a scattering of topic-based sections that were poorly connected. After conferring with that team member to develop some very specific points, I approached our client for a very candid conversation. I came to find out that the planning process recommended and established by CPG-101, NFPA 1600, and others, was not at all used, instead the firm who built the plan didn’t confer with stakeholders at all and delivered (late) a final product with no opportunity for the client to review and provide feedback. This is a firm that gives other consulting firms a bad name. Working with the client, we restructured our scope of work, turning the tabletop exercise into a planning workshop which we used to inform a full re-write of the plan, which we then validated through the operations-based exercise.

Having been involved in training and exercises for the entire duration of my career, I’ve seen a lot of ugly stuff. We’ve all been through training that is an epic waste of time – training that clearly was poorly written, wasn’t written with the intended audience in mind, and/or didn’t meet the need it was supposed to. For the uninitiated, I’ll shamelessly plug my legacy topic of ICS Training Sucks. Possibly even worse is training that teaches people the wrong way to do things. Similarly, poorly designed, conducted, and evaluated exercises are not only a waste of time, but can be very frustrating, or even dangerous. Don’t reinforce negative behavior, don’t make things more complex than they are, don’t put people in danger, and DO follow established guidance and best practices. Finally, if you are venturing into unknown territory, find someone who can help you.

Equipment that’s not needed, has different capability than what is needed, is overpurchased, underperforms, undertrained, poorly stored and maintained, readily obsolete, and not used. Familiar with any of this? It seems to happen with a lot of agencies. Much of this seems to stem from grant funding that has very specific guidelines and must be spent in a fairly short period of time. Those who have been around for a while will remember the weapons of mass destruction (WMD) preparedness program that started prior to 9/11 and was bolstered by post-9/11 program funding. The centerpiece of this program was equipment purchases. While there was some good that came from this program, I witnessed a lot of wasted money and mis-guided purchases for equipment that wasn’t needed, for jurisdictions that didn’t need it or couldn’t sustain it, and supporting training and exercises to teach people how to use the equipment and keep them proficient. A lot of this circles back to poor (or non-existent) assessments used to inform these purchases, but the real culprit here is the ‘spend it or lose it’ mentality of grant surges like this. Foundational aspects of this program, such as defined need, sustainability, and interoperability were often skewed or ignored in favor of simply spending the funds that were thrust upon jurisdictions. I really blame the poor structuring of this program at the federal level on the poor implementations I saw and heard of at the state and local levels.

There are so many other examples of poor implementations that cause problems. Poorly built infrastructure, misguided hazard mitigation projects, and even poor responses. In the realm of response, I’ll draw on another example that I was involved in. Large disasters really do need to draw on a whole-community approach, which often leads to agencies who aren’t used to large-scale and long-duration incident operations going in over their heads. In one large disaster, I had been hired to help lead a team assembled to fix just such an occurrence, charged with rescuing a functionally necessary program that had been managed into the ground by a well intentioned but overly bureaucratic agency with high degrees of micromanagement. The time, money, and effort exerted to support saving this program from itself was fairly extensive, and, in implementation, challenging given the layers and nuances created by the agency that built it. In the end, the biggest issues they had were not listening to subject matter experts, some of which were in their own agency, and, ultimately, a failure of executives to deal with very apparent problems.

Most emergency management agencies operate on very slim and limited budgets. Being efficient and effective is of great importance. Don’t waste limited money or limited time of limited staff. Sometimes the things with greatest impact are simple, but if executed poorly the consequences can be high. Think things through and consult the right people. It makes a difference.

©2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

What Makes an Emergency Manager?

Over the weekend I posted a question on Twitter that prompted a fair amount of discussion with my EM colleagues. What I asked:

Does simply working in emergency management make you an emergency manager? (Even with my ego) it took several years of working in the field before I was comfortable calling myself an emergency manager.

The resulting discussion brought up considerations of time on the job, job responsibilities and titles, education, professional certifications, standards, and other relevant topics. I fully admitted to my own biases, initially directed toward myself and my own career trajectory, but that I honestly have a tendency to carry over to others who might be new to an emergency management job; certainly, with no intent to belittle anyone or gatekeep the profession. The discussions over the weekend on Twitter led me to realize that part of my bias came from what roles I performed early in my career. My primary being a training technician, helping to prepare for and conduct training courses – certainly not managing the program until a few years later. Similarly, early in my career, any emergency deployments or taskings were at the ‘doer’ level, not anywhere near the actual supervision or management responsibilities that came a few years into my career. All of this was appropriate for early in my career. Certainly, I felt that I worked in the field of emergency management, but not that I was a true emergency manager. Not until I was given responsibility and authority, both in my primary job and emergency assignments, that I felt that I was an emergency manager.

I’d also suggest that I was influenced by my own impressions of many of the people I worked with and worked for. I was fortunate enough to learn and be mentored by some really incredible emergency managers (both in their primary and emergency roles). I was awed by their knowledge, their talent, and their ability to coordinate some very diverse groups of people and resources into a unity of effort. In my early years I couldn’t yet do that. I had a lot to learn and respect to garner before I felt I could call myself an emergency manager.

Certification is an interesting thing. While there are certifications in many professions, these fall into two significant types: Those that require experience and those that do not. I think they each have their place and are often appropriate to the profession which they are in. Standards are a related yet still different matter, especially since, in emergency management and related professions, there are several ‘certifications’ that can be obtained. The ideal is to have a standard in the profession. I think standards are something to be explored further, and I give a shoutout to friend and colleague Ashley Morris (@missashes92) who has a lot of thoughts about where standardization should go in emergency management. Personally, I think one standard of practice should be internships or mentorships. These are required by certain professions and I think that, when structured well, they are a great way to gain the proper kind of experience necessary.

Education was another topic that has relevance but also a lot of nuance, as it also has ties to job duties, certification, and standards. I don’t feel that someone having a degree at any level can simply call themselves an emergency manager. There is a lot of consideration for what degrees are applicable, and that’s a challenge given how broad emergency management is. Despite so many of us beating the drum that emergency management is not just response, we still see so many emergency management job postings listing experience requirements as a first responder. It’s a challenge for us to identify as a unique profession when so many jurisdictions simply appoint a police officer or fire fighter to an emergency management job because it’s “close enough” (given no other screening or qualifications). We all know emergency management is so much broader than response applications yet, as a profession, we tolerate that crap. Emergency management has so many niche functions within, many of which are supported by their own unique education standards: engineers, finance and grants, technology, communications, public and/or business administration/management, instructional design, human services, public health, and so much more. Think about all the business units within a large emergency management agency, or a ‘day in the life’ of a one-person emergency management shop. Recovery, mitigation, preparedness, response, grants, volunteer management, community engagement, interagency coordination, logistics, etc. None of that is one skillset. Yet many education programs in emergency management will just talk history and theory. Others will focus on response. Few seem to do it right, giving a good, comprehensive picture of it all. Depending on where they will work, some practitioners need to know about a lot of different things, while in others they can specialize.

Is someone who just does grants management any less of an emergency manager than someone who only does mitigation or someone who only does training? To even put a bit more of a curve on this, how about someone who is an academic, or a researcher, or a consultant? What boxes need to be checked to be labeled as an emergency manager?

The discussion on Twitter to my one question lasted a couple of days, with a lot of really interesting thoughts and insight. Everyone that contributed had very valid perspectives, and it seemed that many agreed that there is no simple answer.

As always, I’m interested in the thoughts of my readers. What do you think is makes an emergency manager?

©2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

Failures in Preparedness

In May the GAO released a report titled “National Preparedness: Additional Actions Needed to Address Gaps in the Nation’s Emergency Management Capabilities”. I encourage everyone to read the report for themselves and also reflect on my commentary from several years of National Preparedness Reports. I’ll summarize all this though… it doesn’t look good. The National Preparedness Reports really tell us little about the state of preparedness across the nation, and this is reinforced by the GAO report as they state “FEMA is taking steps to strengthen the national preparedness system, but has yet to determine what steps are needed to address the nation’s capability gaps across all levels of government”.

First of all, let me be clear about where the responsibility of preparedness lies – EVERYONE. Whole community preparedness is actually a thing. It’s not FEMA’s job to ensure we are prepared. As also made evident in the GAO report (for those who haven’t worked with federal preparedness grants), most preparedness grants are pretty open, and as such, the federal government can’t force everyone to address the most critical capability gaps. Why wouldn’t jurisdictions want to address the most critical capability gaps, though? Here are some of the big reasons:

  • Most or all funding may be used to sustain the employment of emergency management staff, without whom there would be no EM program in that jurisdiction
  • The jurisdiction has prioritized sustaining other core capabilities which they feel are more important
  • The jurisdiction has decided that certain core capabilities are not for them to address (deferring instead to state or federal governments)
  • Shoring up gaps is hard
  • Response is sexier

The GAO report provided some data to support where priorities lie. First, let’s take a look at spending priorities by grant recipients:

While crosscutting capabilities (Operational Coordination, Planning, and Public Information and Warning) were consistently the largest expenditures, I would surmise that Operational Coordination was the largest of the three, followed by Planning, with Public Information and Warning coming in last. And I’m pretty confident that while these are cross cutting, these mostly lied within the Response Mission Area. Assuming my predictions are correct, there is fundamentally nothing wrong with this. It offers a lot of bang for the buck, and I’ve certainly spoken pretty consistently about how bad we are at things like Operational Coordination and Planning (despite some opinions to the contrary). Jumping to the end of the book, notice that Recovery mission area spending accounts for 1% of the total. This seems like a poor choice considering that three of the five lowest rated capabilities are in the Recovery mission area. Check out this table also provided in the GAO report:

Through at least a few of these years, Cybersecurity has been flagged as a priority by DHS/FEMA, yet clearly, we’ve not made any progress on that front. Our preparedness for Housing recovery has always been abysmal, yet we haven’t made any progress on that either. I suspect that those are two areas, specifically, that many jurisdictions feel are the responsibility of state and federal government.

Back in March of 2011, the GAO recommended that FEMA complete a national preparedness assessment of capability gaps at each level of government based on tiered, capability-specific performance objectives to enable prioritization of grant funding. This recommendation has not yet been implemented. While not entirely the fault of FEMA, we do need to reimagine that national preparedness system. While the current system is sound in concept, implementation falls considerably short.

First, we do need a better means of measuring preparedness. It’s difficult – I fully acknowledge that. And for as objective as we try to make it, there is a vast amount of subjectivity to it. I do know that in the end, I shouldn’t find myself shaking my head or even laughing at the findings identified in the National Preparedness Report, though, knowing that some of the information there can’t possibly be accurate.

I don’t have all the answers on how we should measure preparedness, but I know this… it’s different for different levels of government. A few thoughts:

  • While preparedness is a shared responsibility, I don’t expect a small town to definitively have the answers for disaster housing or cybersecurity. We need to acknowledge that some jurisdictions simply don’t have the resources to make independent progress on certain capabilities. Does this mean they have no responsibility for it – no. Absolutely not. But the current structure of the THIRA, while allowing for some flexibility, doesn’t directly account for a shared responsibility.
  • Further, while every jurisdiction completing a THIRA is identifying their own capability targets, I’d like to see benchmarks established for them to strive for. This provides jurisdictions with both internal and external definitions of success. It also allows them an out, to a certain extent, on certain core capabilities that have a shared responsibility. Even a small town can make some progress on preparedness for disaster housing, such as site selection, estimating needs, and identifying code requirements (pro tip… these are required elements of hazard mitigation plans).
  • Lastly, we need to recognize that it’s difficult to measure things when they aren’t the same or aren’t being measured the same. Sure, we can provide a defined core capability, but when everyone has different perspective on and expectation of that core capability and how it should be measured, we aren’t getting answers we can really compare. Everyone knows what a house is, but there is a considerable difference between a double wide and a McMansion. Nothing wrong with either of them, but the differences give us very different base lines to work from. Further, if we need to identify how big a house is and someone measures the length and width of the building, someone else measures the livable square footage of a different building, and a third person measures the number of floors of yet another house, we may have all have correct answers, but we can’t really compare any of them. We need to figure out how to allow jurisdictions to contextualize their own needs, but still be playing the same game.

In regard to implementation, funding is obviously a big piece. Thoughts on this:

  • I think states and UASIs need to take a lot of the burden. While I certainly agree that considerable funding needs to be allocated to personnel, this needs to be balanced with sustaining certain higher tier capabilities and closing critical gaps. Easier said than done, but much of this begins with grant language and recognition that one grant may not fit all the needs.
  • FEMA has long been issuing various preparedness grants to support targeted needs and should not only continue to do so, but expand on this program. Targeted grants should be much stricter in establishing expectations for what will be accomplished with the grant funds.
  • Collaboration is also important. Shared responsibility, whole community, etc. Many grants have suggested or recommended collaboration through the years, but rarely has it been actually required. Certain capabilities lend themselves to better development potential when we see the realization of collaboration, to include the private sector, NGOs, and the federal government. Let’s require more of it.
  • Instead of spreading money far and wide, let’s establish specific communities of practice to essentially act as model programs. For a certain priority, allocate funds for a grant opportunity with enough to fund 3-5 initiatives in the nation. Give 2-3 years for these programs to identify and test solutions. These should be rigorously documented so as to analyze information and potentially duplicate, so I suggest that academic institutions also be involved as part of the collaborative effort (see the previous bullet). Once each of the grantees has completed their projects, host a symposium to compare and contrast, and identify best practices. Final recommendations can be used to benchmark other programs around the nation. Once we have a model, then future funding can be allocated to support implementation of that model in other areas around the nation. Having worked with the National Academies of Sciences, Engineering, and Medicine, they may be an ideal organization to spearhead the research component of such programs.
  • Recognize that preparedness isn’t just long term, it’s perpetual. While certain priorities will change, the goals remain fundamentally the same. We are in this for the long haul and we need to engage with that in mind. Strategies such as the one in the previous bullet point lend themselves to long-term identification of issues, exploration of solutions, and implementation of best practices.
  • Perhaps in summary of all of this, while every jurisdiction has unique needs, grant programs can’t be so open as to allow every grantee to have a wholly unique approach to things. It feels like most grant programs now are simply something thrown at a wall – some of it sticks, some of it falls right off, some might not even make it to the wall, some slowly drips off the wall, and some dries on permanently. We need consistency. Not necessarily uniformity, but if standards are established to provide a foundational 75% solution, with the rest open for local customization, that may be a good way to tackle a lot of problems.

In the end, while FEMA is the implementing agency, the emergency management community needs to work with them to identify how best to measure preparedness across all levels and how we can best implement preparedness programs. Over the past few years, FEMA has been very open in developing programs for the emergency management community and I hope this is a problem they realize they can’t tackle on their own. They need representatives from across the practice to help chart a way ahead. This will ensure that considerations and perspectives from all stakeholder groups are addressed. Preparedness isn’t a FEMA problem, it’s an emergency management problem. Let’s help them help us.

What thoughts do you have on preparedness? How should we measure it? What are the strengths and areas for improvement for funding? Do you have an ideal model in mind?

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

The Future of NFPA 1600

NFPA 1600: Standard on Continuity, Emergency, and Crisis Management is a standard I often reference. The contents of the standard, applicable to all organizations including government, non-profit, and private sector; compliments other standards and doctrine well, and is regularly updated to integrate new practices. The latest editions have gained even more value with what can be collectively referred to as implementation notes, which really help support putting the standard into action. The NFPA has also been releasing ‘Handbook’ editions of their standards, with even more professional commentary to support implementation. There is news, though… NFPA 1600 is going away – but don’t worry!

Last year, the NFPA announced the Emergency Response and Responder Safety Document Consolidation Plan. This is part of a larger movement within the NFPA to pull together a variety of similar codes and standards. NFPA 1600 will be combined into a new consolidated standard, NFPA 1660. NFPA 1660 will consist of the present NFPA 1600, NFPA 1616 (Standard on Mass Evacuation, Sheltering, and Re-Entry Programs), and NFPA 1620 (Standard for Pre-Incident Planning). The respective scopes of each of these documents are very complimentary and it absolutely makes sense for them to be in a combined edition. I appreciate that the combined editions will better allow readers to connect the dots of the continuity of activity.

The new NFPA 1660: Standard on Community Risk Assessment, Pre-Incident Planning, Mass Evacuation, Sheltering, and Re-entry Programs is in a public input period for the first draft through November 13, 2020; with a second draft scheduled for release in 2021; and a final draft by the end of 2022. So, don’t worry, NFPA 1600, or the other two standards it is being combined with, are not yet ‘obsolete’, but these standards on their own will no longer be updated.

For many years, NFPA 1600 has been available free digitally. I’m hoping the new combined standard will also be available for free as it will be an even more valuable resource and reference for a very broad range of emergency management and business continuity professionals, as well as students of these professions. I certainly expect the new NFPA 1660 to include new or modified standards as the result of lessons learned from the Coronavirus pandemic.

Is there anything you would like to see in the new standard?

©2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

NIMS Guidance – Resource Management Preparedness

Last week FEMA issued a national engagement period for updated NIMS guidance on resource management preparedness. This is the first version of such a document, with most material on the subject matter, to date, being included in the NIMS doctrine and a few other locations. I regularly participate in the national engagement periods and encourage others to do so as I think it’s a great opportunity for practitioners and subject matter experts to provide input.

Some observations:

  1. The footer of the document states that it’s not for public distribution. I’m guessing that was an error.
  2. The phrase of ‘resource management preparedness’ rubs me the wrong way. While I understand that there are resource management activities that take place within the preparedness phase of emergency management, we’re not preparing to manage resources. All the activities outlined in the document are actually part of resource management. If they want to put a time stamp on this set of activities, they can refer to them as ‘pre-incident’, but inventorying, typing, etc. are all actually part of the resource management cycle.
  3. I’d prefer to see a comprehensive NIMS Resource Management guide that addresses all aspects of resource management. Considering that resource management is a cycle, let’s actually cover the entire cycle. I think there will be far more value in that. Hopefully that’s eventually where this will go.
  4. The document is too stuck in NIMS. What do I mean by this? It seems that more and more people seem to forget that NIMS is a doctrinal component of incident management. While the document is focused on NIMS, it would have greater value if it addressed pre-incident resource management activities that might not found in the NIMS doctrine (though some are), but are none-the-less best practices in resource management. Many of these practices begin pre-incident.
  • One of the biggest things is resource tracking. Yes, resource tracking is a concept found in NIMS, but it’s not at all addressed here. How many jurisdictions struggle to figure out how to track resources in the middle of an incident (answer: most of them). The best time to figure out the means and methods of tracking resources is before an incident ever occurs. Resource tracking has a fair amount of complexity, involving the identification of what will be tracked, how, and by who; as well as how changes is resource status are communicated. Data visualization and dashboarding is also big. People want to see maps of where major resources are, charts that depict utilization, and summaries of resource status. All things best determined before an incident.
  • Resource inventories should identify operating requirements, such as maintenance and service. This is vaguely referenced in the guidance, but not well. Before any resource is deployed, you damn well better have the ability to operate and support that resource, otherwise it’s nothing more than a really large expensive paperweight. Do you only have one operator for that piece of equipment? That’s a severe limitation. All things to figure out before an incident.
  • How will resource utilization be tracked? This is important for cost controls and FEMA reimbursement. Figure that one out now.
  • What consumables are stockpiled or will be needed? What is the burn rate on those under various scenarios? (We’ve learned a lot about this in the pandemic)
  • What about resource security? When it’s not being used where and how will it be secured? What if the resource is left unattended? I have a great anecdote I often tell about a portable generator used in the aftermath of a devastating snow storm to power the traffic lights at a critical intersection. The maintenance crew doing their rounds found it to be missing, with the chain cut. Luckily the state’s stockpile manager had GPS trackers on all of them. It was located and re-acquired in little time, and the perpetrators charged. This success was due to pre-incident activity.
  • Resource ordering processes must also be established. What are the similarities and differences in the process between mutual aid, rental, leasing, or purchasing? What are your emergency procurement regulations and how are they implemented? How are the various steps in the ordering process assigned and tracked? This is highly complex and needs to be figured out before an incident.
  1. Resource typing. I honestly think this is the biggest push in emergency management that isn’t happening (maybe perhaps second to credentialing). Resource typing has been around for a long time, yet very very few jurisdictions I’ve worked with or otherwise interacted with have done it and done it well. I find that most have either not done it at all, started and gave up, or have done it rather poorly. I’ve been involved in resource typing efforts. It’s tough and tedious. I’ve done it for resources that we’re yet typed at the national level, leaving agencies and jurisdictions to define their own typing scheme. This literally can devolve into some heated discussions, particularly fueled by the volume of rather heavy customization we tend to do with resources as technology evolves, giving resources that may fundamentally appear to have similar capability to in reality be quite different. I’ve also done it for resources that have been typed at the national level. This certainly helps, as you aren’t first having to figure out your own thresholds, but it can still be challenging to pigeon hole resources that, again, may be heavily customized and don’t cleanly fit within a certain pre-defined category. It’s even more frustrating to have developed your own typing scheme in the absence of a national one, only to have national guidance issued a couple years later and needing to go back to those discussions.

I’m not saying resource typing is bad, in fact the benefits, both internally and externally, can be incredibly helpful. That said, it’s a time-consuming effort that, in the broader sense of limited time and other assets available to most emergency managers, is perceived to pay a lesser dividend than other activities such as developing and updating plans, training people on the implementation of those plans, and exercising those plans. It also can be difficult convincing agencies that it should be done. I can’t tell you how many times I get the response of ‘We know what we have’. I know that’s not the point, but that’s how the effort of typing resources is perceived. Even after some explanation of the benefits, most agencies (and I think rightfully so) would rather invest their time and effort into preparedness activities are that are seen as more beneficial. It leaves me wondering… is there a better way?

While it’s good to see information on the topic of early resource management steps being collated into one document, along with some resources and references that I’ve not seen before, this document is missing a lot. I just wrote last night about emergency managers being our own worst enemy. If we are just focused on implementing NIMS, we will absolutely fail. NIMS is not the end all/be all of incident management, but it is fundamentally promoted as such. Yes, the concepts of NIMS are all incredibly important, brought about from lessons learned and identified best practices of incident management through decades of experience. But the documents related to NIMS seem to pick and choose what they will focus on, while leaving out things that are highly critical. Perhaps some of these will be covered in future editions of resource management guidance, but they aren’t doing anyone any favors by omitting them from a document on pre-incident activity. We need to think broader and more comprehensive. We need to do better.

What are your observations on this document? What feedback do you have on my observations?

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

EOC Mission Planning

I’ve been wrong. I used to teach and otherwise espouse that emergency operations centers didn’t actually do operations. I was bought in to the traditional perspective that EOCs ONLY provided resource support and information coordination. I’m not sure how or why I bought into this when on incidents I was actually involved in planning and directing certain operations. This mentality goes back, for me, about 15 years. It’s important to break this myth and acknowledge the role that EOCs can and should play in incident management.  

EOCs being involved in directing field operations is certainly nothing new. If you don’t want to take my word for it, it’s also doctrinal. Check out the EOC section of the NIMS document. “EOC staff may share the load with on-scene incident personnel by managing certain operations, such as emergency shelters or points of distribution. When on-scene incident command is not established, such as in a snow emergency, staff in EOCs may direct tactical operations.”

This post has been in the works for a while. Several months ago, I was developing structured guidance on EOC mission planning for a client and realized it would be a good topic to write about. I recently made some social media posts on the topic, with responses encouraging me to write more. So, it was clearly time to do so.

As I had posted on social media, if you don’t think an EOC actually does operations, I’d suggest that the EOCs you are familiar with either haven’t had the opportunity to properly apply mission support or they are doing something wrong. Certainly not every incident will require an EOC to provide mission support, but EOCs should be ready to do so.

EOC missions are typically initiated one of three ways:

  1. A request by incident command to handle a matter which is outside their present area of responsibility or capability,
  2. EOC personnel recognize an operational need that isn’t being addressed, or
  3. The EOC is directed to take certain action from an executive level.

As the NIMS doctrine states, operations that are prime candidates for EOC-directed missions could be emergency shelters or points of distribution. Other operations, such as debris management, or (something recently experienced by many jurisdictions) isolation and quarantine operations are also often EOC-directed.

What makes these EOC-directed missions? Typically, they are planned, executed, and managed by an EOC. This could be a multi-agency EOC or a departmental operations center. Of course, there are ‘field’ personnel involved to execute the missions, but unlike tactical activity under the command of an Incident Commander, the chain of command for EOC-directed missions goes to the EOC (typically the EOC’s Operations Section or equivalent).

Ideally, jurisdictions or agencies should be developing deliberate plans for EOC-directed missions. Many do, yet still don’t realize that execution of the plans is managed from the EOC. These are often functional or specifically emergency support function (ESF) plans or components of those plans. For context, consider a debris management plan. As with many deliberate plans, those plans typically need to be operationalized, meaning that the specific circumstances of the incident they are being applied to must be accounted for, typically through what I refer to as a mission plan. In developing a mission plan, with or without the existence of a deliberate plan, I encourage EOCs to use the 6-step planning process outlined in CPG-101. As a refresher:

  1. Form a planning team
  2. Understand the situation and intent of the plan
  3. Determine goals and objectives of the plan
  4. Develop the plan
  5. Plan review and approval
  6. Plan implementation

The planning team for an EOC-driven mission should consist, at the very least, of personnel in the EOC with responsibility for planning and operations. If several mission plans are expected to be developed, the EOC’s Planning Section may consider developing a ‘Mission Planning Unit’ or something similar. Depending on the technical aspects of the mission, technical specialists may be brought into the planning team, and it’s likely that personnel with responsibility for logistics, finance, and safety, may need to be consulted as well.

If a deliberate plan is already in place, that plan should help support the intent, goals, and objectives of the mission plan, with a need to apply specific situational information and context to develop the mission plan.

Developing the plan must be comprehensive to account for all personnel, facilities, resources, operational parameters, safety, support, reporting, documentation, and chain of command. These may need to be highly detailed to support implementation. The mission may be organized at whatever organizational level is appropriate to the incident. This is likely to be a group within EOC Operations (or equivalent). Obviously having a deliberate plan in place can help address a fair amount of this proactively. Outlining processes and position descriptions, and providing job aids will support implementation considerably.

Plan review often seems an easy thing to do, but this needs to be more than an editorial review. The review should be comprehensive, considering the operations from every possible perspective. Consider various scenarios, notionally walking through processes, and even using a red team concept to validate the plan. While this is likely going into immediate implementation, it’s best to spend some time validating it in the review stages instead of having it fail in implementation. Approval will come at whatever level is appropriate within your organization.

Plan implementation should certainly include an operational briefing for the staff executing the plan, and it should ideally be supported through an incident action plan (IAP) or EOC action plan, or a part thereof. As with any implementation, it needs to be properly managed, meaning that progress must be monitored and feedback provided to ensure that the mission is being executed according to plan and that the plan itself is effective. Understand that complex missions, especially those of longer duration, may need to be adjusted as lessons are learned during implementation.

As is typically said in ICS courses, we should begin demobilization planning as early as possible. Missions may have a completion in whole, where the entire mission is demobilized at once, or there may be a phased demobilization. Many EOCs aren’t used to developing tactical-level demobilization plans, so they need to be prepared for this.

As with any operation, identifying and documenting lessons learned is important. Deliberate plans should be updated to reflect lessons learned (and even a copy of the mission plan as a template or sample), or if a deliberate plan didn’t exist prior to the mission, one should be developed based upon the implementation.

EOCs can, in fact, run operations. I’m sure a lot of you have seen this if you have been involved in responses such as the current Coronavirus pandemic, a hurricane response, and more. Sometimes in emergency management we aren’t good at actually acknowledging what’s going on, for better or for worse. We get stuck with old definitions and don’t realize that we need to evolve, or even already have evolved; or we don’t recognize that current ways of doing things simply don’t work as intended. We seem, sometimes, to be our own worst enemy.

How does your EOC execute mission planning?

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®