Real words or buzzwords?: Situational Awareness – Part 7

June 5, 2018
Modern day incident response deserves the help that modern technology can provide but doesn't yet

Editor’s note: This is the 27th article in the “Real Words or Buzzwords?” series from SIW contributor Ray Bernard about how real words can become empty words and stifle technology progress.

The previous (sixth) article on Situational Awareness (SA) defined today’s requirements for situational awareness, which are vastly different than those provided by the security systems of previous decades.

This, the final article in the series on situational awareness, takes a look at some of the overall security system functional requirements for SA that are needed to support – for example – the Hospital Incident Command System (HICS) and the Incident Command System for Schools (FEMA free interactive web based course).

The guidance for both incident command systems have two new elements that earlier incident command system (ICS) guidance lacked:

  • Flexible Application. Adjusting the application of the ICS to fit the incident rather than filling all the positions on the incident command system chart mechanically, without regard to the nature of the incident, its dynamics and the need for the availability of resources.
  • Everyday Use. Using the incident command for non-emergency events. This solves the problem that occurs with most emergency planning: the emergency management system is documented and drilled maybe once, the manuals sit on the shelf gathering dust, while the initial training fades from memory. When an incident occurs, few people remember what to do.

These two points are great advice and constitute a very significant improvement in the way incident command systems are used. The HICS Guidebook 2014 states:

  • Some hospitals only see HICS as a system to manage emergency incidents. However, the modular design and flexibility of HICS lends itself to managing non-emergency incidents or events, such as moving patients within the facility, dispensing medication to hospital staff, annual influenza vaccination programs, or hosting a large hospital or community event.
  • HICS is not meant to replace the everyday organization design. The HICS organization structure frequently does not correlate to the daily administrative structure of the hospital. This practice is purposeful and done to reduce role and title confusion.
  • The application and adaptation of HICS to the individual hospital requires education and training to produce proficiency and competency. Once mastered, it provides an easy-to use framework to manage any incident.

Similarly, the Introduction to the Incident Command System for Schools (online at FEMA, downloadable PDF format) says:

“ICS for Schools can be used to manage any of the following types of incidents:

  • Disasters, such as fires, tornadoes, floods, ice storms, or earthquakes.
  • Disease outbreaks and prevention measures.
  • Search operations for a missing student.
  • Hazardous materials accidents in chemistry labs.
  • Hostile intruders or other criminal acts.
  • Planned events, such as school drills, festivals, sporting events, and graduations.”

Using the ICS framework for non-emergency events would be a snap if it didn’t require a significant mental leap because the ICS organization structure often does not correlate easily to the daily administrative structure of hospitals, schools and other organizations. To date, training has been the only means for overcoming that hurdle, and that factor has constrained the application of incident command systems. This was understandable 20 years ago but is inexcusable today, given information technology capabilities.

Situational Awareness, ICS and Today’s Technology

Here we are more than two decades after the birth of the World Wide Web, a decade after Apple reinvented the smartphone and a decade after Google’s CEO Eric Schmidt coined the term “cloud computing.” Every day in the U.S., over 200 million smartphone users work and live differently than they did a decade or so ago, thanks to the power of intelligent automated systems that make what used to be difficult, time-consuming and memory-dependent tasks quick and easy. Today, modern-day analytics and information technology systems bring situational awareness and elevated operational control to many aspects of an organization’s daily operations.

Modern day incident response deserves the help that modern technology can provide but doesn’t yet. Filling this void is one of the great security industry opportunities of our time.

What roles would technology play if we updated our “thinking caps” for modern-day application of the Incident Command System?

Multi-Point Situational Awareness

Situational awareness for major incident response must address the roles, responsibilities and objectives of the response team members (as well as other stakeholders), in the context of the incident timeline of their response actions. Each individual team member has decision-action response steps to perform, nearly all of which have situational awareness elements that are not in direct sight.

This is why I assert that the objective for security system situational awareness capabilities should be “Full Situational Awareness” (Full SA) – which means that everyone involved has the full level of situational awareness that they need to evaluate, decide and take action according to their own response roles, responsibilities and objectives.

Follow along with me below as we take a close look at the situational awareness support required across the scope of the Hospital Incident Management Team (HIMT) members – each of whom will need one or more dashboards to depict at-a-glance the current status of impacted people and assets, incident response efforts, and response resources as they relate to their responsibilities and objectives.

  1. Look closely at the situational awareness factors involved as shown in this diagram, introduced in the first article of this series, which shows the three aspects (levels) of situational awareness that must be supported relating to the responder’s roles, responsibilities and objectives.
  2. Now, open the HIMT Chart, look at the top level of the chart, and read each of the specialty areas listed in tiny print next to the Medical-Technical Specialists box. These are specialist areas whose expertise the Incident Commander may need to support his or her evaluations and decisions. Consider that each of these specialists will need situational awareness of the unfolding incident, within the timeline context – and so will the Incident Commander, to determine what specialist support is needed.
  3. Next, consider that there are four Section Chiefs (Operations, Planning, Logistics and Finance/Administration) who oversee and coordinate the efforts of potentially nearly 60 directors, managers, and unit leaders with their own set of responsibilities and objectives – plus the unit personnel they direct. They have their own situational awareness requirements. How much of the HIMT is applicable, and how many people it takes to adequately cover the applicable roles and responsibilities, will vary depending upon the nature of the incident and scale of the response required.

Hopefully, this little review gives you an idea of the scope for which situational awareness is required. Additionally, there are activity logs, private messages, decisions, individual and group notifications, check-ins, check-outs, workflows and many other administrative dimensions of response actions and activities. These can easily be messy and incomplete with a mix of paper-based plus email/text-based data collection – i.e. the current state – but which can be exact, complete and of forensic quality when supported appropriately by information systems.

Full Situational Awareness Makes a Critical Difference

The contributions that SA can make require a bit of thinking. Full SA can make the difference between being properly prepared and under-prepared or over-prepared for critical activities. When resources are in short supply, these can make life-saving differences. The speed of many response actions can be significantly accelerated if all needed information is instantly available, as opposed to having to use email, radio, telephone and other means to get a picture of current and projected status.

If you are responsible for evacuating multiple at-risk areas of a facility, with evacuees slated to be moved to multiple safe areas so that time-critical chemical containment actions can be performed, think of the difference it will make to the speed of chemical containment execution, if the evacuation team members could all have real-time map-based location status of every evacuee and evacuation team member.

Wouldn’t you like to know very early on that double the number of people you expected need special evacuation assistance – as opposed to learning about it because the chemical containment crew is complaining they can’t begin their work? Wouldn’t you instead like to inform the containment crew that they can begin ahead of schedule?

Across the full breadth and depth of response consider what the impact of Full SA can be at all levels of the response command hierarchy. Think of how Full SA can help external responders like police, fire, and emergency medical services coming to your facility or event area.

Automating and Time Line Support

Automated reminders – based on the planned incident response timeline – can contain progress status and resource availability status – with action buttons for requesting the exact additional resources needed. Automated notifications can inform responders dependent upon certain actions, whether those actions are on schedule, ahead of schedule, or right on time. Command-level personnel can be informed of the aggregate response risk picture, whether any critical elements of response are at risk, and whether risk factors are increasing or decreasing well before a critical limit is reached. Request approvals can be quickly routed and escalated to alternate deciders, based upon at-the-moment availability and prioritized according to critical time or risk factors.

Each step of a workflow can be performed from a fully-informed perspective. Each decision-maker can act from a well-informed understanding that includes the full incident context – and action orders can be communicated instantly to all affected parties.

After-Action Reports and Recommendations

With a fully accurate timeline of incident status and response actions, and full incident contextual information regarding response shortcomings or resource shortages, an after-action performance analysis can be quick and accurate, and the after-action report can be highly informative and insightful.

Situational Awareness Conclusion

If you consider each individual system element that is required to provide Full Situational Awareness to all security/emergency/safety response stakeholders, you can find examples of the capabilities needed within the cloud-based systems that are currently in daily use. The automotive industry has self-driving cars, but what do we have of the same caliber of innovation for the security industry? I contend that individual products whose integration capabilities can fully support the operational requirements of the Hospital Incident Command System and the Incident Command System for Schools, are the next category of innovation that will raise the security industry to a new level of real risk reduction.

The auto industry has reduced traffic accidents by more than 25% in recent years, with a target reduction of zero death on their agenda, based upon autonomous driving and assisted-driving technologies.

Let’s make a similarly significant impact in emergency response efforts by making Full Situational Awareness capabilities a reality. It’s an industry team effort worth making.

About the Author:

Ray Bernard, PSP CHS-III, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities ( He is the author of the Elsevier book Security Technology Convergence Insights available on Amazon. Mr. Bernard is a Subject Matter Expert Faculty of the Security Executive Council (SEC) and an active member of the ASIS International member councils for Physical Security and IT Security.