An Updated Comprehensive Preparedness Guide 201 (THIRA/SPR)

In late May, FEMA/DHS released an updated version of Comprehensive Preparedness Guide (CPG) 201.  For those not familiar, CPG 201 is designed to guide communities and organizations through the process of the Threat and Hazard Identification and Risk Assessment (THIRA).  This is the third edition of a document that was originally released in April 2012.  This third edition integrates the Stakeholder Preparedness Review (SPR) into the process.  Note that ‘SPR’ has commonly been an acronym for State Preparedness Report, which is also associated with the THIRA.  The goal of the Stakeholder Preparedness Review appears to be fundamentally similar to that of the State Preparedness Report which some of you may be familiar with.

Picture1

First of all, a few noted changes in the THIRA portion of CPG 201.  First, FEMA now recommends that communities complete the THIRA every three years instead of annually.  Given the complexity and depth of a properly executed THIRA, this makes much more sense and I fully applaud this change.  Over the past several years many jurisdictions have watered down the process because it was so time consuming, with many THIRAs completed being more of an update to the previous year’s than really being a new independent assessment.  While it’s always good to reflect on the progress relative to the previous year, it’s human nature to get stuck in the box created by your reference material, so I think the annual assessment also stagnated progress in many areas.

The other big change to the THIRA process is elimination of the fourth step (Apply Results).  Along with some other streamlining of activities within the THIRA process, the application of results has been extended into the SPR process.  The goal of the SPR is to assess the community’s capability levels based on the capability targets identified in the THIRA.  Despite the THIRA being changed to a three-year cycle, CPG 201 states that the SPR should be conducted annually.  Since capabilities are more prone to change (often through deliberate activities of communities) this absolutely makes sense. The SPR process centers on three main activities, all informed by the THIRA:

  1. Assess Capabilities
  2. Identify and Address Gaps
  3. Describe Impacts and Funding Sources

The assessment of capabilities is intended to be a legacy function, with the first assessment establishing a baseline, which is then continually reflected on in subsequent years.  The capability assessment contributes to needs identification for a community, which is then further analyzed for the impacts of that change in capability and the identification of funding sources to sustain or improve capabilities, as needed.

An aspect of this new document which I’m excited about is that the POETE analysis is finally firmly established in doctrine.  If you aren’t familiar with the POETE analysis, you can find a few articles I’ve written on it here.  POETE is reflected on several times in the SPR process.

So who should be doing this?   The document references all the usual suspects: state, local, tribal, territorial, and UASI jurisdictions.  I think it’s great that everyone is being encouraged to do this, but we also need to identify who must do it.  Traditionally, the state preparedness report was required of states, territories, and UASIs as the initial recipients of Homeland Security Grant Program (HSGP) sub-grants.  In 2018, recipients of Tribal Homeland Security Grant Program funds will be required to complete this as well.  While other jurisdictions seem to be encouraged to use the processes of CPG 201, they aren’t being empowered to do so.

Here lies my biggest criticism…  as stated earlier, the THIRA and SPR processes are quite in-depth and the guidance provided in CPG 201 is supported by an assessment tool designed by FEMA for these purposes.  The CPG 201 website unfortunately does not include the tool, nor does CPG 201 itself even make direct reference to it.  There are vague indirect references, seeming to indicate what kind of data can be used in certain steps, but never actually stating that a tool is available.  The tool, called the Universal Reporting Tool, provides structure to the great deal of information being collected and analyzed through these processes.  Refined over the past several years as the THIRA/SPR process has evolved, the Universal Reporting Tool is a great way to complete this.  As part of the State Preparedness Report, the completed tool was submitted to the FEMA regional office who would provide feedback and submit it to HQ to contribute to the National Preparedness Report.  But what of the jurisdictions who are not required to do this and wish to do this of their own accord?  It doesn’t seem to be discouraged, as jurisdictions can request a copy from FEMA-SPR@fema.dhs.gov, but it seems that as a best practice, as well as a companion to CPG 201, the tool should be directly available on the FEMA website.  That said, if the THIRA/SPR is being conducted by a jurisdiction not required to do so, the tool would then not be required – although it would help.

Overall, I’m very happy with this evolution of CPG 201.  It’s clear that FEMA is paying attention to feedback received on the process to streamline it as best they can, while maximizing the utility of the data derived from the analysis.  A completed THIRA/SPR is an excellent foundation for planning and grant funding requests, and can inform training needs assessments and exercise program management (it should be used as a direct reference to development of a Training and Exercise Plan).

For those interested, EPS’ personnel have experience conducting the THIRA/SPR process in past years for a variety of jurisdictions and would be happy to assist yours with this updated process.  Head to the link below for more information!

© 2018 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC ™

2017 National Preparedness Report – A Review

With my travel schedule, I missed the (late) release of the 2017 National Preparedness Report (NPR) in mid-October.  Foundationally, the findings of the 2017 report show little change from the 2016 report.  If you are interested in comparing, you can find my review of the 2016 NPR here.

The 2017 NPR, on the positive side, provided more data and more meaningful data than its predecessor.  It appeared to me there was more time and effort spent in analysis of this data.  If you aren’t familiar with the premise of the NPR, the report is a compilation of data obtained from State Preparedness Reports (SPRs) submitted by states, territories, and UASI-funded regions; so the NPR, fundamentally, should be a reflection of what was submitted by these jurisdictions and regions – for the better or worse of it.  The SPR asks jurisdictions to provide an honest analysis of each of the core capabilities through the POETE capability elements (Planning, Organizing, Equipping, Training, and Exercising).

From the perspective of the jurisdictions, no one wants to look bad.  Not to say that any jurisdiction has lied, but certainly agendas can sway subjective assessments.  Jurisdictions want to show that grant money is being spent effectively (with the hopes of obtaining more), but not with such terrific results that anyone would think they don’t need more.  Over the past few years the SPRs, I believe, have started to normalize and better reflect reality.  I think the authors of the NPR have also come to look at the data they receive a little more carefully and word the NPR to reflect this reality.

The 2017 NPR (which evaluates 2016 data from jurisdictions) identified five core capabilities the nation needs to sustain.  These are:

  • Environmental Response/Health and Safety
  • Intelligence and Information Sharing
  • Operational Communications
  • Operational Coordination
  • Planning

I’m reasonably comfortable with the first two, although they both deal with hazards and details that change regularly, so keeping on top of them is critical.  Its interesting that Operational Communication is rated so high, yet is so commonly seen as a top area for improvement on after-action reports of exercises, events, and incidents.  To me, the evidence doesn’t support the conclusion in regard to this core capability.  Operational Coordination and Planning both give me some significant concern.

First, in regard to Operational Coordination, I continue to have a great deal of concern in the ability of responders (in the broadest definitions) to effectively implement the Incident Command System (ICS).  While the implementation of ICS doesn’t comprise all of this core capability, it certainly is a great deal of it.  I think there is more room for improvement than the NPR would indicate.  For example, in a recent exercise I supported, the local emergency manager determined there would be a unified command with him holding ‘overall command’.  Unfortunately, these false interpretations of ICS are endemic.

I believe the Planning core capability is in a similar state inadequacy.  Preparedness lies, fundamentally, on proper planning and the assessments that support it. While I’ve pontificated at length about the inadequacy of ICS training, I’ve seen far too many plans with gaps that you could drive a truck through.  I’ve recently exercised a college emergency response plan that provided no details or guidance on critical tasks, such as evacuation of a dormitory and support of the evacuated students.  The plan did a great job of identifying who should be in the EOC, but gave no information on what they should be doing or how they should do it.  The lack of plans that can be operationalized and implemented is staggering.

The NPR identified the top core capabilities to be improved.  There are no surprises in this list:

  • Cybersecurity
  • Economic Recovery
  • Housing
  • Infrastructure Systems
  • Natural and Cultural Resources
  • Supply Chain Integrity and Security

Fortunately, I’m seeing some (but not all) of these core capabilities getting some needed attention, but clearly not enough.  These don’t have simple solutions, so they will take some time.

Page 10 of the NPR provides a graph showing the distribution of FEMA preparedness (non-disaster) grants by core capability for fiscal year 2015.  Planning (approx. $350m) and Operational Coordination (approx. $280m) lead the pack by far.  I’m curious as to what specific activities these dollars are actually being spent on, because my experience shows that it’s not working as well as is being reported.  Certainly there has been some positive direction, but I’m guessing that dollars are being spent on activities that either have negligible impact or actually have a negative impact, such as funding the development of some of the bad plans we’re seeing out there.

I’m curious as to what readers are seeing out in real life.  What capabilities concern you the most?  What capabilities do you see successes in?  Overall, I think everyone agrees that we can do better.  We can also get better and more meaningful reports.  This NPR was a step in the right direction from last year’s, but we need to continue forward progress.

© 2017 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

Measuring Preparedness – An Executive Academy Perspective

A recent class of FEMA’s Emergency Management Executive Academy published a paper titled Are We Prepared Yet? in the latest issue of the Domestic Preparedness Journal.  It’s a solid read, and I encourage everyone to look it over.

First off, I wasn’t aware of the scope of work conducted in the Executive Academy.  I think that having groups publish papers is an extremely important element.  Given that the participants of the Executive Academy function, presently or in the near future, at the executive level in emergency management and/or homeland security, giving others the opportunity to learn from their insight on topics discussed in their sessions is quite valuable.  I need to do some poking around to see if papers written by other groups can be found.

As most of my readers are familiar, the emphasis of my career has always been in the realm of preparedness.  As such, it’s an important topic to me and I tend to gravitate to publications and ideas I can find on the topic.  The authors of this paper bring up some excellent points, many of which I’ve covered in articles past.  They indicate a variety of sources, including literature reviews and interviews, which I wish they would have cited more completely.

Some points of discussion…

THIRA

The authors discuss the THIRA and SPR – two related processes/products which I find to be extremely valuable.  They indicate that many believe the THIRA to be complex and challenging.  This I would fully agree with, however I posit that there are few things in the world that are both simple and comprehensive in nature.  In particular regard to emergency management and homeland security, the inputs that inform and influence our decisions and actions are so varied, yet so relevant, that to ignore most of them would put us at a significant disadvantage.  While I believe that anything can be improved upon, THIRA and SPR included, this is something we can’t afford to overly simplify.

What was most disappointing in this topic area was their finding that only a scant majority of people they surveyed felt that THIRA provided useful or actionable information.  This leaves me scratching my head.  A properly done THIRA provides a plethora of useful information – especially when coupled with the SPR (POETE) process.  Regardless, the findings of the authors suggest that we need to take another look at THIRA and SPR to see what can be improved upon, both in process and result.

Moving forward within the discussion of THIRA and SPR, the authors include discussion of something they highlight as a best practice, that being New York State’s County Emergency Preparedness Assessment (CEPA).  The intent behind the CEPA is sound – a simplified version of the THIRA which is faster and easier to do for local governments throughout the state.  The CEPA includes foundational information, such as a factual overview of the jurisdiction, and a hazard analysis which ranks hazards based upon likelihood and consequence.  It then analyses a set of capabilities based upon the POETE elements.  While I love their inclusion of POETE (you all know I’m a huge fan), the capabilities they use are a mix of the current Core Capabilities (ref: National Preparedness Goal) and the old Target Capabilities, along with a few not consistent with either and a number of Core Capabilities left out.  This is where the CEPA falls apart for me.  It is this inconsistency with the National Preparedness Goal that turns me off.  Any local governments looking to do work in accordance with the NPG and related elements, including grants, then need to cross walk this data, as does the state in their roll-up of this information to their THIRA and SPR.

The CEPA continues with an examination of response capacity, along the lines of their response-oriented capabilities.  This is a valuable analysis and I expect it becomes quite a reality check for many jurisdictions.  This is coupled with information not only on immediate response, but also sustained response over longer periods of time.  Overall, while I think the CEPA is a great effort to make the THIRA and POETE analysis more palatable for local jurisdictions, it leaves me with some concerns in regard to the capabilities they use.  It’s certainly a step in the right direction, though.  Important to note, the CEPA was largely developed by one of the authors of the paper, who was a former colleague of mine working with the State of New York.

The Process of Preparedness

There are a few topic areas within their paper that I’m lumping together under this discussion topic.  The authors make some excellent points about our collective work in preparedness that I think all readers will nod their heads about, because we know when intuitively, but sometimes they need to be reinforced – not only to us as practitioners, but also to other stakeholders, including the public.  First off, preparedness is never complete.  The cycle of preparedness – largely involving assessment, planning, organizing, equipping, training, and exercising – is just that – a cycle.  It’s endless.  While we do a great deal of work in each of these, our accomplishments are really only temporary.

The authors also mention that our information is not always precise.  We base a lot of what we do in preparedness on information, such as a hazard analysis.  While there are some inputs that are factual and supported by science, there are many that are based on speculation and anecdote.  This is a reality of our work that we must always acknowledge.  As is other of their points – there is no silver bullet.  There is no universal solution to all our woes.  We must constantly have our head in the game and consider actions that we may not have ever considered before.

ICS Improvement Officer

The authors briefly discuss a conceptual position within the ICS Command Staff they call the ICS Improvement Officer.  The concept of this fascinating, if not a bit out of place in this paper given other topics of discussion.  Essentially, as they describe this position, it is someone at the Command Staff level who is responsible for providing quality control to the incident management processes and implementations of the organization.  While I’ve just recently read this paper and haven’t had a lot of time to digest the concept, I really can’t find any fault with the concept.  While the planning process itself is supposed to provide some measure of a feedback loop, there isn’t anyone designated in the organization to shepherd that process beginning to end and ultimately provide the quality control measures necessary.  In practice, I’ve seen this happen collaboratively, among members of the Command and General Staff of a well-staffed structure, as well as by the individual who has the best overall ICS insight and experience in an organization – often the Planning Section Chief.  The authors elude to this position also feeding an AAR process, which contributes to overall preparedness.  I like this idea and I hope it is explored more, either formally or informally.

Conclusion

There are a number of other topic areas of this paper which I haven’t covered here, but I encourage everyone to read on their own.  As mentioned earlier, I’d like to see more of the research papers that come from FEMA’s Emergency Management Executive Academy available for public review.  Agree or disagree with their perspectives, I think their discussions on various topics are absolutely worth looking at.  It’s these discussions like these which will ultimately drive bigger discussions which will continue to advance public safety.

I’m always interested in the perspectives of my readers.  Have you read the paper?  What do you think of the discussion topics they presented?

© 2017 – Timothy M Riecker, CEDP

Emergency Preparedness Solutions, LLC

 

In a POETE State of Mind

One of the searches that has most often brought people to my blog over the last couple of years has been POETE.  In case you forgot, POETE stands for Planning, Organizing, Equipping, Training, and Exercising.  If you conduct an internet search for POETE, there are very few relevant results.  Along with a few of my blog posts, there are a couple of articles published by others, and a few FEMA documents that include obscure references to POETE.  Sadly, there is nothing available that provides (official) guidance, much less doctrine.

Why is it that such a great tool has so few tangible references?  Unfortunately, I don’t have an answer to that.  I hope that will soon change.

POETE was most widely indoctrinated several years ago as an analysis step within the State Preparedness Reports (SPRs), which are annual submissions completed by every state, UASI (Urban Area Security Initiative-funded program), and territory.  Note: The SPR templates and guidance are generally not publicly posted, as they are sent directly to the points of contact for each jurisdiction – thus they generally don’t come up in internet search results.

The SPR is a step beyond the THIRA (Threat and Hazard Identification and Risk Analysis), which is a very in-depth hazard analysis.  The SPR examines each jurisdiction’s level of preparedness for hazards, referencing the 32 Core Capabilities.  Each Core Capability is then analyzed through the lens of POETE.

As a conceptual example, let’s use the Operational Communications Core Capability.  The POETE analysis will examine the jurisdiction’s preparedness by examining:

  • Planning (are plans adequate? Have they been tested?  What improvements need to be made?);
  • Organizing (are there organizational barriers to success? What human operational communications resources are available?  Are there gaps?  Have teams been exercised? What improvements need to be made?);
  • Equipment (does the jurisdiction have equipment necessary for operational communications? What needs are there relative to the resource management cycle?);
  • Training (what training has been provided? What training gaps exist?  When/how will they be addressed?);
  • Exercises (what exercises have been conducted that include the operational communications Core Capability? What were the findings of the AAR/IPs?  What future exercises are scheduled that include this Core Capability?).

Along with answering a few questions on each element, jurisdictions are asked to rate their status for each POETE element for each Core Capability.  If they look at their reports submitted historically, they can see the measure of progress (or lack thereof) with each.  They also have a tracking of identified action items to help them improve their measure of preparedness.

While this analysis can be quite tedious, it’s extremely insightful and informative.  Often, stakeholders have conceptual ideas about the state of preparedness for each Core Capability, but absent conducting this type of in-depth analysis, they rarely see the details, much less have them written down.  Documenting these helps with recognition, awareness, tasking, tracking, and accountability.  It’s a valuable activity that I would encourage all jurisdictions and organizations to conduct.

What else can POETE be applied to?  In the past few years, POETE is being included in DHS preparedness grants.  They often want applicants to identify key tasks within the POETE structure, and awardees to chart progress along the same lines.

I’ve advocated in the past to use the POETE structure in improvement plans, which are a step beyond after action reports from exercises, events, and even incidents.  Having key activities identified across each POETE element for the Core Capabilities analyzed is extremely helpful, and ensures that issues are being identified comprehensively.

Using the POETE concept across all preparedness efforts helps to tie them together.  By documenting each element for each Core Capability, you will have full visibility and reference to your current status and what needs to be improved upon.  It helps drive accountability, a comprehensive approach, and reduces duplication of efforts – especially in larger organizations.  While implementing such a program will take some investment up front to begin to identify, organize, and chart progress and establish an organizational system to do so, I feel it’s an investment that will pay off.

I’m hopeful that the use of POETE continues to see adoption across all of emergency management and homeland security, and that it is further reinforced as a standard through DHS, FEMA, NFPA, and other organizations which hold sway for settings standards and/or requirements.

How does your organization, agency, or jurisdiction use POETE?

© 2017 – Timothy M Riecker, CEDP

Emergency Preparedness Solutions, LLC

Capability Prioritization

The THIRA (Threat and Hazard Identification and Risk Assessment) process is the most comprehensive hazard analysis in emergency management and homeland security.  It provides more information than the traditional hazard analysis by examining each hazard through the lens of each of the 31 Core Capabilities which have been specifically defined by the stakeholders of the jurisdiction.  The end result of the THIRA is a snapshot of the hazards a jurisdiction faces and the identification of what is needed to handle that hazard within each of the five mission areas (Prevention, Protection, Response, Recovery, and Mitigation).  It can be a complex process, but well worth the investment of time for a jurisdiction.  More, however, can be learned and the THIRA should inform more than just your plans.

For states and UASIs (Urban Area Security Initiative jurisdictions), the process continues in the form of the SPR (State Preparedness Report).  The SPR uses the THIRA data and applies a POETE (Planning, Organizing, Equipping, Training, and Exercising) analysis to each capability.  The POETE analysis drills deeper into each capability, allowing the jurisdiction to better understand their strengths and weaknesses within each capability.  This is extremely valuable information and clearly there are benefits to more than just states and UASIs conducting a POETE analysis.  The SPR process also prompts jurisdictions to assign a priority to each capability – High, Medium, or Low.  All in all, this provides a depth of data, but what does it all mean?

While the SPR process expands on the THIRA foundation by prompting a more in-depth analysis of each capability, the end result is a multitude of data points.  Taken individually, a jurisdiction can examine details of a specific capability, but further analysis needs to be undertaken to see the big picture.  Many jurisdictions rate quite a few of the 31 Core Capabilities as a High priority.  So what do you focus on?  If everything is a priority then nothing is a priority!

In response to this, Emergency Preparedness Solutions, LLC has developed a proprietary Capability Prioritization which incorporates stakeholder-assigned priorities while also considering the ratings provided in the POETE analysis.  The results of the Capability Prioritization provide a relative priority ranking of the Core Capabilities for the jurisdiction which can give the jurisdiction a better view of the overall priorities for continued development of preparedness strategies across the POETE spectrum, policy issues, investment justification, and resource allocation.

Emergency Preparedness Solutions, LLC is skilled and experienced in conducting THIRAs and POETE Analysis – plus we equip your jurisdiction with usable data and recommendations based on our findings.  Contact us today to jumpstart and focus your preparedness efforts.  The investment will pay off!  Be Proactive, Be Prepared! ™

logo w tagline

 

© 2014 – Timothy Riecker