Most campus safety professionals have had to adapt to the continually changing demands brought about by an ever more insecure world. Currently, the big buzz phrase in the industry is the National Incident Management System (NIMS). While most safety professionals will already be aware of NIMS and its guidelines, it should be viewed in the overall big picture of emergency management concepts, systems and protocols at the private, local, tribal, state and federal levels.
Virginia Tech now serves as the mechanism to emphasize security issues on educational and healthcare campuses, including the urgent need for standardized disaster/emergency planning, preparedness and incident command and control implementation outside of the governmental purview. Nationwide focus has been directed to find solutions to better aid responders of all emergency and disaster situations with their duties and tasks.
Unfortunately, those safeguards built into the government take time to implement. This is where entities outside of the government, or Non-Governmental Organizations (NGOs), have taken the lead.
We are indeed fortunate there are many public and private entities, such as the National Fire Protection Association (NFPA), working to improve the state of their industry, profession or the general welfare of the public by developing standards and codes for their practitioners. Let us now turn our focus on the guidelines associated with disaster and emergency management.
There Are Important Differences Between the Codes
Most campus professionals are aware of the hierarchy of systems. Policies provide general statements of intent, procedures define how the intent of the policy is met, and instructions define how the specific tasks of the procedure are accomplished. This is the same method used in the development of an emergency management system or program.
NFPA 1600 defines the overall requirements and intent of a complete disaster/ emergency management and business continuity program. NFPA 1561 defines how to meet the requirement under clause 5.9 for Incident Management of the NFPA 1600. NIMS is a guidance document and explains how this incident command system works, the command structure, and the roles and responsibilities of the staff levels and functions.
On Jan. 4, the Federal Emergency Management Agency (FEMA) and the Department of Homeland Security (DHS) issued a NIMS Alert that recommended state and local governments adopt the NFPA 1600 and NFPA 1561 standards as a means of complying with NIMS. With this in mind, many campus officials may be confused and ask why NIMS is needed at all. It is important because when a disaster or emergency strikes a campus, it is advisable, if not necessary, that the responsible personnel know how the incident command system works.
NFPA 1561 defines the structure(s) and responsibilities of the entity’s incident command. When an incident escalates beyond the campus’ capabilities, NIMS defines the incident command structure, the responsibilities that are consistent through all governmental levels, and who or what agency/department of the federal government fills the relevant position in the command structure and its scope of responsibility in a national incident.
Also, the entity may be required to comply with NIMS. According to the National Response Plan (NRP), “Private-sector owners and operators, particularly those who represent critical elements of infrastructure or key resources whose disruption may have national or major regional impact, are encouraged (or in some cases required under law) to develop appropriate emergency response and business continuity plans and information-sharing and incident-reporting protocols that are tailored to the unique requirements of their respective sector or industry, and that clearly map to regional, state, and local emergency response plans and information-sharing networks.”
Additionally, FEMA and DHS have issued a fact sheet recommending private sector entities adopt NIMS.
Noncompliance May Lead to Lawsuits
There are other fiscal reasons why a campus should have an NFPA 1600 and NFPA 1561 system/program that is compatible with NIMS. Every entity must be concerned about litigation.
In a disaster or emergency, the question may come down to two factors: 1. Whether or not officials of the entity knew there was a possibility that such an incident could happen, and 2. The types of plans it had in place to address or mitigate the possibility. By having a capable NFPA 1600/NFPA 1561 system/program in place that is synchronized with NIMS, the entity can prove it has paid due-diligence to its vulnerabilities and show it has attempted to mitigate the effects.
The U.S. Department of Labor’s Occupational Safety and Health Administration’s (OSHA) General Duty Clause may also come into play subsequent to a disaster or emergency. An employer can be cited for violation of this clause if a recognized serious hazard exists in its workplace and the employer does not take reasonable steps to prevent or abate the hazard.
Additionally, certain government grants require NIMS implementation for consideration such as the Emergency Response and Crisis Management (ERCM) Grant Program of the U.S. Department of Education, Office of Safe and Drug Free Schools.
Just Complying With NIMS Is Not Enough
Hospital, school and university officials may be tempted to just adopt NIMS and forget about the NFPA codes. This, however, is not a wise move. NIMS is not a system in and of itself; it is more of a guidance document that also defines the roles and responsibilities in the command structure. NIMS is a general document that can be applied to a wide variety of entities, both public and private. California has developed an additional directive called the Standardized Emergency Management Systems (SEMS) guidelines so campuses can conform to the state’s specific needs and laws.
This is why FEMA and DHS have recommended states adopt NFPA 1600 and NFPA 1561 as the standards for complying with NIMS. These two NFPA standards give specific requirements that demonstrate compliance with the intent of the particular standard.
A program developed to these standards ensures that everyone in the entity knows “who, what, where, when and how” during an event. It also provides evidence of due diligence and further reduces exposure to litigation after an incident. The business continuity portion of NFPA 1600 ensures the entity can continue providing services during an incident and has a plan to fully recover afterward.
Campuses Must Determine System Effectiveness
Once a hospital, school or university has implemented a program, there are a number of methods that can be applied to determine its effectiveness.
The first method is to wait until a situation happens and then review the successes and failures after the fact. This method probably will result in initial cost savings but remains incomplete and will cost significantly more after an incident has occurred. The disadvantage is that from the onset, the program is not compliant with the requirements of the standard and is reactive by nature. The failures are only apparent after the fact, thus exposing the entity to the possibility of legal action resulting in unforeseen costs.
The second method would be to conduct the exercises as required by the standard. This gives a better idea of how the program will work and where additional efforts are needed. Although obviously more comprehensive, it too remains incomplete in that most exercises are conducted as a scheduled event. Everyone involved is informed before the drill and basically knows what to expect; which, in many cases, resembles more of a choreographed ballet than an actual exercise.
One way to mitigate this effect would be to use a program such as “Incident Commander” that was developed through the Department of Justice. The program is much more realistic than the tabletop or field exercises and throws in wild cards to keep everyone on their toes. It has the ability to raise the stress level approximating an actual incident.
The third method would be to take the two standards and the applicable sections of the NIMS document, and develop a checklist of all the requirements; then evaluate the program against the checklist. This is useful because it actually performs an audit to the requirements — a self-assessment so to speak. The difficulty in this method, however, is that it is unlikely the program will be that straightforward and allow point-by-point comparison. This will cause the evaluation to take significantly longer than expected, while the person evaluating the program conducts an extensive recon mission to find the relevant information.
NIMS compliance can be judged based on the evaluation tools on NIMSCAST, but it only judges the incident command portion of the overall program.
3rd-Party Assessments Can Help Campuses
Given that the standards encompass an all-hazards approach, the logical solution and method would incorporate all the previous methods mentioned above, as well as the inclusion of additionally beneficial aspects. This is accomplished by means of a third-party assessment and certification of the program.
The distinct advantage to this method is that it will provide completely impartial and unbiased evaluation along with program accountability. It proactively establishes the objectivity necessary for determining the most accurate reflection of compliance to the standards, and effectively judges any NIMS compliance. Third-party auditors are seasoned professionals that are able to move through the program quickly and with little effort. This saves time, workforce resources and money. It also provides recognition to all personnel involved and instills confidence with the public at-large.
_________________________________________________________
Cracking the Codes: NFPA Standards Basics
The following standards either apply to both public and private campuses, or provide the basis for the National Incident Management System (NIMS):
- NFPA 1600: The National Fire Protection Association (NFPA) 1600 Standard for Disaster/Emergency Management and Business Continuity Programs is an all-hazards approach that gives those who are responsible for emergency management a common set of criteria and nomenclature to develop, implement, maintain and evaluate a program.
The standard is endorsed by FEMA and DHS and is to be applied to the development of emergency management programs in both the public and private sectors. In 2004, the American National Standards Institute (ANSI) approved NFPA 1600 as an American National Standard, which was reapproved for the revised 2007 edition.
- NFPA 1561: The NFPA 1561 Standard on Emergency Services Incident Management System contains the minimum requirements necessary for an effective incident management system. This is an applicable incident management standard and is intended for use by emergency services to manage all emergency incidents.
It should be pointed out that the NFPA 1561 standard was preceded by a standard developed in the 1970s through the work of the Firefighting Resources of California Organized for Potential Emergencies (FIRESCOPE). FIRESCOPE-ICS was originally developed in response to wildfire incidents and defined the concepts of the incident command system (ICS) that are used to address disasters and/or emergencies of all types.
FIRESCOPE-ICS and NFPA 1561 were the predecessors of NIMS. Since the FIRESCOPE-ICS and NFPA 1561 standards were already developed and implemented on a wide scale around the country, it became a simpler task for the government to define how the incident command system would work within a national framework (NIMS).
- HSPD-5: To understand NIMS, one must understand it in the context of its origin, the HSPD-5. This system provides a consistent nationwide template to enable governments and private sector and nongovernmental organizations to work together effectively and efficiently to prepare for, prevent, respond to, and recover from domestic incidents. This document establishes the basic elements of NIMS and provides mechanisms for the further development and refinement of supporting national standards, guidelines, protocols, systems and technologies.
__________________________________________________________
New Federal Standards Might Not Be as Voluntary as You Think
On Aug. 3, President George Bush signed into law House Bill HR-1, or as it is known by its short title as; “‘Implementing Recommendations of the 9/11 Commission Act of 2007.” The significance of this law to the private sector lies buried within all of the bill’s legal language. Campus emergency management personnel should not be misled by the term “voluntary” when referring to private sector preparedness and certification. There are many examples of voluntary international quality and environmental standards becoming mandates through industry codes of practice or industry consensus groups. The JCAHO accreditation (certification) for healthcare would also be an example of voluntary codes/standards used in determining eligibility for federal monies. Based on the critical nature of campus security, safety and preparedness, a similar scenario would not be out of the realm of possibility.
Overall, the bill has the expected provisions dealing with security and performance grants, critical infrastructure, intelligence, transportation security and terrorism prevention. Those charged with emergency management in the private sector, however, should pay particular attention to Title IX – Private Sector Preparedness. The key elements are required by the NFPA 1600 standard.
Title IX, section 524 – Voluntary Private Sector Preparedness Accreditation and Certification Program – deals specifically with the development and implementation of an accreditation scheme to ensure certifications that are granted to private entities are valid. It sets forth the general criteria for such accreditation bodies and the oversight requirements the body must require of itself and any certifying agency or entity to which the body grants accreditation. Any third-party certification entity must also comply with these criteria.
This law now places the correct tools for effective emergency management planning into the hands of the campus safety professional and a means to confirm the plans validity through third-party certification.
__________________________________________________________
In the next article we will explore how to use the NFPA 1600, NFPA 1561 and NIMS to develop a viable emergency management and business continuity program.
Mark A. Messler is the technical director for the National Emergency Management Registrars, or NEMR, a certification/registration body dedicated to private sector certification of disaster/emergency management and business continuity programs. NEMR can be reached at
(800) 910-4033 or info@nemronline.org.
