Tag planning

Achieving Coordination Through Unity of Effort

Tim Riecker, The Contrarian Emergency Manager Leave a comment

WESA 90.5, Pittsburgh’s NPR News Station, posted an interesting article titled ‘Trump Rally To Blame for Emergency Response Revamp’.  As the articles tells the story, an internal City committee spent several weeks reviewing communications and other information after an April rally in which three were arrested and four police officers suffered minor injuries.  The findings of the committee’s work included the discovery of fractured planning and response within the City of Pittsburgh.  Assuming this has been a regular practice, I’m surprised it took them this long to discover the issue and begin work to address it – although when a jurisdiction functions in a fractured fashion, it’s an easy observation to miss.

The City’s Public Safety Director stated a new system is being implemented in which a ‘unified and streamlined approach to planning’ and a ‘clearer chain of command’ will be put in place.  The article indicates that the City’s Emergency Management Office will have more of a role in coordination.

It’s good to see that Pittsburgh is making some changes to how they plan for and respond to incidents.  This should serve as a role model for a significant number of jurisdictions across the nation – and I’m sure across the world – which have siloed planning and response, with each agency conducting their own activities with little to no coordination.  Proper and safe emergency management requires a team approach, and every team needs someone to coordinate and lead.  This doesn’t necessarily mean that emergency management is in charge – in fact I feel it’s a rare occasion that emergency management should be in charge – but coordination is still an essential element of success, particularly for complex planning and operations.

The term ‘unity of effort’ is gaining more and more traction through the years.  I first heard it probably ten or twelve years ago.  I was pleased to see the intention of adding the term officially to our lexicon in the draft NIMS Refresh document that was released a couple months back.  Although it was just a mention, it was rather encouraging.  Unity of effort doesn’t require an emergency management office or an emergency manager, but having a central point of coordination helps – especially one that isn’t focused or constrained by the mission and tactics of other public safety agencies.  The mission of emergency management IS coordination!

How do you rate the public safety coordination in your jurisdiction?  Is there room for improvement?  While politics are often at play, sometimes it just takes a good measure of facilitation to bring people together in one room and talk about what needs to be accomplished.

© 2016 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC – Your Partner in Preparedness

2016 National Preparedness Report Released

Tim Riecker, The Contrarian Emergency Manager 3 Comments

The fifth National Preparedness Report has been released by FEMA.  The National Preparedness Report is based upon, as the report states, input of more than 450 data sources and 190 stakeholders, including 66 non-federal organizations (which would account for state preparedness report submissions and information from Urban Area Security Initiative regions).  The report is intended as a summary of where the nation stands in regard to each of the 32 Core Capabilities outlined in the National Preparedness Goal.

As mentioned, this is the fifth National Preparedness Report to hit the streets.  While they have some value and demonstrate that the data collection that is done is actually collated, I feel that through the years they are offering less meat and more potatoes.  I appreciate the highlighting of best practices for each mission area, but, to me, there is a missed opportunity if a report is simply providing data and not recommendations.  While it’s understood that the goal of the National Preparedness Report is not to provide recommendations (it would also take longer to publish the report, and the people pulling the data together do not likely have the expertise to create recommendations), I’d like to see FEMA (and stakeholders) have follow up efforts to provide recommendations in each mission area and not miss this valuable opportunity to then apply the findings and look forward.

Below, I’ve included their overall findings with a bit of my own commentary.  Overall, I will say that there is nothing eye opening in this report for anyone who pays attention.  It’s pretty easy to guess those Core Capabilities which are at the top and those which are at the bottom.

  • Planning; Public Health, Healthcare, and Emergency Medical Services; and Risk and Disaster Resilience Assessment are the three Core Capabilities in which the Nation has developed acceptable levels of performance for critical tasks, but that face performance declines if not maintained and updated to address emerging challenges.
    • My commentary: BULLSHIT.  If these Core Capabilities are at ‘acceptable levels’, then our standards must be pretty low.  Planning is the one that disturbs me most.  We continue to see plenty of poor plans that are not realistic, can’t be operationalized, and are created to meet requirements (which are typically met by formatting and buzzwords).  Have we improved?  Sure.  But I wouldn’t say we are at ‘acceptable levels’.  As for Public Health, Healthcare, and Emergency Medical Services, we are struggling in certain areas to simply keep our heads above water.  While we are fairly solid in some areas of public health, one only needs to look at the Ebola incident to view how fragile our state of readiness is.  The findings for Planning and Public Health, to me, are nothing but shameful pandering and we need to get realistic about where we are at and the challenges we face.  Gold stars won’t stand up to the next disaster.  As for Risk and Disaster Resilience Assessment I have admittedly less experience personally.  I do know that we have some pretty incredible tools available that can help us determine impacts of various hazards for any given area under a variety of conditions, which is an amazing application of technology.  My concerns here are that there are still many who don’t know about these tools, don’t use them, and/or don’t follow the findings of information from these tools in their hazard mitigation actions.
  • Cybersecurity, Economic Recovery, Housing, and Infrastructure Systems remain national areas for improvement. Two additional Core Capabilities – Natural and Cultural Resources, and Supply Chain Integrity and Security – emerged as new national areas for improvement.
    • My commentary: NO KIDDING. While we have made a great deal of progress on Cybersecurity, we are still far behind the criminal element in most respects.  It also needs to be fully recognized in the National Preparedness Goal that Cybersecurity is a Core Capability common to all five mission areas.  Economic Recovery will always be a challenge, as every community impacted by an incident has a certain way it heals, essentially along the lines of Maslow’s Hierarchy.  A strong local economy is important to this healing, ensuring that the community has access to the resources it needs to rebuild and a return to normalcy.  While I’m sure studies have been done, we need to examine more closely how the economic recovery process evolves after a disaster to identify how it can be best supported.  Housing is the absolutely most challenging Core Capability in the National Preparedness Goal.  While I don’t have a solution for this, I do know that our current approaches, philosophies, and ways of thinking haven’t moved us an inch toward the finish line on this one.  We need to change our current way of thinking to be successful.  As for Infrastructure Systems, I could go on for days about this.  I’ve written previously, several times, (as have many others) on the critically fragile state of our infrastructure.  It’s no big secret.
  • States and territories continue to be more prepared to achieve their targets for Response Core Capabilities, while they are least prepared to meet their targets in the Recovery Mission Area.
    • This is another NO KIDDING. While we must always have a greater focus on Response, as that’s where lives are saved and the immediate danger is addressed, we can’t lose sight of Recovery.  Some recovery activities are more clear cut than others, and FEMA often muddies the waters more by inadvertently intimidating state and local governments when it comes to disaster recovery, as the focus becomes centered more on reimbursable activities vs doing what needs to be done.  The report included some interesting findings (take a look in the Recovery Mission Area drop down on the web site) on ‘mixed trends in exercising recovery capabilities’.  Again, this is nothing earth shattering, but it’s nice to see the matter addressed.  Yes, we clearly need to exercise Recovery Mission Area Core Capabilities better and more often.

These reports are always worth looking through, even though much of the information is generally known by those of us in the profession.  There are always little nuggets of learning available, and data from the report may be used to support your own endeavors for additional funding or resources for your own program.

As always, I’m interested in your insights and thoughts on this post and the National Preparedness Report.

© 2016 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC – Your Partner in Preparedness

 

Taking Another Look at Mass Casualty Incidents

Tim Riecker, The Contrarian Emergency Manager 2 Comments

In case you missed it, the NTSB issued their findings and recommendations relative to the derailment of Amtrak 188 in the City of Philadelphia last May, which resulted in the loss of eight lives and injuries to over 200 other passengers.

The NTSB surmised that the engineer was distracted by reports over Amtrak’s radio of a nearby train having rocks thrown at it, which is apparently a common occurrence on a certain stretch of tracks through Philadelphia.  His distraction resulted in him speeding up the train, rather than slowing it prior to heading into a curve.  Taking the curve at high speed led directly to derailment of the train.  It has been pointed out that the presence of an automatic Positive Train Control system, not installed on many trains, would have slowed the train and likely prevented the derailment.  A rail industry union consortium indicated that the presence of two engineers on the train may have also mitigated this incident.

What I found most interesting in the report was that after listing findings and recommendations related to the derailment itself, the NTSB report identified issues beyond the crash.  The report states that

“…as a result of victims being transported to hospitals without coordination, some hospitals were over utilized while others were significantly underutilized during the response to the derailment.  The NTSB further found that that current Philadelphia Police Department, Philadelphia Fire Department, and Philadelphia Office of Emergency Management policies and procedures regarding transportation of patients in a mass casualty incident need to be better coordinated.”

Why is the NTSB providing recommendations on how mass casualty incidents are handled?  These recommendations are, in fact, fully within the scope of their mission statement as they address, ultimately, how victims are cared for.  The NTSB has also brought us best practices that extend beyond crashes, such as Family Assistance Centers.

The recommendations the NTSB provides in this report are spot on.  Mass casualty incidents MUST be coordinated.  Triage, treatment, and transport.  We’ve all heard of these three key activities.  Yes, it’s excruciatingly difficult to not ‘Scoop and Run’ when we encounter an injured victim, but let’s consider a few reasons why we shouldn’t:

  1. Patients with certain injuries, such as those to the cervical spine, are not being stabilized, and could have their injury worsened.
  2. A patient could ‘crash’ from a multitude of causes, which require the resources of an ambulance and paramedic to address, absent being in a hospital.
  3. Scoop and Run violates the concept of triage, which is intended to provide care and transport for the most critically injured first.
  4. The emergency personnel and vehicles involved in Scoop and Run may be otherwise needed at the scene.
  5. Depending on the incident, victims may be contaminated. Scoop and Run can endanger personnel who are not aware of this.
  6. Scoop and Run circumvents patient tracking and accountability, which is important for on-scene operations, liability and insurance, post-incident medical monitoring, and investigation.
  7. Scoop and Run, as the NTSB report pointed out directly, doesn’t account for spreading patients among receiving hospitals, meaning that some patients can end up at hospitals unequipped for their type of injury as well as overcrowding of hospitals.

While the City of Philadelphia did a great job overall, this gave them cause to take another look at their mass casualty plans and procedures; resulting in Philadelphia Office of Emergency Management asking for better coordination of the multiple entities involved in a mass casualty incident.  While this incident provided some great lessons learned for the City of Philadelphia, it also provides lessons learned for all of us.  It’s a good opportunity to convene your mass casualty planning group and give a review of your plan.  Any jurisdiction can be susceptible to a mass casualty incident.

In need of a structured plan review, planning, training, or exercises involving mass casualty incidents?  Emergency Preparedness Solutions can help!  Contact us now!

© 2016 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLCYour Partner in Preparedness!

Battling Wild Fires and Perspectives

Tim Riecker, The Contrarian Emergency Manager Leave a comment

Hello readers!  Apologies for my absence over the past couple of weeks.  I’m grateful, especially as a founder and company partner, that we’ve been so busy as of late.  The design, conduct, and evaluation of a couple of great exercises for one client; the design of several impactful training courses for another; along with preparations for two new contracts have had our small business buzzing with activity.  We will be recruiting a lot of people for one of those contracts, so stay posted on the blog (www.triecker.wordpress.com), my LinkedIn profile, and both my personal (@triecker) and our company (@epsllc) Twitter accounts, as well as the company website (www.epsllc.biz) for more info.

Although I’ve not been blogging for the last couple of weeks, I’ve still been keeping up on current events.  The wildfire in Fort McMurray, Alberta, Canada has been consistently one of the biggest stories as the fires still continue to spread, having caused massive devastation to property and the environment, and having displaced around 100,000 people.  Hundreds of vehicles were abandoned during evacuations, either due to mechanical trouble or lack of fuel.  The Canadian Red Cross, partnering with federal and provincial governments, is providing tens of millions of dollars in direct aid to impacted individuals and families.  Thousands of workers are being evacuated from the oil sands area north of the Fort McMurray, stalling more than a million barrels of production each day.  Firefighters, law enforcement, military personnel, and other resources are battling dry conditions, high temperatures, and winds in this massive and constantly shifting fire.  Other provincial and local governments and even citizens are helping to shelter and care for evacuees, many of which have lost much of their property.

One thing I often find interesting is the difference between perspectives, especially between public safety and citizens.  While our focus in public safety is… well… to make sure the public is safe, we always have to keep tabs on perception.  Take the seemingly conflicting reports of these two articles, for example.  The first article, published Thursday May 5, tells the story of residents evacuated from an area who are questioning the organization of response efforts and general preparedness of officials.  One individual tells of no police officers to guide evacuees out of town.  The second article, published on Saturday May 7 tells of military and police overseeing evacuations across the incident.  I believe I read these two articles back to back, causing the dichotomy of the two to really jump out at me.

Truth, of course, likely lies in both articles.  Yes, thousands of public safety and military personnel are involved and doing what they can.  Some evacuation orders, as indicated in the first article, are sudden, based upon rapidly changing factors, giving public safety little time to mobilize to the new area.  There must also be a consideration that evacuation orders may have been issued without proper coordination of resources.  Any of these things are possibilities, especially in the fast moving environment of wild fires.  Still, they provide opportunities for us to learn and improve.  Not knowing the details of what may or may not have transpired, I am always reluctant to speculate.  As with all incidents, events, and exercises, however, once the work is done, we have an excellent opportunity to review and evaluate information in a collaborative manner to identify strengths and areas for improvement.  Organizing these notes creates a corrective action plan, the implementation of which will, over time, make us better at what we do.

© 2016 – Timothy Riecker

Exercising the Recovery Mission Area

Tim Riecker, The Contrarian Emergency Manager 2 Comments

It doesn’t happen often, but when it does, I get pretty excited about it – I got a blog request!  Last week, Darin, a LinkedIn connection, messaged me with a request to post my thoughts on exercising the recovery phase (or mission area) of emergency management.  His idea, as he expressed it to me, came from discussion at a Public Health Preparedness conference he was attending, where they were discussing ESF 8 (Public Health and Medical Services) continuity of operations and recovery exercises.  Challenge accepted!

When it comes to Recovery exercises, my first thought is that they are horribly underutilized.  We conduct a lot of exercises in the Response mission area, but it’s a rare occasion that we even mention Recovery.  The reasoning here is pretty easy – Response is sexy.  It’s the lights and sirens, saving lives, put out the fire, pull people from the wreckage kind of stuff that makes a big impact.  Recovery is often viewed as slow, tedious, bureaucratic, engineering kind of stuff.  Well… yeah… but there is a lot more to it.  Since when we plan exercises, one of the first things we do is to identify what Core Capabilities will be tested, let’s look at the Core Capabilities of the Recovery Mission Area.  Within each, I’ll mention some ideas you can incorporate into exercises.

The Big Three – Planning, Operational Coordination, and Public Information and Warning.  These Core Capabilities are found in every mission area and are sometimes applied differently.

  • Planning – Yeah, we should have recovery plans. I would argue that we have entered the recovery phase when all or most of the first two incident management priorities have been addressed – Life Safety and Incident Stabilization.  Sometimes these are resolved quickly, sometimes they take some time.  There are some fairly complex issues to be addressed in the recovery phase (many of which we will identify through the Core Capabilities), and we don’t do them often, therefore we should most certainly plan for them.  Remember, we exercise plans and capabilities – therefore our plans (and policies and procedures) are a significant focus when it comes to Recovery exercises.    This Core Capability is where continuity of operations plans will also fall.  Can your organization survive the lasting impacts of a disaster?
  • Operational Coordination – Recovery activities often involve organizations that had little to no activity during the Response phase. Most of these organizations are non-traditional responders who don’t usually operate under more strict command and control models, such as ICS, but in the Recovery phase of a disaster, I certainly advocate that they do.  Many of these agencies, typically the human services types of organizations, are very good at coordination and cooperation, as their daily priorities dictate that working with others is how needs are addressed.  The big challenge we often see here, though, is the introduction of some other organizations – typically those with regulatory responsibilities.  Regulation usually requires bureaucracy.  Bureaucracy usually requires time – lots of time – especially when exceptions are requested.  It’s really important to consider all stakeholders when planning an exercise to ensure that you get a chance to see how they interact, what the information flow and chain of authority looks like, what benefits they bring, and how they can work together in a timely fashion for the common good.
  • Public Information and Warning – We often take for granted the role of public information and warning in the Recovery phase. There are many benefits to keeping external stakeholders informed of what’s going on during Recovery.  Consider elected officials, business and industry, and special interest groups, along with the general public.  Your PIO and possibly your JIC should be just as involved in Recovery phase exercises as they are in those for the Response phase.

Aside from the ‘big three’, the Recovery mission area shares a Core Capability with the Response mission area – Infrastructure Systems.  Long-term restoration and rebuilding of infrastructure can lead to lengthy discussions in a Recovery-focused workshop or tabletop exercise.  What are the priorities for rebuilding?  Who will do it?  How will it be funded?  What are the completion timelines?  Will it be rebuilt the same or differently?  What are the impacts of doing it differently?  Who is impacted by this?  What do we do while we are waiting for it to be rebuilt?  Who makes decisions?  All important things to consider.

The first unique Core Capability in the Recovery mission area is Economic Recovery.  I was recently asked to present at a conference for a niche professional association comprised of professionals found in government, private sector, and non-profits.  While we will be covering topics in Hazard Mitigation and Preparedness, the biggest focus will fall within Economic Recovery.  Economic Recovery involves businesses reopening and people getting back to work to serve customers, make money, and become customers themselves.  After a disaster, it is absolutely vital for a community to get back on its feet, and the center of that is the local economy.  While many disaster impacts may be a relative drop in the bucket for larger companies, smaller businesses may have a hard time recovering – the central pieces of this are infrastructure restoration (see previous paragraph) and cash flow.  The SBA, USDA, and even IRS have mechanisms to assist with cash flow issues.  And don’t forget insurance!  Bring these and other stakeholders to the table to discuss economic recovery.  Consider priorities and mechanisms that must be in place to meet needs to support these priorities.  Your local chamber of commerce and other business associations will certainly want to be part of these exercises.  Does your jurisdiction have a business operations center (BOC)?  If not, consider it.  If you do, exercise it!

Health and Social Services.  This is the heart of all matters related to ESF 8 (Public Health and Medical Services), which Darin mentioned.  While this Core Capability is an extension of the Response mission area Core Capability of Public Health, Healthcare, and Emergency Medical Services; it is also so much more.  ESF 8 activity after disasters can last months or even years, particularly with ongoing issues such as medical monitoring and psychological impacts.  Eventually many of these services are absorbed into the system of regular service providers, but for a time the circumstances of the disaster may require some special coordination or monitoring.  The coordination needed involves an amalgamation of organizations at all levels of government, not for profits, and the private sector.  This can involve ongoing coordination with insurance companies, general practitioners and specialists; and must address the needs of everyone fairly and consistently, regardless of any differences, including their own financial resources or insurance coverage.  Tracking data related to the care and services provided is often important, but consideration must be given to HIPAA and other privacy laws.  Exercises can benefit from scenarios, such as exposures to radiological, biological, or chemical sources, which will drive discussion on the types of services to be provided, who will provide them, at whose cost, and for how long.  Many of these discussions should include topics of how to avoid social stigmatization of clients, sharing information between organizations, and the full range of social services that individuals and families may require.

Housing is typically the hardest nut to crack in all of disaster recovery.  Relative to need, there is little government owned housing stock available.  What is available may require waiting lists and relocation to access.  While many home owners are insured, we know that it takes some time for home owners to receive payment from insurance companies, and insurance is rarely at 100% coverage for losses.  Those that don’t own their own homes are often the left with the most dire situations.  While ‘FEMA trailers’ have provided some medium-term solutions, there are many issues to address.  I posit that plans at all levels are inadequate to address housing needs after a disaster.  If you have a plan, get a good exercise team to write a great scenario to test it.  If you don’t have a plan, conducting a workshop to identify and address major planning issues is the way to go.  A housing exercise is probably going to be one of the more eye opening yet depressing exercises you’ve ever done.

Lastly is the Core Capability of Natural and Cultural Resources, which focuses on the recovery of libraries and museums, documents and art, as well as helping to restore our own environment after a disaster.  Activities can range from restoring a historical landmark to major engineering projects to restore a wetland.  These activities can involve a great deal of technical expertise as well as regulation.  FEMA, the EPA, and the National Parks Service are often big players in these types of activities.

As for what types of exercises to conduct, that’s largely dependent upon the status of your plans and if you have conducted exercises on these plans before.  I always suggest starting with discussion-based exercises.  We often forget about seminars, which are more about conveying information than obtaining feedback, but are still valuable for discussing initiatives and new plans.  Workshops not only support the planning process to develop plans, they can also serve to facilitate a detailed review of a plan in its final draft stages.  Most Recovery exercises I have experience with have been tabletop exercises, which use a scenario to provide context to discussion questions for a group of stakeholders.  This is a great way to exercise decision making and to talk through the key tasks associated with plans.  Disaster recovery involves a lot of policy-level decision making, which is ideal for a tabletop.

Operations-based exercises for disaster recovery are found much less often.  Drills can certainly be conducted to test focused aspects of plans and procedures.  Drills in Recovery can help identify strengths and weaknesses of our processes, both for ourselves and for those we are trying to serve.  Functional exercises are broader and more encompassing than drills.  Much can be gained from a Recovery mission area functional exercise, but make sure that it’s grounded in reality.  Most jurisdictions don’t have an EOC activated for Recovery mission area activities. If you don’t, don’t try to run an exercise within that environment.  Some functions, however, may be run, at least for a time, from some sort of operations/coordination center, such as a health operations center (HOC).  With a good scenario focusing on addressing longer-term issues in the aftermath of a response, they can be done successfully.  Be sure to develop a pretty solid ‘ground truth’, however, to support the exercise, as much of Recovery is dependent upon what was done in Response, so players will need this context.  With a bit more complication, a functional exercise could be run virtually, with people participating from their own regular work stations as they often do during Recovery operations.  Testing Recovery plans in full scale exercises is significantly challenging based on the array and type of activities.  Because of the focus of activities, continuity of operations plans are likely among the most suited for full scale Recovery mission area exercises.

I’m curious to hear about your experiences exercising Recovery mission area plans and capabilities.  What ideas do you have?  What best practices have you found?

As always, thanks for reading!

© 2016 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC – Your Partner in Preparedness!

Preparing to Use the Incident Command System

Tim Riecker, The Contrarian Emergency Manager 4 Comments

For a bit of context, if you haven’t already read them, please take a look at these other ICS related articles I’ve posted:

Incident Command System Training Sucks

ICS Training Sucks… So Let’s Fix It

Preparedness – ICS is Not Enough

The crusade to improve ICS training and implementation continues…

We invest a lot of time and effort into training people in the use of the Incident Command System (ICS).  However, as a broad statement, the training we provide is massively inadequate.  We don’t actually train people to do anything – we simply tell them about ICS through an increasingly repetitive and complex series of courses.  At the risk of being repetitive myself, I refer you to the articles linked above for many of my foundational thoughts on the current state of ICS training.

The ICS core training curriculum aside, we – as both individuals and organizations – need to be better prepared to actually use ICS.  The thought that people are able to use ICS the minute they walk out of an ICS course is totally and completely false.  By ‘use ICS’, I don’t mean to simply function within an organizational chain of command that uses ICS, I’m referring to being a driving force within the system itself.  ICS isn’t something that happens automatically, it requires deliberate and constant actions.  This typically involves functioning at the Command or General Staff levels, but also within many of the subordinate positions which are absolutely critical to managing a complex incident and driving the system.

So how do we prepare to use ICS?  I often refer to the preparedness capability elements of POETE (Planning, Organizing, Equipping, Training, and Exercising) when I’m talking about preparedness activities.  These same concepts apply here.  We need to remember that planning is the foundation of all preparedness efforts.  If it’s not documented, then why are we doing it?  So we have to have plans, polies, and procedures which call for the implementation of ICS and direct us in the nuances of how we will manage an incident.  I’m sure everyone’s plan has taken a page from the NIMS Doctrine and includes language about the requirement to use NIMS and ICS.  That’s all well and good, but like many things in our plans, we don’t reinforce these things enough.

I’m not talking about simply giving NIMS and ICS lip service.  I’m talking about procedure level integration of these concepts.  This begins with good planning, which means plans that are implementation-ready.  Would you consider your plans implementation-ready?  Do they describe how to use the ICS structure and concepts to actually implement the plan?  Maybe yes, maybe no.   If not, your team has some plan updating to do.

Your organization must be ready to respond using ICS.  That means that everyone is familiar with their assigned roles and responsibilities.  Often ICS training falls short of this.  This article: Training EOC Personnel – ICS is Not Enough, details many of the reasons why, at least for an EOC environment.  Many of the points made in the article, however, can be reasonably applied to other environments and organizations.  While ICS provides us with overall concepts, the application of those concepts will differ for various organizations and locations.  Every location, county, region, and state have different protocols which must be integrated into incident management practices.  (Refer back to planning).  Our organizations, both those that are static as well as those which are ad-hoc (assembled for the response to a particular incident or event) need to be ready to act.  This means familiarity not only with ICS or our specific applications of it, but also with our plans.  How often do ICS courses actually talk about the implementation of emergency plans?  Rarely.  Yet that’s what we are actually doing.  Do you have people assigned to ICS roles?  Are they ready to take on the responsibilities within these roles?  Do you have backups to these positions?  I’m not necessarily talking about a formal incident management team (IMT), although that may be suitable and appropriate.  Absent an IMT, the responders within a jurisdiction or organization should have a reasonable expectation of the role/roles they will play.  This helps them and your organization to be better prepared.

The implementation of ICS generally doesn’t take much equipping, but there are some basics.  Responders love radios and we use them often.  How about people who aren’t traditional responders, but may be called on to function with your ICS organization?  Do they know how to use a radio?  Do you have a standing communication plan to help you implement their use?  How do you track incident resources?  I didn’t just ask about fire service resources – I mean all resources.  Do you have a system for this?  T-Cards are great, but take training and practice to use them – plus they require that all responders know their responsibilities for accountability.  The same goes with a computer-based solution.  For whatever equipment or systems you plan on using, you must ensure that they are planned through and that people are very familiar with how to use them.

Training… I think I’ve talked about the need for better ICS training quite a bit, so I’m not going to continue with that point here.  What I will mention is a need for refresher training and jurisdiction-specific training on incident management.  This isn’t necessarily ICS focused, but it is ICS based.  For many years now, FEMA has believed that by including three slides on NIMS in every training program that they are helping with NIMS compliance.  Nothing could be further from the truth.  You have to actually talk about how these concepts are key to implementing plans.  Responders need to be familiar with the emergency management system they are working within.  Train people to the plans and procedures.  Let them know who is in charge of what and when, who the decision makers are, and any other training needs identified in the earlier POETE activities.  Prepare them to implement ICS!

Lastly, exercises.  Incident management should be something that is practiced and tested in almost every exercise.  Applying these concepts is not something we do on a regular basis, therefore knowledge and skills erode over time.  Certainly we have to be familiar with the system, not just at an awareness level but at a functional and operational level.  Regardless of the state of the current curriculum, that involves practice.  Exercises don’t have to be elaborate, remember that they can range from discussion-based to operations-based.  Table top exercises are great to talk things through, drills are good for focused activities, and even full-scale exercises can be small and contained.  So long as the exercise is designed, conducted, and evaluated well, that’s what counts.  Don’t forget that evaluation piece.  The feedback to the entire system (plans, organization, equipment and systems, and training) is extremely important to continued improvement.

This is public safety, not a pick-up kick ball game.  We can do better.

Thanks for listening… what are your thoughts?

Does your organization or jurisdiction need help preparing to implement ICS?  Emergency Preparedness Solutions can help!

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC

Gauging Return on Investment in Preparedness: Training

Tim Riecker, The Contrarian Emergency Manager 2 Comments

This is my fourth article in a series examining how organizations can gauge their return on investment for various emergency management and homeland security preparedness projects.  These were inspired by an original article I wrote called Measuring Return on Investment in Emergency Management and Homeland Security: Improving State Preparedness Reports.  The POETE model (Planning, Organizing, Equipping, Training, Exercising) helps us to identify all activities related to preparedness.  Thus far, we have covered:

Planning

Organizing

Equipping

If you haven’t already reviewed these articles, check them out for additional context and information.  Within each, I outline the general activities within the preparedness element, and identify the potential costs and benefits of these activities to the organization.  While some costs and benefits are direct (meaning we can readily identify them in terms of currency), most are not, and require some measure of analysis.

We put a lot of money (and faith) into training as a central preparedness activity.  And why shouldn’t we?  Training, by definition, is a transfer of learning.  We have a lot of information to communicate to our staff and other stakeholders, with the goal of that information collectively becoming a body of knowledge, and a vision of these people applying what they have learned to future circumstances.

In emergency management and homeland security we train quite a bit, with some training being required by organizational, local, state, national, international, or federal standards; while other training will help develop and advance staff.  We include HR-required training; soft skills like communication, leadership, decision making, and the like; as well as technical skills such as emergency planning, exercise design, and incident management.  Emergency management and homeland security are broad fields of practice, which intersect public safety, public health, and other essential government and social functions.  Most emergency management and homeland security practitioners have roots in one or more of these fields and typically continue receiving training relative to those as well.

Training comes from a variety of sources including our home organizations, local and county governments, state government, private and not for profit entities, and the federal government.  Particularly for training that is sponsored by a government entity, most training is ‘free’.  In the US, federal training entities, such as FEMA’s Emergency Management Institute, also reimburse travel expenses and provide lodging for all levels of government employees.  On the surface, the cost of most emergency management and homeland security training is fairly low.

Of course depending on perspective, the cost of training can vary.  As a former state training officer who managed all emergency management related training delivered across my state, I could identify our agency’s cost of training.  This would include our staff admin time for course prep and record keeping, the cost of duplicating participant manuals, any costs associated with the hosting facility (although we usually utilized no cost facilities), the cost of paying our instructors for their time and travel, and, if applicable, any lodging and/or meal costs for participants who may have traveled a distance.  These costs, however, are only part of the picture.

What about the cost to the organization that is sending people to be trained?  Directly, this is salary time in which little to no work is actually being accomplished for the organization.  The organization may also be footing the bill for travel costs for their participants.  Depending on who is sponsoring the training, there may be a fee for the course.  Indirectly, what is the cost of that employee being away?  Who is doing their work?  This often depends on the organization and the position the individual holds in that organization.  Firefighters, police officers, health care professionals, and others may be covering shifts that will still need to be filled, especially if policies or union contracts require certain staffing levels.  Sometimes this backfilling isn’t as simple as changing schedules, as most employees are already scheduled at full time status.  Therefore, someone may need to be paid overtime to fill this position for the duration of the training.  Perhaps the learner themselves is being paid overtime to tend to priority tasks outside of training hours.  Maybe others can simply absorb some extra tasks while this person is gone, or the learner will be swamped for some period of time once they return from training.  Each of these mechanisms, all dealing with productivity, has a cost associated to it.

Training can get expensive, which is why it’s often one of the first activities cut when an organization’s budget gets tight.  We try to minimize the cost of training through a variety of practices such as shorter training days, online training, and local training.  These, however, have various impacts on the organization’s ability to obtain the training as well as the overall effectiveness of the training.  Sometimes we simply defer the training, but the organization may have little choice, particularly with mandated training.

So what benefits can training provide?  As mentioned, I have quite a bit of background as a trainer and training manager.  I’d love to tell you that training has the greatest of all benefits, but that would be a complete lie. Just like any other preparedness activity, it has to be properly applied.  Training won’t fix everything.  I’ve written a lot of pieces on training in my blog… just search for ‘training’ and you will find plenty of articles about how training should/shouldn’t be applied.  With that caveat, training can have great benefit.  Not only can it make people more effective and efficient in their jobs and related tasks, it can also help defer liability from the organization.  Training also has benefits which more directly apply to the learner vs the organization, such as providing background for advancement and/or promotion (which can be internal or external to the organization).  There are many practices in emergency management and homeland security for which training aids in health and safety, not only of the staff member who took the training, but also of others.  In training, the impacts can go pretty far… you just have to follow the bouncing ball.  As an example: Jane gets trained in how to write emergency plans.  The emergency plans she writes will help the organization respond more effectively in the event of a disaster.  When the organization responds more effectively, lives and property are protected.  While this is a great ideal outcome, it makes for some difficulty in determining the benefits in terms of currency.

Often, the most direct benefits from training are rooted in compliance and proficiency.  Organizations have a variety of compliance matters they have to meet.  These obligations may be HR driven, required by an executive, a higher level of government, an accreditation body, or a funding source.  Safety matters are also usually linked with a compliance matter.  I often try to associate training activities to these requirements.  Sometimes we can directly link a financial benefit to these compliance matters, while other times compliance is simply factually stated.  Second is proficiency.  People need to stay current in essential skills.  This might require regularly recurring training for staff, well as training for new staff.  Staff need to be proficient in new procedures, software, and equipment operation.  Certain staff may need to be trained to more advanced levels.  Gauging the benefit in financial terms for proficiency is generally more difficult, although the need for the training is apparent.  The benefit simply needs to be extrapolated.  For instance, if the training is in a new process, what is the time and/or quality difference between the old process and the new?

As mentioned earlier, it is often times not easy to determine the financial return on investment for many of our activities.  We need to dig deep and identify quantifiable metrics which can be examined before and after we apply our preparedness activity.  We must assign reasonable currency figures to those metrics to help us and other decision makers better understand our investment and the benefits it will potentially bring.

Soon I’ll be wrapping up this series with the last key preparedness activity – exercises.  As always I’m happy to hear your thoughts on how we can better identify the returns on our investments in preparedness activities.  As a resource, I’d encourage you to search Training Magazine (trainingmag.com), which often has articles on analyzing the return on investment in training.

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC

Gauging Return on Investment in Preparedness: Equipping

Tim Riecker, The Contrarian Emergency Manager 3 Comments

I’ve written previous posts on our preparedness investments and how we can gauge our return on those investments.  Following the POETE model (planning, organizing, equipping, training, and exercises), I’ve so far covered some considerations for Planning and Organizing.  This piece will focus on identifying our return on investment for Equipping.  Equipment can be anything from a new fire engine, to a generator, a UAV/drone, a radiological detection device, or incident management software.

Equipping is generally a preparedness activity in which we can more easily identify what our actual investment is.  Unlike Planning, which requires varying amounts of time from a number of people, or Organizational efforts which sometimes have rather esoteric costs, when we purchase or maintain equipment, we usually have a receipt in hand.

Functioning in the bureaucracies we do, however, we tend to add complexities.  We form committees to find the best equipment we can, we leverage our own staff time to keep it maintained, and we often have other associated costs, which reflect back on the other POETE elements… at least we should.  In addition to the cost of the equipment itself, let’s look at what the associated costs could be.

Every significant equipment purchase, first of all, should stem from an identified need.  Maybe it’s a critical element of a process, it’s called for in a plan, or the need was identified in an after action report.  Perhaps you are upgrading or expanding application of a certain piece of equipment?  Regardless, your organization must invest some time to ensure the equipment will meet your needs and how it will impact your operations.  This activity, generally referred to as Assessment, if often rolled into the Planning element.  Once we do obtain the equipment, we also need to plan.  We need to ensure the use of the equipment is accounted for in our plans.  Perhaps it’s as simple as adding it to a resource inventory, or as complex as creating processes or procedures that address its use.

Organizationally, you may need to task an individual or even assemble a team which will be responsible for the care and operation of the equipment.  This, logically, leads to Training.  People need to be properly trained in not only the use of the standard use of the equipment, but also the circumstances which it will be used as well as any processes or procedures for use which are unique to your organization.  Consider what degree of proficiency these individuals may need in the operation of the equipment.  Is it just basic operation, or is there a need for something more advanced?  Will recurring training be needed to maintain proficiency or to train additional people in the future?  Will anyone be trained in higher level maintenance of the equipment?

Exercising the equipment, its effectiveness, and the ability of your resources to use the equipment is essential.  Lastly, we often don’t consider the costs of maintaining and storing the equipment.  It may need replacement parts or regular servicing, which even done in-house, has an associated cost.  It may have certain storage requirements to ensure the safety and readiness of the equipment.

Now that we’ve outlined potential costs or investments, how do we know those investments have made a difference for your organization?  To determine this, we must first look at the original need.  What actually defined the need for the equipment?  Was it to replace something older and less reliable?  Was it to enhance response time?  Was it because of safety?  Did the need identify inefficiencies in previous practices and systems?  Did the new equipment meet that need?

To dig further, what was the value of that need?  To identify this, we should look at the metrics associated with that need.  If the new equipment replaced something aging, we can look at the maintenance costs and down time over a certain period of time for the older equipment.  If it was to shorten response time to get a certain capability on-scene, we should be able to identify the time metrics as well as the difference that equipment makes once it is on scene (eg. a fire department which previously had to call mutual aid to get jaws of life on scene, vs purchasing a set of jaws and having them on scene much faster).  We can associate a dollar-value cost to many of these metrics.

Was there any additional value which the equipment brought your organization?  Perhaps the added capability decreased your insurance rates or made you eligible for a particular industry certification?  Are there any indirect cost savings because of the new equipment?  Does the new equipment somehow aid in generating income?

There are many considerations when it comes to any of our investments to ensure that they are sound, responsible, and reasonable.  Often we need to identify the value of an investment before it is made, but we should certainly keep track of that value after the investment as well.

Need help with planning?  Gap analysis?  Resource inventories?  Maybe with the training or exercising associated with new equipment or other preparedness needs? Contact EPS!

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC 

Gauging Return on Investment in Preparedness: Planning

Tim Riecker, The Contrarian Emergency Manager 5 Comments

Inspired a bit by my previous post Measuring Return on Investment in Emergency Management and Homeland Security: Improving State Preparedness Reports, I’ve decided upon writing a series of posts picking apart our primary activities in emergency management and homeland security preparedness to identify ways to gauge our Return on Investment (ROI).  To encapsulate our primary activities, I’m using the five POETE capability elements:

  • Planning
  • Organizing
  • Equipping
  • Training
  • Exercises

Most preparedness activities within emergency management and homeland security fall within one or more of the POETE capability elements.  The capability element of Planning is the foundational activity on which all preparedness is built and will be the topic of this post.  Here’s what I’m covering:

  • What is Return on Investment?
  • What planning efforts are involved in preparedness?
  • What organizational investments are involved in Planning?
  • Does the planning effort comply with applicable standards?
  • Can the plan be implemented?
  • What will exercises tell you?
  • Is there a need to maintain plans?

Return on Investment, or ROI, is a business term used to identify the profitability of certain investments or actions.  While preparedness is certainly done to protect against losses, for public and private sector alike, we generally don’t see preparedness activities as generating revenue.  However, when most entities INVEST time, money, and other resources into preparedness activities, they often want a reasonable assurance that their investment has paid off.  How do we gauge ROI for planning efforts?

First off, what planning efforts might we see in public or private organizations?  Obviously emergency and disaster plans are the big ones.  These plans are designed to identify key processes, such as alert and notification, response organization and incident management, and others which are intended to save lives and protect property.  These plans are likely to have annexes and appendices which address uniqueness of certain hazards, response circumstances, and support activities.  Continuity plans – usually business continuity or government continuity – identify how the organization will survive as an entity in the face of disaster.  Planning activities also involve the creation, review, and maintenance of policies and procedures.  We also create plans for hazard mitigation, long term recovery, specific events, and other needs.

What investments are involved in planning activities?  Organizations can and should allocate staff time and physical space and infrastructure to planning efforts.  The dedication of staff (full or part time) and/or consultants is often required, especially when planning efforts are viewed as a continual process and a critical part of preparedness.  The organization itself must make a commitment to the planning effort.  This commitment isn’t just in concept, but also practical involvement of staff throughout the organization, access to information, and even an involvement of third parties.

Certainly a first step in assessing return on investment of planning is to evaluate compliance with applicable rules, regulations, and guidelines.  These requirements can be hard (legally binding) or soft (general guidance) and can differ from industry to industry, nation to nation, and state to state.  Here in the US, FEMA provides guidance on emergency planning through Comprehensive Preparedness Guide (CPG) 101.  Some states may have requirements for emergency planning, such as New York State’s Executive Law Article 2-bNFPA 1600: The Standard on Disaster/Emergency Management and Business Continuity Programs is often referenced by public and private entities alike, while the International Standards Organization (ISO), has many industry-specific requirements for emergency planning.  If grant funding is being used for the planning effort, the grant may also have specific requirements.  Regardless of what the requirements are, planning efforts, plans, and associated documents should be audited to ensure that requirements are met.

Compliance, however, isn’t necessarily indicative of a good planning effort.  I’ve seen many plans which may meet requirements but the content itself was severely lacking.  Far too often planners get caught up in the world of checking boxes and fail to consider implementation.  If a plan cannot be implemented, it is useless to the organization.  Many plans exist now that meet applicable requirements but are still yet vacant of any meaningful direction or guidance in the event of an emergency.  These types of ‘plans’ are really better seen as policy documents.  A plan should identify what will be done, when, how, and by who.  If your ‘plan’ simply contains a statement on the requirement to use NIMS/ICS, but doesn’t provide detail on who will be in charge of what, when, and how; it is a policy document, not a plan.  Plans and their associated documents (i.e. procedures, guidelines, and job aids) need to chase down the lifespan of each critical step, especially early in a response.  They must identify who is responsible to make key decisions, who will be notified (how and by who), and who will take what actions.  A logical review of planning documents by the planning committee or perhaps even a third party is another good means of assessing your return on investment.

Does the plan work?  This is, perhaps, the ultimate factor in determining return on investment.  Usually our best means for identifying if a plan works is to exercise it.  Exercises provide a controlled and focused environment for testing plans or components of plans.  They will also help us in identifying if the plan can truly be implemented.  I’ve written a lot on exercises: articles can be found here.  (I also anticipate writing about assessing ROI for exercises as part of this series).  Generally, an incremental exercise program is usually recommended, beginning with discussion-based exercises – such as table tops and workshops – and progressing to operations-based (hands on) exercises.  A well written and honestly evaluated exercise will go a long way toward identifying the return on investment of your planning efforts.

Are we there yet?  Nope.  Planning, like all other preparedness efforts, requires maintenance.  If you create a plan then walk away, even if it’s a good plan, your plan’s value will diminish over time – and we’re talking months, not decades.  Think about how often something changes in your organization.  Staffing.  Equipment.  Technology.  Procedures.  Insurance policies.  All of these things, and more, influence your plans in some way.  Over time these changes not only occur, but also compound and move the present reality of your organization further from the assumptions of your planning efforts.  This is why plans must be maintained and updated on a regular basis.

Is there some mathematical formula for identifying the return on investment of preparedness efforts?  Given all the factors involved and their fluidity, I don’t think so.  It’s not cut and dry like a traditional business investment.  As you can see, though, there are a number of steps we can take to assess the utility of our investment.  I’ve seen organizations pay a lot for bad plans, and others pay much less for great plans.  Not only do organizations need to ensure that their planners know what they are doing, but the organization itself needs to have a commitment to success.  Without it, the planning effort is doomed to fail.

As always, feedback is appreciated.  What are your thoughts on assessing the return on investment of planning efforts?  What do you think is a good measure?

Does your organization need a new plan or need to update a plan?  Do you need help with the planning process or evaluating your organization’s preparedness?  How about exercises?  Emergency Preparedness Solutions can help!  Email to consultants@epsllc.biz or visit www.epsllc.biz.

© 2015 – Timothy Riecker

Emergency Preparedness Solutions, LLC

WWW.EPSLLC.BIZ

What is the Top Sector at Risk for Cyberattacks?

Tim Riecker, The Contrarian Emergency Manager 1 Comment

3D Electric powerlines over sunrise

According to this article in the Insurance Business America magazine, it’s the energy sector.  This is no surprise, even without the statistics provided in the article; although the statistics are pretty staggering.  The article states that according to DHS “more than 50% of investigated cyber incidents from October 2012 to May 2013 occurred within the energy sector”.  The advice in the article is pretty sound and coincides well with what I’ve suggested many times in this blog… be prepared!  Not only do power utilities need to have their own cybersecurity experts and the policies, plans, and infrastructure to prevent cyberattacks, they also need to be prepared for the potential success of the attackers.  They need to know who to notify (and how), and what actions to take.  Further, those that depend on electricity should have an alternate means of obtaining electricity to meet essential needs.

Threats to our infrastructure show just how interconnected we are and how interconnected our critical infrastructure is.  This is the primary reason why our energy infrastructure, which touches every other sector, is so essential.  We must ensure that we have in place prevention and protection plans, such as cybersecurity plans; hazard mitigation plans to lessen the impacts; response plans to address critical issues; and recovery plans to return to operations.  Business continuity is also an essential component of this – even if you are an NGO or government entity (continuity of government).

Along with proper planning, training, and exercises, we need to continue to promote legislation which requires measures for cybersecurity and protection of our critical infrastructure.

What are your major critical infrastructure concerns?

© 2015 – Timothy Riecker

EMERGENCY PREPAREDNESS SOLUTIONS, LLC

WWW.EPSLLC.BIZ