Leveraging Regional External Agencies to Strengthen your Program
- Published on July 11, 2011
On-Line Resources – Public Agency Emergency Management InformationDRJ / ARMA / DRII / FSTC / NFPA 1600 Generally Accepted Practices (GAP).
DRII Professional Practices.
DRJ / DRII Glossary
ANSI / NFPA 1600:2010 – Standard on Disaster/Emergency Management and Business Continuity Programs. National Fire Protection Association, 2010.
Community Emergency Response Teams (CERT), FEMA.
Emergency Planning and Community Right-to-Know Act (EPCRA) Local Emergency Planning Committees Requirements, EPCRA Sections 301-303.
Incident Command System Overview (ICS), FEMA.
FEMA Independent Study Program.
National Incident Management System (NIMS), FEMA IS-700, Independent Study Program Course.
National Voluntary Organizations Active in Disaster (National VOAD).
As business continuity professionals, we are familiar with the DRII Professional Practices which outline what to do and how to do business continuity planning. Professional practice subject matter area No. 10 deals with emergency management from a business continuity/disaster recovery perspective, and it includes numerous references to the need to communicate and interact with external agencies. However, the importance of not only understanding and leveraging external agencies, but also supporting them for mutual benefit, has a much broader scope for business continuity professionals than that covered in the Emergency Management Professional Practice. In fact, the broad scope of emergency management, as defined from a government perspective, includes mitigation, preparedness, response, recovery, and post-event planning and implementation. As a result, all 10 of the DRII Professional Practices include references to coordination with external sources/entities and recognizing the importance of understanding the potential impacts of laws, regulations, codes, zoning, standards, practices, resources, and opportunities related to developing, implementing, and maintaining emergency procedures that are specific to the organization’s location and industry.
This article concentrates on services and opportunities provided by state and regional public authorities. Although national agencies were created to support and monitor legal and regulatory mandates and are important and useful, many of those mandates delegate responsibility down to the state, regional, and municipal levels. As a result, your interaction and that of your organization – with external agencies such as homeland security, emergency management, fire, police, public utilities, and elected officials – is likely to take place at the local level. Detailed information on suggested interactions with business continuity professionals and external agencies is outlined in the DRJ/ARMA/DRII/FSTC/NFPA 1600 Generally Accepted Practices (GAP) document, which is posted on the DRJ Web site. Another good source of information about local public/private interactions is your local Association of Contingency Professionals chapter, since public authority representatives are often ACP members and attend ACP meetings.
Regionally-Operated Public Authorities
External agencies operating at the regional level are powerful resources, but understanding the plethora of public/private entities, the interactions among them, and related opportunities for business continuity professionals and their organizations can be somewhat daunting. As a result, organizations, particularly small and medium businesses, are either unaware of or fail to understand the wealth of strategic and tactical options that such relationships may provide. Examples of regional emergency management-related entities include the following:
- Emergency management association is a generic term for a professional association for emergency management that operates at the local and state level, primarily on the public side. Such an association is usually titled with the state name, followed by emergency management association. For example, in Virginia, the organization is called Virginia Emergency Management Association.
- Regional or area councils and planning district commissions are emergency management groups/committees which are established throughout the U.S. and are created by state statute. These entities are separate from the state EMAs described above. A region may have more than one such entity (such as one that engages in strategic emergency planning and another which focuses on operational and tactical emergency management).
- Local emergency planning committees (LEPC) are mandated at the federal level by the Environmental Protection Agency under Title III of the Superfund Amendments and Reauthorization Act. All communities must maintain LEPCs, which engage in emergency planning for disasters related to hazardous materials in the community.
- Voluntary Organizations Active in Disaster (VOAD), a coalition of major national U.S. voluntary organizations, is the primary point of contact for voluntary efforts in the FEMA National Response Coordination Center. It supports training of volunteers to participate in disasters and enables a business organization to serve as a volunteer entity under the umbrella of one of the VOAD service organizations. Examples of those service organizations include the Red Cross, Salvation Army, United Way, faith-based groups, and civic/community service-based organizations (e.g. Rotaries and Ruritans). The business supplies volunteers who can be deployed around the country as needed to assist with disaster situations. It also supplies the resources required to support those volunteers.
- The Community Emergency Response Team (CERT) is an example of a program operating under the VOAD/Citizen Corps umbrella. The CERT program educates people about disaster preparedness for hazards that may impact their area and trains them in basic disaster response skills such as fire safety, light search and rescue, team organization, and disaster medical operations. Using the training learned in the classroom and during exercises, CERT members can assist others in their neighborhood or workplace following an event when professional responders are not immediately available to help. CERT members also are encouraged to support emergency response agencies by taking an active role in emergency preparedness projects in their community.
- Local and/or regional emergency management committees work together to focus on policies, guidance, standard operating procedures, and operational capabilities for emergency management.
- Public emergency operation centers (EOC) often do not have private business involvement. However, businesses should proactively coordinate with EOCs, both to volunteer and provide resources, and to participate in planning. As much as possible, businesses should ask to be involved in public EOC exercises to gain an understanding of how the community responds and recovers from an event and understand how they fit in.
- Joint emergency operations centers are more broadly based than public EOCs and may include multiple municipalities, state and/or federal partners, and other stakeholders such as the private sector and the military.
- The National Guard is a state asset, controlled by the governor, who may call it to service based on local community requests for services. The National Guard may be sent to a locality ahead of time to prepare for a significant anticipated event.
It is important to understand that in the private sector, the business continuity planning cycle as outlined in the DRII Ten Professional Practices is structured differently from the public arena perspective at the national, state, regional, and municipal levels as the event emergency management cycle moves through mitigation, preparedness, response, recovery, and post-event phases. While those two standards differ, they are compatible; they have parallels and can be correlated. Participation and collaboration in public-private dialogue and planning at all levels is important for governments and government agencies, businesses, individuals, and the community at large. However, collaborating at the regional and municipal levels can be particularly rewarding, because participants at the local level have personally-shared interests and win-win opportunities.
Mitigation and Preparedness
From an education/orientation perspective, it is important for businesses to understand the National Incident Management System (NIMS), because that is the framework that local, state, and national government use to manage disasters. A free course on FEMA is available to businesses which can help them understand how governments manage disasters, including terminology and protocols. The Incident Command System (ICS) is part of NIMS but offers a separate course. Those courses will orient you to NIMS/ICS standards and improve your ability to communicate effectively in public-private interactions.
Organizational interfaces at the regional level involve public authority contacts, public information officers/public relations, area councils, local emergency planning commissions, and CERT. Businesses must establish information sources and understand how public authorities communicate. It is also important to provide up-to-date information about your organization to public safety officials on an ongoing basis.
Determining vulnerabilities and risks to your organization, which, from a business continuity planning perspective, takes place during the risk assessment phase, is best done in consultation with experts. In the case of hazard mitigation plans, for example, the best place to start for information may be regional councils or local offices of emergency management. These places are helpful because they offer interpretation of flood maps and assessment of flooding risk.
Business continuity professionals are invited to participate in training and local/regional public sector exercises. Surprisingly, few take advantage of those opportunities. For example, you can participate in local emergency management and homeland security exercises and educational opportunities that support your industry. Those experiences will be more rewarding if you obtain a copy of the pertinent emergency operations plan and review it in advance.
It is important to invite the public entities to participate in, or observe, your organization’s training and exercises. That interaction lays the foundation for the level of support that is needed and available during disaster situations. In the event of a disaster, it may be essential for your key management and technical personnel to gain access to your organization’s facilities. Prior arrangements with public sector authorities may make the difference between being granted access when an area is cordoned off and not getting access.
To become a valued member of the local emergency management environment, consider support that you can provide to public authorities. Your organization may be able to host an emergency operations center (EOC), contribute needed resources, or develop a CERT group comprised of employees who are interested in volunteering as a group in the event of a disaster. Establishing a CERT group comprised of your organization’s people allows them to be pre-trained, vetted, and credentialed prior to a disaster, so that they can be immediately available to serve the community. Some of your employees are likely to want to help in such a situation, but spontaneous unaffiliated volunteers without credentials who are untrained create challenges for first responders rather than viable resources and may be turned away when they offer support. Spontaneous donations can also be an issue if they take forms that are not useful for the event in which the items are being donated (e.g. unneeded clothing, truckload of teddy bears, painting supplies, etc.). Your organization should establish, in advance, what types of support will be appropriate and accepted, working with emergency management authorities, and the logistics for providing and distributing those contributions.
Many large companies support FEMA, the states, and local governments by contracting with them for services and supplies. If your organization is interested in doing this, establish the necessary public authority contacts and relationships.
Business continuity professionals play an important role in supporting the protection and resiliency of the community’s critical infrastructure and key resources (CIKR), which are essential to the community’s security, public health and safety, economic vitality, and way of life. Loss of CIKR due to an incident could significantly disrupt the functioning of government and business alike and produce cascading effects far beyond the sector and physical location of an incident. Direct terrorist attacks and natural, manmade, or technological hazards could produce catastrophic losses in terms of human casualties, property destruction, and economic effects as well as profound damage to public morale and confidence and even more devastating physical and psychological consequences.
Response and Recovery
During disaster event response and recovery, good documentation is everything. For example it supports your community and organization when applying for disaster funding. Computerized documentation, which can be accessed from anywhere important, but what is most critical is the pre-established communications network that facilitates the work that must be done. Ensure that the contacts and relationships that you will need during a disaster are established before you need to use them. You need to be able to pick up the phone and call the people who can help your organization function adequately in a disaster situation.
Web-enabled consequent management systems may provide secure real-time information sharing capabilities that are used by local and/or state emergency management agencies. Contact your local emergency management office to find out more about how it communicates and shares information in crisis situations and how you can get in the loop.
After both exercises and disaster situations, regional and local agencies summarize lessons learned and develop after action reports and improvement plans. Usually, a public input period is established for feedback from businesses and the community provided through local forums and town meetings. Local emergency management wants to hear from you. Become part of the process, and use information from the resulting reports to revise and enhance your organization’s plans and documentation.
Regional Agency Example – Commonwealth of Virginia
The Department of Homeland Security established the National Infrastructure Protection Plan (NIPP) in 2009 which outlines a coordinated approach to critical infrastructure protection. It also maintains sector-specific plans at the national level. The NIPP instructs the individual states and regions to develop their own customized infrastructure protection plans that adhere to the tenets of the national plan and are built to support state and regional sector partners.
The Commonwealth of Virginia, for example, has developed and maintains the Virginia Critical Infrastructure Protection and Resiliency Strategic Plan. At the regional level, the Hampton Roads Planning District Commission (HRPDC), one of 21 Planning District Commissions in the Commonwealth of Virginia, is a regional organization which supports 16 local city/county governments in southeastern Virginia. The Hampton Roads region has a population of about 1.7 million people and represents the 36th-largest metropolitan area in the U.S. The HRPDC, in conjunction with the Governor’s Office of Veterans Affairs and Homeland Security, is currently developing and implementing the Hampton Roads Critical Infrastructure Protection Program with regional sector partners. The HRPDC is leveraging existing best practices of infrastructure security around the nation and Virginia, through the implementation of key objectives found within both the National Infrastructure Protection Plan and the Virginia Critical Infrastructure Protection and Resiliency Strategic Plan, to develop and implement an effective regional plan. Participants in that strategic planning process include businesses/industries, infrastructure owners and operators, governments, and academic leaders in risk analysis and business security strategy development. The goal is to enhance the capability of organizations to improve continuity of operations and community resilience and to decrease the overall level of risk to critical infrastructure owned and operated by the public and private sectors.
The Bottom Line
Governments enlist private sector participation in emergency planning and operations prior to and following major crises and disasters to help coordinate response efforts and hasten community recovery. Coordination offers dual benefits. Business continuity professionals can offer fundamental expertise needed for planning, response, and recovery efforts that government sometimes cannot provide. Participation by the private sector in emergency planning and operations, for example, through regional councils, VOADs, CERT, and offices of emergency management, provides private sector businesses and individuals with a sense of community support and real-time access to information that enhances their business continuity planning efforts to prepare for disasters, and, at the time of disaster, enables them to return as quickly as possible to full operating status.
Richard Flannery, MS, CFM (firstname.lastname@example.org) is the emergency management administrator with the Hampton Roads Planning District Commission and the president of the Hampton Roads Association of Contingency Planners.
Theresa A. Kirchner, Ph.D., MBCP (email@example.com) is an assistant professor of management with Hampton University. She is a Hampton Roads Association of Contingency Planners board member who has served as a DRII certification commissioner and DRJ Editorial Advisory Board member.