What’s the (next) Big Idea in Emergency Management?

August 28, 2014Tim Riecker, The Contrarian Emergency Manager Leave a comment

Innovation. It seems to be what everyone clamors for. In emergency management we see people striving for it across the board: in government and in education we try to build the better emergency management mouse trap. We establish think tanks to find new solutions and the private sector looks for better ways to protect their investments. But what is it that we are looking for? What systemic problems do we still face in emergency management that require change?

There is plenty out there that needs to be improved upon. There always will be. Until we can prepare for, prevent, and mitigate disasters to the point that little to no response is ever needed and no loss of life occurs we will continue to strive for better ways of doing things. I’m guessing that day is a long way off, so we have plenty of work to do. Before we can innovate, however, we must find cause. Necessity, as they say, is the mother of invention. So what needs exist that must be corrected?

Certainly our after action reports (AARs) identify areas of needed change. But those generally only show us gaps in local systems. Threat and Hazard Identification and Risk Analysis (THIRA) likewise shows gaps in local systems. Does this information ever get fed to higher levels? Of course it does… in some measure but only some of the time. States assemble State Preparedness Reports (SPRs) which, in current practice, conduct an analysis of each core capability through each of the POETE elements (planning, organizing, equipping, training, and exercising). These in turn inform the National Preparedness Report (NPR). The 2014 NPR was released by FEMA earlier this month, identifying areas for improvement in several of the core capabilities. This is certainly a resource to help us identify needs, but none of these resources or mechanisms are perfect. What is missing? How do we improve them?

Interestingly enough, some opine that we aren’t examining the right data. The Congressional Research Service suggests that we might need better measures of preparedness, according to their report and this article from FierceHomelandSecurity.com. The report gives no answers, but poses several questions. Overall, what can we do better?

Returning to innovation, where do the gaps truly exist? How do we validate those gaps? Can we address those gaps with current systems or do we need to create new systems (innovations)? If it is with current systems, what are the barriers to getting the gaps addressed in the short term? If it is not with current systems where does the innovation come from?

Despite having worked in Emergency Management for over fifteen years and having seen, felt, and experienced the myriad changes which have occurred – especially since 9/11 – and with every administration subsequent to the attacks I really hadn’t sat and considered the changes that have occurred. I’m about half way through an amazing book by John Fass Morton called Next-Generation Homeland Security: Network Federalism and the Course to National Preparedness. The first 200 pages or so of the book provide a thorough review of civil defense/emergency management/homeland security through decades and over a dozen presidential administrations. The gravity of it all has left my head spinning. So many changes – and most simply for the sake of politics. Much of it seems like wasted effort, but Mr. Morton connects the dots so brilliantly and identifies that D certainly could not have happened if not for A, B, and C… even though C and A were essentially the same. IT seems that through these years so much has occurred, but so little has actually changed. I would argue that the practice of emergency management is in a better place now than ever, but what will emergency management look like tomorrow? Will our continued evolution be through measured change or through innovation? What makes that determination?

An Academic Study in Ferguson Civil Disorder

August 19, 2014Tim Riecker, The Contrarian Emergency Manager Leave a comment

From an academic and emergency management lessons learned perspective, there will be a great deal to learn from the events in Ferguson, Missouri. In this brief article on Western Illinois University’s Emergency Management program, faculty comment on how a few of the courses within their degree program expect to analyze this social disaster.

I anticipate a lot of post-incident analysis once we have the facts of this event. Respecting the loss of life as we do in any disaster, the practice of emergency management within the greater professions of public safety and even government administration stand to learn a great deal from an after action analysis of this incident to help us improve by preparing for and preventing the impacts of future incidents.

Keeping Up With Changes in Emergency Management

August 13, 2014Tim Riecker, The Contrarian Emergency Manager 4 Comments

As with many things in life, the field of emergency management has changed and will continue to do so. Much of this change is an evolution – generally positive and productive adjustments to make us more effective and efficient in what we do supported by doctrine and models to guide our actions and provide consistency of application. Sometimes changes are made which simply give the illusion of progress or are applied much like a Band-Aid as a knee-jerk stop-gap measure which usually fail unless a better implementation is put in place. Many of the better thought out applications, however, do tend to stick. While we have seen a great deal of change in the field over the last 14 years, we have largely seen a clear progression with practitioners and policy makers learning from previous programs.

Yesterday I encountered two separate instances which did not apply current practices and policies. The first was an advertisement for a training program which discussed the four phases of emergency management. The second was an article in which the author stated that ‘…preparedness is no longer part of the (emergency management) lexicon…’. The two items, while different, are related in that they both indicate a lack of understanding in the evolution we have made from the four phases of emergency management – mitigation, preparedness, response, and recovery.

In a nutshell, these long standing phases began to change soon after the terrorist attacks of 9/11 with the integration of homeland security with emergency management resulting in the inclusion of ‘prevention’ into the emergency management phases – thus prevention, mitigation, preparedness, response, and recovery. As minor as this seems, it was quite a change for those of us who had been in the world of the four phases for a while and was a difficult pill to swallow. Along with the human nature of resistance to change there was still a feeling that the matter wasn’t quite fully settled – in other words, more change would come.

For several years different models were kicked around but none really gained traction until the issuance of Presidential Policy Directive 8 (PPD8), which created the National Preparedness Goal and the National Preparedness System. These begat things like the Core Capabilities (a revamping of the predecessor Target Capabilities) and the introduction of the Threat and Hazard Identification and Risk Assessment (THIRA) as well as a new way of viewing the major activities within emergency management and homeland security – the five mission areas of prevention, protection, mitigation, response, and recovery. These five mission areas have re-defined, or perhaps more accurately defined what it is that we do in emergency management and homeland security.

The traditional four phases were often depicted in a cycle. Taken literally, this meant that you progressed from one phase to the next in a series. The truth of the matter was that each of the four phases could actually run simultaneously. There was also a misunderstanding that preparedness was an isolated activity, when in actuality our preparedness efforts applied to all activities. With the further evolution of homeland security the foundational activities of prevention and then protection were identified and defined. Pulling together these five mission areas – prevention, protection, mitigation, response, and recovery – the National Preparedness System provides for distinct preparedness activities identified for each mission area, an organization of the Core Capabilities within each mission area, and national planning frameworks which identify the role and goals of each mission area in achieving the national preparedness goal. Not only has preparedness not gone away, but it has been elevated in status.

PPD8 was probably the presidential directive with the greatest and broadest impact on our field of practice since Homeland Security Presidential Directive 5 (HSPD5) in 2003 which drove the implementation of the National Incident Management System (NIMS). Keeping up with critical changes in our evolution such as these is absolutely imperative for practitioners. Not only do these policy changes impact how we do our jobs individually and programmatically, but they impact how we coordinate with each other, which is and always will be the foundational essence of emergency management.

How do you keep up with changes in our field of practice?

Having a Resource Management Common Operating Picture

August 11, 2014Tim Riecker, The Contrarian Emergency Manager 2 Comments

Resource management is one of the most complex aspects of emergency management. The resource management cycle could be seen as a microcosm of the emergency management cycle with a number of steps operating in sequence and some simultaneously before, during, and after a disaster. We need to properly establish our resource management systems, procedures, and policies and keep them, as well as our inventories, up to date.

Referencing the Core Capabilities, the capabilities of Public and Private Services and Resources, Planning, Critical Transportation, and Operational Coordination all have bearing on resource management. Resource management is also one of the key components of NIMS. The following graphic on the resource management cycle comes from NIMS doctrine. While this is largely a logistics issue, the importance of it all cuts across all levels of all organizations.

NIMS Resource Management Cycle

Consider each of the steps identified in the resource management cycle. There is quite a bit of complexity to each. An additional challenge is that they are always in motion as requirements regularly change, new resources are obtained, and obsolete resources are retired from service. Often one change in a step of the cycle requires changes cascading to other steps. Also consider the variety of people involved in each step. No one agency or department has all the resources, therefore we are relying on information from others to create a common operating picture of resource management. Additionally, the regularity of changes in this information require us to have establish and maintain a system which allows for real-time tracking of this information.

Any information can be viewed in a variety of manners. A fairly simple web-based tool can allow for multiple stakeholders to input data and change resource status, but the display of that information the reporting available from such as system allows for better utility. The integration of GIS can help us identify not only where our resources are, but what their status is (NIMS provides us with three resources status indicators: Assigned, Available, and Out of Service), as well as detailed information on the resource such as the kind and type (again, these are NIMS-driven definitions that describe the capability of a resource), the owner of the resource along with contact information, and other information including technical, operational, and maintenance information.

In a pre-incident condition we should know what we have, what capability of those resources, and the conditions for deployment. Operating under ICS, once an incident occurs, Logistics obtains resources for the incident where tracking becomes the responsibility of the Resource Unit in the Planning Section. After an incident, these resources return to their owners where they are maintained and re-inventoried. Depending on the incident, owners may be reimbursed for their use which requires reporting on a variety of metrics.

Wildfire incident management practices brought us the T-Card system – a great low-tech way of tracking incident resources. A T-Card system is easy to learn and deploy and does a great job of tracking resources but can be very labor intensive and certainly has a delay in reporting. I’ve also used spreadsheets and stand alone databases, which allow for more flexibility and automated reporting, but still suffer from a delay with a single point of data input and management. Networked systems allow for immediate inclusion of staging areas, bases, and other mobilization or stockpile areas and are suited for simple and complex incidents. Consider leveraging technology to maximize your resource management common operating picture on both a daily basis and for incident management. Of course it’s always good to have a low-tech back up (and the know-how to use it!).

What systems do you have in place for resource management? What best practices have you identified?

Planning for a Mass Fatality Incident

August 3, 2014Tim Riecker, The Contrarian Emergency Manager Leave a comment

Planning for a mass fatality incident can be almost as complex as responding to such an incident. Mass fatalities can arise from transportation incidents, pandemics, mud slides, mass shooting, or other sudden incidents. Thankfully mass fatality incidents do not occur often, but due to the impacts and complexity of managing such incidents every jurisdiction should have a plan in place to address them.

A mass fatality incident management plan should be an annex to a comprehensive emergency management plan. Just as with any deliberate emergency planning effort (ref CPG 101), we start by assembling a planning team. This planning team should represent all relevant stakeholders from across the community. Beyond your usual public safety agencies, the team should also include the coroner or medical examiner, public health, public works, hospitals, social services agencies, the American Red Cross, funeral directors, and cemetarians. It is also important to consider the cultural and/or spiritual requirements of how the deceased are handled so community leaders from these groups should also be included in your planning process.

Your plan should acknowledge the hazards in your community which can lead to a mass fatality incident. These should already have been identified through your hazard analysis/THIRA. If you have not conducted a THIRA, your planning team should discuss the impacts of such an event through a briefly outlined credible worst-case scenario then identify what capabilities are needed to address these impacts.

Assisting agencies may have some slightly different roles in the management of a mass fatality incident than they would in other incident responses. These differences should be identified in the mass fatality incident response plan. It should also be recognized that the causal nature of the incident is most likely to drive who will be in charge of such an incident. Typically there are other matters which must be mitigated to save lives, protect property, and stabilize the incident which will determine who is in charge. Because it is a mass fatality incident the coroner or medical examiner will be managing a significant portion of the incident and may also be driving policy based upon their legal responsibilities, but they may not be in command, although they may be likely to be part of a unified command.

While the coroner or medical examiner will be handling the deceased, it must absolutely be remembered that the living must also be cared for. First and foremost are the immediate survivors, if any, of the incident who will require emergency medical care. Depending on the nature of the incident, others may need to be treated for exposure. Mental health care is a much more prominent issue in a mass fatality than perhaps any other incident – and the need for mental health care applies to everyone working the incident, families and friends of victims and survivors, and the community at large.

A common venue in mass fatality incidents for providing mental health assistance to families and friends of victims and survivors is a Family Assistance Center (FAC). The Aviation Disaster Family Assistance Act of 1996 requires family assistance centers to be established for major transportation incidents (the joint responsibility of the NTSB and the American Red Cross) but these centers have been used for other mass fatality incidents as well. In additional to crisis mental health counseling, a variety of other services can also be provided at a FAC. A FAC should be established very quickly and it should be recognized that surviving victims may be stranded in the area and that family and friends will flock to the area – many of which may have little support structure or plans for essentials such as lodging. A FAC is also an ideal location for authorities to obtain information from survivors about the missing or deceased which will help with future identification. FACs are often located in hotels where large conference facilities, lodging, food, and other services can be obtained.

Another facility common to a mass fatality incident is a temporary morgue. Temporary morgues are established either as a matter of operational convenience (rather than having to transport remains to the jurisdiction’s usual morgue site) or because the usual morgue site is too small to accommodate a larger operation. Usually in conjunction with a temporary morgue is the need for cold storage for remains. This is most often accomplished via refrigerated trucks/containers. The incident morgue is obviously a secure location, with only authorized personnel being allowed access.

The amount of logistical planning required to establish and support facilities such as a family assistance center and temporary morgue lend themselves greatly to pre-planning efforts, including MOUs, site-specific standard operating procedures, mobile caches of disaster supplies, and exercises to test the standard operating procedures for setting up and running such facilities. There are a variety of resources available to assist you with assembling your mass fatality incident response plan from LLIS, the federal Disaster Mortuary Response Team (DMoRT), state health departments, state emergency management agencies, and funeral home director’s associations. The National Association of County and City Health Officials also has information which can assist you.

Take the time to create a mass fatality incident management plan, train personnel on the plan, and exercise it regularly. Mass fatalities represent some of the most complex incidents I’ve ever been involved in and are very multifaceted. As always, if your jurisdiction needs assistance in any preparedness efforts, Emergency Preparedness Solutions, LLC is here to help!

Business Continuity and Emergency Management Standards and Requirements

July 29, 2014Tim Riecker, The Contrarian Emergency Manager 2 Comments

When building a business continuity or emergency management program – or the foundation of that program in a business continuity or emergency management plan – there is a lot of research that needs to be performed before much work can even begin. Some of the most critical research is the identification of the standards and requirements which apply to your program/plan. Note a significant difference in terminology between requirement and standard. Requirements are generally items that are in passed into law or included in regulation. Standards are typically developed by standards organizations or accrediting bodies and are generally looked upon as best practices within an industry. Standards are also more likely to be regularly updated whereas requirements (laws) are generally updated on a less often basis.

Where should you look for requirements and standards which apply to you? Much of it is based upon what industry you are in and where you are located.

Start locally. Research local laws and codes which may have requirements for certain industries. Local emergency management planning codes that I’ve seen include industries that use or produce specific chemicals, healthcare facilities, day care programs, and the hospitality industry (hotels and resorts), to name a few. These codes may require certain planning or notification elements which you must address. You should search the codes/laws of your city/town/village as well as your county. The clerks or emergency management officials for those jurisdictions should be of great help to you. States usually also have specific planning requirements found in state law and/or regulation which cover requirements for local jurisdictions as well as many of the industries mentioned previously. Contact your state emergency management agency as well as the state agency that regulates your industry for the best information.

Local and state laws comprise most of the requirements you will find – however certain industries may have federal laws or regulations which must be followed – many of these come from the EPA. Nationally, however, you are more likely to find standards. FEMA’s standard for emergency planning (which largely applies to jurisdictions but can certainly be used by other organizations) is found in Comprehensive Preparedness Guide (CPG) 101 – Developing and Maintaining Emergency Operations Plans. While there is no up front legal requirement to follow CPG 101 from FEMA, it may be a requirement of grant funding – yet another requirement you must explore and address. Certain industries seeking ISO (International Standards Organization) accreditation may need to follow various ISO standards on emergency management and safety. Overall, if your industry has a professional association or accrediting body, they are an excellent resource for you.

But isn’t there some standard that applies broadly to everyone? Yes – that is NFPA 1600. The National Fire Protection Association (NFPA) creates standards which apply to many industries and are often legally adopted as code by jurisdictions. The NFPA itself does not create law or regulation but they drive many of the standards we see across the nation in many applications including chemical production and handling, engineering, electrical, plumbing, building and development codes, fire codes and others. NFPA documents are developed through a consensus standards development process approved by the American National Standards Institute (ANSI). NFPA 1600 is the Standard on Disaster/Emergency Management and Business Continuity Programs. Typically access to NFPA documents requires membership or a fee per document (their material is copyrighted), however NFPA 1600 is seen as so critical and broad-reaching that the NFPA offers access to the document free of charge.

NFPA 1600 is comprehensive yet open enough for individual application. You won’t see from NFPA 1600 any detailed guidance in how to write a plan, but you will see the steps of a planning process and key benchmarks they recommend be addressed in a plan. In addition to planning, the standard also addresses program management, training and exercises, and program improvement. Intended to be used as a tool, the standard also includes program evaluation checklists and references other best practices in emergency management and business continuity including DRII (Disaster Recovery Institute International) and United Nations programs. An annex within the standard even addresses family preparedness programs intended for employees.

While the standards you must follow are dependent upon your location and industry, NFPA 1600 can be applicable to all organizations and should be referenced in the building and maintenance of your emergency management and business continuity plan. For those of you dependent upon access to information on your mobile devices, they even have a free NFPA 1600 mobile app (I reference it often!).

Adherence to requirements and standards helps ensure that your program meets or exceeds all expectations and best practices. Even if you are not legally obligated to do so, following standards, such as NFPA 1600, provides you with a comprehensive program which will help you better prepare for, respond to, and recover from disaster.

If you need help navigating your emergency management requirements or standards, contact Emergency Preparedness Solutions. Visit our website at www.epsllc.biz.

Don’t Just Prepare for Disasters Passed

July 20, 2014Tim Riecker, The Contrarian Emergency Manager 1 Comment

As mentioned in an earlier post, I’ve been reading Rumsfeld’s Rules, a bit of a memoir by former Congressman, Secretary of Defense (twice over), and CEO Donald Rumsfeld. Much of the book is highlighted by quotes which have influenced him in various stages of his life. One of his anecdotes references the Maginot Line, a multi-layered defensive system created by the French after World War I along their border with Germany, intended to protect France from any future invasion from Germany. The Maginot Line would have proven a rather effective defense, had Germany used similar strategies in World War II as they had in World War I. Obviously the Nazis were quite successful in their invasion of France, quickly conquering and occupying the nation. The difference was that the Nazis were fighting a new war, whereas France was preparing to fight the last war – which is the quote Rumsfeld references with this anecdote.

What can we learn from this in emergency management and homeland security? It can’t possibly apply to us, can it? Obviously we base many of our plans and preparations on disasters of the past. We have an in-depth trove of information from sources like LLIS which allow us to learn from past disasters. Much of our hazard analysis is based upon what occurred in the past. We study past disasters, examining them from inception through recovery, arm-chair quarterbacking all facets of response – from command, to organization, to logistics. From this we learn what practices to embrace and what needs to be improved upon. Since we’re quoting, it was Benjamin Franklin who said “Experience the best teacher.”

To the contrary, we have a rather prolific saying in emergency management that no two disasters are alike. So why all this effort to examine the past? There is a lot to be learned from the past. As previously mentioned, we spend a lot of time and effort examining earlier disasters so we can learn from them. While every disaster is different, there are also many commonalities – all of which we can better prepare for. The past also puts disasters and their magnitude in context for us. We can’t be stuck in the past, however. While the next disaster may have similarities to one passed, there will be differences. It is our job and our responsibility to predict to the greatest extent of our efforts what the impacts will be of future disasters, as well as the hazards they will stem from. Yes we must learn from the past, but we must always look to the future.

How do we look into the future? Reconvene your planning groups and discuss this new context. Engage members to continually reassess what is changing – in the climate, the geography and landscape, and the new or changed technological hazards in our areas. We must look beyond our borders both literally and figuratively as I outlined in a previous post, and consider all possibilities. Use exercises which introduce scenarios new to us instead of those based upon disasters of the past to help us contextualize this and better prepare.

My challenge to you – Take an honest look at your plans, policies, procedures, and training – are you preparing to fight the last war or the next one?

What is Resilience?

July 16, 2014Tim Riecker, The Contrarian Emergency Manager 4 Comments

The topic of resilience is something I’ve wanted to write about for a while. This morning it struck me that today was the day. I was spurred to it today by the LLIS page on the Community Resilience Core Capability. I have a few references that I organized then opened up WordPress to starting writing… only to find that earlier today Claire Rubin beat me to it! Claire Rubin, the ‘Recovery Diva’ is a well respected researcher, consultant, and educator in the field of emergency management. She’s been in this business for quite a while and like me, likes to share resources and her thoughts on various topics in emergency management. She also runs a blog on WordPress. Follow her blog… it’s well worth it! In her posting on Resilience today she really just provided a link to a document for us to chew on for a bit. The document, a topical paper on Resilience, was published by the GSDRC, a partnership of research institutes in the UK. This is a must read for emergency management folks.

So why write on the topic of Resilience in the first place? There are many, myself included, who often wonder exactly what it is. I think most of know intuitively, but it feels like it’s not a tangible thing that we can put a finger on. Are Resilience and mitigation one in the same? I would say no. Resilience includes but transcends mitigation. Community Resilience is a core capability within the mitigation mission area of the National Preparedness Goal’s Core Capabilities, but only because it’s the best place to put it, in my opinion. A Resiliency strategy should address capabilities across all mission areas.

What is Resilience? The Core Capabilities give a very brief description:

“Lead the integrated effort to recognize, understand, communicate, plan, and address risks so that the community can develop a set of actions to accomplish Mitigation and improve resilience.” Didn’t we learn in grade school to not use the word we are defining in the definition?

The GSDRC document has a much more comprehensive definition:

“Disaster resilience is the ability of individuals, communities, organizations, and states to adapt to and recovery from hazards, shocks, or stresses without compromising long-term prospects for development.”

The GSDRC references another definition, perhaps the one I like best, originating from the Hyogo Framework for Action (a UNISDR document) as follows:

“Disaster resilience is determined by the degree to which individuals, communities, and public and private organizations are capable of organizing themselves to learn from past disasters and reduce their risks to future ones, at international, regional, national, and local levels.”

The concept of learning from past disasters – either your own or those experienced by someone else – seems to me to be a critical component to Resilience. Without experiencing the impacts of disasters, or at least learning from others about them, we don’t know what to prepare for. Preparedness is another key component of Resiliency. We have to create plans, train our community, and exercise those plans to become more Resilient. Mitigation is certainly an important aspect of Resiliency – we must engineer risk reducing measures to become more Resilient.

I was fortunate to attend the 2013 IAEM conference in Reno and sit through a presentation from Dr. Dennis Mileti one day following lunch. He spoke largely on Resiliency, first mentioning community focuses necessary for reducing loss including land use management, building codes, public education, warning systems, insurance, and preparedness efforts. He also spoke on the barriers we face in Resilience which include a lack of understanding of risk, poor community prioritization, and poor leadership and management in these efforts. It’s interesting that the barriers are all largely ‘people problems’.

In the pursuit of my Master’s degree, my class had a considerable dialogue on climate change. For the last few decades we have fought climate change through various mitigation efforts. While these efforts have largely made our planet a better place to live, climate change – due to both human impacts as well as the natural progression of global climates – is happening. We can’t stop it, so we need to adapt to what is coming. This adaptation is Resiliency – part mitigation, part preparedness. It’s even in how we recover – remembering that recovery is not just rebuilding, it’s a series of conscious decisions in how we rebuild. (FYI the Diva posted some references on communities relocating after a disaster instead of rebuilding where they were).

In New York State, there is a current initiative called New York Rising. You will see from the information on their site that they are piloting this in five counties who were impacted by severe storms in 2013, including counties in my area. They are using disaster recovery as a starting point and worked toward a strategic plan to make communities more resilient. It seems pretty simple, but it’s a good starting point. Community engagement and buy-in is an important aspect of Resiliency.

The concept of Resiliency still seems rather amorphic, but it is certainly the culmination of many deliberate activities. Like any activity, we need to be able to measure it and gauge where we are in our own progress (and of course funders will want to know this as well). The GSDRC document (page 20) briefly outlines proposed metrics/indicators of resilience. The ones they outline are largely subjective and open to individual interpretation, so some schema for assigning a value to each would need to be developed (and perhaps already has) to really allow us to analyze Resiliency performance.

Resiliency has become a new buzz word in emergency management. I hope it’s one that is here to stay. The longer it is here, the better definition we will be able to assign it and the better we will be able to measure it. As Peter Drucker said, “If you can’t measure it, you can’t manage it.” Once we are better able to measure it (and its many components and influencing factors) the better able we will be to work toward increasing our Resiliency.

What thoughts do you have on Resiliency?

Preparedness is a Marathon

July 13, 2014Tim Riecker, The Contrarian Emergency Manager Leave a comment

Logo of the 2014 Utica Boilermaker

Today marked the 37th running of the Boilermaker, a 15k road race hosted by the City of Utica (New York) for over 17,000 runners from around the world. The race is a matter of pride for area residents, even those who do not run.

I considered this morning that there are many similarities between a marathon (yes, I’m aware the Boilermaker is in fact not a marathon at just over a third the distance of an actual marathon – work with me on this one) and what an organization, specifically a jurisdiction, must endure for preparedness.

First, preparedness is not a one-off activity, rather it is a culmination of activities. While the Boilermaker highlights its 15k road race, they have a number of very successful related events including a 5k road race, a three-mile walk, a wheelchair race, and a health and fitness expo.

Preparedness has an ebb and flow of activities just as a marathon has a variety of stretches, turns, and hills. Both marathons and preparedness should have a high degree of community engagement. The Boilermaker has a variety of corporate and local business sponsors, engages all services of the City of Utica and many assisting/mutual aid agencies, has a high degree of media coordination, and sees hundreds of volunteers aiding in everything from registration, pre- and post- race clean up, to providing water to athletes along the course. Our preparedness efforts should also follow this model of whole community engagement.

The most significant difference, however, is that marathons have an end while preparedness is cyclical.

The Preparedness Cycle – FEMA

The Preparedness Cycle must be worked on all the time and does not end. To keep morale high and to keep the whole community interested remember to celebrate the accomplishment of each activity just as runners and the community celebrate the completion of their race. That said, Utica is already preparing for next year’s race.

Congratulations to all of this year’s runners, and congratulations to jurisdictions and organizations beginning their marathon of preparedness.

Business Continuity – Telework Capabilities and Policies

July 8, 2014Tim Riecker, The Contrarian Emergency Manager Leave a comment

This month’s issue of Homeland Security Today (volume 11, number 3 – April/May 2014) features, along with a variety of other excellent articles, an article titled Virtual Crisis Response by David Smith. Right up front they provide a thought-provoking factoid… The Congressional Budget Office estimates that the five-year cost of implementing telework throughout the federal government is about $30 million, which is less than the cost of a single day of shutting down federal offices in the DC area due to a snow storm.

Folks, this is 2014. We have the capability to telework off of nearly any device you could imagine and for a very low-cost. Like most, I have access to both work and personal email and files from anywhere… from my own laptop, from my smart phone, or from any other internet connected device. I have this capability as a small business owner using tools that we set up ourselves. I’ve worked for large corporations and state agencies that also have that capability, and even more with VPN and other tools available. When speaking with people who work for other companies or government agencies, however, I’m astounded by the lack of interest in allowing telework. I’m going to refrain from outlining the virtues of telework as a regular operation (don’t get me wrong, there are drawbacks as well), but telework does provide for a means of maintaining continuous business and government operations which many businesses and governments seem to be dismissing.

There are quite a few businesses and governments who maintain remotely accessible email and data as a means of enabling the conduct of business while traveling or working from an alternate site as a normal course of business – thankfully. Many of these entities, however, due to a lack of trust in their employees, union issues, or simply an inability to adapt do not allow employees to telework. This may have discouraged employees from even attempting to connect to these services from home, where they may likely be if some event – flood, snow storm, or otherwise – prevented them from going to work. Maybe you do have the capabilities but generally don’t allow telework. So how can you be sure that it will work in the event of a disaster? The answer is simple… you have to test it.

The Homeland Security Today article provides some info on the tech stuff you need to ensure a viable network. Follow their lead and talk to your tech people – either indigenous or consultants. I’m not a tech guy, so I won’t even attempt to give that kind of information. What I will tell you is that you need a business continuity telework policy along with plans and protocols to support it. These plans need to identify the same critical business functions you identified in your base business continuity plan and address how they can be maintained remotely. Just like any other plan we put in place, we need to train people to it and test it (exercise it). How do we exercise it? For starters, tell everyone (or at least key continuity staff) they don’t have to come into the office on Friday. No, they don’t get the day off – they have to work from home, but this is a test to make sure it is possible. Be sure to buy your help desk people something nice that day because they will be busy! There will be plenty of connection problems. Properly designed job aids will help facilitate this on the user end, but tech people will be needed to trouble shoot. Of course before you even get into this you will have to make sure that everyone has the capability to connect from home. Do they have high-speed internet at home? Do they have an appropriate device for connecting and working through the day?

Next, once you have everyone on the network, consider how you will communicate. Teleconference? Video conference? Remember that these people don’t have their work desk phones. What information needs to be exchanged? What is everyone’s role and can they perform it remotely? Can they gain access to all the data and files they need? Test the viability of the network, too… is your server in your office? What happens if you lose power to your office? Understand that some employees may experience utility outages during a disaster which may prevent some employees from accessing the network, but the goal is to get as many people on as possible to maintain critical business operations. Given this, your plan should address how you will maintain critical operations in the absence of some employees – even remotely.

Just like any other exercise, put together an after action report, and not just from the perspective of the IT folks either. Be sure to solicit input from the employees as well. What were your lessons learned and what improvements need to be made? Lastly, don’t just exercise this once. Do this at least a couple of times each year. Not only does this give you ongoing feedback of the plan, but it also helps to make sure employees can continue to connect remotely (especially new employees), and also helps to ensure that technology upgrades don’t interfere with remote access.

Do you have telework protocols integrated into your business continuity plan? Have you exercised them?

The Contrarian Emergency Manager

News, concepts, and opinions on emergency management and homeland security topics

Tag preparedness