Your Solution for SMART Response Plans

Applying FEMA's Core Capabilites to Corporate EHS Programs: Part 2

Posted on Mon, May 13, 2013

FEMA has identified 31 core capabilities that should be incorporated into emergency management programs. Although the concepts are aimed at the public sector and governmental jurisdictions, companies can evaluate these elements for site specific applicability and implement appropriate elements to actualize corporate strategic and tactical environmental, health, and safety (EHS) goals.

In Part 2 of this series on core capabilities, we will explore the concepts relating to FEMA’s mission areas of prevention and protection, and the core concepts that fall under these areas.


Preventionincludes those capabilities necessary to avoid, prevent, or stop a threatened or actual act of terrorism. It is focused on ensuring we are optimally prepared to prevent an imminent terrorist attack within the United States.”

Forensics and Attribution: “Conduct forensic analysis and attribute terrorist acts (including the means and methods of terrorism) to their source, to include forensic analysis as well as attribution for an attack and for the preparation for an attack in an effort to prevent initial or follow-on acts and/or swiftly develop counter-options.”

Companies must remain vigilant in preventing  terrorism. By prioritizing the analysis of on-site sources, such as chemical, biological, radiological, nuclear, and explosive material, companies can help to prevent initial or follow-on terrorist acts. Site-specific awareness training can broaden the scope of prevention by identifying potential sources and/or attributes associated with a terrorist attack.


The following capabilities protect individual and critical corporate assets, systems, and networks against threats. EHS programs must institute these critical protective measures to promote business continuity. The ability to identify, quantify, and secure critical business processes that, when not functional, may damage a company’s reputation or ability to operate, is a critical stage in the business continuity planning process.

Access Control and Identity Verification: “Apply a broad range of physical, technological, and cyber measures to control admittance to critical locations and systems, limiting access to authorized individuals to carry out legitimate activities.”

Cybersecurity: “Protect against damage to, the unauthorized use of, and/or the exploitation of (and, if needed, the restoration of) electronic communications systems and services (and the information contained therein).”

Physical Protective Measures: “Reduce or mitigate risks, including actions targeted at threats, vulnerabilities, and/or consequences, by controlling movement and protecting borders, critical infrastructure, and the homeland.”

Risk Management for Protection Programs and Activities: “Identify, assess, and prioritize risks to inform Protection activities and investments.”

Supply Chain Integrity and Security: “Strengthen the security and resilience of the supply chain.”


Intelligence and Information Sharing: “Provide timely, accurate, and actionable information resulting from the planning, direction, collection, exploitation, processing, analysis, production, dissemination, evaluation, and feedback of available information concerning threats to the United States, its people, property, or interests; the development, proliferation, or use of WMDs; or any other matter bearing on U.S. national or homeland security by Federal, state, local, and other stakeholders. Information sharing is the ability to exchange intelligence, information, data, or knowledge among Federal, state, local, or private sector entities, as appropriate.”

Intelligence and information sharing are important components of the Incident Command System. Capitalizing on lessons learned enables companies to improve methodology based on actual experiences. To advance an EHS program, managers should include cyclical plan reviews to allow lessons learned to be implemented into preparedness, training and exercises.

Interdiction and Disruption: “Delay, divert, intercept, halt, apprehend, or secure threats and/or hazards.”

Companies  must  establish consistent protocols and regulatory compliance measures to maintain safe operations and minimize exposures. This includes proper and secure handling and disposal of hazardous materials capable of bringing harm to individuals, assets, or the environment. The objective is to remain vigilant in order to prevent potential threats, including terrorism.

Screening, Search, and Detection: “Identify, discover, or locate threats and/or hazards through active and passive surveillance and search procedures. This may include the use of systematic examinations and assessments, sensor technologies, or physical investigation and intelligence.”

Companies must be keenly aware of any operations that can potentially targeted or used in a terroristic manner. Proper identifications of materials and individuals, as well as security protocols must be reviewed to guard against potential harm.

The next blog, Part 3 of the series, will address the core capabilities related to mitigation.  To begin reading Part 1 of this series, click here.

For an understanding of the necessary elements in creating an effective fire pre plan, download our Fire Pre Planning Guide.

TRP Fire Pre Plan Image

Tags: Resiliency, Security plans, Cyber-Security, Terrorism Threat Management, Safety, Political Instability, Insider Threat