Incident Management Advisors

It’s frustrating to see poor incident management practices. For years I’ve reviewed plans that have wild org charts supposedly based on the Incident Command System (ICS); have conducted advanced-level training with seasoned professionals that still don’t grasp the basic concepts; have conducted and evaluated exercises and participated in incident responses in which people clearly don’t understand how to implement the most foundational aspects of ICS. On a regular basis, especially since people know my focus on the subject, I’m told of incident management practices that range from sad to ridiculous.

Certainly not everyone gets it wrong. I’ve seen plans, met people, and witnessed exercises and incidents in which people clearly understand the concepts of ICS and know how to put it into action. ICS is a machine, but it takes deliberate and constant action to make it work. It has no cruise control or auto pilot, either. Sometimes just getting the incident management organization to stay the course is a job unto itself.

If you are new here, I’ve written plenty on the topic. Here’s a few things to get you pointed in the right direction if you want to read more.

ICS Training Sucks. There are a series of related posts that serve as a key stone to so much that I write about.

The Human Factor of Incident Management. This bunch of related articles is about how ICS isn’t the problem, it’s how people try to implement it.  

As I’ve mentioned in other posts, it’s unrealistic for us to expect most local jurisdictions to assemble and maintain anything close to a formal incident management team. We need, instead, to focus on improving implementation of foundational ICS concepts at the local level, which means we need to have better training and related preparedness activities to promote this. Further, we also know that from good management practices as well as long-standing practices of incident management teams, that mentoring is a highly effective means of guiding people down the right path. In many ways, I see that as an underlying responsibility of mine as a consultant. Sometimes clients don’t have the time to get a job done, but often they don’t have the in-house talent. While some consultants may baulk at the mere thought of building capability for a client (they are near sighted enough to think it will put them out of work), the better ones truly have the interests of their clients and the practice of emergency management as a whole in mind.

So what and how do we mentor in this capacity? First of all, relative to incident management, I’d encourage FEMA to develop a position in the National Qualification System for Incident Management Advisors. Not only should these people be knowledgeable in implementations of ICS and EOC management, but also practiced in broader incident management issues. Perhaps an incident doesn’t need a full incident management team, but instead just one or two people to help the local team get a system and battle rhythm established and maintained. One responsibility I had when recently supporting a jurisdiction for the pandemic was mentoring staff in their roles and advising the organization on incident management in a broader sense. They had some people who handled things quite well, but there was a lot of agreement in having someone focus on implementation. I also did this remotely, demonstrating that it doesn’t have to be in person.

In preparedness, I think there is similar room for an incident management advisor. Aside from training issues, which I’ve written at length about over the years (of course there will be more!), I think a lot of support is needed in the realm of planning. Perhaps a consultant isn’t needed to write an entire plan, but rather an advisor to ensure that the incident management practices identified in planning documents are sound and consistent with best practices, meet expectations, and can be actually implemented. So much of what I see in planning in regard to incident management has one or more of these errors:

  1. Little mention of incident management beyond the obligatory statement of using NIMS/ICS.
  2. No identification of how the system is activated and/or maintained.
  3. As an extension of #2, no inclusion of guidance or job aids on establishing a battle rhythm, incident management priorities, etc.
  4. An obvious mis-understanding or mis-application of incident management concepts/ICS, such as creating unnecessary or redundant organizational elements or titles, or trying to force concepts that simply don’t apply or make sense.
  5. No thought toward implementation and how the plan will actually be operationalized, not only in practice, but also the training and guidance needed to support it.

In addition to planning, we need to do better at identifying incident management issues during exercises, formulating remedies to address areas for improvement, and actually implementing and following up on those actions. I see far too many After Action Reports (AARs) that softball incident management shortfalls or don’t go into enough detail to actually identify the problem and root cause. The same can be said for many incident AARs.

When it comes to emergency management, and specifically incident management, we can’t expect to improve without being more direct about what needs to be addressed and committing to corrective actions. We can do better. We MUST do better.

New polling function in WordPress… Let’s give it a try.

©2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

NIMS Guidance – Resource Management Preparedness

Last week FEMA issued a national engagement period for updated NIMS guidance on resource management preparedness. This is the first version of such a document, with most material on the subject matter, to date, being included in the NIMS doctrine and a few other locations. I regularly participate in the national engagement periods and encourage others to do so as I think it’s a great opportunity for practitioners and subject matter experts to provide input.

Some observations:

  1. The footer of the document states that it’s not for public distribution. I’m guessing that was an error.
  2. The phrase of ‘resource management preparedness’ rubs me the wrong way. While I understand that there are resource management activities that take place within the preparedness phase of emergency management, we’re not preparing to manage resources. All the activities outlined in the document are actually part of resource management. If they want to put a time stamp on this set of activities, they can refer to them as ‘pre-incident’, but inventorying, typing, etc. are all actually part of the resource management cycle.
  3. I’d prefer to see a comprehensive NIMS Resource Management guide that addresses all aspects of resource management. Considering that resource management is a cycle, let’s actually cover the entire cycle. I think there will be far more value in that. Hopefully that’s eventually where this will go.
  4. The document is too stuck in NIMS. What do I mean by this? It seems that more and more people seem to forget that NIMS is a doctrinal component of incident management. While the document is focused on NIMS, it would have greater value if it addressed pre-incident resource management activities that might not found in the NIMS doctrine (though some are), but are none-the-less best practices in resource management. Many of these practices begin pre-incident.
  • One of the biggest things is resource tracking. Yes, resource tracking is a concept found in NIMS, but it’s not at all addressed here. How many jurisdictions struggle to figure out how to track resources in the middle of an incident (answer: most of them). The best time to figure out the means and methods of tracking resources is before an incident ever occurs. Resource tracking has a fair amount of complexity, involving the identification of what will be tracked, how, and by who; as well as how changes is resource status are communicated. Data visualization and dashboarding is also big. People want to see maps of where major resources are, charts that depict utilization, and summaries of resource status. All things best determined before an incident.
  • Resource inventories should identify operating requirements, such as maintenance and service. This is vaguely referenced in the guidance, but not well. Before any resource is deployed, you damn well better have the ability to operate and support that resource, otherwise it’s nothing more than a really large expensive paperweight. Do you only have one operator for that piece of equipment? That’s a severe limitation. All things to figure out before an incident.
  • How will resource utilization be tracked? This is important for cost controls and FEMA reimbursement. Figure that one out now.
  • What consumables are stockpiled or will be needed? What is the burn rate on those under various scenarios? (We’ve learned a lot about this in the pandemic)
  • What about resource security? When it’s not being used where and how will it be secured? What if the resource is left unattended? I have a great anecdote I often tell about a portable generator used in the aftermath of a devastating snow storm to power the traffic lights at a critical intersection. The maintenance crew doing their rounds found it to be missing, with the chain cut. Luckily the state’s stockpile manager had GPS trackers on all of them. It was located and re-acquired in little time, and the perpetrators charged. This success was due to pre-incident activity.
  • Resource ordering processes must also be established. What are the similarities and differences in the process between mutual aid, rental, leasing, or purchasing? What are your emergency procurement regulations and how are they implemented? How are the various steps in the ordering process assigned and tracked? This is highly complex and needs to be figured out before an incident.
  1. Resource typing. I honestly think this is the biggest push in emergency management that isn’t happening (maybe perhaps second to credentialing). Resource typing has been around for a long time, yet very very few jurisdictions I’ve worked with or otherwise interacted with have done it and done it well. I find that most have either not done it at all, started and gave up, or have done it rather poorly. I’ve been involved in resource typing efforts. It’s tough and tedious. I’ve done it for resources that we’re yet typed at the national level, leaving agencies and jurisdictions to define their own typing scheme. This literally can devolve into some heated discussions, particularly fueled by the volume of rather heavy customization we tend to do with resources as technology evolves, giving resources that may fundamentally appear to have similar capability to in reality be quite different. I’ve also done it for resources that have been typed at the national level. This certainly helps, as you aren’t first having to figure out your own thresholds, but it can still be challenging to pigeon hole resources that, again, may be heavily customized and don’t cleanly fit within a certain pre-defined category. It’s even more frustrating to have developed your own typing scheme in the absence of a national one, only to have national guidance issued a couple years later and needing to go back to those discussions.

I’m not saying resource typing is bad, in fact the benefits, both internally and externally, can be incredibly helpful. That said, it’s a time-consuming effort that, in the broader sense of limited time and other assets available to most emergency managers, is perceived to pay a lesser dividend than other activities such as developing and updating plans, training people on the implementation of those plans, and exercising those plans. It also can be difficult convincing agencies that it should be done. I can’t tell you how many times I get the response of ‘We know what we have’. I know that’s not the point, but that’s how the effort of typing resources is perceived. Even after some explanation of the benefits, most agencies (and I think rightfully so) would rather invest their time and effort into preparedness activities are that are seen as more beneficial. It leaves me wondering… is there a better way?

While it’s good to see information on the topic of early resource management steps being collated into one document, along with some resources and references that I’ve not seen before, this document is missing a lot. I just wrote last night about emergency managers being our own worst enemy. If we are just focused on implementing NIMS, we will absolutely fail. NIMS is not the end all/be all of incident management, but it is fundamentally promoted as such. Yes, the concepts of NIMS are all incredibly important, brought about from lessons learned and identified best practices of incident management through decades of experience. But the documents related to NIMS seem to pick and choose what they will focus on, while leaving out things that are highly critical. Perhaps some of these will be covered in future editions of resource management guidance, but they aren’t doing anyone any favors by omitting them from a document on pre-incident activity. We need to think broader and more comprehensive. We need to do better.

What are your observations on this document? What feedback do you have on my observations?

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

EOC Mission Planning

I’ve been wrong. I used to teach and otherwise espouse that emergency operations centers didn’t actually do operations. I was bought in to the traditional perspective that EOCs ONLY provided resource support and information coordination. I’m not sure how or why I bought into this when on incidents I was actually involved in planning and directing certain operations. This mentality goes back, for me, about 15 years. It’s important to break this myth and acknowledge the role that EOCs can and should play in incident management.  

EOCs being involved in directing field operations is certainly nothing new. If you don’t want to take my word for it, it’s also doctrinal. Check out the EOC section of the NIMS document. “EOC staff may share the load with on-scene incident personnel by managing certain operations, such as emergency shelters or points of distribution. When on-scene incident command is not established, such as in a snow emergency, staff in EOCs may direct tactical operations.”

This post has been in the works for a while. Several months ago, I was developing structured guidance on EOC mission planning for a client and realized it would be a good topic to write about. I recently made some social media posts on the topic, with responses encouraging me to write more. So, it was clearly time to do so.

As I had posted on social media, if you don’t think an EOC actually does operations, I’d suggest that the EOCs you are familiar with either haven’t had the opportunity to properly apply mission support or they are doing something wrong. Certainly not every incident will require an EOC to provide mission support, but EOCs should be ready to do so.

EOC missions are typically initiated one of three ways:

  1. A request by incident command to handle a matter which is outside their present area of responsibility or capability,
  2. EOC personnel recognize an operational need that isn’t being addressed, or
  3. The EOC is directed to take certain action from an executive level.

As the NIMS doctrine states, operations that are prime candidates for EOC-directed missions could be emergency shelters or points of distribution. Other operations, such as debris management, or (something recently experienced by many jurisdictions) isolation and quarantine operations are also often EOC-directed.

What makes these EOC-directed missions? Typically, they are planned, executed, and managed by an EOC. This could be a multi-agency EOC or a departmental operations center. Of course, there are ‘field’ personnel involved to execute the missions, but unlike tactical activity under the command of an Incident Commander, the chain of command for EOC-directed missions goes to the EOC (typically the EOC’s Operations Section or equivalent).

Ideally, jurisdictions or agencies should be developing deliberate plans for EOC-directed missions. Many do, yet still don’t realize that execution of the plans is managed from the EOC. These are often functional or specifically emergency support function (ESF) plans or components of those plans. For context, consider a debris management plan. As with many deliberate plans, those plans typically need to be operationalized, meaning that the specific circumstances of the incident they are being applied to must be accounted for, typically through what I refer to as a mission plan. In developing a mission plan, with or without the existence of a deliberate plan, I encourage EOCs to use the 6-step planning process outlined in CPG-101. As a refresher:

  1. Form a planning team
  2. Understand the situation and intent of the plan
  3. Determine goals and objectives of the plan
  4. Develop the plan
  5. Plan review and approval
  6. Plan implementation

The planning team for an EOC-driven mission should consist, at the very least, of personnel in the EOC with responsibility for planning and operations. If several mission plans are expected to be developed, the EOC’s Planning Section may consider developing a ‘Mission Planning Unit’ or something similar. Depending on the technical aspects of the mission, technical specialists may be brought into the planning team, and it’s likely that personnel with responsibility for logistics, finance, and safety, may need to be consulted as well.

If a deliberate plan is already in place, that plan should help support the intent, goals, and objectives of the mission plan, with a need to apply specific situational information and context to develop the mission plan.

Developing the plan must be comprehensive to account for all personnel, facilities, resources, operational parameters, safety, support, reporting, documentation, and chain of command. These may need to be highly detailed to support implementation. The mission may be organized at whatever organizational level is appropriate to the incident. This is likely to be a group within EOC Operations (or equivalent). Obviously having a deliberate plan in place can help address a fair amount of this proactively. Outlining processes and position descriptions, and providing job aids will support implementation considerably.

Plan review often seems an easy thing to do, but this needs to be more than an editorial review. The review should be comprehensive, considering the operations from every possible perspective. Consider various scenarios, notionally walking through processes, and even using a red team concept to validate the plan. While this is likely going into immediate implementation, it’s best to spend some time validating it in the review stages instead of having it fail in implementation. Approval will come at whatever level is appropriate within your organization.

Plan implementation should certainly include an operational briefing for the staff executing the plan, and it should ideally be supported through an incident action plan (IAP) or EOC action plan, or a part thereof. As with any implementation, it needs to be properly managed, meaning that progress must be monitored and feedback provided to ensure that the mission is being executed according to plan and that the plan itself is effective. Understand that complex missions, especially those of longer duration, may need to be adjusted as lessons are learned during implementation.

As is typically said in ICS courses, we should begin demobilization planning as early as possible. Missions may have a completion in whole, where the entire mission is demobilized at once, or there may be a phased demobilization. Many EOCs aren’t used to developing tactical-level demobilization plans, so they need to be prepared for this.

As with any operation, identifying and documenting lessons learned is important. Deliberate plans should be updated to reflect lessons learned (and even a copy of the mission plan as a template or sample), or if a deliberate plan didn’t exist prior to the mission, one should be developed based upon the implementation.

EOCs can, in fact, run operations. I’m sure a lot of you have seen this if you have been involved in responses such as the current Coronavirus pandemic, a hurricane response, and more. Sometimes in emergency management we aren’t good at actually acknowledging what’s going on, for better or for worse. We get stuck with old definitions and don’t realize that we need to evolve, or even already have evolved; or we don’t recognize that current ways of doing things simply don’t work as intended. We seem, sometimes, to be our own worst enemy.

How does your EOC execute mission planning?

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

Updated NIMS Training Program

FEMA recently released an updated NIMS Training Program document. While the document addresses new emergency operations center (EOC) and provides recommendations for joint information system (JIS) and Multi Agency Coordination (MAC) Group training, it doesn’t give us anything really visionary, it simply captures what is. Granted, no where in the document introduction does it say that it’s intended to be a visionary document or something that is goal setting in regard to NIMS training, but to be honest, it should be. I’d like to see a more frequently updated document that not only establishes a current standard, but establishes goals for forward motion and focus.

I’m also disappointed with the insistence that that ICS 400 remains yet another ‘check-the-box’ style of course. As has been mentioned in the past, the ICS 400 is truly an advanced level course that needs to have a bit more context applied in terms of the target audience – not simply ‘incident personnel designated as leaders/supervisors’. Most people taking this course simply don’t need it. In further regard for the ICS 400 course, however, I would say that should also be included in the more advanced levels of training for EOC personnel. Similar to the true need that does exist at higher levels of ICS training, the ICS 400 does have similar value in this track, as EOCs are often key elements of these more complex incident management structures and relationships that are discussed in the ICS 400.

Speaking of training for EOC personnel, I’ll continue to rail against the ELG 2300 course. While it does have some value and may have a place in the training program for EOC personnel (mostly for those planning EOCs, not necessarily working in EOCs), it is not an equivalent of the ICS 300 course for an EOC environment. The ICS 300 course still stands as the course with the highest utility for incident management personnel, though still itself requires considerable improvements.

It’s great to see that the NIMS Training Program does recommend other training opportunities within both the ICS and EOC tracks, such as the Integrated Emergency Management Course (IEMC) and incident management team (IMT) courses, but as I’ve written before, there is still a significant gap in training to meet incident management needs for most local personnel. They require more than just the ICS or EOC courses to bring them the actual realm of application, yet aren’t likely to become part of a formal incident management team. Incident management training as a whole also seems to be missing an extremely important key element – management. It’s one thing to teach someone about the Incident Command System, but the lack of training and guidance to make them good managers of the incident and assigned personnel and resources is considerably lacking. I see this issue more and more, and it’s become very apparent during the Coronavirus response where jurisdictions have very limited ability to call on mutual aid systems for incident management support and are forced to use organic personnel and others who clearly lack in incident management, despite having checked the boxes of completing identified training courses.

I do appreciate that the document encourages development of an organizational training plan, and provides a bit of guidance on that, though even a standard referenced in their guidance is out of date, as it references a multiyear Training and Exercise Plan (TEP), which was replaced in the revised HSEEP doctrine earlier this year with the Integrated Preparedness Plan (IPP). Is it too much to ask that two houses within FEMA communicate with each other?

While the NIMS Training Program document only gives us a view of the training program as it currently exists, it’s not the best picture. It’s clear that certain decision-makers are unwilling to break from traditions that are largely rooted in the history of ICS and the way we have, for far too long, done things in emergency management training. What’s the plan? How are we moving forward? How are we meeting needs? Is anyone even paying attention to needs or are we just recycling much of the same courses and content, simply changing dates and pictures every few years? While some progress has been made, I still see far too much of emergency management and incident management training hung up in approaches that predate 9/11. Where is the vision?

What are your thoughts? What is your vision of incident management training?

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

Properly Leveraging the EOC Safety Officer

One of my Twitter connections tweeted over the weekend about the importance of the Safety Officer in the Emergency Operations Center (EOC) during the pandemic response.  This is absolutely true, but it’s not the only time the EOC Safety Officer should be engaged.  There is a significant role for them in many EOC activations, but they are historically underutilized, often relegated to monitoring for trip hazards in the EOC and making sure that no one hits their head on the desk when they fall asleep on those long wind-down shifts. 

While the Safety Officer in an Incident Command Post has a great deal of work to do, monitoring tactical hazards and implementing mitigative measures, we often think that with the EOC’s hands-off approach to tactics (something else that is also a myth in incident management) that there is little for an EOC Safety Officer to do.  Obviously, the potential of an EOC Safety Officer depends on the specific circumstances of the incident and the scope of support being provided by the EOC, especially if it’s staffed with the proper personnel. 

Remember that the Safety Officer is a member of the Command (or EOC Management) staff, and therefore can have assistants to support technical needs as well as a volume of work.  While ideally we want people trained as Safety Officers (in accordance with the NIMS position-specific curriculum), let’s face it – most of pool of position-trained personnel come from the fire service.  While on the surface there is obviously nothing wrong with that – fireground safety applications are incredibly detailed and require a very specific know-how – we need to leverage people with the proper background based on the incident we are dealing with.  That could be someone with a fire background, but, for example, a public health incident likely requires a Safety Officer (or advising assistant Safety Officer) to have a public health background; just as an emergency bridge replacement likely requires someone with an engineering background to be the Safety Officer. 

Through my experience, I’ve found that occupational health and safety personnel (either OSHA-proper from the US Dept of Labor or State/Local Occupational Health and Safety personnel) are great for this position, and even better if they have the proper ICS training.  On one hand, I’d call them generalists, because you can utilize them for darn near any incident, but calling them generalists almost feels insulting, as their knowledge of laws, regulations, and guidelines is often very extensive, and if they don’t know, they know where to find the information.  They also work well with hazard-specific specialists who can be integrated as assistants.  They can also call upon a small army of other OSHA-types to support field monitoring of safety matters. 

I will mention a word on using ‘regulators’ as Safety Officers.  Some may be reluctant to do so.  Reflecting again on my experience, I’ll say that Federal/State/Local OSHA-types are great to work with in this regard.  They are often willing to be flexible, developing and implementing an incident safety plan that can be phased, with safety personnel initially providing guidance and correction (when appropriate) and enforcing later. 

In looking at the scope of responsibility for an EOC Safety Officer, we do need to consider the scope of responsibility for any Safety Officers working from Incident Command Posts to ensure the work is complimentary, with minimal duplication of effort, but enough overlap for continuity.  The Safety Officers in an ICP will be primarily focused on the operating area of their ICP.  They are less likely to be concerned with safety matters off-site. 

For an ‘intangible’ incident, such as the current pandemic, we are more apt to find EOCs running the show vs incident command posts.  Obviously, this greatly expands the responsibility of the Safety Officer – in a jurisdiction’s primary EOC, as well as the Safety Officers in departmental operations centers (DOCs) – as many tactical operations are truly being managed from the EOC.  Considerations such as Personal Protective Equipment (PPE) and operating guidelines for all areas of operation and all tactics are likely to be coming from the EOC Safety Officer.  If DOCs or other incident management facilities are involved, the Safety Officer of the jurisdiction’s primary EOC may be collaborating with the Safety Officers from these other facilities to ensure a common operating picture in regard to safety, a unified safety plan, and consistent monitoring and enforcement.  A Safety Officer operating in this capacity needs to be comprehensive in their scope, not just looking at the hazards associated with the primary issue (i.e. an infectious disease), but examining all tactics and considerations, ranging from people operating equipment, to emerging weather hazards.

For an incident with more traditional EOC involvement, a Safety Officer still has a full range of responsibilities, though the actual range of these are still dictated by the scope of the incident.  If an EOC is primarily serving as a resource ordering point, the EOC Safety Officer should be communicating with the Safety Officer at the ICP to ensure an understanding of the hazards in general operating area as well as the specific hazards and PPE needs of the application each resource will be assigned to.  The EOC Safety Officer should be ensuring that responding resources are aware of these safety requirements, as well as potential safety concerns while in transit.  The EOC Safety Officer may be providing the ICP Safety Officer with specialized safety support, analysis, and resources, including supplies and equipment (in coordination with EOC Logistics). 

An EOC supporting multiple ICPs (and even coordinating with several DOCs) should have a more involved and proactive Safety Officer, as they need to be coordinating safety matters across each of these incident management structures.  This includes ensuring a common operating picture in regard to safety, a unified safety plan, and consistent monitoring and enforcement.  They are also likely to be involved in working with EOC Logistics to ensure the proper supplies and equipment.  They should be watching for tactical applications or resource movements of each incident management structure to ensure there are no conflicts or impacts in regard to safety. 

An EOC more significantly engaged is likely to be providing mission support (a topic I’ll be writing about in the near future).  In summary, EOC mission support are generally tactical applications which are developed and managed by an EOC to address matters that are beyond the scope of the ICP or those which the Incident Commander can’t presently deal with.  EOC mission support could include things like sheltering, points of distribution, or a family assistance center.  Once up and running, each of these examples should have their own management structure including a Safety Officer to address their specific needs, but the EOC Safety Officer should be heavily involved in the planning and development stages of these missions, as well as coordinating and supporting safety matters to each of them, similar to what has been mentioned previously. 

Lastly, I’ll suggest that an EOC Safety Officer may also be working with third parties, to include non-government organizations, the private sector, and the public.  Depending on the activity of any of these, the EOC Safety Officer should be keeping tabs on what the safety issues are and communicating with these parties.  The role of the EOC Safety Officer could even include public education.  A great example of this was the October 2006 snowstorm in Erie County, NY.  The Safety Officer from the County EOC (staffed by US DOL/OSHA) coordinated several chainsaw safety courses for the public, knowing that despite the number of safety messages distributed via the Public Information Officer, homeowners, who perhaps never used a chainsaw or hadn’t used one in years, would be out in their yards clearing debris from fallen trees.  These courses were incredibly effective and appreciated by the public. 

To be honest, I’m in favor of breaking tradition within EOCs and designating EOC safety matters, such as trip hazards and signage for mopped floors, to those who are managing EOC facility needs (i.e. the Center Support Section if you are using the Incident Support Model).  This assignment more appropriately corresponds with the focus of the Center Support Section and allows the EOC Safety Officer to maintain focus on what’s going on outside the EOC. 

So there is some food for thought on how to properly use an EOC Safety Officer.  Don’t continue to let it be a lame position as so many have in the past.  It has incredible importance when properly utilized and staffed.  I’m interested in hearing about how you have leveraged EOC Safety Officers, or if you are a Safety Officer, what activities you have performed from an EOC. 

Be safe out there. 

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Improving the HSEEP Templates

For years it has bothered me that the templates provided for the Homeland Security Exercise and Evaluation Program (HSEEP) are lacking.  The way the documents are formatted and the lack of some important content areas simply don’t do us any favors.  These templates go back to the origination of HSEEP in the early 2000s and they have seen little change since then.  It gives me concern that the people who developed these have struggled with concepts of document structuring and don’t understand the utility of these documents. 

I firmly believe that the documents we use in exercise design, conduct, and evaluation should be standardized.  Many of the benefits of standardization that we (should) practice in the Incident Command System (ICS) certainly apply to the world of exercises, especially when we have a variety of different people involved in each of these key phases of exercises and entering at different times.  Much like an incident, some people develop documents while others are users.  Both should count on a measure of standardization so they don’t have to figure out what they are looking at and how to navigate it before actually diving into the content.  That doesn’t mean, however, that standards can’t evolve to increase utility and function. 

I’ve written in the past about the dangers of templates.  While they are great guides and reminders of certain information that is needed and give us an established, consistent format in which to organize it, I still see too many people not applying some thinking to templates.  They get lost in plugging their information into the highlighted text areas and lose all sense of practicality about why the document is being developed, who the target audience for the document is, and the information they need to convey. 

Some of my bigger gripes…

  • Larger documents, such as ExPlans, SitMans, Controller/Evaluator Handbooks, and After-Action Reports MUST have a table of contents.  These documents can get lengthy and a TOC simply saves time in finding the section you are looking for. 
  • Some exercises are complex and nuanced.  As such, key documents such as ExPlans, SitMans, and Controller/Evaluation Handbooks must have designated space for identifying and explaining those situations.  This could be matters of multiple exercise sites and site-specific information such as different scopes of play for those sites, limited scopes of participation for some agencies, statements on the flow and execution of the exercise, and others.
  • Recognize that the first section of an EEG (Objective, Core Capability, Capability Target, Critical Tasks, and sources) is the only beneficial part of that document.  The next section for ‘observation notes’ is crap.  Evaluators should be writing up observation statements, an analysis of each observation, and recommendations associated with each observation.  The information provided by evaluators should be easily moved into the AAR.  The EEG simply does not facilitate capturing this information or transmitting it to whomever is writing the AAR. 
  • The AAR template, specifically, is riddled with issues. The structure of the document and hierarchy of headings is horrible.  The template only calls for documenting observations associated with observed strengths.  That doesn’t fly with me.  There should similarly be an analysis of each observed strength, as well as recommendations.  Yes, strengths can still be improved upon, or at least sustained.  Big missed opportunity to not include recommendations for strengths.  Further, the narrative space for areas of improvement don’t include space for recommendations.  I think a narrative of corrective actions is incredibly important, especially given the very limited space in the improvement plan; plus the improvement plan is simply intended to be an implementation tool of the AAR, so if recommendations aren’t included in the body of the AAR, a lot is missing for those who want to take a deeper dive and see specifically what recommendations correlate to which observations and with an analysis to support them. 

Fortunately, strict adherence to the HSEEP templates is not required, so some people do make modifications to accommodate greater function.  So long as the intent of each document and general organization remains the same, I applaud the effort.  We can achieve better execution while also staying reasonably close to the standardization of the templates.  But why settle for sub-par templates?  I’m hopeful that FEMA’s National Exercise Division will soon take a look at these valuable documents and obtain insight from benchmark practitioners on how to improve them.  Fundamentally, these are good templates and they have helped further standardization and quality implementation of exercises across the nation.  We should never get so comfortable, though, as to let tools such as these become stagnant, as obsolesce is a regular concern. 

I’m interested in hearing what you have done to increase the value and utility of HSEEP templates.  How would you improve these?  What are your pet peeves? 

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

Thoughts on How to Improve the Planning Standard

I hope everyone is settling into the new year nicely.  One of the things I started off this year doing was going through CPG 101 and providing input to FEMA for the update of this foundational document.  (note: if you haven’t yet, get your comments in now as the deadline is soon approaching!)  CPG 101, and its predecessors, are time tested and well honed in the guidance provided on the process used for planning.  While it’s frustrating to see and hear that some people still don’t use it, that’s no fault of the document itself, but rather one of human implementation, or lack thereof.

I thought I’d share some of the feedback I sent along to FEMA on what I would like to see in the CPG 101 update.  Looking over my submission, there were two main themes I followed:

  1. Integration of other doctrine and standards
  2. Development of job aids to support use and implementation

I feel that integration of other relevant doctrine and standards into CPG 101 is incredibly important.  We know that preparedness covers an array of activities, but planning is the foundational activity, which all other activities reflect upon.  In past articles I’ve addressed the need to identify these various standards collectively, to show that while these are individual activities with their own outputs, identifying how they can and should be interconnected, offering greater value if used together.  Things like Community Lifelines, THIRA/SPR, HSEEP, and Core Capabilities need to not only be mentioned often, but with examples of how they interconnect and support planning and even each other.

Job aids are tools that support implementation.  I think job aids can and should be developed and included in the updated CPG 101 for each step of the planning process.  While some of us write plans fairly often, there are many who don’t or are going into it for the first time.  These are essentially the ideal conditions for job aids.  They help guide people through the key activities, provide them with reminders, and ultimately support better outcomes. Not only would I like to see job aids, such as check lists and work sheets, for each step, I’d also think that something that covers the whole process comprehensively, essentially a project management perspective, would be incredibly helpful to many people.

There were a couple of one-off suggestions that might not fit the categories mentioned above.  One of which was having more emphasis on the value of data from the jurisdiction’s hazard mitigation plan.  The hazard analysis conducted for hazard mitigation planning is considerably thorough, and can provide great information to support a hazard analysis (or even a THIRA for those brave enough) for purposes of emergency planning.  To be honest, this was something I didn’t really learn until about ten years into my career.  Many of the people I learned from in Emergency Management often leaned so far into response that they disregarded the value of things like mitigation or recovery.  I still find this a lot in our profession.  Once I finally took the time to go through a hazard mitigation plan, I realized the incredible amount of information contained within.  In many cases, there is more information than what is needed for the hazard analysis of an emergency plan, as the narrative and analysis in a hazard mitigation plan often goes into a measure of scientific detail, but this, too, can certainly have value for emergency planning.  Similarly, I also suggested that FP 104-009-2 (the Public Assistance Program and Policy Guide) be included as a reference in CPG 101.  Jurisdictions will strongly benefit from having plans, such as those on debris management, meeting FEMA’s reimbursement guidelines.

Lastly, I encouraged FEMA to include any content that will support plan writers in developing plans that are simply more useful.  So many plans are just a lot of boilerplate narrative, that in the end don’t tell me WHO is responsible for WHAT and HOW things will get done.  It’s so easy for us to be dismissive of action steps when writing a plan, assuming that people will know who has the authority to issue a public alert or the steps involved in activating an EOC.  CPG 101 should reinforce the need for plans to define processes and actions, identify authority, and assign responsibility.  Flow charts, decision trees, maps, charts, and other graphics and job aids are incredibly helpful to ensure that a plan is thorough while also being useful.

That’s the feedback I provided to FEMA, along with a bit of narrative as to why those things are important for inclusion in an updated CPG 101.  I’m curious to hear about the feedback that others provided.  We all tackle these documents from different perspectives, and that’s why I truly appreciate the efforts FEMA makes in these public calls for comment when they are updating certain key documents.

© 2020 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®℠

 

EOC Management Organization

FEMA recently released a draft Operational Period Shift Brief Template for EOCs, open to public comment.  The document is fine, though there was one glaring issue… it assumes an ICS-based model is in use in the EOC.

With the release of the NIMS refresh, we were given some ‘official’ options for EOC management structures.  Unfortunately, we aren’t seeing much material that supports anything other than an ICS-based structure.  An ICS-based structure may certainly be fine, but every organization should examine their own needs to identify what works best for them.  Story time…

We recently completed a contract that included the development of a plan for a departmental operations center for a state agency.  The plan had to accommodate several considerations, including interaction with regional offices and operations, interaction with the State EOC, and integration of a call center.  When we talked to people, examined form and function, and looked at fundamental needs, the end result was an ICS-based organization.  While accommodations had to be made for translating their own agency structure and mission, it fit rather well.

For a contract we are currently working on, we are developing an EOC plan for a private utility.  Again, we reviewed documents, talked to people, and identified the fundamental needs of the company and the EOC organization.  The end result is shaking out to be something a little different.  At a glance, it’s largely ICS-based, but has some aspects of the Incident Support Model, while also having its own unique twists.  One particular observation was that their company’s daily structure has functions combined that we would normally break up in traditional ICS.  Breaking these functions up for an incident would be awkward, disruptive, and frankly, rather absurd.  Not only would personnel be dealing with something out of the ordinary, they would be changing the flow of corporate elements that have been placed together by necessity in their daily operations, which would detract from their efficiency during the incident.

My third example is a contract we are just getting started on.  This project involves developing an EOC plan for a municipality.  While we’ve had some initial discussions, we aren’t sure what the end result will be just yet.  The client isn’t set on any particular structure and is open to the process of discovery that we will be embarking on.  As I’ve thought about their circumstances and the recent and current work we’ve done on this topic, there are a few things that have come to mind.

  1. While NIMS is all about standardization and interoperability, the range of utility of emergency operations centers, in any form, and the mission, organization, an innate bureaucracy of the ‘home agency’ have a heavy influence on what the EOC’s organization will look like.
  2. While there still should be some standard elements to an EOC’s organization, there is generally less fluidity to the composition of an EOC, especially as it compares to a field-level incident command where the composition of the responding cadre of organizations can radically differ.
  3. Consider the doctrinal core concepts of ICS as really core concepts of incident management, thus we can apply them to any structure. These concepts are fundamental and should exist regardless of the organization used.  Some examples…
    1. Unity of Command
    2. Modular organization
    3. Manageable span of control
    4. Consolidated action plans
    5. Comprehensive resource management
  4. We need to acknowledge that the full benefit of organization standardization, exhibited by the ability of incident management personnel to be assigned to a new EOC and be able to immediately function, is potentially compromised to an extent, but that can be largely mitigated by adherence to the core concepts of ICS as mentioned previous. Why?  Because the system and processes of incident management are still largely the same.  These new personnel need just a bit of an orientation to the organizational structure being used (particularly if they are to be assigned in a leadership capacity at any level).

The most important consideration is to develop a plan.  That will provide extensive benefit, especially when done properly.  Follow the CPG 101 guidance, build a team, do some research, and weigh all options.  The end goal is to identify an organizational structure that will work for you, not one that you need to be forced into.  Bringing this around full circle, we need to know that with whatever system you decide to use, expect that you will need to develop your own training, job aids, and other support mechanisms since they largely don’t exist for anything outside of an ICS-based structure.  Note that even for an ICS-based model, there are needs… consider that there is no ‘official’ planning P for EOCs (one that is less tactics-focused), and, of course, that ICS training alone isn’t enough to run your EOC by.

I don’t place any blame for this need… consider that FEMA, with finite resources just like the rest of us, tries to produce things that are of the greatest utility to as much of the nation as possible, and right now, most EOCs are run on an ICS-based model.  While I hope this will expand over time, every entity will still be responsible for developing their own training on how they will organize and respond.  No training developed by a third party for a mass audience can ever replace the value of training designed specifically to address your plans.

I’m interested in hearing what changes are being made to your EOC organizations and how you are addressing needs.

© 2019 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

A Deeper Review of FEMA’s E/L/G 2300 EOC Intermediate Course

A couple months ago I got my hands on the materials for the ELG 2300 EOC Intermediate course.  Back in early June I gave an initial review of this course, based on information from a webinar and the course’s plan of instruction.   Unfortunately, upon reviewing the actual course materials, my initial concerns have been reinforced.

First, I’ll start off with what I think are the positives of this course. The course doesn’t stray from NIMS, and applies a practical integration of the NIMS management concepts, which we are mostly used to seeing in ICS, into the EOC environment.  This is 100% appropriate and should always be reinforced.  The course also references the EOC National Qualification System skillsets.  It’s great to see the NQS referenced in training as they otherwise receive very little attention, which actually brings about a lot of concern as to their overall adoption.  Two units within the course provide some incredibly valuable information.  Those are Unit 5 (Information and Intelligence Management) and Unit 7 (EOC Transition to Recovery).

On to the down side of things… As mentioned in my review a couple months back, the course objectives simply don’t line up with what this course needs to do – that is, it needs to be teaching people how to work in an EOC.  So much of the content is actually related to planning and other preparedness activities, specifically Units 3, 4, and 8. Unit 3 dives into topics such as position tack books, organizational models, EOC design, staff training and qualifications, exercises and more.  Though, ironically enough, there is little to no emphasis on deliberate PLANNING, which is what all this relates to.  This isn’t stuff to be thinking about during an EOC activation, but rather before an activation.  Unit 4, similarly, gets into triggers for activation, how to deactivate the EOC, and other topics that are planning considerations.  Unit 8 dives more into design, technology, and equipment.  While it’s valuable for people to know what’s available, this is, again, preparedness content.

There is a lot of repetitive content, especially in the first few units, along with some typos, which is really disappointing to see.  There are also some statements and areas of content which I wholeheartedly disagree with.  Here are a few:

  • There is ‘no common EOC structure’.   There are actually a few.  Hint: they are discussed in the NIMS document.  I think what they are getting at with this statement is that there is no fixed EOC structure.
  • ‘EOC leaders determine the structure that best meets their needs’. False. Plans determine the structure to be used.  While that organizational model is flexible in terms of size of staff and specific delegations, the lack of context for this statement seems to indicate that the EOC Manager or Director will determine on the fly if they will use the ICS-based model, the Incident Support Model, or another model.
  • One slide indicates that use of the ICS-based model doesn’t require any additional EOC training beyond ICS for EOC staff. Absolutely false!  In fact, this sets you up for nothing but failure.  Even if the model being applied is based on ICS, the actual implementation in an EOC is considerably different.  I’ve written about this in the past.
  • The Incident Support Model ‘is not organized to manage response/recovery efforts’. Wrong again.  With the integration of operations functions within the Resource Support Section, response and recovery efforts can absolutely be managed from the EOC.

There is another area of content I take particular exception with.  One slide describes ‘incident command teams’, and goes on to describe the Incident Command Post (which is a facility, not a team), and an Incident Management Team, with the formal description of a rostered group of qualified personnel.  Not only is this slide wrong to include an Incident Command Post as a ‘team’, they are fundamentally ignoring the fact that ‘incident command teams’ are comprised every damn day on the fly from among responders deploying to an incident.  These are the exact people I espouse the need to train and support in my discussions on ICS.

My conclusions… First of all, this course does not do as it needs to do, which is training people how to work in an EOC.  While the preparedness information it gives is great, operators (people assigned to work in an EOC) will be taking this course expecting to learn how to do their jobs.  They will not learn that.  I’ve advocated before for most training to be set up similar to HazMat training, utilizing a structure of Awareness, Operations, Technician, Management, and Planning focused courses which are designed to TEACH PEOPLE WHAT THEY NEED TO KNOW based upon their function.  Largely, this course is a great Planning level course, that is it’s ideal for people who will be developing EOC operational plans, standard operating guidelines, position qualification standards, and other preparedness material.  I think that Operations, Technician, and Management level training is going to be left to jurisdictions to develop and implement, as it certainly isn’t found here.

I urge a lot of caution to everyone before you decide to teach this course.  Take a look at the material and decide if it’s really what your audience needs.

What are your thoughts on this course?  Will your jurisdiction get use out of it?

© 2019 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

Teaching ICS – We’re not there yet

Over the past week I’ve been neck deep in the updated ICS-300 and ICS-400 curriculum as I prepare to deliver these courses for a client.  While these courses, especially the ICS-300, have made some significant improvements from past versions, I’ve found what I perceive to be another challenge, perhaps a gap, in our collective approach to teaching incident management.

While ICS training should obviously focus on ICS, it seems we are missing an opportunity to provide some critical knowledge on emergency management (at least the response functions of EM) and incident management as an overall concept, especially when we get to the level of ICS-300.  I’m betting that most people taking the ICS-300 class know very little about emergency management and even less about the overall concepts of incident management.  While the ICS-300 is a good and worthwhile course for a great many supervisors within the ranks of public safety, it seems the requirement for ICS training puts a lot of this out of context.

While this might be fine for the ‘typical’ tactician, or even most unit leaders operating within an ICS organization, knowledge of what emergency management is and does, as well as the underlying concepts of incident management, will improve the ability of the response organization as a whole to function.  I echo this same sentiment for the EOC courses that have been developed.

While we strive to have the growth of many public safety professionals to include ICS position-specific training, we also have to be realistic in recognizing that most jurisdictions simply don’t have the capacity to make this happen.  Instead, they rely on a more ad-hoc incident management approach, which will generally serve them well.  Of course, the most challenging time is transitioning from the more ‘routine’ type 5 and 4 incidents into the larger extended response operations of a type 3 incident.  This is when people need to think beyond the normal approach of a largely tactics-focused response, to a system which still necessarily includes tactics, but builds a response organization meant to support and sustain those tactical operations.  What they learn from the ICS-300 may be the most amount of training they have outside of tactical applications.

In such an ad-hoc system, someone put into Logistics, or even more specifically the Supply Unit Leader, may be left wondering how to obtain resources when the answer to that question has always been dispatch.  It may not readily dawn on them to open the phone book (digitally or physically) or to contact the emergency management office to find the resources they need.  It seems silly, but in the context of incident management, dispatch may be all they know.  Similarly, someone assigned as the Situation Unit Leader may be re-creating the wheel when it comes to identifying what information is needed, where to get it from, what analysis needs to take place, and how to tie it all together.  Why?  Because they may not have been made aware of the greater system they function within. Their mental default is the job they usually do for the agency or department they work for.

On a whim, I did some key word searches within the new ICS-300 course student manual.  The term ‘incident management’ comes up with a few hits, mostly centered around NIMS-oriented content or included in the broader term of ‘incident management team’.  Very little explanation is really given on what incident management is.  Rather, the term is just put out there, seemingly with the expectation that the student knows what it is.   A search for the term ‘emergency management’ only comes up with two hits, one being part of ‘Emergency Management Assistance Compact (EMAC)’ (note: no context is given for what this is), and the other use is a rather throwaway use when discussing demobilization.  Emergency management as a function is actually never discussed.

The Reader’s Digest version of all this is that we aren’t including critical contextual information about the systems ICS functions within when we teach more advanced ICS courses.  This inadvertently can close people’s minds to opportunities to improve incident management by extending their thinking beyond tactics and beyond the scope of their home agency.  A podiatrist must still learn about the systems of the whole body before they focus on the foot.  Teaching people, especially at the threshold of ICS-300, about the system of emergency management and the concepts of incident management are critical before we start teaching them the specifics of a particular tool.  Doing so will make their understanding and use of this tool far more effective.

Some may wonder if I will ever be happy with how we teach ICS (really, incident management as a whole).  That day may yet come, but to get there I think we first need to reassess the actual learning needs of practitioners, and do so with fresh eyes instead of trying to mark up the same materials.  I know over the years of my criticisms of ICS training I’ve stimulated a lot of discussion, not only nationally, but internationally.  Many have been hugely supportive of the ideas I’ve put forward, and some have contributed to the dialogue.  Of course, there are some who have been resistant and defensive.  I’m thankful to those who have been receptive and I’m happy to have contributed to the energy behind changes that have been made, and will continue to do so until we, as a collective, are satisfied that the best possible training is being made available.  Change is often times progressive and incremental. It doesn’t happen overnight.

As usual, I’m happy to receive any comments and feedback you might have on these ideas.  Please spread the word and encourage feedback from those who might not be aware.  Emergency management is an ever-evolving practice.  Though we may not have answers, we must continue asking questions.

©2019 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC℠®