FEMA and Your Business Continuity Plan

I passed the ROUTE exam a few days/weeks/months/something ago and decided to pursue certifications of another sort for a while. The wife and I are trying our best to help the community through our ham radio training, so I decided to go down that path a bit further. One thing I was interested in doing is to do EmComm during declared emergencies. That meant I had to take two FEMA courses online to be allowed in the EOC. I thought they would be terribly boring, but I found them to be quite familiar.

The first course was on the Incident Command System (ICS). The main idea is that, in the event of an emergency of any kind or size, an Incident Commander (IC) is assigned to be responsible for the recovery effort.  This mean analysis of the incident, generating an action plan (a very key component), and execution of said plan. If the IC can complete the action plan by himself, then off he goes. If he or she needs some additional resources like people or equipment, then he or she is empowered to draft that help from any entity that’s involved.

Another one of the big points of ICS is that a disaster response is distanced from day-to-day work.  That is, when you’re working in a response capacity, your day-job boss isn’t your boss (unless he happens to be your manager in the ICS).  ICS also gets rids of the whole dotted-line organizational structure.  This is called unity of command and supports a single objective work model.  No more being yelled at by 7 managers for not have a cover page on your TPS report.

Does this not sound like a great system reacting to a DR event? The IC in this case could be a product owner and that person would evaluate the situation, create a detailed action plan, draft personnel as needed, etc. It’s the IC’s job to figure out what needs to be done and what resources are need. If he or she calls you, you report to him or her today. Your day-to-day boss can’t pull you off to work on other things; this is a response situation that the business has blessed and is deemed a higher priority than your daily work. Very powerful stuff.

The second course I took was and introduction to the National Incident Management System (NIMS). The whole point of NIMS is to create a system that supports intra- and inter-departmental communication. At a very high level, this means using plain language and putting things in writing beforehand. We’ve all been told to “talk to Bill about that” and Bill tells you to call Mary.  NIMS dictates that we should have a document that says exactly what each is responsible for during a response. It tells us what Bill and Mary are supposed to be doing so we don’t have to guess. It’s better to know what everyone is doing than to guess or, even worse, assume what everyone is doing.

What if your product owner says we need to roll to the alternate data center? What does that really mean? Will most of your time be spent flopping around like a fish because you don’t know what’s going on? Do you have a list of outside entities (like your ISP or VAR) whose help will be needed during a DR incident? How about a definition of success? Do you have a plan to roll back when your recover from the disaster? Do you have a list of of tasks to get operations rolling at the alternate data center? Do you need to get your marketing department to send out messages to customers or update your website? Do you even have the criteria for declaring a disaster? Can I ask any more questions? NIMS tells us that we need to answer all those questions (and more) BEFORE the disaster happens. Let me say that again — BEFORE the disaster happens.

I recommend you take the ICS and NIMS training from FEMA. It’s obviously going to be focused on physical disasters, but the ideas apply pretty broadly. Each class takes 3 or 4 hours to finish and is broken up into sections, so you don’t have to do it all at once. There’s an exam at the end, but that’s obviously not a requirement (unless you need the cert like I did). The training is absolutely free and doesn’t require you to log in or anything.  And get your ham radio license.  🙂

Send any new HTs questions my way.

Aaron Conaway

I shake my head around sometimes and see what falls out. That's what lands on these pages.

More Posts

Follow Me:
Twitter

3 comments for “FEMA and Your Business Continuity Plan

  1. James
    September 16, 2014 at 3:38 pm

    Great write up. ICS is great to get a handle on things in life as well.

    -73
    KF6VWH

  2. February 1, 2015 at 1:12 am

    Congrats on passing ROUTE exam! Business Continuity Plan is a huge topic. I had a flavour of it a couple of days ago. It requires a lot of logical thinking and common sense. I’d roughly compare it to CISSP.

  3. Brett
    May 19, 2015 at 12:26 pm

    This explanation does not make any $ents whatsoever. It makes do11@r$!.
    Sup A.C. former employee Brett that used to work at Verifone with you in Alpharetta, GA. here. Great explanation. Need to do a site on Juniper. Hope you passed the CCIE R&S or JNCIE. Peace.

Leave a Reply

Your email address will not be published. Required fields are marked *