Public-Private Partnerships Should be a Two-Way Relationship

Public-private partnerships are not a new concept to emergency management.  There are municipalities, regional areas, and states that have formed committees and strategized how the private sector can provide support during a disaster.  Certainly we have seen a lot of support, on both a large scale and locally, from the ‘big box’ stores, such as Wal-Mart, Lowes, and Home Depot.  Tide’s Loads of Hope program, something so simple but extraordinarily impactful, provides a means for disaster victims to have clean clothing.  Insurance companies have established a response capability to expedite their assessments and services to their clients.  Private sector partners know that these things are not just good public relations, but that they have a means of supporting communities that government and relief organizations may not.

There is another aspect to public-private partnerships that doesn’t seem to be widely addressed, and that’s the community business.  How can they help the community in a disaster?  First, business continuity is essential, since they may also be impacted by the disaster.  Small businesses don’t have the level of capability to leverage that large companies do.  Yes, the SBA can help them with long-term recovery, but the ability of some small businesses to get back to operations quickly can directly help a community recover.  I work with a lot of small communities, many of them serviced by small shops and independent grocers.  There are no big box stores for many, many miles.  For grocers, power outages result in spoiled food.  Road closures result in crippling supply chain problems.  While we’d like all businesses to have mitigation measures and preparedness for disasters, many small businesses simply don’t have the capitol to invest in things like generators and they obviously can’t control road closures.

What’s to be done?  Local municipalities absolutely need to bring these small business owners to the table, establish relationships, identify their needs, and consider identifying them as part of the community’s critical infrastructure.  The resilience of small grocers, lumber companies, and other purveyors is essential to the resilience and recovery of so many small towns.  The impacts are easy to see… if a store can keep running, they are not only providing essential goods and services to the community, they are also supporting the economy by keeping their employees working. What do they need?  Things like power and access, obviously, but tangential things like the availability of child care is huge.  Following disasters schools usually close and often become community shelters. Many parents work when their kids are in school.  If school is closed, they need access to child care.

How far can government go in supporting the private sector?  Many governments tend to avoid supporting the private sector as if it were some kind of disease.  It took many months to convince FEMA in the aftermath of Sandy to make dredging of private marinas eligible for disaster cost recovery.  These marinas (mostly small businesses themselves) support capabilities of fire and police watercraft, recreation (which has economic impact), and a significant fishing and crabbing industry, which is the livelihood of many off and on shore.  Obviously, FEMA needs to maintain accountability of funds and ensure they are being spent appropriately, but a big part of this was resistance to the idea of government providing direct support to the private sector.

While I agree that there are many nuances to this situation, it seems that in many cases the impact of small, local businesses in short-term recovery are disregarded, especially by state and federal governments, and that there exists a one-way door for business participation, where in this ‘partnership’ they are asked to provide goods and services, but how is government contributing to that partnership?  With the big box stores and other large companies, local governments certainly help with some permit expediting and perhaps physical space to set up and access to utilities, there is typically not much support required beyond that.  Small businesses may need more direct support to recover.  They may need help clearing their private access road or parking lot.  They may need the public road they are located on to be cleared for traffic sooner.  They may need a generator that can power their building.  They may need quantities of potable water brought on-site.  Their employees may need child care or public transportation.  These are things they either can’t immediately afford or simply don’t have access to. Local government may have better access to these resources, though, and with the justification of these small businesses providing essential goods and services to the community, the choice is easy.

Does this open government to potential criticism?  Absolutely.  Some business owners may claim discriminatory practices of government supporting some businesses and not others.  Some tax payers may even complain about the use of tax dollars in such a fashion.  While people may always complain, legal consequences and public relations problems should certainly be mitigated.  The road to addressing this is preparedness.  Engage your local attorney and the legal council for the state’s emergency management agency.  Municipal laws and state laws regarding authorities that can be enacted during a state of emergency need to be explored to not only make sure that local government has the legal ability to provide this support, but the conditions and procedures required for doing so.  The legal sources and procedures and standards for providing this support should be documented and made part of the local emergency plan. The municipality should have a criteria for determining what types of businesses could be included in such direct support (what is regarded as the municipality’s privately owned critical infrastructure?), and even outline requirements for those businesses, such as having a business continuity plan, implementing certain resiliency measures, or participating in coordination activities prior to a disaster.  Memoranda of understanding may be required, or other legal tools to identify the terms and conditions of support.

While this type of support from government to the private sector isn’t common, there are some municipalities who do it well.  I’m certainly interested in hearing what you’ve implemented and what best practices you’ve identified.

© 2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®℠

Thoughts on How to Improve the Planning Standard

I hope everyone is settling into the new year nicely.  One of the things I started off this year doing was going through CPG 101 and providing input to FEMA for the update of this foundational document.  (note: if you haven’t yet, get your comments in now as the deadline is soon approaching!)  CPG 101, and its predecessors, are time tested and well honed in the guidance provided on the process used for planning.  While it’s frustrating to see and hear that some people still don’t use it, that’s no fault of the document itself, but rather one of human implementation, or lack thereof.

I thought I’d share some of the feedback I sent along to FEMA on what I would like to see in the CPG 101 update.  Looking over my submission, there were two main themes I followed:

  1. Integration of other doctrine and standards
  2. Development of job aids to support use and implementation

I feel that integration of other relevant doctrine and standards into CPG 101 is incredibly important.  We know that preparedness covers an array of activities, but planning is the foundational activity, which all other activities reflect upon.  In past articles I’ve addressed the need to identify these various standards collectively, to show that while these are individual activities with their own outputs, identifying how they can and should be interconnected, offering greater value if used together.  Things like Community Lifelines, THIRA/SPR, HSEEP, and Core Capabilities need to not only be mentioned often, but with examples of how they interconnect and support planning and even each other.

Job aids are tools that support implementation.  I think job aids can and should be developed and included in the updated CPG 101 for each step of the planning process.  While some of us write plans fairly often, there are many who don’t or are going into it for the first time.  These are essentially the ideal conditions for job aids.  They help guide people through the key activities, provide them with reminders, and ultimately support better outcomes. Not only would I like to see job aids, such as check lists and work sheets, for each step, I’d also think that something that covers the whole process comprehensively, essentially a project management perspective, would be incredibly helpful to many people.

There were a couple of one-off suggestions that might not fit the categories mentioned above.  One of which was having more emphasis on the value of data from the jurisdiction’s hazard mitigation plan.  The hazard analysis conducted for hazard mitigation planning is considerably thorough, and can provide great information to support a hazard analysis (or even a THIRA for those brave enough) for purposes of emergency planning.  To be honest, this was something I didn’t really learn until about ten years into my career.  Many of the people I learned from in Emergency Management often leaned so far into response that they disregarded the value of things like mitigation or recovery.  I still find this a lot in our profession.  Once I finally took the time to go through a hazard mitigation plan, I realized the incredible amount of information contained within.  In many cases, there is more information than what is needed for the hazard analysis of an emergency plan, as the narrative and analysis in a hazard mitigation plan often goes into a measure of scientific detail, but this, too, can certainly have value for emergency planning.  Similarly, I also suggested that FP 104-009-2 (the Public Assistance Program and Policy Guide) be included as a reference in CPG 101.  Jurisdictions will strongly benefit from having plans, such as those on debris management, meeting FEMA’s reimbursement guidelines.

Lastly, I encouraged FEMA to include any content that will support plan writers in developing plans that are simply more useful.  So many plans are just a lot of boilerplate narrative, that in the end don’t tell me WHO is responsible for WHAT and HOW things will get done.  It’s so easy for us to be dismissive of action steps when writing a plan, assuming that people will know who has the authority to issue a public alert or the steps involved in activating an EOC.  CPG 101 should reinforce the need for plans to define processes and actions, identify authority, and assign responsibility.  Flow charts, decision trees, maps, charts, and other graphics and job aids are incredibly helpful to ensure that a plan is thorough while also being useful.

That’s the feedback I provided to FEMA, along with a bit of narrative as to why those things are important for inclusion in an updated CPG 101.  I’m curious to hear about the feedback that others provided.  We all tackle these documents from different perspectives, and that’s why I truly appreciate the efforts FEMA makes in these public calls for comment when they are updating certain key documents.

© 2020 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®℠

 

The 2019 National Preparedness Report, or ‘How Are We Measuring Preparedness?’

FEMA recently released the 2019 National Preparedness Report.  Simply put, I’m confused.  Nothing in the report actually lines up with doctrine.  It leaves me wondering how we are actually measuring preparedness.  So what’s the issue?

While the National Preparedness Report is initially structured around the five mission areas (Prevention, Protection, Mitigation, Response, and Recovery), the only full inclusion of the Core Capabilities in the report is a table on page 9, outlining usage of grant funds per Core Capability.  After this, the Core Capabilities for each mission are listed in the title page for each mission area within the detailed findings for those mission areas.  No detail of progress within these Core Capabilities is provided, however.  With the absence of this analysis, we are not seeing data on the progression of preparedness, which, per the National Preparedness Report, is measured through the lens of each of the Core Capabilities.

This is further confused on pages 45 and 48, in particular, where tables list the Community Lifelines with some sort of correlated ‘capabilities’ (noted with a lowercase ‘c’… thus not the Core Capabilities).  These capabilities are not from any doctrine that I can find or recall, including the components and subcomponents for each Community Lifeline provided in the Community Lifelines Toolkit.  For each of these they provide some analytical data, but it’s unclear what this is based upon.  The methodology provided early in the document does nothing to identify why this change in format has occurred or where these specific data sets come from, much less why they are deviating from the previous format and the standards provided through the National Preparedness Goal.

Some perspective… It would seem logical that the National Preparedness Report would be assessing our national state of preparedness relative to the National Preparedness Goal, as it has since its inception.  The National Preparedness Goal is structured around the five mission areas and the 32 Core Capabilities.  With the emergence of the Community Lifelines and their inclusion in the recent update of the National Response Framework, it makes sense that we will see Community Lifelines further integrated into standards, doctrine, and reports, but they have yet to be integrated into the National Preparedness Goal (the current version is dated 2015).  We have not yet seen a comprehensive crosswalk between the Community Lifelines and the Core Capabilities, but it should be recognized that there are certain aspects, even if you just examine the Response Mission Area, that don’t match up.

In an unrelated observation on the National Preparedness Report, the trend continues with citing after action reports from the year, but not actually providing any analysis of lessons learned and how those are being applied across the nation.

Bottom line… while there are some valuable nuggets of information included in this report, I find most of it to be confusing, as it lacks a consistent format on its own, as well as inconsistency with the existing standard of measurement as defined by the National Preparedness Goal.  Why is this a big deal?  First, it’s a deviation from the established standard.  While the standard may certainly have room for improvement, the standard must first be changed before the metrics in the reporting can be changed.  Second, with the deviation from the standard, we aren’t able to measure progress over time.  All previous National Preparedness Reports have provided data within the scope of Core Capabilities, while this one largely does not.  This breaks the possibility of any trend analysis.  Third, there is no reasoning provided behind the capabilities (lowercase ‘c’) associated with each of the Community Lifelines in the report.  It’s simply confusing to the extent that it becomes irrelevant because the information provided is not within the existing lexicon which is used for measurement of practically everything in preparedness.

Simply put, this year’s report is even more disappointing than those provided in previous years.  In fact, since it doesn’t conform with the current standard, I’d suggest it’s not even valid.  This should be far better.

Thoughts?

© 2019 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

 

 

A New CPG-101 is Coming

FEMA has recently announced an upcoming update to CPG-101.  CPG-101 is short hand for the “Community Preparedness Guide 101: Developing and Maintaining Emergency Operations Plans” document.  CPG 101 is a legacy document, which through its own versions and previous iterations has for decades has served as the standard guidance for emergency operations planning in the US.  The last update to CPG 101 was released in November of 2010.  That update introduced some best practices and lessons learned of the time, but with more recent changes to NIMS, better inclusion of EOC structures and function, the addition of Community Lifelines, updates to the National Preparedness Goal, National Response Plan, National Recovery Plan, and other lessons learned and best practices realized, an update to CPG 101 will be significant.  If you are looking for more information on CPG 101, here are a few articles I’ve written that reference it.

FEMA is soliciting input through direct feedback and a series of webinars.  Information on that can be found here: https://www.fema.gov/plan.  The deadline for feedback is January 14, 2020.  I heavily encourage participation in this effort by stakeholders across all of emergency management, public safety, and homeland security.

  • TR

An Updated Community Lifelines Toolkit and Relationships to Incident Management

Earlier this year, FEMA released guidance on the Community Lifelines.  I wrote a piece in the spring about integrating the concept into our preparedness and response activities.  Last month, FEMA issued updated guidance for Community Lifeline Implementation through Toolkit 2.0.  In this update, FEMA cites some lessons learned in actually applying the Lifeline concept in multiple exercises across the nation, as well as from feedback received by stakeholders. Based on these lessons learned and feedback, they have made some adjustments to their toolkit to reflect how they understand, prioritize, and communicate incident impacts; the structure and format for decision-making support products. And planning for these impacts and stabilization prior to and during incidents.  They have also made some changes based upon the updated National Response Framework.  The documents associated with the updated Community Lifelines all seem to reflect an inclusion in the efforts of the National Response Framework.  It’s great to see FEMA actually tying various efforts together and seeking to provide grounded guidance on application of concepts mentioned in doctrine-level documents.

The biggest addition to the Community Lifelines update is the inclusion of the FEMA Incident Stabilization Guide.  The ‘operational draft’ is intended to serve as a reference to FEMA staff and a resource to state, local, and tribal governments on how “FEMA approaches and conducts response operations”.  It’s a 77-page document the obviously leans heavily into the Community Lifelines as a standard for assessing the impacts to critical infrastructure and progress toward restoration, not only in response, but also into recovery operations.  It even reflects on bolstering Community Lifelines in resilience efforts, and ties in the THIRA and capability analysis efforts that states, UASIs, and other governments conduct.  I’m not sure the document is really a review of how FEMA conducts operations, as they say, but it does review the ideology of a portion of those operations.  Overall, there is some very useful information and references contained in the document, but this brings me to a couple of important thoughts:

  1. The utility of this document, as with the entire Community Lifelines concept, at the state and local level is only realized through integration of these concepts at the state and local levels.
  2. We finally have guidance on what ‘incident stabilization’ really entails.

To address the first item… In my first piece on Community Lifelines, I had already mentioned that if states or communities are interested in adopting the concept of Community Lifelines, that all starts with planning.  An important early step of planning is conducting assessments, and the most pertinent assessment relative to this initiative would be to identify and catalog the lifelines in your community.  From there the assessment furthers to examine their present condition, vulnerabilities, and align standards for determining their operational condition aligned with the Community Lifelines guidelines.  I would also suggest identifying resiliency efforts (hopefully these are already identified in your hazard mitigation plan) which can help prevent damages or limit impacts.  As part of your response and short-term recovery lexicon, procedures should be developed to outline how lifeline assessments will be performed, when, and by who, as well as where that information will be collected during an incident.

As for my second item, the concept of incident stabilization has an interesting intersection with a meeting I was invited to last week.  I was afforded the opportunity to provide input to an ICS curriculum update (not in the US – more on this at a later time), and as part of this we discussed the standard three incident priorities (Life Safety, Incident Stabilization, and Property Conservation).  We identified in our discussions that incident stabilization is incredibly broad and can ultimately mean different things to different communities, even though the fundamental premise of it is to prevent further impacts.  This Incident Stabilization Guide is focused exclusively on that topic.  In our endeavor to make ICS training better, more grounded, less conceptual, and more applicable; there is a great deal of foundational information that could be distilled from this new document for inclusion in ICS training to discuss HOW we actually accomplish incident stabilization instead of making a one-off mention of it.

Going a bit into my continued crusade against the current state of ICS training… I acknowledge that any inclusion of this subject matter in ICS training would still be generally brief, and really more of a framework, as implementation still needs to be grounded in community-level plans, but this document is a great resource.  This also underscores that “learning ICS” isn’t just about taking classes.  It’s about being a professional and studying up on how to be a more effective incident manager.  ICS is simply a tool we use to organize our response… ICS is NOT inclusive of incident management.  Not only are we teaching ICS poorly, we are barely teaching incident management.

While I’ve been away for a while working on some large client projects, I’m looking forward to ending the year with a bang, and getting in a few more posts.  It’s great that in my travels and interactions with colleagues, they regularly mention my articles, which often bring about some great discussion.  I’m always interested in hearing the thoughts of other professionals on these topics.

© 2019 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

A New National Response Framework

Yesterday FEMA announced the release of an updated National Response Framework (the fourth edition).  The most notable changes in this version of the NRF are the inclusion of Community Lifelines and a change to Emergency Support Function (ESF) #14.  Previously, ESF #14 was Long-Term Community Recovery.  With efforts to further engage and coordinate with the private sector in disaster response, ESF #14 has been changed to Cross-Sector Business and Infrastructure.

So what of Long-Term Community Recovery?  The National Disaster Recovery Framework (2016) outlines Recovery Support Functions (RSFs), which, at the federal level, are organized as coordinating structures along with the ESFs.  There are six RSFs, which generally align with the Core Capabilities for the Recovery Mission Area.  For anyone who has worked with FEMA in disaster recovery operations, you know these can be massive organizations, so why create an even large organization?  This structure should support the ESFs in focusing on immediate needs, while the RSFs can address long-term recovery.  When the Federal disaster response organization is initially set up for a disaster, the ESFs are immediately put to work to support state and local emergency needs.  In this phase, the RSFs are able to organize, gather data, and plan for eventually being the lead players as response transitions to recovery.  Recovery is very much a data-driven operation.  As this transition occurs, with the RSFs taking over, many of the ESF resources can be demobilized or tasked to the RSFs.

What does this mean for states and locals?  Fundamentally, nothing.  States simply need to have an appropriate interface with the new ESF #14.  Do states and locals need to mirror this organization?  No, and in fact most of the time when I see an organization centered around ESFs, I tend to cringe.  The ESF/RSF system works for the federal government because of the multitude of federal agencies that have responsibility or involvement in any given function.  Fundamentally, ESFs/RSFs are task forces.  Recall the ICS definition of a task force, being a combination of resources of varying kind and type.

Certainly, most local governments, aside from perhaps the largest of cities, simply don’t have this measure of complexity and bureaucracy.  It can work for some state governments, but for many it may not make sense.  Let’s consider ESF #1 – Transportation.  How many state agencies do you have that have responsibility and assets related to transportation?  In some states, like New York, there are many, ranging from State DOT, NYS Parks, the Thruway Authority, and the multitude of other bridge, road, and transit authorities in the State. Smaller states may only have a State DOT.  One agency doesn’t make a task force.  There are other options for how you organize your emergency operations plan and your EOC that can make more sense and be far more effective.  Essentially what I’m saying is to not mirror the way the feds organize because you think you have to.  All plans must be customized to YOUR needs.

On to the integration of community lifelines.  The goal of the new ESF #14 is to not only engage the private sector, but also coordinate cross-sector operations for stabilizing community lifelines.  I’m interested to see how this plays out, since the community lifelines are already addressed by other ESFs, so I suspect that once the new framework is tested, there may be some supplemental materials that come out to balance this.  That said, the integration of community lifelines is a good thing and I’m glad to see this gaining more traction and truly being integrated rather than existing as a good idea that’s never actually tasked.  Integration of community lifelines is something that every state and local government can at least track, if not take action on, depending on their capability and resources.  The updated NRF added some additional context to community lifelines, with information that supports integrating this concept into planning, response, and recovery.  I happen to appreciate this community lifeline focused timeline that is in the NRF.

While the focus of the NRF is on how the federal government will response, it is intended to be reflective of a whole community response.  It doesn’t necessarily provide guidance (nor should it) on planning, but it certainly serves as a reference.  Since it seems the feds are going all in on the community lifeline concept, I urge state, local, tribal, and territorial governments to examine how they can integrate them into your operations.  That all starts with planning.  It may begin as a function of situational awareness, but then what actions should a jurisdiction take when lifelines are impacted?  Even if a jurisdiction doesn’t have the capabilities to address the root cause, they still need to address the affects.

What thoughts do you have on the NRF update?

© 2019 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

EOC Management Organization

FEMA recently released a draft Operational Period Shift Brief Template for EOCs, open to public comment.  The document is fine, though there was one glaring issue… it assumes an ICS-based model is in use in the EOC.

With the release of the NIMS refresh, we were given some ‘official’ options for EOC management structures.  Unfortunately, we aren’t seeing much material that supports anything other than an ICS-based structure.  An ICS-based structure may certainly be fine, but every organization should examine their own needs to identify what works best for them.  Story time…

We recently completed a contract that included the development of a plan for a departmental operations center for a state agency.  The plan had to accommodate several considerations, including interaction with regional offices and operations, interaction with the State EOC, and integration of a call center.  When we talked to people, examined form and function, and looked at fundamental needs, the end result was an ICS-based organization.  While accommodations had to be made for translating their own agency structure and mission, it fit rather well.

For a contract we are currently working on, we are developing an EOC plan for a private utility.  Again, we reviewed documents, talked to people, and identified the fundamental needs of the company and the EOC organization.  The end result is shaking out to be something a little different.  At a glance, it’s largely ICS-based, but has some aspects of the Incident Support Model, while also having its own unique twists.  One particular observation was that their company’s daily structure has functions combined that we would normally break up in traditional ICS.  Breaking these functions up for an incident would be awkward, disruptive, and frankly, rather absurd.  Not only would personnel be dealing with something out of the ordinary, they would be changing the flow of corporate elements that have been placed together by necessity in their daily operations, which would detract from their efficiency during the incident.

My third example is a contract we are just getting started on.  This project involves developing an EOC plan for a municipality.  While we’ve had some initial discussions, we aren’t sure what the end result will be just yet.  The client isn’t set on any particular structure and is open to the process of discovery that we will be embarking on.  As I’ve thought about their circumstances and the recent and current work we’ve done on this topic, there are a few things that have come to mind.

  1. While NIMS is all about standardization and interoperability, the range of utility of emergency operations centers, in any form, and the mission, organization, an innate bureaucracy of the ‘home agency’ have a heavy influence on what the EOC’s organization will look like.
  2. While there still should be some standard elements to an EOC’s organization, there is generally less fluidity to the composition of an EOC, especially as it compares to a field-level incident command where the composition of the responding cadre of organizations can radically differ.
  3. Consider the doctrinal core concepts of ICS as really core concepts of incident management, thus we can apply them to any structure. These concepts are fundamental and should exist regardless of the organization used.  Some examples…
    1. Unity of Command
    2. Modular organization
    3. Manageable span of control
    4. Consolidated action plans
    5. Comprehensive resource management
  4. We need to acknowledge that the full benefit of organization standardization, exhibited by the ability of incident management personnel to be assigned to a new EOC and be able to immediately function, is potentially compromised to an extent, but that can be largely mitigated by adherence to the core concepts of ICS as mentioned previous. Why?  Because the system and processes of incident management are still largely the same.  These new personnel need just a bit of an orientation to the organizational structure being used (particularly if they are to be assigned in a leadership capacity at any level).

The most important consideration is to develop a plan.  That will provide extensive benefit, especially when done properly.  Follow the CPG 101 guidance, build a team, do some research, and weigh all options.  The end goal is to identify an organizational structure that will work for you, not one that you need to be forced into.  Bringing this around full circle, we need to know that with whatever system you decide to use, expect that you will need to develop your own training, job aids, and other support mechanisms since they largely don’t exist for anything outside of an ICS-based structure.  Note that even for an ICS-based model, there are needs… consider that there is no ‘official’ planning P for EOCs (one that is less tactics-focused), and, of course, that ICS training alone isn’t enough to run your EOC by.

I don’t place any blame for this need… consider that FEMA, with finite resources just like the rest of us, tries to produce things that are of the greatest utility to as much of the nation as possible, and right now, most EOCs are run on an ICS-based model.  While I hope this will expand over time, every entity will still be responsible for developing their own training on how they will organize and respond.  No training developed by a third party for a mass audience can ever replace the value of training designed specifically to address your plans.

I’m interested in hearing what changes are being made to your EOC organizations and how you are addressing needs.

© 2019 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC