Your Solution for SMART Response Plans

Complex Corporate Structure? Five Components to an ICS Ready Response!

Posted on Thu, Jun 09, 2016

Facility and workplace emergencies occur quickly and often unexpectedly. Decisive responses must be immediate in order to minimize potentially escalating impacts. Use of the Incident Command System (ICS) provides companies with a proven response management structure, process, and methodology.

ICS is a widely applicable management system designed to enable flexible, effective, efficient all-hazards incident management. By integrating a common emergency planning organizational structure, response operations can be streamlined, coordinated, and coherent to every necessary responder.

ICS standardizes titles, clarifies reporting relationships, and eliminates the confusion caused by multiple, conflicting directives. Prior to an incident, standardized roles and responsibilities should be clearly established and assigned in the response plan. The individuals assigned to each area of response should be trained accordingly and be familiar with applicable response plans.

Five ICS Components

A typical ICS organizational structure is built around five major management activities or functional areas:

1. COMMAND: According to FEMA, the command function is “the act of directing, ordering, or controlling by virtue of explicit statutory, regulatory, or delegated authority.”

With a significant or prolonged incident, command may be transferred to other individuals. When command is transferred, the process must include a briefing that captures all essential information for continuing safe and effective operations. Command transfers should be expected during an extended incident, and does not reflect on the competency of the acting Incident Commander. Companies must train each individual for their designated role to ensure a smooth command transfer, or at a minimum, coordinate transfers with external responders or agencies. 

The ICS Unified Command structure allows federal, state, and local On-Scene Coordinators to work together effectively without affecting individual agency authority, responsibility, or accountability.

2. OPERATIONS: The operations function of ICS is responsible for the direction and coordination of all incident tactical operations. ICS operations enables short and long-term field-level operations for a broad spectrum of emergencies, from small to complex incidents, both natural and manmade. The designated Operations Section Chief organizes, assigns, and supervises all of the tactical field resources assigned to an incident. However, a manageable span of control is established to monitor the number of resources that report to any one supervisor. Per ICS guidelines, a supervisor optimally should not have more than five subordinates.

3. PLANNING: The planning function of ICS accounts for the collection, evaluation, and distribution of information regarding incident development and the necessary resources required to counteract the circumstances. Despite potential incomplete scenario details, planners must implement an Incident Action Plan that can be communicated through concise briefings during the initial stages of incident management. Pre-planning applicable emergency scenarios is highly recommended and can greatly minimize the initial planning stage. Implementing an unexercised plan during an incident may result in a prolonged and inefficient response.

As the incident management effort evolves over time, additional lead time, staff, information systems, and technologies enable more detailed planning and cataloging of events and “lessons learned.” Coordinated communication is a critical planning element that enables targeted directives to be carried out.


4. LOGISTICS: The logistic component of ICS is responsible for providing the necessary facilities, services, and materials to meet the needs of the incident response. The potential complexity of response logistics should be analyzed, optimized, and communicated within an established and exercised response plan. 

During an emergency, logistics personnel may be involved in:

  • Participating in preparation of the Incident Action Plan (IAP)
  • Providing utility maps to emergency responders
  • Providing material safety data sheets to employees
  • Coordinating and processing requests for additional resources
  • Repairing equipment
  • Arranging for medical support, food and transportation
  • Arranging for shelter facilities
  • Providing for backup power
  • Providing for backup communications
  • Implementing the Incident Demobilization Plan

5. FINANCE/ADMINISTRATION: The Finance/Administration Section has two key missions during an incident:

  1. Cost monitoring and payment: Account for all financial elements related to the incident. This may include providing financial and cost analysis information as requested. The Finance / Administration Section Chief is responsible for tracking all costs incurred during the event.
  2. Administration: Collects, details, and maintains a record of the incident events, investigations, and recovery operations. The administrative component may also be responsible for gathering pertinent information from agency briefings and ensuring all documents initiated at the incident are properly prepared, completed, and submitted as necessary. All teams, sections, and divisions must establish logs and submits copies to the Finance / Administration Section Chief, or delegate every 12 hours (or at determined increments).


Need additional guidance? Receive TRP's Crisis Management Framework Guide

Corporate Crisis Management

Tags: ICS

Tips for Merging Response Plan Templates and ICS

Posted on Thu, Sep 10, 2015

Response planning is a multi-faceted entity, composed of critical information, procedural comprehension, and response process awareness. Two contributors to effective preparedness comes from the site-specific information within the plans and a standardized response management process by which procedures are carried out. The two concepts, site-specific and standardization, may appear to contradict each other. However when merged properly, companies can strengthen preparedness initiatives and enable a flexible, effective, efficient, and all-hazards incident management response.

By integrating up-to-date, site-specific response plans, company EHS protocols, and Incident Command System (ICS) components, response operations can be streamlined and coherent without being hindered by jurisdictional boundaries. Utilizing ICS in conjunction with site-specific plans can also consolidate an effective response that includes multiple combinations of facilities, equipment, personnel, procedures, and communication methods.

However, when companies implement or utilize a basic template approach without consideration of site-specific details, the result is often an incomplete, ineffective, and non-regulatory compliant plan. In addition, implementing an incident command approach without site-specific information often results in inadequate and prolonged responses.

By utilizing a template as an outline, companies can begin the process of creating response plans. Companies may consider web-based technology to streamline template formats across an enterprise. A generic plan template may not address every regulatory and/or site specification, so it is essential to evaluate site-specific variables and applicable regulatory requirements. If templates are tied to a web-based database, site-specific information can often be cross references with regulatory requirements. As facilities are added or renovated, operations are revised, or employees revolve, each web-based plan can be conveniently accessed and updated for accuracy and compliance.

Below are twelve basic template topics that should be evaluated for site specific applicability and implementation.

  1. Laws and regulating authorities
  2. Hazard identification and risk assessment
  3. Hazard mitigation procedures
  4. Resource management
  5. Response direction, control, and coordination
  6. Notifications and warning systems
  7. Operations and safety procedures
  8. Logistics and facilities infrastructure specifics
  9. Training
  10. Exercises, evaluations, and corrective actions
  11. Crisis communications
  12. Finance and administrative duties

Once site specifications and regulatory requirements are identified, plans should be formatted within a common and unified incident planning organizational structure. The structure is based on a set of essential features that apply to the management of any incident or all-hazards events. Features included in ICS are:

  1. Common terminology - use of similar terms and definitions for resource descriptions, organizational functions, and incident facilities across disciplines
  2. Modular organization - response resources are organized according to their responsibilities. Assets within each functional unit may be expanded or contracted based on the requirements of the event.
  3. Management by objectives - specific, measurable objectives for various incident management functional activities and direct efforts to attain them. Planning should allow for a timely response, documentation of the results, and a way to facilitate corrective actions.
  4. Incident action planning - Incident Action Plans (IAPs) guide response activities, and provide a concise means of capturing and communicating a company’s incident priorities, objectives, strategies, protocol, and tactics in the contexts of both operational and support activities.
  5. Manageable span of control - response organization is structured so that each supervisory level oversees an appropriate number of assets (varies based on size and complexity of the event) so it can maintain effective supervision.
  6. Pre-designated incident facilities - assignment of locations where expected incident-related functions will occur.
  7. Comprehensive resource management - systems in place to describe, maintain, identify, request, and track resources.
  8. Integrated communications - ability to send and receive information within an organization, as well as externally to other disciplines.
  9. Consolidated action plans - a single, formal documentation of incident goals, objectives, and strategies defined by unified incident command.
  10. Establishment and transfer of command - Clearly identify and establish the command function from the beginning of incident operations. If command is transferred during an incident response, a comprehensive briefing should capture essential information for continuing safe and effective operations.
  11. Chain of command and unity of command - Identify clear responsible parties and reporting relationships
  12. Unified command structure - multiple disciplines work through their designated managers to establish common objectives and strategies to prevent conflict or duplication of effort.
  13. Accountability - Develop process and procedures to ensure resource accountability including: check-in/check-out, Incident Action Planning, unity of command, personal responsibility, span of control, and resource tracking.
  14. Dispatch/deployment - Limit overloading response resources by enforcing a “response only when requested or dispatched” process in established resource management systems.
  15. Information and intelligence management - The incident management organization must establish a process for gathering, analyzing, assessing, sharing, and managing incident-related information and intelligence.

Once the initial response plan is completed, plan audits, exercises, expert assistance, and/or consultation services may be required to confirm plan compliance and effectiveness.

Preparedness and Emergency Management - TRP Corp

Tags: Response Plans, Incident Management, ICS, Emergency Response Planning

Cyber-Security for ICS Necessary in Business Continuity Planning

Posted on Thu, Nov 21, 2013

The 2013 Global Risk Report ranks cyber-attacks in the “Top Five” of highly probability occurring incidents within the next ten years. According to the report, cyber-attacks and critical system failures are considerable technological risks to companies and organizations across the globe.

As technology dependencies become more ingrained in company operations, it is essential to institute company-wide best practices for risk analysis, computer security, downloads, and backups in order to secure necessary integrated technologies. A recent report by The European Union Agency for Network and Information Security (ENISA) highlighted security concerns over Industrial Control Systems (ICS), including the widely utilized Supervisory Control and Data Acquisition (SCADA) systems, distributed control systems (DSC), and programmable logic controllers (PLC). These concerns are echoed in recent publications by the Department of Homeland Security’s Industrial Control System Cyber Emergency Response Team (ICS-CERT).

ICS are often used to control industrial processes, such as manufacturing, product handling, production, and distribution, and is a necessary element to promote business continuity. The main concern expressed by ENISA and ICS-CERT is that prevalent industrial control systems are riddled with varying outdated and un-patched software, leaving them exposed and vulnerable to hackers and cyber-attacks. Mitigating this high risk is critical for maintaining continuity of operations.

Recent SCADA and ICS security incidents greatly emphasize the importance of vigilant observation, analysis, and control of SCADA infrastructures. The ICS-CERT quarterly newsletter entitled Monitor, stated that the response team responded to 198 incidents across all critical infrastructures in 2012. That number was surpassed by May 2013 with energy infrastructures comprising 53 percent of the targeted attacks.  That percentage was up from 41 percent in 2012.


ICS-CERT urges operators to embrace coordination by sharing attack data, specifically indicators of system compromises, and established a secure portal to allow companies to actively engage in protecting critical infrastructure. Through the portal, ICS-CERT was able to identify 10 IP addresses that participated in a recent attack against a gas compressor station. The alert prompted other station owners to investigate their own networks and they eventually reported another 39 IP addresses associated with attacks.

According to ENISA, critical infrastructure companies should employ continual risk-based assessments of cyber security policies to prioritize and tailor recommended guidelines and solutions to fit specific security, business, and operational requirements. ICS-CERT offers recommended practices, vetted by subject-matter experts, to bolster technology security. In addition to these recommended practices, identifying procedural details of computer backups, data restoration methods, and minimum software requirements are crucial to re-establishing technology and business continuity of critical business processes, in the event of an attack.  

There must be a mutual understanding between IT personnel and crisis managers regarding their respective roles, available resources, security efforts, and response measure during cyber disruption events.  The ability to respond to critical incidents and identify root causes are key aspects in the ability to mitigate potential threats. With technology-based incidents, analyzing the deficiencies that led to IT downtime enables countermeasures to be implemented. ENISA offers four key areas that promote investigative capabilities that allow mitigated efforts: These key areas include:

  1. Facilitate integration with existing structures
    • Determine source of evidence of security breach
    • Clarify data retention impact on systems
    • Streamline operational and IT interfaces
  2. Safeguard systems and configurations
    • Deploy security controls
    • Ensure logging controls
  3. Review key roles and responsibilities
  4. Embrace partnership coordination and cooperation


Free resources from TRP Corp: Receive the Example Response Procedures Flow Chart

New Call-to-Action

Tags: ICS, Security plans, Department of Homeland Security, Data Loss, Cyber-Security, Data Backup

Applying FEMA's Core Capabilities to Corporate EHS Programs: Part 1

Posted on Thu, May 09, 2013

According to FEMA, “Preparedness is achieved and maintained through a continuous cycle of planning, organizing, training, equipping, exercising, evaluating and taking corrective action.“ In order to achieve these strategic and tactical environmental, health, and safety (EHS) goals, specific FEMA identified core capabilities can be incorporated into the emergency management program.

In this 5-part series, Applying FEMA's Core Capabilities to Corporate EHS Programs, we will explore the 31 core capabilities identified by FEMA and how they apply to the private sector. The 31 components catalog distinct emergency preparedness elements utilized in national preparedness efforts and frameworks and are broken up into five mission areas: prevention, protection, mitigation, response and recovery. However, the first three FEMA critical capabilities encompass all of the five mission areas. As a result, a successful EHS program should begin with the following core concepts:

Planning:Conduct a systematic process engaging the whole community as appropriate in the development of executable strategic, operational, and/or community-based approaches to meet defined objectives.”

The first critical step in reaching preparedness goals is environmental, health and safety planning. A consistent, company-wide emergency response planning structure delivers common processes for assessing, prioritizing, and responding to incidents. These predetermined  procedures provide a consistent  structure to an EHS program.

Streamlining the systematic process structure enables a cohesive emergency response from company and external  responders, from prevention to recovery. With a detailed plan in place, response objectives and preparedness goals can be met with coordinated operational support and integrated incident response.

Public Information and Warning: “Deliver coordinated, prompt, reliable, and actionable information to the whole community through the use of clear, consistent, accessible, and culturally and linguistically appropriate methods to effectively relay information regarding any threat or hazard, as well as the actions being taken and the assistance being made available, as appropriate.”

The execution of a solid communication plan should begin in the planning phase, not on the verge of, during, or in the aftermath of a disaster. Through planning, a communication plan can be fully integrated into the overall disaster or incident response plan. Communications planning may include contact verifications, training awareness, exercise coordination, incident activation, response notifications, public relations, and other site-specific needs. These efforts must be timely, accurate, and conclusive to bolster the overall company strategic and tactical preparedness objectives.

However,  the lines of two-way communication must extend beyond the planning phase. Effective communications is the bridge to stabilizing a crisis situation. An EHS program must include a communication framework with checklists and response criteria that will guide the decision-making processes to allow for an effective response and recovery, while maximizing safety and minimizing impacts.

As technology and communication methods evolve, companies must make an effort to incorporate accepted systematic formats, mainstream methodology, and digital response tactics into EHS programs. This may mean implementing communications methods through satellite radios, social media, smart phones, and/or cloud-based technologies. Companies must develop processes to assess incoming and outgoing information from multiple sources, organize it systematically, display and relay applicable information for logistical value, communicate essential information to appropriate parties, and store response data in the event it is necessary for further communications.

Operational Coordination: “Establish and maintain a unified and coordinated operational structure and process that appropriately integrates all critical stakeholders and supports the execution of core capabilities.”

Companies should focus its EHS preparedness efforts around the Incident Command System (ICS), which provides the structure for effective management of response resources. The ICS is a standardized management concept designed to enable an integrated response, despite its complexity, response demands, and jurisdictional boundaries.

By integrating a commonly accepted organizational structure and characteristics into a company EHS program, preparedness, communications, training, exercises, and response operations can be coordinated within a unified command. The unified command allows stakeholders, responders, and agencies with different legal, geographic, and functional authorities to work together effectively without affecting individual agency authority, responsibility, or accountability.

The development, comprehension, and practical application of the ICS and an interoperable communications plan streamlines procedures, clarifies responsible parties and reporting relationships, and eliminated confusion caused by multiple, conflicting directives and authorities.

The next blog, Part 2 of the series, will address the core capabilities related to prevention and protection.

For tips and best practices on designing a crisis management program, download Best Practices for Crisis Management.

TRP Corp - Emergency Response Planning Crisis Management

Tags: Emergency Preparedness, Crisis Management, Incident Management, ICS

Hazardous Material Incident Management

Posted on Mon, May 06, 2013

Hazardous materials become most hazardous when they are released. The potential risks associated with hazardous material releases heighten the need for risk-based decision making. As a result, hazardous material incident management should reflect site specific planning, training, and exercises that minimize hazardous material impacts and restrict potential chaos.

  • Response plans should clearly dictate processes and procedures that minimize hazardous material impacts.
  • Training must be aligned with response roles and responsibilities, facility operations, and regulatory requirements. (see Hazard Communication Standard - 29 CFR1910.1200)
  • Exercises should include hazardous material release scenarios that allow response team members to collaborate and communicate assigned roles, responsibilities, and required actions in response to one or more site specific scenarios.

“Hazardous Materials” is a general term intended to mean hazardous substances, pollutants, and contaminants as defined by the National Oil and Hazardous Substances Pollution Contingency Plan (NCP). The term includes blood borne pathogens and infectious disease as defined by OSHA's Blood borne Pathogens Standard (29 CFR 1910.1030).

The potential for harm to individuals, the environment, or the facility may be escalated due to the release of certain hazardous materials. However, expedient and safe cleanup operations can minimize exposures and limit the impact of an incident. Hazardous substance releases must be removed, contained, incinerated, neutralized, or stabilized with the ultimate goal of making the site safer for people or the environment.

Identifying the potential threats and probable incident scenarios enables proper pre-planning. Response procedures and processes can be incorporated into the site-specific plans to proactively facilitate corrective actions in the event of a hazardous release. The following hazardous material incident management concepts should be considered and incorporated in planning, training, and exercising a response:

  • Proper PPE for employees, contractors, and responders
  • Specific waste handling procedures and, if applicable, appropriate contractors
  • Disposal plan in accordance with any federal, state, and/or local regulations
  • Facility-specific disposal locations for different types of materials
  • Continuous tracking of hazardous materials quantities to better estimate amount of waste generated
  • Methods and procedures for waste collection, segregation, storage, transportation, and proper disposal
  • Regulatory review of applicable laws to ensure compliance and appropriate permitting
  • Documentation of all waste handling and disposal activities

From the onset of an incident involving hazardous materials, incident managers should establish specific, measurable objectives for functional response activities. Incident Action Plans (IAPs) are used to guide hazardous response activities and provide a concise means of capturing and communicating the incident manager’s priorities, objectives, strategies, protocol, and tactics  for both operational and support activities.

The incident manager must manage all resources, both internal and external. Unless, a facility has a dedicated, trained, and certified response team, external responders should be identified for hazardous material response operations support. However, the incident manager must maintain clear communication of response objectives as to eliminate confusion caused by multiple, conflicting directives and authorities.

The level of detail required in IAPs  varies with each scenario. However, plans should facilitate the sharing of critical incident status information. Because hazardous material incident parameters may continually evolve, IAPs must be revised on a regular basis (at least once per operational period) to maintain consistent, up-to-date guidance for incoming responders or management.

At each phase of a response, the incident manager should perform critical assessments and specify clear operational objectives to responsible parties, eliminating potential confusion caused by multiple, conflicting directives and authorities. Through proper preparedness planning and cleanup and disposal procedures, hazardous material management planning can limit environmental liability, and as an effect, minimize additional immediate and long-term financial burdens.

New Call-to-Action

Tags: HAZCOM, ICS, Emergency Management Program, HAZWOPER

The Incident Action Plan Begins with Incident Command

Posted on Mon, Apr 29, 2013

The Incident Command System (ICS) is a tool used to standardize on-scene, all-hazards incident management. ICS allows for the integration of facilities, equipment, personnel, procedures, and communications, operating within a common organizational structure for more effective incident response. Utilizing ICS allows Incident Commanders (IC) to develop incident-specific strategic objectives and facilitate response procedures to ensure a streamlined, effective, and safe response.

The incident may dictate response plan modifications. Early incident evaluations enable the IC to evaluate and determine the appropriate activation level of site personnel, prescribe the necessary sequence of events, and implement appropriate processes. Number of personnel required to staff an onsite Emergency Response Team will depend on the facility operations, and size and complexity of the incident.

Corporate response structures should reflect ICS principles, yet a facility's IC should be authorized the flexibility to modify a response and organizational structure as necessary to accomplish the incident response mission. As a result, company procedures may be altered to align within the context of the ICS and address a particular hazard scenario.

The Incident Commander should be responsible for directing the response activities and be trained to assume the duties of all the primary positions until the role(s) can be handed off to assigned response team members, or delegated to other qualified personnel. The more knowledgeable individuals are of their response roles and responsibilities, the better prepared a team can be to implement a streamlined response. Effective incident command should be maintained from the beginning to the end of operations, particularly if command is transferred. Any lapse in the continuity of command and the transfer of information may reduce the effectiveness of the response.

Incident Commander responsibilities may include, but are not limited to:

  • Activate the Emergency Response team
  • Activate additional response contractors and local resources
  • Evaluate the severity, potential impact, safety concerns, and response requirements based on the initial information provided by the first person on-scene.
  • Confirm safety aspects at site, including need for personal protective equipment,  ignition sources, and potential need for evacuation.
  • Communicate and provide incident briefings to company superiors, as appropriate.
  • Coordinate/complete additional internal and external notifications.
  • Communicate with Emergency Response Team, as the situation demands
  • Direct response and cleanup operation

Priorities of an Incident Commander should include, but are not limited to the following:

Early evaluation and continual incident updates: Through early and continual progress evaluations of current conditions, the IC can establish and alter an incident action plan to counteract the circumstances. The consideration of population and responder safety should be incorporated into every evaluation, response tactic, and impact forecast.

Effective communications: The ability to receive and transmit information, obtain reports to maintain situational awareness, and communicate with all components within the incident response organization is essential to ensure effective supervision and effective response controls.

Strategic decisions: The response team’s risk level is driven by incident circumstances and impeding response strategy. An offensive strategy places members in interior positions where they are likely to have direct contact with the incident or hazard. While an offensive strategy may result in a more timely response, the IC must ensure the team’s training level is adequate  with this type of approach. A defensive strategy removes members from interior positions and high-risk activities. The defensive approach may minimize incident escalations until properly trained responders arrive at the scene. The IC, in conjunction with the response plan, may assign basic positioning and functions of internal and external responders and allocates necessary resources at the scene or emergency incident.

Tactical-level management: Tactical response management centers around the tactics used to implement the strategy. The IC may utilize tactical-level management from within the facility or from an off-site command center. Tactical response team members may include operational, communications, safety manager, liaison officers, and/or other managing supervisors. The response team is able to monitor responders while the response is being done and can provide the necessary support. However, it is the responsibility of the IC to ensure tactical objectives are completed effectively. The initial objective priorities of tactical management should include:

  • Removing endangered occupants (evacuation or shelter in place), and attend to injured individuals
  • Stabilizing the incident to minimize expansion
  • Providing for the safety, accountability, and welfare of personnel
  • Protecting the environment
  • Protecting property

For tips and best practices on designing a crisis management program, download Tips for Effective Exercises.

Exercises - TRP Corp

Tags: Incident Action Plan, Emergency Management, Response Plans, Incident Management, ICS, Disaster Recovery