Comprehensive Emergency Management

1
Comprehensive Emergency Management
Presented by Steve Davis Principal, DavisLogic
All Hands Consulting
2
Stuff Happens
How do we manage the next emergency?
3
Are We Ready For Anything?
Eighty-one per cent of CEOs say that their
company's plans were inadequate to handle the
myriad of issues arising from the World Trade
Center tragedy
4
Worst Case Scenario

• Plan for the worst possible event and then
  deescalate your strategies and procedures based
  on the impact of the threat.
• - Mark Weimerskirch, Emergency
  Management Coordinator
• General Motors Global Headquarters
• June 1, 2000

5
What is a Comprehensive Emergency Management
Program (CEMP)?

• Emergency Management is the process of
  mitigating threats and preparing for, responding
  to, and recovering from an emergency.

Planning is only one component of a CEMP. All
hazards, mitigation, preparedness, training,
testing, and coordination are all equally
important activities.
6
Emergency Planning Concepts

• Incident Command System (ICS/SEMS)
• All Hazards Addressed
• All-inclusive Everyone Participates
• Emergency Response Coordination
• Effective Crisis Communication
• Training for Responders and Employees
• Disaster Recovery
• Communication and Information Sharing

7
What Does Comprehensive Emergency Management
Include?
8
Comprehensive Emergency Management
9
CEMP Plan Components
10
Planning Process

• Assess - identify and triage all threats (BIA)
• Evaluate - assess likelihood and impact of each
  threat
• Mitigate - identify actions that may eliminate
  risks in advance
• Prepare plan for contingent operations
• Respond take actions necessary to minimize the
  impact of risks that materialize
• Recover return to normal as soon as possible

11
Building a CEMP Plan
12
Business Impact Assessment

• Identify critical systems, processes and
  functions
• Establish an estimate of the maximum tolerable
  downtime (MTD) for each business process
• Assess the impact of incidents that result in a
  denial of access to systems, services or
  processes and,
• Determine the priorities and processes for
  recovery of critical business processes.

13
BIA Review Factors

• All Hazards Analysis
• Likelihood of Occurrence
• Impact of Outage on Operations
• System Interdependence
• Revenue Risk
• Personnel and Liability Risks

14
Risk Analysis Matrix
High
Probability of Likelihood
Medium
Area of Major Concern
Low
Low
Medium
High
Severity of Consequence
15
(No Transcript)
16
Review External Dependencies
Infrastructure Dependence (power, telecom, etc.)
System Up Time (computing, data,networks, etc.)
17
Develop Scenarios

• How bad will the big one be?
• Loss of Lifelines?
• Supply Chain Disruptions?
• Civil unrest?
• Develop various scenarios and pick which ones to
  plan for.

18
Developing Strategies

• Understand alternatives and their advantages,
  disadvantages, and cost ranges, including
  mitigation and mutual aid as recovery strategies.
• Identify viable recovery strategies with business
  functional areas.
• Consolidate strategies.
• Identify off-site storage requirements and
  alternative facilities.
• Develop business unit consensus.
• Present strategies to management to obtain
  commitment.

19
Contingency Planning Process Phases

• Assessment - organizing the team, defining the
  scope, prioritizing the risks, developing failure
  scenarios
• Planning - building contingency plans,
  identifying trigger events, testing plans, and
  training staff
• Plan Execution - based on a trigger event,
  implementing the plan (either preemptively or
  reactively)
• Recovery - disengaging from contingent operations
  mode and restarting primary processes of normal
  operations by moving from contingency operations
  to a permanent solution as soon as possible.

20
Its Not Enough Just to Plan

• Use focus groups and brainstorming
• Seek what can go wrong
• Find alternate plans manual work arounds
• Find innovative solutions to risks
• Plans must be exercised
• Hold table top exercises for disasters
• Conduct fire drills of plans
• Train staff for action during emergencies

21
Emergency Management

• Work with local and regional disaster agencies
  and business associations
• Assess special problems with disasters
• Loss of lifelines
• Emergency response
• Review and revise existing disaster plans
• Look for new areas for disaster plans
• Include Disaster Recovery Planning

22
Emergency Support Functions

• 1 Laws And Authorities 2 Hazard
  Identification And Risk Assessment 3 Hazard
  Management 4 Resource Management 5
  Planning 6 Direction, Control And
  Coordination 7 Communications And Warning 8
  Operations And Procedures 9 Logistics And
  Facilities 10 Training 11 Exercises 12
  Public Education And Information 13 Finance And
  Administration 

23
Capabilities Assessment for Readiness Benefits

• Identify existing strengths and weaknesses
• Evaluate the current state of readiness
• Develop strategic plans to improve identified
  weaknesses for terrorism and other threats
• Justify existing program staffing and budget
• Demonstrate need for additional program
  development resources, e.g. staff, budget,
  support from other community agencies, etc
• Support professional development and
  accreditation programs

24
Using the Incident Command Structure
25
Background

• The Incident Command System in use today is an
  outgrowth of Californias FIRESCOPE program
  developed in the 1970s to improve management of
  large wildfires.
• It was designed to provide a commonly accepted
  management structure that would result in better
  decisions and more effective use of available
  resources.
• It was specifically designed for incidents that
  involve many local, state, and federal agencies
  and multiple political jurisdictions.

26
ICS Features

• Standard Organization
• Incident Facilities
• Incident Action Plan
• Span Of Control
• Unity of Command
• Common Responsibilities

27
Common ICS Terminology

• Organizational Functions
• Operations, Intelligence, Logistics, and Finance.
• Functions pre-designated and named for the ICS.
• Resources
• Refers to the combination of personnel and
  equipment used in response and recovery.
• Facilities
• Common identifiers used for those facilities in
  and around the incident area which will be used
  during the course of the incident. These
  facilities include the command center, staging
  areas, etc.

28
Modular Organization

• ICS's organizational structure is modular.
• As the need arises, functional areas may be
  developed.
• Several branches may be established.
• Structure based upon the needs of the incident.
• One individual can simultaneously manage all
  major functional areas in some cases.
• If more areas require independent management,
  someone must be responsible for that area.

29
Typical EOC Organization
Emergency Response and Recovery Teams
30
Ciscos EOC
Based on the Incident Command System
31
Incident Commander

• In Charge At The Incident
• Assigned By Responsible Jurisdiction Or Agency
• May Have One Or More Deputy Incident Commanders
• May Assign Personnel For Command Staff General
  Staff

32
EOC Manager

• Manages the EOC - not the incident
• Makes sure everything is working
• Maintains a safe environment
• Optimizes efficiency
• Facilitates and coordinates
• Solves problems

33
EOC Staff Members

• Check-in with the EOC Manager.
• Review the situation report (sit reps) and
  incident logs.
• Make sure that your name is listed on the current
  EOC organization chart.
• Review the staff Operating Guide (SOG) and set up
  your work station.
• Start an incident log which details your actions
  (chronologically.)

34
Ready to Roll?
35
Keys to Success

• Vulnerabilities Clearly Identified
• Comprehensive Plan in Place
• Plan Understood, Communicated and Updated
• Tested quarterly
• Adequately funded

36
Management Strategies

• Lead a top-notch team
• Update risk/threat assessments
• Assess all hazards and risks
• Complete and test contingency plans
• Design a robust Command Center
• Drill the Command Center
• Implement a system for command, control,
  communication, and intelligence

37
The Challenge of Coordination
38
Event Information Tracking

• 1. Stakeholder notices possible disruption
• 2. Alert message sent to the Command Center
• 3. Alert message evaluated by response managers
• 4. Incident Log opened to track each event
• 5. SOPs implemented using checklists
• 6. Tasks assigned according to plan
• 7. Resource allocation tracked in log
• 8. Task performance tracked in log
• 9. Status briefings and updates to stakeholders

39
Command Center Information Flow
Your Organization
External
Employee
Customer
Contractor
Call Center
ERT
State/Fed Govt.
Emergency Input
CommandCenter Organization
ExecutiveGroup
IncidentEstablished
Stake-holders
Local Govt.
Post toOperations Log
Supplier
ExecutiveBriefing
IncidentResponse Mgmt
ContingencyPlan Activated
SOP Checklist Activated
Other Businesses
PublicRelations
Public
Plan ResponseTasking
TaskTracking
Vendor
Emergency Response Teams
Task Assigned
ProceduresImplemented
PerformanceTracked
TeamsDeployed
Personnel
ResourcesAssigned
Resources
40
The Ideal Information System

• Easy to use and robust information and decision
  management system
• Central command and control
• Early alert communications function
• Event tracking and logging
• SOP and automated check lists
• Resource management
• Documentation of response actions for due
  diligence

41
Elements of a Good Plan

• Prevention, Response, Recovery, Remediation,
  Restoration
• Top Priorities addressed first

42
Elements of a Good Plan

• Action Plan responsibilities clearly defined
• Communication alternatives are considered
• Redundancies are in place

43
Elements of a Good Plan

• Product sources are identified
• Personnel sources are identified

44
For More Information

• Contact
• Steve Davis, Principal
• All Hands Consulting
• AllHandsConsulting.com
• Steve_at_ AllHandsConsulting.com