Tag NIMS

NIMS Change – Information and Communications Technology Branch

Tim Riecker, The Contrarian Emergency Manager 4 Comments

FEMA recently released a draft for the National Incident Management System (NIMS) Information and Communications Technology (ICT) guidance, providing a framework for incorporating ICT into the Incident Command System (ICS). The draft guidance in many ways formalizes many of the functional changes ICS practitioners have been incorporating for quite a while.

Essentially, the guidance creates an ICT branch within the Logistics Section. That branch can include the traditional Communications Unit as well as an Information Technology (IT) Service Unit. They also make allowances for a Cybersecurity Unit to be included the branch – not as an operational element for a cyber incident, but largely in a network security capacity. The creation of an ICT branch is also recommended for emergency operations centers (EOCs), regardless of the organizational model followed.

The IT Service Unit includes staffing for a leader, support specialists, and a help desk function, while the Cybersecurity Unit includes staffing for a leader, a cybersecurity planner, a cybersecurity coordinator, and a cyber support specialist. The position descriptions and associated task books are already identified pending final approvals and publication of this guidance, with the Cybersecurity and Infrastructure Security Agency (CISA) seemingly ready to support training needs for many of the new positions.

I’m fully in support of this change. FEMA is accepting feedback through October 20, 2022, with instructions available on the website provided previous.

Not being a communications or IT specialist myself, I’m interested in the perspectives of others on this.

© 2022 Tim Riecker, CEDP

Emergency Preparedness Solutions, LLC®

Bring MAC Back

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Multi Agency Coordination, or MAC, is a concept most frequently applied to incident management. MAC Groups are the most commonly defined, being a collection of executives from various agencies, organizations, and/or jurisdictions who may commit the resources of their respective agencies, and often provide high-level decision-making and policy coordination to support an incident. Multi Agency Coordination Systems (MACS) have also been commonly defined, essentially as the combination of resources assembled to support the implementation of multi agency coordination. Multi agency coordination, as a concept, however, transcends MAC Groups and MAC Systems. In incident response we see multi agency coordination occur at the field level and in emergency operations centers (EOCs), the latter of which is generally viewed as an operational extension of the MAC Group. We even see the concept of multi agency coordination specifically extended into Joint Information Systems and Joint Information Centers. Multi agency coordination can and often does also exist across all phases and mission areas associated with emergency management. This is simply a reinforcement that emergency management is a team sport, requiring the participation and input of multiple organizations before, during, and after a disaster as well as in steady-state operations. MAC can be applied in many effective ways to support all of this.

But where did MAC (the more formal version) go? MAC was one of the foundational aspects of the National Incident Management System (NIMS) at one time. But now if you look for information on MAC, you will be pretty disappointed. The NIMS doctrine provides barely a single page on MAC, which might be fine for a doctrinal document if there were supplemental material. Yet, when looking through FEMA’s page for NIMS Components, there are no documents specifically for MAC. There used to be a pretty decent independent study training course for MAC, which was IS-701. That course, and the materials provided, no longer exist as of September 2016. (side note… lots of states and other jurisdictions assembled NIMS Implementations Plans. Many of those have not been updated in years and still reference this as a required training course). You will find only scant references to MAC in some of the ICS and EOC courses, but not with the dedicated time that once existed.

So why is this a problem? MAC as a concept is still alive and well, but without doctrine, guidance, and training to reinforce and support implementation, it will fall into disuse and poor practice. Just in the past two weeks alone, I’ve had direct conversations about MAC with three different clients: one in regard to a state COVID AAR; the other for all hazard planning, training, and exercises; and the other for state-level coordination of a response to invasive species. Superficially, MAC seems an easy concept. You get a bunch of executive-level stakeholders in a room, on a call, or in a video chat to talk about stuff, right?  Sure, but there are right and wrong ways to go about it and best practices which should be embraced. There is no single true model for MAC, which is appropriate, but absent any reasonable guidance, MAC may be misapplied, which could become an impediment to a response – something we’ve certainly seen happen.

All that said, we need to bring significant MAC content and guidance back. One of the better resources I’ve found out there comes from Cal OES. It’s a bit dated (2013) but still relevant. While it does have some language and application specific to California, it is an all-hazards guide (actually adapted from a wild-fire oriented FIRESCOPE document). The document is good, but I’d like to see a national approach developed by FEMA (properly the National Integration Center). MAC is an incident management fundamental, with application even broader than response. Their importance for response, especially larger more complex incidents, is huge, yet the information available on MAC is fairly dismissive. While some content exists in training courses, most of the courses where the content is found are not courses which many MAC Group members would be taking. We must also not confuse training with guidance. One does not replace the other – in fact training should reflect guidance and doctrine.

© 2022 Tim Riecker, CEDP – The Contrarian Emergency Manager

Emergency Preparedness Solutions, LLC®

EOC Management Support Teams

Tim Riecker, The Contrarian Emergency Manager Leave a comment

I almost always catch the releases of the draft FEMA/NIC resource typing definitions, yet I clearly missed the one released in late February for EOC Management Support. Feedback on the draft is due by COB tomorrow, Friday (April 1, 2022).

This release is actually a significant update from an original resource typing definition for EOC Management Support Teams released in 2005. I’m not even sure what they were thinking with the 2005 version, in which a Type 1 EOC Management Support Team only addresses EOC Management/Command Staff.

This new version addresses EOC Management Support more broadly, tackling the challenge of addressing differing EOC organizational models (ICS-based, Incident Support Model-based, or Department/ESF-based). For ICS-based and ISM-based models, they stick to a minimum of six personnel, composed of the EOC Director (I still prefer EOC Manager, personally), a PIO, and the General Staff positions. The Department/ESF-based model identifies an Emergency Manager as providing oversight (not sure why they aren’t sticking with an EOC Manager/Director title), and five departmental/ESF representatives, which they rightfully indicate should be selected based upon the needs of the incident.

Unfortunately, this resource typing definition is extremely short sighted, providing the same structure across Types 1 through 3, with the only noted differences from Type 3 to Type 1 being a small bit of computer and communications equipment. I’m not particularly happy about this and I think it’s a discredit to skilled, trained, and experienced EOC personnel. This also does a disservice to the fundamental purpose of resource typing, being that incidents which have more demands require resources with greater capability. The simple addition of some computer monitors and a sat phone doesn’t provide any greater capability of the knowledge and skills of the personnel being deployed. I’m not sure why Type 2 and Type 1 EOC Management Support Teams wouldn’t be required to provide additional staff (to account for 24-hour operations, work load, etc.).

This document alone also paints an incomplete picture, citing positions that aren’t themselves defined in the library by position qualifications and corresponding position task books. As such, there are no training and experience requirements outlined for the positions identified. There is no typing that exists for these positions at all, or really any definition within the NQS of these positions. I think this document should have been released as part of a full package that includes the position qualifications and task books for each position.

As a positive observation, I do appreciate that this new document specifies that while Incident Management Teams (IMTs) have been deployed to fulfil EOC Management Support roles, requests should be first filled by actual EOC Management Support Teams. I appreciate this recognition, especially considering that IMTs are not fundamentally designed to manage EOCs. While they often do, and are generally successful, this can be an underutilization of IMTs at best, and possibly the entirely wrong tool for the job.

All in all, while this is a step in the right direction for recognizing the need for personnel who specialize in aspects of EOC management, I’m disappointed with the lack of thought that has gone into this. It’s rather like ordering a new car and only being given four tires to start. There is no connection between those tires and nothing to make them go. There isn’t even a place to sit, much less any idea if those tires are suited for the vehicle you ordered. This is also long overdue. The effort to type resources by the National Integration Center is about as old as NIMS itself, yet this is the first REAL movement we have seen on defining and typing EOC personnel. EOCs are activated for most significant incidents, yet actually scoping these personnel has largely been ignored. Instead, time and effort has been put into position qualifications for positions which may certainly be important, but are rarely utilized. We need to do better and expect better.

© 2022 Tim Riecker, CEDP

Emergency Preparedness Solutions, LLC®

Mutual Aid Preparedness

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Mutual aid is a great resource. We get help from our neighbors, or even those beyond our neighbors, providing additional numbers, capabilities, or support to aid our response to incidents and disasters. Mutual aid is mentioned in practically every emergency operations plan I’ve read, yet it’s clearly taken for granted. Most jurisdictions simply don’t have a plan for mutual aid, and most that do have a rather poor plan.

The fire service is by far the most frequent user of mutual aid. Most fire service mutual aid is for short-duration incidents, meaning that they’ve only scratched the surface in mutual aid management issues. Most fire departments don’t have their own mutual aid plans in place, instead relying on a county-based or regional plan. These also vary rather wildly in content and quality. It’s largely fine to use and be part of a county or regional plan, so long as SOMEONE is responsible for implementing the plan and all participants are familiar with it. Given issues of liability, there should also be a mutual aid agreement to which members are signatories consenting to the terms and conditions of the agreement as implemented by the plan.

The best mutual aid practitioners I’ve had experience with are utility companies, especially electric utilities. Be it hurricanes, winter storms, wildfires, or other hazards, most electric utility infrastructure is highly vulnerable to physical disruption. Even if not involved in managing or responding to an incident, we’ve all seen out-of-state utilities responding to our own areas for a major disruption, or utility trucks on the highway headed elsewhere toward a disruption. Utilities have highly detailed plans, often of their own as well as being part of regional consortiums. Those regional consortiums are then part of national-level mobilization plans. While the response details of the incident will change based on each deployment, the managers of every deployment know what to expect in terms of business operations. More strictly in the emergency management world, only the Emergency Management Assistance Compact (EMAC), used for inter-state mutual aid, is as thorough and well-used on such a large scale.

The foundation of mutual aid, regardless of duration or resources shared, is a written agreement. This is something that emergency managers and first responders have been beaten over the head with for years, yet so few actually have written agreements in place. There is no downside to having written agreements. While they may be combined into a single document, agreements and plans really should be different documents, as they have entirely different purposes. Agreements are attestations to the terms and conditions, but plans describe the means and methods. The provisions in a plan, however, may be the basis for the agreement. FEMA provides the NIMS Guideline for Mutual Aid that identifies all the necessary elements of a mutual aid agreement (and plan). The development of a mutual aid plan, just like any other emergency operations plan, should utilize FEMA’s CPG 101: Developing and Maintaining Emergency Operations Plans to guide development. Yes, many FEMA preparedness documents are actually complimentary!

So what about mutual aid planning is so important? Consider that you are having a really big pot-luck party, with hundreds of people invited. Everyone wants details of course: when should they arrive, where should they go, where should they park, how long will the party run? What food should they bring? Is there storage for cold food? How about frozen food? Are there food allergies? Is there alcohol? Are kids welcome? Will there be activities? Can I show up late? Can I show up early? What if I have to leave early? What’s the best way to get there? Are there any hotels in the area? Can I set up a tent or a camper? Can I bring my dogs? What if the weather is bad? You get the point. While most of these questions aren’t the types of questions you will get in a mutual aid operation, some actually are likely, and there will be even more! These kinds of questions are fine and manageable when it’s a few people, but when there are hundreds, it feels like asking for help is an entirely different incident to manage – that’s because it is! Of course, good planning, training, and exercises can help address a lot of this.

Mutual aid plans should address receiving AND sending mutual aid. There are dozens if not hundreds of bad stories coming from incidents like 9/11, Hurricane Katrina, and other benchmark incidents that involve poor mutual aid management – on the part of the receivers as well as those providing resources. Every agency should have policies and procedures in place about responding to mutual aid requests. There were numerous departments on 9/11 that were left non-operational because personnel responded to NYC, Shanksville, or the Pentagon, taking so many resources with them that it crippled their home department’s ability to respond. I wrote about deployment issues back in 2021.

Who will be responsible for receiving dozens or hundreds of resources if you ask for them? I’m not just talking about appointing a Staging Area Manager (something else we do VERY poorly in public safety), but is your organization prepared to receive, support, and manage all these resources? If you expect the operation to be longer than several hours, you may need to consider lodging. How about food and water? Supplies? Specialized equipment? Will you be ready to assign them, or will they languish in a Staging Area for hours? If these aren’t volunteers, who is paying them? How will reimbursement for expenses work?

What if something breaks? What if someone gets hurt? These are important questions not only from the perspective of actions to be taken, but also liability. How will you handle HR types of issues (substance abuse, harassment, etc.) involving mutual aid personnel? Are you prepared to provide these resources with critical incident stress debriefings?

How will mutual aid resources be accounted for and credentialed? What authorities, if any, will mutual aid resources have? What documentation will they be responsible for? How will you communicate with them? Do you have the essential ability to integrate them into your operations?

The bottom line is that if you invite someone to your party, you are responsible for them. It’s a matter of operational necessity, legal liability, professionalism, and respect.

What best practices have you seen when it comes to preparedness for and management of mutual aid resources?

© 2022 Tim Riecker, CEDP

Emergency Preparedness Solutions, LLC®

ICS – Assistant Section Chiefs

Tim Riecker, The Contrarian Emergency Manager 2 Comments

Somehow this one snuck past me, but luckily I have some friends and colleagues who brought it to my attention and talked it through with me. The latest ICS curricula (not consistently, however) identifies that Section Chiefs can have Assistants. It’s been a long-standing practice for General Staff to have Deputies rather than Assistants. So where did this come from?

Page 82 of the NIMS document, as pointed out to me by someone at EMI, provides some language that seems to be the root of this. Here are the definitions provided:

Deputies are used at section and branch levels of the incident organization. A deputy, whether at the command, section, or branch level, is qualified to assume the position.

Assistants are used on Command Staffs and to support section chiefs. Unlike deputies, assistants have a level of technical capability, qualification, and responsibility subordinate to the primary positions and need not be fully qualified to assume the position.

None of those I spoke with are aware of the actual source of this change or why it was changed. Of course, I initially balked at it because it wasn’t the ICS I ‘grew up with’. Given some thought, however, it provides some organizational opportunities and certainly doesn’t violate any of the primary tenets of ICS.

There are absolutely some occasions in the past when, as a Planning Section Chief, I could have used this option. Planning Section Chiefs end up in a lot of meetings, and while I always felt comfortable with leaving the personnel staffing the section to their own tasks, it’s good to have another leader there in the absence of the Section Chief, both for the benefit of the section staff as well as the rest of the organization. However, if there was no one technically qualified to be a Deputy Section Chief but still capable of leading the staff and serving as an interim point person for the section, we would be (and have been) stuck in an organizational nuance. By definition, they couldn’t be assigned as a Deputy, but we didn’t have another option. This is a great opportunity to assign an Assistant. This is somewhat like an ‘executive officer’ type of position, whereas they have authority but can’t necessarily fill the shoes of the principal position.

To add to the myriad options for the Intelligence function, I also see the potential in the use of an Assistant, either in Planning or Operations, to be a viable option. This is someone qualified to lead the task, but not necessarily the Section they are organized within. I similarly see possibilities for addressing other defined needs within the incident organization. Sometimes we take some liberties, again for example in the Planning Section, to create Units that are non-standard, perhaps for tasks such as ‘Continuity Planning’, or ‘Operational Planning Support’ – of course being non-standard, you may have some different titles for them. There isn’t necessarily anything wrong with this, as we aren’t violating any of the primary rules of ICS, nor are we creating positions that actually belong elsewhere (as I often see). Planning is planning, and there may be necessity to have personnel specifically tasked with functions like these. Instead of creating a Unit, which could still be done, you could assign the task to an Assistant. Consider something like debris management. There is a significant planning component to debris management, separate from the operations of debris management. This could be tasked specifically to an Assistant Section Chief to handle.

Another consideration, and somewhat tied to my first example of a de facto leader/point of contact for a section in the absence of the Section Chief, is that an Assistant Section Chief seems to carry more authority than a Unit Leader. That level of authority may need some doctrinal definition, but I think is also largely dependent upon the task they are given and the desires of the Section Chief assigning them – though this can make for inconsistencies across the incident organization. Having someone with a measure of authority, depending on the needs of the task, can be extremely helpful, particularly with the bureaucracies that incident management organizations can sometimes evolve into.

It’s important for us to recognize the need for doctrine to evolve based on common sense approaches to addressing identified needs. That means that the ICS we ‘grew up with’ can and should change if needed. As NIMS/ICS (and other standards) continues to evolve, we need to have discussions on these needs and potential solutions. Every change, however, has consequences, or at least additional considerations. I don’t feel this change should have been made without further exploration of the topic and answering questions such as the level of authority they may have, qualification standards, and support staff assigned to them (let’s be honest – things like this were never well defined for Assistant Command Staff positions either).  I also see a lot of value in doctrine offering best practice examples of use. Once doctrinal changes are made, curriculum changes certainly need to follow. In just examining the ICS 300 and ICS 400 course materials, the inclusion of Assistant Section Chiefs is simply not consistent or adequate.

Where do you find yourself on this topic? For or against Assistant Section Chiefs? What potential uses do you see? What potential problems do you see? How can we address these and ensure good implementation?

© 2021 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

ICS 400 Training – Who Really Needs It?

Tim Riecker, The Contrarian Emergency Manager 6 Comments

A few days ago I had a bit of discussion with others on Twitter in regard to who actually has a need for ICS 400 training. I think a lot of people are taking the ICS 400 (Advanced ICS for Command and General Staff) course for the wrong reasons. While I’d never dissuade anyone from learning above and beyond what is required, we also, as a general statement, can’t be packing course offerings with people who don’t actually need the training. There is also an organizational expense to sending people to training, and the return on that investment decreases when they don’t need it and won’t apply it. Overall, if you are a new reader, I have a lot of thoughts on why our approach to ICS Training Sucks, which can be found here.

Before we dig any deeper into the topic, let’s have a common understanding of what is covered in the ICS 400 course. The course objectives identified in the National Preparedness Course Catalog for some reason differ from those actually included in the current 2019 version of the course, so instead I’ll list the major topics covered by the two-day course:

  • Incident Complex
  • Dividing into multiple incidents
  • Expanding the Planning Capability
  • Adding a second Operations or Logistics Section
  • Placement options for the Intel/Investigations function
  • Area Command
  • Multi-Agency Coordination
  • Emergency Operations Centers
  • Emergency Support Functions

For this discussion, it’s also important to reference the NIMS Training Program document, released in the summer of 2020. This document states many times over that it includes training recommendations and that the authority having jurisdiction (AHJ) determines which personnel are to take which courses. This document indicates the ICS 400 is recommended for:

  1. ICS personnel in leadership/supervisor roles
  2. IMT command, section, branch, division, or group leaders preparing for complex incidents

Note that while #1 above seems to fully capture anyone in a leadership/supervisor role, the document also says that IMT unit, strike team, resource team, or task force leaders preparing for complex incidents do NOT need the training. I’d say this certainly conflicts with #1 above.

With that information provided, let’s talk about who really needs to take the ICS 400 from a practical, functional perspective. First of all, looking at recommendation #1 above, that’s a ridiculously broad statement, which includes personnel that don’t need to have knowledge of the course topics. The second recommendation, specific to IMTs, I’ll agree is reasonably accurate.

Having managed a state training program and taught many dozen deliveries of the ICS 400 course, I’ll tell you that the vast majority of people taking the course don’t need to be in it. I’d suggest that some deliveries may have had absolutely no one that actually needed it, while most had a scant few. Much of this perspective comes from a relative determination of need of personnel that fit within recommendation #1 above. Just because someone may be an incident commander or a member of command and general staff, doesn’t necessarily mean they need to take ICS 400. It’s very likely that through their entire career all of the incidents they respond to and participate in the management of can be organized using standard ICS approaches.

Interface with an EOC does not mean you need to take ICS 400. There is, in fact, a better course for that, aptly named ‘ICS/EOC Interface’. More people need to take this course than the ICS 400. I’m also aware that some jurisdictions require ICS 400 for their EOC staff. The ICS 400 course doesn’t teach you how to function in or manage an EOC. Again, the ICS/EOC Interface course is the better solution, along with whatever custom EOC training is developed (note that none of the FEMA EOC courses will actually teach you how to manage or work in YOUR EOC). If you feel that people in your EOC need to know about some of the concepts within the ICS 400, such as Multi-Agency Coordination or Area Command, simply include the appropriate content in your EOC training. To be honest, I can tell most EOC personnel what they need to know about an Area Command in about three minutes. They don’t need to sit through a two-day course to learn what they need to know.

Cutting to who does need it (aside from IMT personnel), personnel who would be a member of Command and General Staff for a very large and complex incident (certainly a Type I incident, and MAYBE certain Type 2 incidents) are the candidates. Yes, I understand that any jurisdiction can make an argument for their fire chief or police chief, for example, being the IC for an incident of this size and complexity, though let’s consider this in a relative and realistic sense. Most incidents of this size and complexity are likely to span multiple jurisdictions. Particularly in a home rule state, that fire chief or police chief is typically only going to be in charge of that portion of the incident within their legal borders. Although that incident may be a Type I incident taken as a whole, it will likely be managed in large part by a higher AHJ, which may use some of the concepts outlined in the ICS 400. While local government is still responsible for managing the portion of the incident within their borders, they are much less likely to utilize any of the ICS 400 concepts themselves. Along a similar line of thought, most jurisdictions don’t have hazards that, if they become incidents, would be of such size or complexity within their jurisdiction that would require use of these concepts. This leaves larger, more populous jurisdictions generally having a greater need for this level of training.

At some point, every state and UASI was required, as part of their NIMS implementation, to develop a NIMS training plan. Most of the plans I’ve seen further perpetuate the idea that so many people must have ICS 400 training. As part of this, many states require that anyone holding the position of fire chief must have ICS 400. Considering my argument in the paragraphs above, you can see why this is tremendously unnecessary. We must also consider erosion of knowledge over time. As people do not use the knowledge, skills, and abilities they have learned, that knowledge erodes. This is highly likely with the concepts of ICS 400.

A lot of states and other jurisdictions need to take a more realistic look at who really needs ICS 400 training. I’d also like to see some clarification on the matter in FEMA’s NIMS Training Guidance. It’s not about making this training elite or restricting access, but it is about decreasing the perceived and artificially inflated demand for the course.

What’s your jurisdiction’s take on ICS 400 training?

© 2021 Tim Riecker, CEDP

Emergency Preparedness Solutions, LLC®

EOCs and IMTs

Tim Riecker, The Contrarian Emergency Manager 3 Comments

The world of incident management is foggy at best. There are rules, sometimes. There is some valuable training, but it doesn’t necessarily apply to all circumstances or environments. There are national models, a few of them in fact, which makes them models, not standards. Incident management is not as straight forward as some may think. Sure, on Type 4 and 5 incidents the management of the incident is largely taking place from an incident command post. As you add more complexity, however, you add more layers of incident management. Perhaps multiple command posts (a practical truth, regardless of the ‘book answer’), departmental operations centers, emergency operations centers at various levels of government, and an entire alphabet soup of federal operations centers at the regional and national levels with varying (and sometimes overlapping) focus. Add in operational facilities, such as shelters, warehouses, isolation and quarantine facilities, etc. and you have even more complexity. Trying to map out these incident management entities and their relationships is likely more akin to a tangle of yarn than an orderly spiderweb.

Incident Management Teams (IMTs) (of various fashion) are great resources to support the management of incidents, but I often see people confusing the application of an IMT. Most IMTs are adaptable, with well experienced personnel who can pretty much fit into any assignment and make it work. That said, IMTs are (generally) trained in the application of the incident command system (ICS). That is, they are trained in the management of complex, field-level, tactical operations. They (usually) aren’t specifically trained in managing an EOC or other type of operations center. While the principles of ICS can be applied to practically any aspect of incident management, even if ICS isn’t applied in the purest sense, it might not be the system established in a given operations center (in whatever form it may take). While IMTs can work in operations centers, operations centers don’t necessarily need an IMT, and while (formal) IMTs are great resources, they might not be the best solution.  

The issue here certainly isn’t with IMTs, though. Rather it’s with the varying nature of operations centers themselves. IMTs are largely a defined resource. Trying to fit them to your EOC may be a square peg/round hole situation. It’s important to note that there exists no single standard for the organization and management of an EOC. NIMS provides us with some optional models, and in practice much of what I’ve seen often has some similarity to those models, yet have deviations which largely prevent us from labeling what is in practice with any of the NIMS-defined models in the purist sense. The models utilized in EOCs are often practical reflections of the political, bureaucratic, and administrative realities of their host agencies and jurisdictions. They each have internal and external needs that drive how the operations center is organized and implemented. Can these needs be ultimately addressed if a single standard were required? Sure, but when governments, agencies, and organizations have well established systems and organizations, we’ll use finance as an example, it simply doesn’t make sense to reorganize. This is why we are so challenged with establishing a single standard or even adhering to a few models.

The first pathway to success for your operations center is to actually document your organization and processes. It seems simple, yet most EOCs don’t have a documented plan or operating guideline. It’s also not necessarily easy to document how the EOC will work if you haven’t or rarely have activated it at all. This is why we stick to the CPG-101 planning process, engaging a team of people to help determine what will or won’t work, examining each aspect from a different perspective. I also suggest enlisting the help of someone who has a good measure of experience with a variety of EOCs. This may be someone from a neighboring jurisdiction, state emergency management, or a consultant. Either way, start with the existing NIMS models and figure out what will work for you, with modifications as needed. Once you have a plan, you have a standard from which to work.

Once you have that plan, train people in the plan. Figure out who in your agency, organization, or jurisdiction has the knowledge, skills, and abilities to function within key positions. FEMA’s EOC Skillsets can help with this – even if the positions they use don’t totally map to yours, it’s not difficult to line up most of the common functions. Regardless of what model you are using, a foundation of ICS training is usually helpful, but DON’T STOP HERE. ICS training alone, even if your EOC is ICS-based, isn’t enough. I can practically guarantee your EOC uses systems, processes, or implementations unique to your EOC which aren’t part of ICS or the ICS training your personnel received. Plus, well… if you haven’t heard… ICS training sucks. It can be a hard truth for a lot of entities, but to prepare your personnel the best way possible, you will need to develop your own EOC training. And of course to complete the ‘preparedness trifecta’ you should then conduct exercises to validate your plans and support familiarity.

All that said, you may require help for a very large, long, and/or complex incident. This is where government entities and even some in the private sector request incident management support. Typically this incident management support comes from established IMTs or a collection of individuals providing the support you need. The tricky part is that they aren’t familiar with how you are organized or your way of doing things. There are a few ways to hedge against the obstacles this potentially poses. First, you can establish an agreement or contract with people or an organization that know your system. If this isn’t possible, you can at least (if you’ve followed the guidance above) send your plan to those coming to support your needs, allowing them at least a bit of time in transit to study up. Lastly, a deliberate transition, affording some overlap or shadowing time with the outgoing and incoming personnel will help tremendously, affording the incoming personnel to get a hands-on feel for things (I recommend this last one even if the incoming personnel are familiar with your model as it will give an opportunity to become familiar with how you are managing the incident). Of course all of these options will include formal briefings, sharing of documentation, etc.

Remember, though, that there are certain things your agency, organization, or jurisdiction will always own, especially the ultimate responsibility for your mission. Certain internal processes, such as purchasing, are still best handled by your own people. If your operations are technical and industry-specific, such as for a utility, they should still be managed by your own people. That doesn’t mean, however that your people can’t be supported by outside personnel (Ref my concept of an Incident Support Quick Response Team). The bottom line here is that IMTs or any other external incident support personnel are great resources, but don’t set them up for a slow start, or even failure, by not addressing your own preparedness needs for your EOC. In fact any external personnel supporting your EOC should be provided with a packet of information, including your EOC plan and procedures, your emergency operations plan (EOP), maps, a listing of capabilities, demographics, hazards, org charts for critical day-to-day operations, an internal map of the building they will be working in, and anything else that will help orient them to your jurisdiction and organization – and the earlier you can get it to them the better! Don’t forget to get your security personnel on board (building access cards and parking tags) and your IT personnel (access to your network, printers, and certain software platforms). Gather these packets beforehand or, at the very least, assemble a checklist to help your personnel quickly gather and address what’s needed.

© 2021 Tim Riecker, CEDP

Emergency Preparedness Solutions, LLC®

An Update of Ontario’s Incident Management System

Tim Riecker, The Contrarian Emergency Manager 3 Comments

Just yesterday, the Canadian province of Ontario released an update of its Incident Management System (IMS) document. I gave it a read and have some observations, which I’ve provided below. I will say that it is frustrating that there is no Canadian national model for incident management, rather the provinces determine their own. Having a number of friends and colleagues from across Canada, they have long espoused this frustration as well. That said, this document warrants an examination.

The document cites the Elliot Lake Inquiry from 2014 as a prompt for several of the changes in their system from the previous iteration of their IMS document. One statement from the Inquiry recommended changes to ‘put in place strategies that will increase the acceptance and actual use of the Incident Management System – including simplifying language’. Oddly enough, this document doesn’t seem to overtly identify any strategies to increase acceptance or use; in fact there is scant mention of preparedness activities to support the IMS or incident management as a whole. I think they missed the mark with this, but I will say the recommendation from the Inquiry absolutely falls in line with what we see in the US regarding acceptance and use.

The authors reinforce that ICS is part of their IMS (similar to ICS being a component of NIMS) and that their ICS model is compatible with ICS Canada and the US NIMS. I’ll note that there are some differences (many of which are identified below) that impact that compatibility, though don’t outright break it. They also indicate that this document isn’t complete and that they already identified future additions to the document including site-specific roles and responsibilities, EOC roles and responsibilities, and guidance on resource management. In regard to the roles and responsibilities, there is virtually no content in this document on organizations below the Section Chief level, other than general descriptions of priority activity. I’m not sure why they held off of including this information, especially since the ICS-specific info is reasonably universal.

I greatly appreciate some statements they make on the application of Unified Command, saying that it should only be used when single command cannot be established. They give some clarifying points within the document with some specific considerations, but make the statement that “Single command is generally the preferred form of incident management except in rare circumstances where unified command is more effective” and reinforce that regular assessment of Unified Command should be performed if implemented. It’s quite a refreshing perspective opposed to what we so often see in the US which practically espouses that Unified Command should be the go-to option. Unified Command is hard, folks. It adds a lot of complexity to incident management. While it can solve some problems, it can also create some.

There are several observations I have on ICS-related organizational matters:

  • They use the term EOC Director. Those who have been reading my stuff for a while know that I’m really averse to this term as facilities have managers. They also suggest that the term EOC Command could be used (this might even be worse than EOC Director!).
  • While they generally stick with the term Incident Commander, they do address a nuance where Incident Manager might be appropriate (they use ‘manager’ here but not for EOCs??). While I’m not sure that I’m sold on the title, they suggest that incidents such as a public health emergency that is wide-reaching and with no fixed site is actually managed and not commanded. So in this example, the person in charge from the Health Department would be the Incident Manager. It’s an interesting nuance that I think warrants more discussion.
  • The document refers several times to the IC developing strategies and tactics. While they certain may have input to this, strategies and tactics are typically reserved for the Operations Section.
  • There is an interesting mention in the document that no organization has tactical command authority over any other organization’s personnel or assets unless such authority is transferred. This is a really nuanced statement. When an organization responds to an incident and acknowledges that the IC is from another organization, the new organization’s resources are taking tactical direction from the IC. Perhaps this is the implied transfer of authority? This statement needs a lot of clarification.
  • Their system formally creates the position of Scribe to support the Incident Commander, while the EOC Director may have a Scribe as well as an Executive Assistant. All in all, I’m OK with this. Especially in an EOC, it’s a reflection of reality – especially the Executive Assistant – which is not granted the authority of a Deputy, but is more than a Scribe. I often see this position filled by a Chief of Staff.
  • The EOC Command Staff (? – they don’t make a distinction for what this group is called in an EOC) includes a Legal Advisor. This is another realistic inclusion.
  • They provide an option for an EOC to be managed under Unified Command. While the concept is maybe OK, ‘command’ is the wrong term to use here.
  • The title of Emergency Information Officer is used, which I don’t have any particular issue with. What’s notable here is that while the EIO is a member of the Command Staff (usually), the document suggests that if the EIO is to have any staff, particularly for a Joint Information Center, that they are moved to the General Staff and placed in charge of a new section named the Public Information Management Section. (a frustration here that they are calling the position the EIO, but the section is named Public Information). Regardless of what it’s called or if there is or is not a JIC, I don’t see a reason to move this function to the General Staff.
  • Aside from the notes above, they offer three organizational models for EOCs, similar to those identified in NIMS
  • More than once, the document tasks the Operations Section only with managing current operations with no mention of their key role in the planning process to develop tactics for the next operational period.
  • They suggest other functions being included in the organization, such as Social Services, COOP, Intelligence, Investigations, and Scientific/Technical. It’s an interesting call out whereas they don’t specify how these functions would be included. I note this because they refer to Operations, Planning, Logistics, and Finance/Admin as functions (which is fine) but then also calling these activities ‘functions’ leads me to think they intend for new sections to be created for these. Yes, NIMS has evolved to make allowances for some flexibility in the organization of Intel and Investigations, something like Social Services (for victims) is clearly a function of Operations. While I appreciate their mention of COOP, COOP is generally a very department-centric function. While a continuity plan could certainly be activated while the broader impacts of the incident are being managed, COOP is really a separate line of effort, which should certainly be coordinated with the incident management structure, but I’m not sure it should be part of it – though I’m open to discussion on this one.
  • I GREATLY appreciate their suggestion of EOC personnel being involved in planning meetings of incident responders (ICP). This is a practice that can pay significant dividends. What’s interesting is that this is a measure of detail the document goes into, yet is very vague or lacking detail in other areas.

The document has some considerable content using some different terminology in regard to incidents and incident complexity. First off, they introduce a classification of incidents, using the following terminology:

  • Small
  • Large
  • Major
  • Local, Provincial, and National Emergencies

Among these, Major incidents and Local/Provincial/National Emergencies can be classified as ‘Complex Incidents’. What’s a complex incident? They define that as an incident that involves many factors which cannot be easily analyzed or understood; they may be prolonged, large scale, and/or involve multiple jurisdictions. While I understand that perhaps they wanted to simplify the language associated with Incident Types, but even with the very brief descriptions the document provided on each classification, these are very vague. Then laying the term of ‘complex incident’ over the top of this, it’s considerably confusing.

**Edit – I realized that the differentiator between small incident and large incident is the number of responding organizations. They define a small incident as a single organization response, and a large incident as a multi agency response. So the ‘typical’ two car motor vehicle accident that occurs in communities everywhere, requiring fire, EMS, law enforcement, and tow is a LARGE INCIDENT????? Stop!

Another note on complex incidents… the document states that complex incidents involving multiple response organizations, common objectives will usually be high level, such as ‘save lives’ or ‘preserve property’, with each response organization developing their own objectives, strategies, and tactics.  I can’t buy into this. Life safety and property preservation are priorities, not objectives. And allowing individual organizations to develop their own objectives, strategies, and tactics pretty much breaks the incident management organization and any unity of effort that could possibly exist. You are either part of the response organization or you are not.

Speaking of objectives, the document provides a list of ‘common response objectives’ such as ‘save lives’ and ‘treat the sick and injured’. These are not good objectives by any measure (in fact they can’t be measured) and should not be included in the document as they only serve as very poor examples.

So in the end there was a lot in this document that is consistent with incident management practices, along with some good additions, some things that warrant further consideration, and some things which I strongly recommend against. There are certainly some things in here that I’d like to see recognized as best practices and adopted into NIMS. I recognize the bias I have coming from the NIMS world, and I tried to be fair in my assessment of Ontario’s model, examining it for what it is and on its own merit. Of course anyone who has been reading my posts for a while knows that I’m just as critical of NIMS and related documents out of the US, so please understand that my (hopefully) constructive comments are not intended to create an international incident. I’m a big fan of hockey and poutine – please don’t take those away from me!

I’m always interested in the perspectives of others. And certainly if you were part of the group that developed this document, I’d love to hear about some of your discussions and how you reached certain conclusions, as well as what you envision for the continued evolution for the Provincial IMS.

© 2021 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

FEMA’s First Lessons Learned From COVID-19

Tim Riecker, The Contrarian Emergency Manager 1 Comment

FEMA recently released the Pandemic Response to Coronavirus Disease 2019 (COVID-19): Initial Assessment Report (January – September 2020). The report has many elements of a traditional after-action report. The authors reinforce that the report only evaluates FEMA’s response, not those of other agencies or entities. That said, emergency management, by nature is collaborative and FEMA’s interactions with other agencies and entities are cited as necessary. The report covers five primary areas of evaluation:

  1. Coordinating Structures and Policy
  2. Resources
  3. Supporting State, Local, Tribal, and Territorial (SLTT) Partners
  4. Preparedness and Information Analysis
  5. Organizational Resilience

Also, with similarity to a traditional after-action report, this report provides a table of key findings and recommendations as Appendix A.

Here are some of my primary observations:

Following the executive summary is a the COVID-19 Pandemic Overview, which is a well-constructed piece providing a combined narrative timeline and topical highlights, providing information and context to the pandemic and the response, as well as some of the complexities encountered. While the report does well to acknowledge the myriad disasters that SLTT partners and federal agencies responded to over 2020, I find it shameful that they very obviously ignore the societal impacts of the US political climate (related to the pandemic and otherwise) as well as events surrounding the BLM movement. I firmly believe this report should fully acknowledge these factors and could have done so without itself making a political statement. These were important, impactful, and far-reaching, certainly influencing the operating environment, public information, and other very real facets of the response. I feel that the exclusion of these factors leaves this report incomplete.

Relative to the Coordinating Structures and Policy section, FEMA reinforces many, many times that they were put into a leadership position for this disaster that was unexpected and perhaps led to some coordination problems. I feel FEMA should always be a lead or co-lead agency for the federal response for large disasters regardless of the hazard. While a pandemic is certainly a public health hazard, FEMA has practiced experience in federal coordination to major disasters, mobilization of resources and logistical support, SLTT coordination, and overall incident management. The Unified Coordination Group is a sound application in situations where other federal agencies share significant authority. The kinks should be worked out of this, with the National Response Framework updated to reflect such.

Also mentioned within this section is the creation of a White House Task Force which was intended to make executive decisions of the highest level. This is not unprecedented and should certainly be expected for other large-scale disasters in the future. I feel, however, that removing the FEMA Administrator from having a direct line of communication with the White House during ‘peace time’ has significant impact on FEMA leadership’s ability to integrate. Positioning FEMA subordinate to the Secretary of Homeland Security is akin to putting a police officer in charge of a pool and keeping the lifeguard in the breakroom. Sure, the police officer can do a lot, but there are specific skills needed which necessitate that the lifeguard has a constant presence at the pool rather than only being called in when something gets bad enough. 

FEMA makes a point about inheriting eight task forces created by HHS which then needed to be integrated into the NRCC organization. These task forces had some overlap with the existing NRCC and ESF structure, resulting in duplications of effort and coordination problems. While FEMA says they were able to overcome this over time, it is obviously something that, given the National Response Framework, should have not happened in the first place. FEMA’s recommendations associated with this matter do not once cite the National Response Framework and instead point the finger at NIMS/ICS use, fully ignoring that the foundation of preparedness is planning. Either HHS made these task forces up on the fly or had a plan in place that accounted for their creation. Either way, it’s the National Response Framework that was ignored. NIMS/ICS helps support plan implementation.

The next section on resource management demonstrates that FEMA learned a lot about some intricacies of resource management they may have not previously encountered. With the full mobilization of resources across the nation for the pandemic, along with targeted mobilizations for other disasters, the system was considerably stressed. FEMA adapted their systems and processes, and in some cases developed new methodologies to address resource management needs. One key finding identified was a need to better integrate private sector partners, which isn’t surprising. I think we often take for granted the resources and systems needed to properly coordinate with the private sector on a large scale during a disaster. One of the largest disasters within this disaster was that of failed supply chains. Granted, the need was unprecedented, but we certainly need to bolster our preparedness in this area.

To help address supply chain issues, novel solutions such as Project Airbridge and specific applications of the Defense Production Act were used. The best practices from these strategies must be memorialized in the form of a national plan for massive resource mobilizations.

SLTT support for the time period of the report was largely successful, which isn’t a surprise since it’s fundamentally what FEMA does as the main coordination point between SLTT partners and federal agencies. Significant mobilizations of direct federal support to SLTT partners took place. The pandemic has provided the best proof of concept of the FEMA Integration Teams (FIT) since their development in 2017. With established relationships with SLTT partners and knowledge of needs of the federal system, they provided support, liaised, and were key to shared situational awareness. I appreciate that one of the recommendations in this section was development of a better concept of operations to address the roles and responsibilities of FIT and IMATs.

One item not directly addressed in this section was that in emergency management we have a great culture of sharing resources and people. Sharing was pretty limited in the pandemic since everyone was impacted and everyone needed resources. This caused an even greater demand on FEMA’s resources since SLTT partners largely weren’t able to support each other as they often do during disasters.

The section on preparedness and information analysis was interesting, especially on the information analysis side. The preparedness findings weren’t really much of a surprise, including not anticipating supply chain issues or SLTT needs. What this boils down to is a lack of effective plans for nation-wide disasters. On the information side, the key findings really boil down to not only improved defining of data sets and essential elements of information relative to specific needs, audiences, functions, capabilities, and lines of effort. It appears a lot was learned about not only the information needed, but also how to best utilize that information. Analytics makes data meaningful and supports better situational awareness and common operating picture.

The last section on FEMA’s organizational resilience is a good look at some of the inner workings and needs of FEMA as an agency and how they endured the pandemic and the varied demands on the agency. FEMA has always had a great culture of most employees having a disaster job which they are prepared to move into upon notice. They learned about some of the implications associated with this disaster, such as issues with engaging such a large portion of their employees in long-term deployments, public health protection, and mental health matters.

Ultimately, despite my disagreement with a couple of recommendations and leaving out some very important factors, the report is honest and, if the corrective actions are implemented, will support a stronger FEMA in the future. I’m hopeful we see a lot of these AAR types of documents across federal agencies, state agencies, local governments, the private sector, etc. EVERYONE learned from this pandemic, and continues to learn. That said, while the efforts of individual entities hold a lot of value, there also needs to be a broader, more collective examination of ‘our’ response to this disaster. This would be a monumental first task for a National Disaster Safety Board, would it not? 

© 2021 Timothy Riecker, CEDP

The Contrarian Emergency Manager™

Emergency Preparedness Solutions, LLC®

New EOC Toolkit Documents

Tim Riecker, The Contrarian Emergency Manager Leave a comment

FEMA announced the release of five EOC Toolkit documents on their website. In downloading these documents, I’m actually finding six documents, all with file dates of January 8, 2021. What’s there:

  • Tips for Healthcare Professionals: Coping with Stress and Compassion Fatigue
  • Tips for Disaster Responders: Preventing and Managing Stress
  • An Exercise for Creating Position Task Books from EOC Skillsets
    • Exercise Cards for the above referenced exercise (probably why they indicate only five documents, though this is a separate download)
  • EOC Financial Tools Reference Fact Sheet
  • EOC Operations Period Briefing Template

A quick review:

Coupling together the Tips for Healthcare Professionals and Tips for Disaster Responders as they both deal with workplace stress; these are really good documents that provide information, tools, and resources for recognizing and managing stress. Both are developed by the HHS Substance Abuse and Mental Health Services Administration. What I’d like to see, though, are documents actually developed for EOCs. It might seem a bit petty, while nearly 100% of the information in these documents is applicable to an EOC environment, this is yet another example of emergency management needing to borrow best practices from others and not getting something of our own. A simple change in the title and focusing the scope of the documents can go a long way. I would hope that FEMA and the National Integration Center would be supporting emergency management a bit more by at least giving us things that are intentionally developed for us.

I’m also coupling together the two documents of the EOC Skillsets Exercise instructions and cards; the purpose of the exercise is to create position task books (PTBs) from the list of EOC Skillsets. The exercise is used to help familiarize participants with the EOC Skillsets and to give leaders a practical, scenario-based experience in building position qualifications based on an organization’s needs and resources. I’ll be honest that I have some mixed feelings about this. I’m not sure of the real value of this exercise. Sure it’s nice to teach people new things and an exercise like this can be useful for getting buy-in on the qualifications certain positions should have, but the EOC Skillset Guide already gives us alignment of the EOC Skillsets for each of the primary EOC positions for the common, NIMS-identified EOC model organizations. That said, if your EOC has an organizational deviation from these models, the exercise could be helpful.

The EOC Financial Tools Reference Fact Sheet is a pretty good overview and list of resources for incident financial management, including guidelines and practices for reimbursement. A solid document. I think the document could be expanded upon by some experienced Finance/Admin Section Chiefs, Public Assistance SMEs, and Individual Assistance SMEs – to not only provide additional information, guidance, and tools, but also to address the continuum of financial management and reimbursement that starts with preparedness and goes through response then into disaster recovery, with the ultimate goal of maximizing reimbursement for eligible expenses.

Lastly, the EOC Operations Period Briefing Template. The document provides the pretty standard guidance for an Ops Period Briefing seen in ICS-related publications and introduces a couple of topics that are important to EOCs which are typically not found in field-level applications. That said, this is called a template. It’s laid out as a template. The instructions even say that the template is customizable. They give you the document as a PDF. <shrug>

Wrapping this up, these are documents that really can help EOCs and EOC personnel, but we see some shortfalls because of simple lack of thought, perspective, and utility. Continuous improvement, however, should always be a goal, and we need to start somewhere. I’m hoping these, and other documents will evolve as needs and opportunities are identified.

© 2021 Timothy Riecker, CEDP

The Contrarian Emergency Manager™

Emergency Preparedness Solutions, LLC®