Tag Emergency Preparedness Solutions

Nationwide EAS Test Scheduled

Tim Riecker, The Contrarian Emergency Manager Leave a comment

From FEMA~

Mandatory Nationwide Test of the Emergency Alert System to be Conducted September 27

The Federal Emergency Management Agency (FEMA), in coordination with the Federal Communications Commission (FCC), will conduct a mandatory nationwide test of the Emergency Alert System (EAS) on September 27, 2017 at 2:20 pm EDT. The test will assess the readiness for distribution of the national level test message, as well as verify its delivery.

The EAS test is made available to radio, television, cable, and direct broadcast satellite systems, and is scheduled to last approximately one minute. The test’s message will be similar to the regular monthly test message of the EAS with which the public is familiar, only inserting the word “national.” “This is a national test of the Emergency Alert System. This is only a test.”

Significant coordination and regional testing has been conducted with the broadcast community and emergency managers in preparation for this EAS national test. The test is intended to ensure public safety officials have the methods and systems that will deliver urgent alerts and warnings to the public in times of an emergency or disaster. Periodic testing of public alert and warning systems is also a way to assess the operational readiness of the infrastructure required for the distribution of a national message and determine whether technological improvements are needed.

Conducting the test following Hurricanes Harvey, Irma, Jose, and Maria will provide insight into the resiliency of our national-level alerting capabilities in impacted areas. The test will also provide valuable data into how the Integrated Public Alerts and Warning System performs during and following a variety of conditions. With two major hurricanes already making landfall, and a potential for two more impacting our nation, we need to have the ability to maintain the continuity of critical infrastructure under various conditions.

Receiving preparedness tips and timely information about weather conditions or other emergency events can make all the difference in knowing when to take action to be safe. FEMA and our partners are working to ensure alerts and warnings are received quickly through several different technologies, no matter whether an individual is at home, at school, at work, or out in the community. The FEMA App, which can be downloaded on both Android and Apple devices, is one way to ensure receipt of both preparedness tips and weather alerts. The FEMA App can be downloaded at https://www.fema.gov/mobile-app.

The back-up date for the test is October 4, 2017, at 2:20 pm EDT, in case the September 27 test is cancelled. More information on the IPAWS and Wireless Emergency Alerts is available at https://www.ready.gov/alerts.

This is the third mandatory nationwide test of the EAS. The first test was conducted in November 2011, in collaboration with the FCC, broadcasters, and emergency management officials. The second mandatory test was conducted in September 2016. You can also access a video, FEMA Accessible Emergency Alert System IPAWS Test Message, in American Sign Language.

In 2007, FEMA began modernizing the nation’s public alert and warning system by integrating new technologies into the existing alert systems. The new system, known as IPAWS became operational in 2011. Today, IPAWS supports more than 900 local, state, tribal, and federal users through a standardized message format. IPAWS enables public safety alerting authorities such as emergency managers, police, and fire departments to send the same alert and warning message over multiple communication pathways at the same time to citizens in harm’s way, helping to save lives. For more information on FEMA’s IPAWS, go to: www.fema.gov/ipaws. For more preparedness information, go to www.ready.gov.

Thinking Smarter About Security

Tim Riecker, The Contrarian Emergency Manager 2 Comments

If you work in any facet of public safety and you aren’t thinking about how you secure public and event spaces, you haven’t been paying attention.  Our complacency is the greatest gift we can give to terrorists and criminals.  I certainly acknowledge that the most difficult aspect of dealing with criminal intent versus natural hazards is their determination to circumvent our own protective measures and systems, but we often make it easy for them because it’s too difficult for us to change. Is that really the excuse you want to give to the board, the media, or the families of those killed in a criminal act?

While I will never claim to be a security expert, I try to look at things with a critical eye and take the advice of those who are experts in the field.  Here are a few examples of things I’ve encountered.

Several years ago I was part of a team supporting preparedness at a major sporting venue.  The organization who had exclusive rights to the venue requested support in planning, training, and exercise activities.  I provided incident management training and was the lead on exercises.  As preparation for a tabletop exercise, I coordinated with the organization to observe security procedures during a major event.  The security screeners at the entrances to the venue did a reasonable job with most patrons, although consistently faulted with one type of patron – persons in wheelchairs.  Anyone who came to the door in a wheelchair was waved through ALL security screening without so much as a bag check.  This became the gap that I exploited for the exercise, much to the objection of their head of security who insisted that personnel were trained in how to screen patrons in wheelchairs.  While they may have been trained, it is something they consistently failed in doing and I never observed a supervisor correct the behavior.  Perhaps they weren’t trained at all, or the training wasn’t effective, or it was too uncomfortable or inconvenient for them to do.  Regardless, this is a significant gap that I’ve continued to see at other locations through the years.

Earlier this year I attended a large convention that drew tens of thousands of patrons in a large convention center over a long weekend.  I was an attendee and not working in any official capacity.  Security at the venue was laughable.  Security personnel had three main activities – bag checks, credential checks, and metal detector operation.  Metal detector operation was only performed the first day, utilizing walk through detectors as well as wands.  The personnel clearly had no idea how to operate either (I was among dozens if not hundreds of people who were directed to go through a walk through detector – which I noticed was unplugged).  On the occasion that a walk through alerted (one that was plugged in…), I observed security personnel waiving the wand around people too quickly and too far away from their bodies.  For bag checks, we were asked to open all bags for security inspection.  The ‘inspection’ I observed on each day usually consisted of someone saying thank you and waving you through as they looked around the room or chatted with a co-worker, certainly not actually looking into the bags.  As for checking credentials, every patron was provided with a lanyard and a pass to be attached to said lanyard.  Security personnel were supposed to be checking passes as people entered doors to the main exhibit hall and other areas.  I noted some security personnel did this better than others – some of which didn’t check at all.  I actually managed to keep my pass in my pocket through the entire event, only being challenged by security once.  I was so alarmed by some of the practices that on separate occasions I introduced myself to a county sheriff’s deputy and a fire marshal to point out some of the more egregious issues.

My work has brought me to a number of secure facilities owned by various levels of government and private entities.  One federal facility I’ve frequently visited through the years usually screens vehicles.  As expected, this includes the opening of doors and the trunk of the car.  Not once, in the many years and visits to this facility has anyone ever moved a seat or checked a bag or package.

My last anecdote comes from a few years ago spending some down time in a small park in an area of DC where there a number of embassies.  One embassy seemed to have regular traffic in and out for visitors as well as some light construction work being performed on their grounds.  As one guard would check identification and presumably verify the need of the visitor to be there, another guard would walk around the vehicle with an inspection mirror (the type at the end of a pole with which to inspect the underside of a vehicle).  It was evident that the guard was either not trained in its proper use or the importance of this protocol, as every time he walked around a vehicle holding the mirror, but never actually putting it in position to view under the vehicle, much less ever looking down at the mirror.  He simply took a casual stroll around the vehicle.

The things I’ve noted here are just a few that happened to come to mind as I crafted this article.  There are dozens more, and I’m sure each of you can come up with a list of poor practices as well.  Keep your eyes open when you go to a public space to see how security is handled.  Look at things through the lenses of potential adversaries.  How could someone gain entry?  Are there recognized security patterns they can circumvent?  What vulnerabilities exist?  If you are responsible for security for a facility, have a security audit performed.  While formal security audits are valuable, often the most meaningful ones are casual and unannounced, with someone the front-line security personnel don’t know trying to gain entrance to the facility.  Are they challenged appropriately? Are they screened effectively?

The mitigation, prevention, and protection against security threats is something that many take too lightly – clearly even those whose job it is to focus on those matters.  Highly effective training programs are available – but we need to ensure that people take these courses and implement what they’ve learned in accordance with documented organizational practices.  Supervisors must be present and constantly maintain quality control.  This is a good matter of practice, but even more important when most non-sworn security personnel have a high rate of turn over or may be part time or temporary employees, or even volunteers.  For large events, proper just-in-time training must be performed for supplemental security staff who are not certified or otherwise professionally qualified security personnel.

Security is a challenging environment to work in.  We must constantly be recognizing threats and trying to out-think potential adversaries.  We must strive to keep passive and active security practices up to par, meeting or exceeding standards without becoming predictable to an observer.  How do you assess security in your facility?  What best practices have you identified?

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Exercises: Simple is Usually Better

Tim Riecker, The Contrarian Emergency Manager 2 Comments

I find often that people want to run exercises they aren’t quite ready for.  Sometimes those exercises are too complex, or they simply aren’t the appropriate type.  Most often, we run exercises to test plans, policy, and procedures; but sometimes those plans, policies, and procedures aren’t quite ready to be tested.  Last year I advised a client to run a workshop instead of a tabletop exercise.  The initial goal of the tabletop was to validate a new plan, but this plan wasn’t ready to be validated.  The problem was that many stakeholders hadn’t yet seen the plan, and the review of that plan by our team in preparedness for the exercise wasn’t favorable.  The plan had much of the needed content, but it was disjointed and didn’t have any logical flow.  By conducting a scenario-based workshop, we were able to identify not only the ideal flow of the plan by flagging benchmark activities, but we were also able to discuss expectations of and for each stakeholder agency in the plan.  The client was then able to apply the results of the workshop to restructure their plan and make some needed substantive changes.

Similarly, I’ve encouraged a current client to conduct a workshop instead of a tabletop.  The initial goal of this tabletop was to identify how a new group of stakeholders could integrate into an existing plan.  In this situation, the tabletop would have been less than effective as the new stakeholder group isn’t yet identified in the plan.  The outcome of the workshop will be to identify how this integration can occur.

I think that sometimes people gravitate to certain exercises simply because they are more popular in a certain application.  That preconceived notion might be too complex or simply a poor choice for what you really need to accomplish.  When it comes to discussion-based exercises, most people default to a tabletop.  With operations-based exercises, it can vary.  Drills are often used for tactical applications, but we don’t see them as much in EOCs.  Drills certainly have a place in an EOC if you are looking to test a very specific function or activity.  While full-scale exercises are fun and sexy, I’ve been to the site of plenty that are total chaos because the fundamental premise of certain plans hasn’t been worked out (or some stakeholders aren’t familiar with them), which perhaps should have been done through a discussion-based exercise or a drill or functional exercise first.  Running a drill to test and familiarize the process of setting up key equipment prior to doing it for the first time in a full scale will pay a lot of benefits, and certainly prevent dozens or hundreds of other people being held up in a full scale.

Another issue I often see with exercises is very long and complex Master Scenario Events Lists (MSELs).  The MSEL is essentially the timeline or script of the exercise.  Along with listing all injects, it also identifies all benchmarks in the management of the exercise, such as StartEx and EndEx, and the introduction of new elements or transition to a different segment.  While there is no particular rule of thumb for how many injects are needed for different exercise types, everything needs to associate back to the objectives of the exercise.  I hate injects that are crafted simply for ‘noise’ (unless it’s an intel exercise), or injects intended to just give someone something to do.  Arguably, if the participants take an exercise seriously, such as a functional exercise, and play out the situation as they would in real life, you can engage an entire EOC for a few hours with even ten well-crafted injects.  While some functions are very focused, consider that the vast majority of what we do in emergency management requires coordination among a variety of elements and functions.  Capitalize on that.  One inject may engage multiple agencies or functions because of the need to coordinate and problem solve.  It’s not enough to identify a solution to the problem, but work through where the resources will come from, how they will get to where they need to go, and what support is needed for them and how long.  That’s a lot of problems to solve and will often transcend every function within the incident command system.  Exercises don’t need to be complex to be effective.  Create a handful of objectives and make sure everything relates back to them.  Simplicity can work.

My last recommendation is to keep your exercise planning team a manageable size.  I’ve been the lead planner for some very large exercises.  These exercises, largely due to their sponsors, ended up involving massive exercise planning teams – and by massive I mean over five or six dozen people – or more.  These are just sheer insanity.  Not every agency or organization involved in the exercise needs to be directly represented, nor does each organization need to send a small army of people.  What you do need is consensus from those organizations on the objectives and their scope of play.  That doesn’t mean they have to be involved in every aspect of planning the exercise.  Just like any other meeting or group project, a large exercise planning team can be cumbersome and management by committee is never efficient.  If need be, stakeholder groups can be developed based upon function.  For example, a fire service exercise planning team would develop their contributions to the exercise.  Just make sure that these groups are well coordinated and the overall exercise planning effort is unified, otherwise you’ll end with a disjointed exercise effort.

In the end, simplicity rules.  As you begin planning your exercise, consider, in every step if it can or should be simplified.  Always refer back to your intent and your objectives.  Chances are you can create a simpler exercise that is just as impactful, or perhaps more impactful.  When our inclination is to make things overly complicated, we often miss the point entirely.

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

 

 

NIMS is Worthless, Unless You Put it into Action

Tim Riecker, The Contrarian Emergency Manager Leave a comment

It’s so often that I hear people proclaim in response to a problem that NIMS will fix it.  I’ve written in the past that many organizations reference the National Incident Management System (NIMS) and the Incident Command System (ICS) in their plans, as they should, but it’s often a reference with no substance.  The devil is in the details, as the saying goes; and the details of implementation are necessary to ensure that difficulties can be overcome.

The premise is simple… NIMS is a doctrine, only as valuable as the paper you print it on.  So fundamentally, NIMS has no value – unless it is implemented.  This human factor is the biggest hurdle organizations and jurisdictions must face, yet so many are lulled into a false sense of security because they cite it in their plans and they’ve taken some ICS courses.  I encourage every organization to review the NIMS doctrine and give your organization an honest assessment of how you are actually following it.  It’s bound to be pretty eye opening for many.

nims_document

We also have to keep in mind that NIMS isn’t just for your own organization.  While there are plenty of great practices in NIMS for your own organization, the greatest value in it is for multi-agency responses.  These don’t have to be to the extent of Hurricane Katrina or a massive wildfire, either.  Multi-agency responses occur in most jurisdictions every day – even what we regard as some of the most simple or routine incidents require multiple agencies to respond.  While the actions and responsibilities of these agencies are fairly rote and well-practiced, a slight increase in complexity can cause significant changes.

Consider that different agencies, even those within the same discipline have some different ways of doing things.  These can be simply in the mechanics of what they do, or they can be driven by procedures, equipment, or personality.  Some of this may be in writing, some may not.  Where this matters is in tactics.  NIMS won’t solve differences in tactical application or ensuring interoperability.  Only preparedness can accomplish that.  Before an incident occurs, we need to be having regular conversations with other agencies within our jurisdiction and outside of it.  How often do you exercise with your mutual aid partners?  I mean really exercise with them…  It’s great that you all arrive to the exercise site and set up your own stuff, but how about mixing and matching equipment?  What will work?  What won’t?  How will it impact tactical application?  These are some of the most meaningful lessons learned.

Bottom line – don’t try to pencil-whip NIMS as the solution to your problems.  It’s meaningless unless it’s actually put into action – and the way to proactively do that is through preparedness efforts.   Work together through POETE activities – Planning, Organizing, Equipping, Training, and Exercises.  Once you put the concepts of NIMS into action, then it will work for you!

How has your organization implemented NIMS concepts?

© 2017 –  Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Management and Organization of EOCs

Tim Riecker, The Contrarian Emergency Manager 1 Comment

I’ve always been fascinated by emergency operations centers (EOCs).  Through my career I’ve worked in many of them across the nation as a responder, trainer, and exerciser (is that a word?).  I’ve seen EOCs large and small, dedicated facilities and multi-use rooms.  I’ve been in EOCs on the top floor of buildings, so as to have a bird’s-eye view; and those underground, originally designed to withstand a Soviet nuclear attack.  I’ve seen technology that rivals NASA’s Mission Control, and EOCs that drop phone and internet lines from the ceiling when needed.  While the size, layout, and technology can all support an EOC’s mission, it’s really all about the people.

IMG_3226Over the past several months I’ve seen an even greater variety of EOCs due to a broad range of consulting projects I’ve led for my company.  These projects have brought me to EOCs in states, cities, and airports across the nation.  While coordination is the commonality, there are a great deal of differences between and among these EOCs, not only in their physical space, but also in how they operate.  While all pay heed to the National Incident Management System (NIMS) in some fashion, some lean more heavily on the Incident Command System (ICS) than others, while some prefer the emergency support function (ESF) model, and others yet seem to be in limbo, searching for the best model.

It’s been over a year since the National Integration Center (NIC), charged with maintaining NIMS, released a draft for public comment of the NIMS Refresh, which included the Center Management System (CMS) concept.  CMS is/was intended as a model for organizing EOCs and other such incident support functions.  Despite promises, we have yet to see any of that come to fruition.  That said, there are certain expectations and activities that must still exist for an EOC to be successful and productive.

With tactics being managed by the Operations Section in the Incident Command Post (ICP), planning is really the focal point of an EOC.  The perspective of an EOC is generally much bigger picture than that of an ICP.  Assuming a traditional coordination and support role of an EOC, the Operations Section of an EOC is really geared toward pulling agencies together and facilitating strategic-level problem solving through proper coordination.  For an EOC to function properly, current information is just as important as the ability to anticipate future needs so that problems can be solved and resources obtained.  This information management and forecasting is the responsibility of the Planning Section in an ICS-centered model, or of a planning function in any other model.

Every agency that contributes to the EOC, regardless of the model, should be prepared to contribute time and potentially even staff to this planning function.  Often, the incident is ‘routine’ enough that the planning staff are familiar with the various facets of the incident to do proper information collection, analysis, and forecasting; but on occasion subject matter experts are needed to support each of these critical activities.  Those subject matter experts often come from the agencies or emergency support functions represented in the EOC.  As forecasting is performed, opportunities are identified for needs that may need to be supported.  This is where the forecasting loops back to Operations to coordinate the agencies/emergency support functions to solve these problems.

None of this actually means that an EOC doesn’t oversee tactics, even indirectly.  While an ICP, for most incidents, doesn’t report to the EOC, there may be ancillary organizations developed to address other matters which the ICP isn’t overseeing.  While the ICP is focused on immediate life-safety issues, the EOC may be coordinating evacuation, sheltering, or public health matters.  In each of these examples, or numerous others which could be contrived, someone has to be in charge of them.  If the incident commander’s attention is focused on the highest priorities, these other matters are likely to be run by the EOC.  Typically, these would be within the chain of command of the EOC’s Operations Section or through an ESF.

I love seeing how different EOCs address problems and manage their own functions.  I’m all for creativity, but there fundamentally should be some standardization to the organization and management structure.  What’s unfortunate, however, is that so many EOCs don’t have proper plans which identify these functions or how they will be managed.  Some simply insert the phrase ‘NIMS/ICS’ into their plan, and assume that’s enough (it’s not).  Others have no plan at all.  The enemy of coordination is chaos, and if you don’t have quality plans in place, which have been trained to and exercised, the EOC stands to add even more chaos to the incident at hand.

Put some thought into your EOC management structure and plans.    How would the EOC run if you or someone else who usually runs it weren’t there?  Are plans and procedures detailed enough for it to operate smoothly?  Are personnel from all agencies trained properly in their roles and responsibilities?  Have you exercised these plans recently?  If so, what lessons learned do you usually see and have you worked to address them?

Feedback is always welcome!

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

EPS – Celebrating Five Years!

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Aside from a brief mention at the end of some posts, I don’t often promote our company on this blog.  While the intent of the blog has never been to directly promote our services, we have gained and maintained a number of professional relationships through it, including those with clients.  I do want to take advantage of the platform on this occasion to express gratitude and hope that you will join us in celebrating an important benchmark.

Emergency Preparedness Solutions (EPS) is excited to be celebrating five years of helping clients to enhance capabilities and improve performance in the areas of emergency management and homeland security.  We have worked with clients across the nation on assessments, planning, training, and exercises on a variety of unique projects.  More specifically, over the past five years we have taken on projects such as exercise design, conduct, and evaluation – including staff support to a state-wide Vigilant Guard exercise, and conduct of airport exercises around the nation.  We have developed, conducted, and evaluated training programs – including those on functional needs sheltering, hazardous materials response for EMS, and continuity of operations.  We have also conducted state-wide training needs assessments, plan evaluations, and have created multi-hazard plans.

EPS New logo

To help mark our five years, we are proud to release a new logo for EPS and an updated website.  The URL is still the same, but the look is totally different.  Please visit us at WWW.EPSLLC.BIZ and take a look around.  Our look is sharper, more contemporary, and mobile friendly.  We also have pictures from a variety of our projects featured throughout the site as well as a live feed of this blog.  Many thanks to Mohawk Valley GIS for their work on the website.  MVGIS is a small business local to us that provides outstanding Geographic Information Systems services and other work locally and afar.  Please be sure to check them out.

On our new website we are also happy to announce our support of Team Rubicon.  Team Rubicon is an outstanding organization that provides hands-on disaster relief services to communities struck by disaster across the nation and around the globe.  Team Rubicon accomplishes great things through the people that make up their organization, mostly military veterans.  You can show them support by direct financial contributions as well as purchasing items through their online store.

We certainly want to acknowledge the contributions of the people who have and continue to work for us on projects.  We often leverage talented people from around the country based on the skills required to meet the needs of clients.  These include active and retired public safety professionals and military veterans.

Like most small businesses, the support of friends and family, especially in the early years, are extremely important.  There are far too many to name, and I’d be likely to forget someone, but each of you have been so important to our success!

Lastly, we wouldn’t be in business if not for our clients.  There are a number of testimonials on our website from several of our clients and we are grateful for the opportunity to work with each of them.  We continue to take on new clients as well as engaging in new contracts with previous clients.  We look forward to continuing on with current clients and working with new ones far into the future!

Thanks for your continued support of this blog and of EPS!

Be safe!

Tim Riecker, CEDP

Awareness of Public Health Preparedness Requirements – CMS

Tim Riecker, The Contrarian Emergency Manager 2 Comments

Emergency management and homeland security are collaborative spaces.  Think of these areas a Venn diagram, with overlapping rings.  Some of the related professions overlap with each other separately, but all of them overlap in the center.  This overlap represents the emergency management and homeland security space.  What’s important in this representation is the recognition that emergency managers and homeland security professionals, regardless of what specific agency they may work for, need to have awareness of that shared space and the areas of responsibility of each contributing profession.  One of the biggest players in this shared space is public health.Presentation1

For nearly a year, public health professionals have been talking about new requirements from CMS, which stands for The Centers for Medicare and Medicaid Services.  How does Medicare and Medicaid impact emergency management?  CMS, part of the Department of Health and Human Services (HHS) covers over 100 million people across the US – far more than any private insurer.  As an arm of HHS and a significant funding stream within public health, they set standards.

The most relevant standard to us is the Final Rule on Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers.  The rule establishes consistent emergency preparedness requirements across healthcare providers participating in Medicare and Medicaid with the goal of increasing patient safety during emergencies and establishing a more coordinated response to disasters.

The CMS rule incorporates a number of requirements, which include:

  • Emergency planning
  • Policies and procedures
  • Communications planning with external partners
  • Training and exercises

These are all things we would expect from any emergency management standard.  Given the different types of facilities and providers, however, the implementation of the CMS rule can be complex.  A new publication released by the HHS ASPR (Office of the Assistant Secretary for Preparedness and Response) through their TRACIE program (Technical Resources, Assistance Center, and Information Exchange), provides some streamlined references to the CMS rule.  It’s a good document to study up on and keep on hand to help keep you aware of the requirements of one of our biggest partners.

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Public Area Security National Framework

Tim Riecker, The Contrarian Emergency Manager Leave a comment

The Transportation Security Administration (TSA) recently released this report in cooperation with a variety of stakeholders which provides information and guidance on preparedness, prevention, and response activities to strengthen the public spaces of transportation venues.  While the focus of the document is on airports, the information in the document is great not only across all transportation venues, but other public spaces as well.  I think there are great takeaways for other areas of vulnerability, such as malls, convention centers, event spaces, and others.

To be honest, there is nothing particularly earthshattering in this document.  The document is brief and identifies a number of best practices across emergency management and homeland security which will help agencies and organizations prevent, protect, prepare, and respond to threats, particularly attacks.  That said, the document does accomplish providing concise information in one document on key activities that absolutely should be considered by entities which control public-access spaces.  I would also suggest that this document is still 100% relevant to those which have some access controls or entry screenings.

Information in the document is segmented into three key tenets: Information Sharing, Attack Prevention, and Infrastructure and Public Protection.  Within these tenets are found recommendations such as relationship building, communication strategies, vulnerability assessments, operations centers, planning, training, and exercises.  Most of the recommendations provide examples or leading best practices (although no links or sources of additional information, which is a bit disappointing).

The framework is worth a look and can probably serve as an early foundation of activity for those who haven’t yet done much to prepare their spaces for an attack.

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Can we Require Preparedness?

Tim Riecker, The Contrarian Emergency Manager Leave a comment

The City of Pittsburgh recently lost an effort to require emergency preparedness training for security officers and building service employees.  The Commonwealth Court ruled that the City did not have the authority to require such an ordinance.  This is just another example we’ve seen with difficulties across the US with requirements for preparedness measures.  Why is it so challenging?  It often comes down to the legality of the requirement.

When it comes to the interface of local jurisdictions with states, we often see the concept of home rule providing one of the greatest challenges.  Some interpretations of home rule laws identify that states can’t require local (often to include county) jurisdictions to conduct certain activities, such as have certain plans, attend training, or conduct exercises.  In some states, we see law or regulation that states that if a jurisdiction is to have an emergency plan, then there is a required format of said plan.  But if there is no stick, there is often a carrot.

If requirements can’t be established, then incentives are often the best alternative.  Again, in the local/state relationship, states have grant allocations which can be provided to local governments.  Grant rules can be established that identify certain requirements as conditions of funding.  This tends to be highly effective, especially when funding is expected to continue year after year, and the grants continue to reinforce sustained maintenance on these requirements, such as periodic updates to emergency plans.  Generally, I see no down side to this alternative, so long as the required initiatives are well thought out and realistic given the amount of funds the jurisdiction is receiving.  To ensure effectiveness, however, there must be accountability and quality control measures in place to monitor execution of these requirements; such as reviewing plans, After Action Reports, and auditing training programs. This same methodology is typically how DHS/FEMA is able to get states and funded urban areas (UASIs) to comply with their wishes for various initiatives.

Outside of government, requirements can still be difficult.  While regulations may be put into place for certain industries and under certain conditions, we often have to rely on other, more practical, means of getting businesses, industry, and even not for profits on board.  This often comes with certifications.  An example would be ISO certifications, which some businesses and industry need to compete in certain markets.  Yes, there is even an ISO standard for emergency management.

Unfortunately, many entities, be they public, private, or even individuals, don’t want to be bothered with preparedness.  Most will agree that it’s a good idea, but it takes time, money, and effort.  It’s long been said that you can’t legislate preparedness, and that is often true.  Even if a requirement is able to be established, the extent of implementation can range widely, depending on the internal motivations and resources available to the entity.  Establish whatever requirements you want, but I guarantee there are some that will barely meet those requirements, and in doing so likely not meet the actual intent of the requirement; while others who are believe in the requirement and have available resources, will exceed the requirement.  Largely, organizations are motivated by funding and certification standards.

I’m interested in the perspectives you have on requiring preparedness, both in the US as well as other nations.

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC