Imagine trying to contain a massive wildfire such as the recent California brush fires. Now imagine that it is the early 1970s and you have 50-plus firefighters reporting to you with no coordination with other agencies, and a lack of information compounded by inadequate communications technology. This is the reality that helped facilitate the development of the Incident Command System (ICS). The Incident Command System is a disaster recovery (DR) and business continuity (BC) system designed to meet any size disaster, and to be used by any agency for day-to-day operations and emergencies. Implementing this system in a company's DR and BC plans can help provide standardized structure and organization to help prevent unnecessary disasters.
The core objective of the ICS was to have a standardized disaster recovery system so personnel from a variety of agencies could rapidly meld into a common structure. Eventually, ICS evolved into a comprehensive core component of the National Incident Management System (NIMS) -- the backbone of preparedness and response for all federal agencies with incident management responsibilities, including FEMA and the Department of Homeland Security.
The ICS and the parent NIMS are a structured and consistent nationwide template. This template is designed to enable federal, state and local governments, nongovernmental organizations (NGOs) and the private sector to work together to protect and recover from all types and sizes of disasters.
The NIMS template has a detailed framework of consistent terminology and outlines the roles and response structures for all hazards, covering how to act and respond to any type of incident.It does not address the operational or resource plans and should be used as the foundation for these additional plans. NIMS is highly scalable from the smallest localized incident such as a business medical or fire emergency to the largest of disasters such as the 35W bridge collapse in Minneapolis, Minn. It outlines a best practice approach to managing and coordinating responding resources, agencies and roles. It also defines the specific roles and responsibilities that all organizations should use to remain consistent and seamless with other responders.
Using ICS and NIMS in disaster recovery and business continuity planning
In disaster recovery and business continuity planning, the Incident Command System provides a standardized incident staffing structure with defined roles and responsibilities. This enables every disaster recovery responder, at any stage of the disaster or recovery phases, to step in and become a productive team member without significant delay.
Based on the after action reports of disasters such as Sept. 11 and the Minneapolis 35W bridge collapse, ICS/NIMS has proven to be an effective businesses contingency management tool. The adoption of this system continues to spread among all state and local agencies, including most police and fire departments.
But few businesses are aware of the value of ICS/NIMS, and even fewer have embraced ICS within their own business continuity plans. In fact, most business continuity plans already contain the basic components of NIMS (preparedness, communications, resource and command management, and ongoing maintenance), so they only need to make minor changes to be in alignment.
ICS and NIMS and their value to your organization
Implementing the ICS and NIMS systems into your DR and BC plans is a simple process and can add significant value and ease to your organization's DR planning. When an incident occurs within an organization, responders from the company will begin implementing their business contingency plans. Depending upon the incident, this response could be as simple as a call to 911, or a full-scale evacuation and declaration of disaster. Regardless, the agencies responding will be using their training on NIMS to coordinate and manage their response, including team member roles.
As the private sector emergency manager on scene, it is critical that one integrates their team into this structure immediately by providing an accurate Incident Action Plan that concisely describes the overall incident priorities, objectives, strategies and tactics surrounding both operational and support activities underway.
As an incident expands or continues, the business continuity team will be responsible for providing a greater role in supporting the responding agencies' information needs, logistics, etc. Just as with internal plans, the roles played by the company staff must be understood and practiced to ensure clear expectations, communications and actions.
Putting this system into practice will require additional staff training on ICS, exercises, drills and disaster recovery plan revisions -- all tasks that most DR managers already perform. Making ICS and NIMS work within an IT organization, specifically in disaster scenarios, is a commitment to enforcing structure.
Regardless of one's viewpoint of the government's abilities to respond, it is an organization's responsibility to understand and integrate the ICS and NIMS systems into their own business contingency plans. Jeremy Klein, support services manager for the City of Eagan, Minn., Police Department explained the significance of the ICS and NIMS systems, and said "It's important for the private sector to keep in mind that they continue to have responsibilities even while first responders are dealing with an incident at their facility [possibly providing representation in unified command, handling continuity of operations issues, initiating business recovery activities, etc.] … and while a large haz-mat facility might be an example of a conventional use of ICS it's application can just as easily be applied to shipping, human resources, or any other type of business for managing an incident that doesn't fit into normal operations."
About this author: Ken Koch is a recognized leader in contingency activities critical to mitigation, preparation, planning and recovery from manmade and natural threats. Koch is a frequently speaks at seminars and private events. He is also industry topical writer and instructor/educator and business continuity consultant. Since founding his own firm in 1997, he has assisted both public and private sector clients with risk assessment, exercise planning and evaluations and staff training along with declared disaster recovery situations.