A New CPG – 101 for Emergency Planning (v 3)

I know I’m a big nerd when it comes to this stuff, but I was really excited to receive the notice from FEMA that the new Comprehensive Preparedness Guide (CPG) 101: Developing and Maintaining Emergency Operations Plans has been published! This has been a long time coming. This update (version 3) replaces the previous version which was published in November 2010. The update process was also rather lengthy, with the first public review occurring in November 2019 and the second in November 2020.

Did a lot change? No.

Is it better? Yes.

Could it be even better? You bet.

The changes that are included in the new document are meaningful, with an emphasis on including accessibility concepts in plans; and references to current practices and standards, such as new and updated planning guides, CPG 201 (THIRA), Community Lifelines, and more. It even highlights a couple of lessons learned from the COVID 19 pandemic. I’m particularly pleased to see Appendix D: Enhancing Inclusiveness in EOPs, which I think is an excellent resource, though more links to other resources, of which there are many, should be provided in this appendix.

The format of the document is largely the same, with a lot of the content word-for-word the same. As a standard, a lot of change shouldn’t be expected. While we’ve seen some changes in our perspectives on emergency planning, there really hasn’t been anything drastic. Certainly “if it ain’t broke, don’t fix it”, but I think there could have been some better formatting choices, narrative, graphics, and job aids to enhance readability and implementation.  

There is some added content as well as a bit of highlighting of planning approaches, such as the District of Columbia’s services-based emergency operations plan. While I advocated for heavy reference to newer implementations and standards, such as THIRA, into the document (which was largely done) I also advocated for more user-friendly approaches, such as a hazard analysis matrix, to be included. My feedback from both public comment periods heavily emphasized the need to develop a document that will mostly benefit novice emergency planners. To me this means the inclusion of more graphic depictions of processes and tasks, as well as job aids, such as checklists and templates. The new CPG 101 does include more checklists. At first glance these are buried in the document which is not very user friendly. However, they did make a separate Compilation of Checklists document available, which I’m really happy about. It’s not highly apparent on the website nor is it included as part of the main document, so it could be easily missed.

I would have really liked to see a comprehensive library of job aids provided in the appendices to support implementation by new planners. We have other doctrine and related documents that provide rather extensive job aids to support implementation, such as HSEEP and NIMS (and not only the ICS component of NIMS). Not including that kind of supporting material in this update is very much a missed opportunity. Planning really is the cornerstone of preparedness, yet it doesn’t seem we are providing as much support for quality and consistent planning efforts. Given the extent of time between updates, I expected better. While being largely consistent in the format and content between versions is practically a necessity, there really should have been a parallel effort, separate from document revision, to outline practices and approaches to emergency plan development. Integrating that content into the update, ideally, would have done more to support HOW each step of the planning process is accomplished, as well as providing some job aids.

Speaking of implementation support, I’m curious about how EMI’s new Advanced Planning course, which I didn’t get into the pilot offering of, builds on the Emergency Planning course and compliments use of CPG 101.

Be sure to update your own personal reference library with this new version of CPG 101. If you are interested in a review with FEMA personnel, they are providing a series of one-hour webinars. What are your thoughts on the new CPG 101?

© 2021 Tim Riecker, CEDP

Emergency Preparedness Solutions, LLC®

ICS 400 Training – Who Really Needs It?

A few days ago I had a bit of discussion with others on Twitter in regard to who actually has a need for ICS 400 training. I think a lot of people are taking the ICS 400 (Advanced ICS for Command and General Staff) course for the wrong reasons. While I’d never dissuade anyone from learning above and beyond what is required, we also, as a general statement, can’t be packing course offerings with people who don’t actually need the training. There is also an organizational expense to sending people to training, and the return on that investment decreases when they don’t need it and won’t apply it. Overall, if you are a new reader, I have a lot of thoughts on why our approach to ICS Training Sucks, which can be found here.

Before we dig any deeper into the topic, let’s have a common understanding of what is covered in the ICS 400 course. The course objectives identified in the National Preparedness Course Catalog for some reason differ from those actually included in the current 2019 version of the course, so instead I’ll list the major topics covered by the two-day course:

  • Incident Complex
  • Dividing into multiple incidents
  • Expanding the Planning Capability
  • Adding a second Operations or Logistics Section
  • Placement options for the Intel/Investigations function
  • Area Command
  • Multi-Agency Coordination
  • Emergency Operations Centers
  • Emergency Support Functions

For this discussion, it’s also important to reference the NIMS Training Program document, released in the summer of 2020. This document states many times over that it includes training recommendations and that the authority having jurisdiction (AHJ) determines which personnel are to take which courses. This document indicates the ICS 400 is recommended for:

  1. ICS personnel in leadership/supervisor roles
  2. IMT command, section, branch, division, or group leaders preparing for complex incidents

Note that while #1 above seems to fully capture anyone in a leadership/supervisor role, the document also says that IMT unit, strike team, resource team, or task force leaders preparing for complex incidents do NOT need the training. I’d say this certainly conflicts with #1 above.

With that information provided, let’s talk about who really needs to take the ICS 400 from a practical, functional perspective. First of all, looking at recommendation #1 above, that’s a ridiculously broad statement, which includes personnel that don’t need to have knowledge of the course topics. The second recommendation, specific to IMTs, I’ll agree is reasonably accurate.

Having managed a state training program and taught many dozen deliveries of the ICS 400 course, I’ll tell you that the vast majority of people taking the course don’t need to be in it. I’d suggest that some deliveries may have had absolutely no one that actually needed it, while most had a scant few. Much of this perspective comes from a relative determination of need of personnel that fit within recommendation #1 above. Just because someone may be an incident commander or a member of command and general staff, doesn’t necessarily mean they need to take ICS 400. It’s very likely that through their entire career all of the incidents they respond to and participate in the management of can be organized using standard ICS approaches.

Interface with an EOC does not mean you need to take ICS 400. There is, in fact, a better course for that, aptly named ‘ICS/EOC Interface’. More people need to take this course than the ICS 400. I’m also aware that some jurisdictions require ICS 400 for their EOC staff. The ICS 400 course doesn’t teach you how to function in or manage an EOC. Again, the ICS/EOC Interface course is the better solution, along with whatever custom EOC training is developed (note that none of the FEMA EOC courses will actually teach you how to manage or work in YOUR EOC). If you feel that people in your EOC need to know about some of the concepts within the ICS 400, such as Multi-Agency Coordination or Area Command, simply include the appropriate content in your EOC training. To be honest, I can tell most EOC personnel what they need to know about an Area Command in about three minutes. They don’t need to sit through a two-day course to learn what they need to know.

Cutting to who does need it (aside from IMT personnel), personnel who would be a member of Command and General Staff for a very large and complex incident (certainly a Type I incident, and MAYBE certain Type 2 incidents) are the candidates. Yes, I understand that any jurisdiction can make an argument for their fire chief or police chief, for example, being the IC for an incident of this size and complexity, though let’s consider this in a relative and realistic sense. Most incidents of this size and complexity are likely to span multiple jurisdictions. Particularly in a home rule state, that fire chief or police chief is typically only going to be in charge of that portion of the incident within their legal borders. Although that incident may be a Type I incident taken as a whole, it will likely be managed in large part by a higher AHJ, which may use some of the concepts outlined in the ICS 400. While local government is still responsible for managing the portion of the incident within their borders, they are much less likely to utilize any of the ICS 400 concepts themselves. Along a similar line of thought, most jurisdictions don’t have hazards that, if they become incidents, would be of such size or complexity within their jurisdiction that would require use of these concepts. This leaves larger, more populous jurisdictions generally having a greater need for this level of training.

At some point, every state and UASI was required, as part of their NIMS implementation, to develop a NIMS training plan. Most of the plans I’ve seen further perpetuate the idea that so many people must have ICS 400 training. As part of this, many states require that anyone holding the position of fire chief must have ICS 400. Considering my argument in the paragraphs above, you can see why this is tremendously unnecessary. We must also consider erosion of knowledge over time. As people do not use the knowledge, skills, and abilities they have learned, that knowledge erodes. This is highly likely with the concepts of ICS 400.

A lot of states and other jurisdictions need to take a more realistic look at who really needs ICS 400 training. I’d also like to see some clarification on the matter in FEMA’s NIMS Training Guidance. It’s not about making this training elite or restricting access, but it is about decreasing the perceived and artificially inflated demand for the course.

What’s your jurisdiction’s take on ICS 400 training?

© 2021 Tim Riecker, CEDP

Emergency Preparedness Solutions, LLC®

Preparing for Disaster Deployments

I wrote last year about my trepidation over Community Emergency Response Teams (CERT) being considered as a deployable resource. The problem is that even most professionally trained emergency personnel aren’t prepared for deployment. We need to do better.

One of the key aspects of a disaster is that it overwhelms local resources. This often requires help from outside the impacted jurisdiction(s). Working outward from the center, like the bullseye of a dartboard, we are usually able to get near-immediate assistance from our neighbors (aka mutual aid), with additional assistance from those at greater distances. When I use the word ‘deployment’, I’m referring to the movement of resources from well outside the area and usually for a period of time of several days or longer.

The US and other places around the world have great mutual aid systems, many supported by laws and administrative procedures, identifying how requests are made, discerning the liability for the requesting organization and the fulfilling organization(s), and more. Most of these are intended for response vs deployment, but may have the flexibility to be applicable to deployment. Some, such as the Emergency Management Assistance Compact (EMAC) are specifically written for deployments. While all this is certainly important, most organizations haven’t spent the time to prepare their people for deployment, which is a need that many organizations seem to take for granted. Those organizations which are, practically be definition, resources which are designed to deploy, such as Type 1 and 2 incident management teams (IMTs), often have at least some preparations in place and can be a good resource from which others can learn.

What goes into preparing for deployment? First, the sponsoring organization needs to recognize that their resources might be requested for deployment and agree to take part in this. That said, some organizations, such as volunteer fire departments, might have little control over their personnel deploying across the country when a call for help goes out publicly. These types of requests, in my opinion, can be harmful as large numbers of well-intentioned people may abandon their home organization to a lack of even basic response resources – but this is really a topic to be explored separately.

Once an organization has made a commitment to consider future requests, leadership needs to develop a policy and procedure on how they will review and approve requests. Will requests only be accepted from certain organizations? What are the acceptable parameters of a request for consideration? What are the thresholds for resources which must be kept at home? 

Supporting much of this decision making is the typing of resources. In the US, this is often done in accordance with defined typing from FEMA. Resource typing, fundamentally, helps us to identify the capabilities, qualifications, and eligibility of our resources. This is good not only for your own internal tracking, but is vitally important to most deployment requests. Organizations should do the work now to type their resources and personnel.

If an organization’s leadership decides they are willing to support a request, there then needs to be a canvass and determination of interest to deploy personnel. This is yet another procedure and the one that has most of my focus in this article. Personnel must be advised of exactly what they are getting into and what is expected of them (Each resource request received should give information specific to the deployment, such as deployment duration, lodging conditions, and duties.). The organization may also determine a need to deny someone the ability to deploy based on critical need with the home organization or other reasons, and having a policy already established for this makes the decision easier to communicate and defend.

These organization-level policies and procedures, along with staff-level training and policies should be developed to support the personnel in their decision and their readiness for an effective deployment.

Many things that should be determined and addressed would include:

  • Matters of pay, expenses, and insurance
  • Liability of personal actions
  • Code of conduct
  • What personnel are expected to provide vs what the organization will provide (equipment, supplies, uniform, etc.)
  • Physical fitness requirements and inoculations
  • Accountability to the home organization

Personnel also need to be prepared to work in austere conditions. They may not have a hotel room; instead they could be sleeping on a cot, a floor, or in a tent. This alone can break certain people, physically and psychologically. Access to showers and even restrooms might be limited. Days will be long, the times of day they work may not be what they are used to, and they will be away from home. They must be ready, willing, and able to be away from their lives – their families, pets, homes, jobs, routines, and comforts – for the duration of the deployment. Their deployment activity can subject them to physical and psychological stresses they must be prepared for. These are all things that personnel must take into consideration if they choose to be on a deployment roster.

This is stuff not taught in police academies, fire academies, or nursing schools. FEMA, the Red Cross, and other organizations have policy, procedures, training, and other resources available for their personnel because this is part of their mission and they make these deployments regularly. The big problem comes from personnel with organizations which don’t do this as part of their core mission. People who are well intentioned, even highly trained and skilled in what they do, but simply aren’t prepared for the terms and conditions of deployment can become a liability to the response and to themselves.

Of course, organizational policy and procedure continues from here in regard to their methods for actually approving, briefing, and deploying personnel; accounting for them during the deployment; and processing their return home. The conditions of their deployment may necessitate follow up physical and mental health evaluations (and care, as needed) upon their return. They should also be prepared to formally present lessons learned to the organization’s leadership and their peers.

I’ll say that any organization interested in the potential of deploying personnel during a disaster is responsible for making these preparations, but a broader standard can go a long way in this effort. I’d suggest that guidance should be established at the state level, by state emergency management agencies and their peers, such as state fire administrators; state departments of health, transportation, criminal justice, and others. These state agencies often contribute to and are even signatories of state-wide mutual aid plans which apply to the constituents of their areas of practice. Guidance developed at the state level should also dovetail into EMAC, as it’s states that are the signatories to these agreements and often rely on the resources of local organizations when requests are received.

There is clearly a lot to consider for organizations and individuals in regard to disaster deployments. It’s something often taken for granted, with the assumption that any responder can be sent to a location hundreds of miles away and be fully prepared to live and function in that environment. We can do better and we owe our people better.

Has your organization developed policies, procedures, and training for deploying personnel?

© 2021 Tim Riecker, CEDP

Emergency Preparedness Solutions, LLC®

EM Engagement with the Public

Emergency management is notoriously bad at marketing. People have a much better idea of what most other government agencies do, or simply (at least) that they exist. Establishing awareness and understanding of emergency management not only for the people you serve, but those you work with can go a long way toward meeting your goals.

As with any message everything is about the audience. Emergency management has a variety of audiences. While we have some programs and campaigns oriented toward individuals, much of our work is with organizations, including non-profits, other government agencies, and the private sector. All in all, most emergency managers are pretty good at interfacing and coordinating with organizations. It’s the public that we still struggle with. Emergency management inherited the burden of individual and family preparedness from the days of civil defense. Things were different then. Civil defense focused on one threat, it was persistent, and the calls to action were tangible and even practiced with the public in many communities.

And yes, I said that our present engagement with the public is a burden. Can it make a difference? Sure. Does it make a difference? Sometimes. While some can argue that any measurable difference we make is good, we all need to acknowledge that campaigns and programs for the public are often a huge source of frustration for emergency managers across the nation and elsewhere. We feel compelled to do it, but so often we can’t make that connection. While I think it is a worthwhile mission and there are successes, the usual rhetoric is stale (i.e., make a plan, build a kit, be informed, get involved) and our return on investment is extremely low.

We need to do more than handing out flyers at the county fair. Some communities have been able to find success through partner agencies or organizations that actually do work with the public on a regular basis, which I think is a better formula for success. These agencies and organizations already have an in with a certain portion of the population. They have an established presence, rapport, and reputation. Given that agencies and organizations have different audiences, it is best to engage more than one to ensure the best coverage throughout the community.

As mentioned, our usual rhetoric also needs to change. With continued flooding here in the northeast US, I saw a message from a local meteorologist on Twitter recently giving some information on the flooding and saying to ‘make a plan’. Fundamentally that’s good. Unfortunately, this message is pretty consistent with what we put out most of the time in emergency management. Yes, it’s a call to action, but incredibly non-specific. Should I plan to stay home? Should I plan to evacuate? Should I plan to get a three-week supply of bread and milk? I’ll grant that Twitter isn’t really the best platform for giving a lot of detail, but I think we can at least tell the public what to make a plan for and provide a reference to additional information.

Should EM disengage with the public at large? No, absolutely not. But we do need to find better ways to engage, and I think that really requires a keen eye toward marketing, analyzing our audiences to determine what kinds of messaging will work best, how to reach them, and what is important to them. Two messages a year about preparedness doesn’t cut it. Neither does a bunch of messages giving the FEMA hotline after a disaster. It needs to be consistent. It needs to be fun. It needs to be engaging. It should be multimodal – social media, speaking at local meetings, articles in the town newsletter, etc. Don’t be boring, don’t be technical, don’t be doom and gloom. Make it clear, make it interesting (to them… not you), and make it brief. Essentially, don’t be so ‘government’ about it. (The same applies for any corporate emergency management program as well).

I’ll also add that having a presence with the public in your community is, in a practical sense, a presence with voters. While emergency managers often talk about the need for emergency management to be politically neutral, there are a lot of interests that align with emergency management that are clearly partisan, giving cause for us to be political. For context (because ‘politics’ has become such a bad word) I’m not talking about campaigning for someone, attending a rally, or spewing political rhetoric; but rather being engaged in political processes, of which a huge part is having a regular and strong presence. Even with partisan issues aside, emergency management requires funding and other resources to be effective, and that often requires an extent of political engagement and support. We need to actively and regularly promote what we do and what we accomplish. No, it’s not usually as sexy as putting out a big fire or building a bridge, but most fire and highway departments don’t miss an opportunity to get that stuff in the news. That’s why people know them.

Given the fairly universal benefits to emergency managers everywhere, I’d love to see FEMA engage with a marketing firm to produce a broad range of reusable content. TV and radio spots; website and social media graphics; customizable newsletter articles and handouts; speaking points for meetings (no PowerPoint necessary, please), interviews, and podcasts; etc. This also can’t be done every 10 or 15 years. It’s something that should be refreshed every two years to stay relevant, fresh, and meaningful, and with the input of actual emergency managers and public information officers. Speaking of PIOs, if you think your only work with emergency management is during a disaster, think again. PIOs, even if not within EM, should absolutely be engaged in these efforts.

FEMA has produced some material in the past, as have some states for use by local governments, but we need more and we can’t hold our breath for this to be done. Emergency management is, however, a great community of practice. If you have a successful practice or message, please share it! Bring it to your networks or even provide information in a comment to this post.

© 2021 Tim Riecker, CEDP

Emergency Preparedness Solutions, LLC®

Metrics and Data Analytics in Emergency Management

I’ve lately seen some bad takes on data analytics in emergency management. For those not completely familiar, data analytics is a broad-based term applied to all manner of data organization, manipulation, and modeling to bring out the most valuable perspectives, insights, and conclusions which can better inform decision-making. Obviously, this can be something quite useful within emergency management.

Before we can even jump into the analysis of data, however, we need to identify the metrics we need. This is driven by decision-making, as stated above, but also by operational need, measurement of progress, and reporting to various audiences, which our own common operating picture, to elected officials, to the public. In identifying what we are measuring, we should regularly assess who the audience is for that information and why the information is needed.

Once we’ve identified the metrics, we need to further explore the intended use and the audience, as that influences what types of analysis must be performed with the metrics and how the resultant information will be displayed and communicated.

I read an article recently from someone who made themselves out to be the savior of a state emergency operations center (EOC) by simply collecting some raw data and putting it into a spreadsheet. While this is the precursor of pretty much all data analysis, I’d argue that the simple identification and listing of raw data is not analytics. It’s what I’ve come to call ‘superficial’ data, or what someone on Twitter recently remarked to me as ‘vanity metrics’. Examples: number of people sheltered, number of customers with utility outages, number of people trained, number of plans developed.

We see a lot of these kinds of data in FEMA’s annual National Preparedness Report and the Emergency Management Performance Grant (EMPG) ‘Return on Investment’ report generated by IAEM and NEMA. These reports provide figures on dollars spent on certain activities, assign numerical values to priorities, and state how much of a certain activity was accomplished within a time period (i.e. x number of exercises were conducted over the past year). While there is a place for this data, I’m always left asking ‘so what?’ after seeing these reports. What does that data actually mean? They simply provide a snapshot in time of mostly raw data, which isn’t very analytical or insightful. It’s certainly not something I’d use for decision-making. Both of these reports are released annually, giving no excuse to not provide some trends and comparative analysis over time, much less geography. Though even in the snapshot-of-time type of report, there can be a lot more analysis conducted that simply isn’t done.

The information we report should provide us with some kind of insight beyond the raw data. Remember the definition I provided in the first paragraph… it should support decision-making. This can be for the public, the operational level, or the executive level. Yes, there are some who simply want ‘information’ and that has its place, especially where political influence is concerned.

There are several types of data analytics, each suitable for examining certain types of data. What we use can also depend on our data being categorical (i.e. we can organize our data into topical ‘buckets’) or quantitative. Some data sets can be both categorical and quantitative. Some analysis examines a single set of data, while other types support comparative analysis between multiple sets of data. Data analytics can be as simple as common statistical analysis, such as range, mean, median, mode, and standard deviation; while more complex data analysis may use multiple steps and various formulas to identify things like patterns and correlation. Data visualization is then how we display and communicate that information, through charts, graphs, geographic information systems (GIS), or even infographics. Data visualization can be as important as the analysis itself, as this is how you are conveying what you have found.

Metrics and analytics can and should be used in all phases of emergency management. It’s also something that is best planned, which establishes consistency and your ability to efficiently engage in the activity. Your considerations for metrics to track and analyze, depending on the situation, may include:

  • Changes over time
    • Use of trend lines and moving averages may also be useful here
  • Cost, resources committed, resources expended, status of infrastructure, and measurable progress or effectiveness can all be important considerations
  • Demographics of data, which can be of populations or other distinctive features
  • Inclusion of capacities, such as with shelter data
  • Comparisons of multiple variables in examining influencing factors (i.e. loss of power influences the number of people in shelters)
    • Regression modeling, a more advanced application of analytics, can help identify what factors actually do have a correlation and what the impact of that relationship is.
  • Predictive analytics help us draw conclusions based on trends and/or historical data
    • This is a rabbit you can chase for a while, though you need to ensure your assumptions are correct. An example here: a hazard of certain intensity occurring in a certain location can expect certain impacts (which is much of what we do in hazard mitigation planning). But carry that further. Based on those impacts, we can estimate the capabilities and capacities that are needed to respond and protect the population, and the logistics needed to support those capabilities.
  • Consider that practically any data that is location-bound can and should be supported with GIS. It’s an incredible tool for not only visualization but analysis as well.
  • Data analytics in AARs can also be very insightful.

As I mentioned, preparing for data analysis is important, especially in response. Every plan should identify the critical metrics to be tracked. While many are intuitive, there is a trove of Essential Elements of Information (EEI) provided in FEMA’s Community Lifelines toolkit. How you will analyze the metrics will be driven by what information you ultimately are seeking to report. What should always go along with data analytics is some kind of narrative not only explaining and contextualizing what is being shown, but also making some inference from it (i.e. what does it mean, especially to the intended audience).

I’m not expecting that everyone can do these types of analysis. I completed a college certificate program in data analytics last year and it’s still challenging to determine the best types of analysis to use for what I want to accomplish, as well as the various formulas associated with things like regression models. Excel has a lot of built-in functionality for data analytics and there are plenty of templates and tutorials available online. It may be useful for select EOC staff as well as certain steady-state staff to get some training in analytics. Overall, think of the variables which can be measured: people, cost, status of infrastructure, resources… And think about what you want to see from that data now, historically, and predicted into the future. What relationships might different variables have that can make data even more meaningful. What do we need to know to better support decisions?

Analytics can be complex. It will take deliberate effort to identify needs, establish standards, and be prepared to conduct the analytics when needed.

How have you used data analytics in emergency management? What do you report? What decisions do your analytics support? What audiences receive that information and what can they do with it?

© 2021 Tim Riecker, CEDP

Emergency Preparedness Solutions, LLC®

Measuring Return on Investment Through Key Performance Indicators

Return on investment (ROI) is generally defined as a measurement of performance to evaluate the value of investments of time, money, and effort. Many aspects of preparedness in emergency management offer challenges when trying to gauge return on investment. Sure, it’s easy to identify that m number of classes were conducted and n number of people were trained, that x number of exercises were conducted with y number of participants, that z number of plans were written, or even that certain equipment was purchased. While those tell us about activity, they don’t tell us about performance, results, or outcomes.

More classes were conducted. So what?

We purchased a generator. So what?

The metrics of these activities are easy to obtain, but these are rather superficial and generally less than meaningful. So how can we obtain a meaningful measure of ROI in emergency preparedness?

ROI is determined differently based on the industry being studied, but fundamentally it comes down to identifying key performance indicators, their value, and how much progress was made toward those key performance indicators. So what are our key performance indicators in preparedness?

FEMA has recently began linking key performance indicators to the THIRA. The Threat and Hazard Identification and Risk Assessment, when done well, gives us quantifiable and qualifiable information on the threats and hazards we face and, based upon certain scenarios, the performance measures need to attain certain goals. This is contextualized and standardized through defined Core Capabilities. When we compare our current capabilities to those needed to meet the identified goals (called capability targets in the THIRA and SPR), we are able to better define the factors that contribute to the gap. The gap is described in terms of capability elements – planning, organizing, equipping, training, and exercises (POETE). In accordance with this, FEMA is now making a more focused effort to collect data on how we are meeting capability targets, which helps us to better identify return on investment.

2021 Emergency Management Performance Grant (EMPG) funding is requiring the collection of data as part of the grant application and progress reports to support their ability to measure program effectiveness and investment impacts. They are collecting this information through the EMPG Work Plan. This spreadsheet goes a long way toward helping us better measure preparedness. This Work Plan leads programs to identify for every funded activity:

  • The need addressed
  • What is expected to be accomplished
  • What the expected impact will be
  • Identification of associated mission areas and Core Capabilities
  • Performance goals and milestones
  • Some of the basic quantitative data I mentioned above

This is a good start, but I’d like to see it go further. They should still be prompting EMPG recipients to directly identify what was actually improved and how. What has the development of a new plan accomplished? What capabilities did a certain training program improve? What areas for improvement were identified from an exercise, what is the corresponding improvement plan, and how will capabilities be improved as a result? The way to get to something more meaningful is to continue asking ‘so what?’ until you come to an answer that really identifies meaningful accomplishments.

EMPG aside, I encourage all emergency management programs to identify their key performance indicators. This is a much more results-oriented approach to managing your program, keeping the program focused on accomplishing meaningful outcomes, not just generating activity. It’s more impactful to report on what was accomplished than what was done. It also gives us more meaningful information to analyze across multiple periods. This type of information isn’t just better for grant reports, but also for your local budgets and even routine reports to upper management and elected officials.

What do you think about FEMA’s new approach with EMPG? What key performance indicators do you use for your programs?

© 2021 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

FEMA’s 2020 National Preparedness Report – A Review

It seems an annual tradition for me to be reviewing the National Preparedness Report. I’ve endeavored to provide constructive criticism of these documents, which are compilations of data from state and federal agencies, national-level responses, and other sources.

This year’s National Preparedness Report emphasizes that it is based on data from the 2019 calendar year. In looking back on past reports (note: they are no longer on the FEMA site – I was able to find them in the Homeland Security Digital Library) this has been the past practice. Perhaps I never realized it before, but a report talking about data from practically a full year ago seems to hold even less relevance. That means that enacting changes on a national level based on this data may not even begin to occur until two years have passed. Even taking into consideration that states and UASIs are compiling their reports early in a year for the previous year, it still seems a long time to wait for the national level report. This extent of lag is further emphasized by the document’s foreword, written by the FEMA Administrator, which makes many references to COVID-19 and how much different next year’s report will be, while not really speaking at all about the current report. This speaks a lot to how much we, as a practice, are attracted by the shiny objects dangled in front of us, seemingly ignoring all else.

My first pass of the 2020 report brought two primary impressions: 1) The instructive content of the document is some of the best I’ve seen out of FEMA, and 2) There is a considerable lack of data, with a low value for much of what they have included.

In regard to my first impression, the discussion of concepts such as risk (including emerging risk and systemic risk), capabilities, cascading impacts, community lifelines, public-private partnerships, and vulnerable populations has the perfect level of depth and detail. Not only do they discuss each of these concepts, but they also identify how they each connect to each other. This is EXACTLY the kind of consolidation of information we have needed for a long time. This lends itself to truly integrated preparedness and the kinds of information I’ve mentioned many times as being needed, including in the next version of CPG-101. I’m truly impressed with this content, the examples they provide, and how they demonstrate the interconnectedness of it all. I’ll certainly be using this document as a great source of this consolidated information. Now that I’ve extolled my love and adoration for that content, I’m left wondering why it’s in the National Preparedness Report. It’s great content for instructional material and doctrinal material on integrated preparedness, but it really has no place, at least to this extent of detail in the National Preparedness Report. Aside from the few examples they use, there isn’t much value in this format as a report.

This brings me to my next early observation: that of very little actual data contained in the report. Given the extent to which states, territories, UASIs, and other stakeholders provide data to FEMA each year by way of their Threat and Hazard Identification and Risk Assessments (THIRAs) and Stakeholder Preparedness Reviews (SPRs), along with various other sources of data, this document doesn’t contain a fraction of what is being reported. There are two map products contained in the entire report, one showing the number of federal disaster declarations for the year, the other showing low-income housing availability across the nation. Given the wide array of information provided by state and UASI, and compiled by FEMA region, surely there must be some really insightful trends and other analysis to provide. There are a few other data sets included in the report showing either raw numbers or percentages – nothing I would really consider analytics. Much of the data is also presented as a snapshot in time, without any comparison to previous years.

Any attempt to view this document as a timely, meaningful, and relevant report on the current state of preparedness in the nation, much less an examination of preparedness over time, is simply an exercise in frustration. The previous year’s report at least had a section titled ‘findings’, even though any real analysis of data there was largely non-existent. This year’s report doesn’t even feign providing a section on findings. To draw on one consistently frustrating example, I’ll use the Core Capability of housing. While this report dances around doctrine and concepts, and even has a section on housing, it’s not addressing why so little preparedness funding or even moderate effort is directed toward addressing the issue of emergency housing, which has arguably been the biggest preparedness gap for time eternal in every state of the nation. Looking broadly at all Core Capabilities, this year’s report provides a chart similar to what we’ve seen in previous years’ reports, identifying how much preparedness funding has gone toward each Core Capability. In relative numbers, very little has changed; even though we know that issues like housing, long-term vulnerability reduction, infrastructure systems, and supply chains have huge gaps. All these reports are telling me is that we’re doing the same things over and over again with little meaningful change.

So there it is… while I really am thoroughly impressed with some of the content of the report, much of that content really doesn’t have a place in this report (at least to such an extent), and for what little data is provided in the report, most of it has very little value. The introduction to the document states that “this year’s report is the product of rigorous research, analysis, and input from stakeholders”. To be blunt, I call bullshit on this statement. I expect a report to have data and various analysis of that data, not only telling us what is, but examining why it is. We aren’t getting that. The National Preparedness Report is an annual requirement per the Post Katrina Emergency Management Reform Act. I challenge that FEMA is not meeting the intent of that law with the reports they have been providing. How can we be expected, as a nation, to improve our state of readiness when we aren’t provided with the data needed to support and justify those improvements?

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

A National Disaster Safety Board

You’ve heard of the National Transportation Safety Board (NTSB), right? If not, the nitty gritty of it is that they are an independent federal accident investigation agency. They determine probable cause of the full range of major transportation incidents, typically putting forward safety recommendations. They are granted some specific authorities related to these investigations, such as being the lead federal agency to investigate them (absent criminal aspects) and they maintain a schedule of deployment-ready teams for this purpose.  They can conduct investigative hearings (ever see the film Sully?) and publish public reports on these matters. Overall, I’ve had positive interactions with NTSB representatives and have found their work to be highly effective.

While certainly related to emergency management, the main purpose for my quick review of the NTSB in this post is to provide a starting point of understanding for Congressional legislation urging the formation of a National Disaster Safety Board (NDSB). The draft bill for discussion can be found here. This bill has been put forth with bi-partisan sponsors in both the US Senate and the House of Representatives.

The purpose of the NDSB, per this bill, is:

  1. To reduce future losses by learning from incidents, including underlying factors.
  2. Provide lessons learned on a national scale.
  3. Review, analyze, and recommend without placing blame.
  4. Identify and make recommendations to address systemic causes of incidents and loss from incidents.
  5. Prioritize efforts that focus on life safety and injury prevention, especially in regard to disproportionately impacted communities.

To execute this mission, the bill provides that the NDSB will have the authority to review incidents with 10 or more fatalities; may self-determine the need for board review of an incident; and shall have the full ability to investigate, review, and report on incidents.

The bill directs the NDSB to coordinate with all levels of government to identify and adopt standard methods of measuring impacts of disasters to provide for consistent trend analysis and comparisons, and to ensure that these standards are uniformly applied. The bill requires the NDSB to coordinate with all levels of government in their investigations during incident responses, and to participate in the incident command system for coordination of efforts as well as investigative purposes. Affected authorities shall have an opportunity to review the NDSB report 30 days prior to publication.

The NDSB will be comprised of seven board members, selected by the President from a slate of candidates provided by both houses of Congress, with no more than four board members having affiliation with the same political party, and with all members having technical and/or professional qualifications in emergency management, fire management, EMS, public health, engineering, or social and behavioral sciences.

There is a lot of other legalese and detail in the bill, but I’m happy to find that the language supports coordination among and with federal agencies, including FEMA, NIST, NTSB, and others; and also has an emphasis on investigating impacts to disproportionately impacted communities. The bill also charges the NDSB with conducting special studies as they see fit and providing technical support for the implementation of recommendations.

I’m thrilled with this effort and I’m hopeful the bill progresses to law. We have had a history of outstanding research from academic institutions and after action reports from government entities, which should all still continue, but it’s incredibly substantial that the NDSB will establish standards and consistency in how we examine disasters over time. We’ve seen how impactful the NTSB has been since its inception in 1967, and I feel the NDSB could have an even greater impact examining a broader spectrum of disasters. This is an effort which has been long encouraged by various emergency management related groups. The NDSB, I suspect, will also support a stronger and more defined FEMA, as well as strengthening all aspects of emergency management at all levels.

What thoughts do you have on the NDSB? What do you hope will come of it?

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

COVID-19 Vaccine Administration Preparedness

On September 16, the CDC released the COVID-19 Vaccination Program Interim Playbook for Jurisdiction Operations. This document lays out some fairly realistic expectations of jurisdictions (mostly states) in their distribution, administration, and tracking of COVID-19 vaccinations. That said, even though there continue to be many unknowns about the vaccines to be utilized, dosages, timetable of availability, and how and where vaccines will be delivered to states, there are reasonable assumptions that could be made and high probability strategies identified, which the CDC failed to do. Instead, as is a hallmark of many poor managers, they provided a punch list of considerably detailed demands but not the very essential information and parameters needed to support good planning. Information is everything.

Garbage in/garbage out is a pretty simple concept of utilizing poor or lacking information to inform a process, which will result in similar outputs. After reviewing New York State’s COVID-19 Vaccination Plan, that concept is fully demonstrated. Most sections of New York State’s plan are vague at best, saying what they will do but not how they will do it. They do identify some roles and responsibilities, but without delineating the boundaries between functionaries. For example: they will utilize pharmacies, local health departments, and state-run facilities, among others, to accomplish public vaccination. This is a solid and expected strategy, but the responsibilities for each are poorly defined for their own operations, much less how they will or won’t work together. Many concepts in the plan are vague at best, and even lacking more defined federal guidance, should have better detail. A big component of vaccination will be community delivery through local health departments, yet this is barely acknowledged. I would have expected this plan to provide guidance and outline preparedness requirements for local health departments, even if they were communicated separately. I acknowledge this is intended to be a strategic level plan, but it doesn’t seem to even consistently provide that measure of detail. I’m left with a lot of questions. And while it may be petty, the document itself is poorly written and published – I expect better from state government.

I’ve not looked at the plans of other states, but if this is indicative of the general state of things, the term ‘shit show’ is the phrase that comes to mind. While we will no doubt improve, there is a long way to go and I think jurisdictions will find themselves in a bind, being poorly prepared when they receive notice of an imminent delivery of vaccines with no detailed plan or assigned resources to get the job done. If anything, we have had plenty of time to prepare for vaccination efforts. There are clearly failures at all levels. While communication between and among federal, state, and local jurisdictions has certainly taken place beyond these documents, the standards and measures need to be more apparent.

We need to do better and be better. Reflecting a bit on the piece I wrote yesterday, we need to be thorough and imaginative in our preparedness efforts without excluding possibilities. Local jurisdictions must be prepared to support vaccinations in their communities. As I’ve written before, most health departments simply don’t have the capacity to do this. Jurisdictions need to engage with their health departments for the best guidance possible and work from that. An 80% solution now is better than a 20% solution later. As with any disaster, local communities are the first stakeholder and the last.

What are you seeing from your states? What do you think is missing in our overall efforts?

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

Preparedness in the Pandemic Age

Planning, training, and exercises, as the foundational activities of preparedness, shouldn’t be stopping because of the pandemic. Preparedness is an ongoing activity which needs to forge ahead with little disruption – and there is always plenty to do! What must we do, though, to accommodate necessary precautions in the age of the Pandemic?

Let’s talk about planning first. The biggest relevant issue for planning is the conduct of stakeholder meetings. These may be larger group meetings to discuss and get buy-in on broader topics, or detailed small-group meetings to discuss very specific topics. Information, sometimes sensitive, is exchanged, presentations are given, and documents are reviewed. I’ve mentioned in various posts through the years the importance of properly preparing for meetings. Even for traditional in-person meetings, there are important things to consider, such as:

  1. Do you really need a meeting?
  2. Developing an agenda
  3. Having the right people in attendance
  4. Ensuring that all speakers and presenters are prepared
  5. Ensuring that all attendees are prepared to discuss the subject matter
  6. An adequate meeting space and support (technology, dry erase boards, etc)

All of these rules still apply in a virtual world, perhaps with even more emphasis. While we’ve obviously had video meeting technology for a long time, we’ve discovered this year that many people haven’t used it much or at all until earlier this year. The surge in use has also brought attention to the plethora of tools which can be facilitated through video conference platforms. While the simple sharing of video supports most of our meeting needs, we can share screens, conduct presentations, and use collaborative tools such as whiteboards and shared documents. Pretty much everything we do in an in-person meeting can be accomplished through video conference platforms – but those who arrange the calls need to take the time to become familiar with the tools and functionality; and if there is anything that needs to be done by participants (some of which are likely to be less tech-savvy) you need to be able to coach them through it. Some of these tools require integrations of other technology, such as cloud document storage or various apps. Remember that meetings should be interactive, so encourage people to use chatrooms to help queue up questions for presenters. If any documents or information are sensitive, be sure you are taking the appropriate precautions with how the meeting is set up, how participants are invited, and how documents are shared.

My tip… read reviews to determine which platform will best suit your needs and watch some tutorials on YouTube.

When it comes to remote training, so much of what I mentioned for stakeholder meetings will apply here. Being interactive is still incredibly important, as is the ability to integrate other technologies, such as videos, PowerPoint, and shared documents. When designing training that will be delivered remotely, if it helps, don’t think about the platform first – think about how you would do the training in person. Would you have breakout sessions for group work? That can be easily accomplished on video conference platforms, but it takes some preparation. Would you put things on a white board or chart paper? That can also be accomplished. Giving an exam? Having participants complete a survey or feedback form? Yes and yes. It can all be done, but preparation is key. Some instructors, especially in public safety, have gotten too used to simply showing up and delivering their material – not because they are lazy, but because they have done it dozens or hundreds of times. They have a routine. If you want participants to get a similar, or perhaps even better learning experience, some deliberate thought and preparation is required. Also, make sure you simply don’t become a talking head. Break things up and be dynamic. It’s easy for our own demeanor to elevate disinterest. I often stand (using a variable height standing desk) when giving presentations and conducting training. Being on my feet helps me push more energy into what I’m doing.

Tip… remember to give people breaks, just as you would in face-to-face training.

Lastly, exercises. A lot of this is a combination of the information I gave for planning and training. Exercise planning meetings need to be conducted, and every exercise has some extent of presentations, with discussion-based exercises having more emphasis on this obviously. To answer the big question – yes, most exercise can be conducted remotely! Obviously, discussion-based exercises are generally the lower-hanging fruit, so they can and should be happening remotely. Remember that exercises are supposed to be interactive experiences, so your exercise design absolutely must account for identifying the means and methods of engagement in the virtual environment. All the things I’ve mentioned already are prime options for this, such as breakout groups, shared documents, live polling, etc. Facilitators and evaluators can be assigned to specific breakout rooms or have access to all of them, allowing them to float from room to room.

What about operations-based exercises? Yes, there are options for conducting operations-based exercises remotely. First, we do need to acknowledge the obvious challenges associated with conducting drills and full-scale exercises via remote environments. Is it impossible? No, but it depends on what the focus of the exercise is. Something like a cyber-security or intelligence exercise may be more naturally brought into a virtual environment, depending on the exercise objectives or tasks. Games may be fully integrated into digital platforms already, which helps, but if they aren’t, these may need to be re-imagined and developed in a virtual environment. This can get expensive, so it really needs to be a properly thought through. Functional exercises, such as the typical command post exercise or emergency operations center (EOC) exercise, can absolutely be performed virtually. Many jurisdictions successfully ran their EOCs virtually during the height of the pandemic (many still are). If the actual activity can be performed virtually, it can (and should!) be exercised virtually. Again, preparation is key to ensuring that participants can do what they would normally do, while controllers and evaluators still have full access and visibility. Simulation Cells can be virtually integrated and most EOC management platforms are web-based. With some thought, we can bring most exercises into a virtual environment and still make them effective experiences while also meeting all HSEEP requirements.

Tip… For a virtual functional exercise, unless the time period of your exercise is set after the initial response, consider including an objective for the participants (and the tech support of their agencies, as needed) to set up everything that is needed in real time during the exercise – just like they would in real life. This would include all their video, file share, data tracking, etc. That set up is a considerable challenge of running a virtual EOC. If you didn’t want that activity to distract from your exercise, it’s also a great drill. Don’t let it just be tech support personnel, though, as EOC personnel should be expressing their needs.

Remote work environments have helped many organizations overcome challenges associated with the pandemic. Some organizations were better prepared than others to make it happen, but most seem to have achieved effective operational continuity. Hopefully your preparedness programs haven’t stalled out because people feel these activities can’t be done in a virtual environment. We also can’t use the excuse that we’re too busy because of the pandemic to not be preparing. While some niche organizations might still be quite busy, the pandemic response, for most, has become an integrated job duty for the medium term. We can’t let things fall to the wayside or we will never get back on track. The time is now!

I’d love to hear how you are using tech platforms to support preparedness efforts.

©2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC