Chapter I NIMS - Introduction and Overview A. INTRODUCTION. Since the September 11, 2001, attacks on the World Trade Center and the Pentagon, much has been done to improve prevention, preparedness, response, recovery, and mitigation capabilities and coordination processes across the country. A comprehensive national approach to incident management, applicable at all jurisdictional levels and across functional disciplines, would further improve the effectiveness of emergency response providers1 and incident management organizations across a full spectrum of potential incidents and hazard scenarios. Such an approach would also improve coordination and cooperation between public and private entities in a variety of domestic incident management activities. For purposes of this document, incidents can include acts of terrorism, wildland and urban fires, floods, hazardous materials spills, nuclear accidents, aircraft accidents, earthquakes, hurricanes, tornadoes, typhoons, war- related disasters, etc. On February 28, 2003, the President issued Homeland Security Presidential Directive (HSPD)-5, which directs the Secretary of Homeland Security to develop and administer a National Incident Management System (NIMS). According to HSPD-5: "This system will provide a consistent nationwide approach for Federal, State,2 and local3 governments to work effectively and efficiently together to prepare for, respond to, and recover from domestic incidents, regardless of cause, size, or complexity. To provide for interoperability and compatibility among Federal, State, and local capabilities, the NIMS will include a core set of concepts, principles, terminology, and technologies covering the incident command system; multiagency coordination systems; unified command; training; identification and management of resources (including systems for classifying types of resources); qualifications and certification; and the collection, tracking, and reporting of incident information and incident resources." While most incidents are generally handled on a daily basis by a single jurisdiction at the local level, there are important instances in which successful domestic incident management operations depend on the involvement of multiple jurisdictions, functional agencies, and emergency responder disciplines. These instances require effective and efficient coordination across this broad spectrum of organizations and activiaties. The NIMS uses a systems approach to integrate the best of existing processes and methods into a unified national framework for incident management.This framework forms the basis for interoperability and compatibility that will, in turn, enable a diverse set of public and private organizations to conduct well-integrated and effective incident management operations. It does this through a core set of concepts, principles procedures, organizational processes, terminology, and standards requirements applicable to a broad community of NIMS users. B. CONCEPTS AND PRINCIPLES. To provide this framework for interoperability and compatibility, the NIMS is based on an appropriate balance of flexibility and standardization. 1. Flexibility. The NIMS provides a consistent, flexible, and adjustable national framework within which government and private entities at all levels can work together to manage domestic incidents, regardless of their cause, size, location, or complexity. This flexibility applies across all phases of incident management: prevention, preparedness, response, recovery, and mitigation. 2. Standardization. The NIMS provides a set of standardized organizational structures—such as the Incident Command System (ICS), multiagency coordination systems, and public information systems—as well as requirements for processes, procedures, and systems designed to improve interoperability among jurisdictions and disciplines in various areas, including: training; resource management; personnel qualification and certification; equipment certification; communications and information management; technology support; and continuous system improvement. C. OVERVIEW. The NIMS integrates existing best practices into a consistent, nationwide approach to domestic incident management that is applicable at all jurisdictional levels and across functional disciplines in an all-hazards context. Six major components make up this systems approach. Each is addressed in a separate chapter of this document. Of these components, the concepts and practices for Command and Management (Chapter II) and Preparedness (Chapter III) are the most fully developed, reflecting their regular use by many jurisdictional levels and agencies responsible for incident management across the country. Chapters IV-VII, which cover Resource Management, Communications and Information Management, Supporting Technologies, and Ongoing Management and Maintenance, introduce many concepts and requirements that are also integral to the NIMS but that will require further collaborative development and refinement over time. 1. NIMS Components. The following discussion provides a synopsis of each major component of the NIMS, as well as how these components work together as a system to provide the national framework for preparing for, preventing, responding to, and recovering from domestic incidents, regardless of cause, size, or complexity. A more detailed discussion of each component is included in subsequent chapters of this document. a. Command and Management. NIMS standard incident command structures are based on three key organizational systems: (1) The ICS. The ICS defines the operating characteristics, interactive management components, and structure of incident management and emergency response organizations engaged throughout the life cycle of an incident; (2) Multiagency Coordination Systems. These define the operating characteristics, interactive management components, and organizational structure of supporting incident management entities engaged at the Federal, State, local, tribal, and regional levels through mutual-aid agreements and other assistance arrangements; and (3) Public Information Systems. These refer to processes, procedures, and systems for communicating timely and accurate information to the public during crisis or emergency situations. b. Preparedness. Effective incident management begins with a host of preparedness activities conducted on a "steady-state" basis, well in advance of any potential incident. Preparedness involves an integrated combination of planning, training, exercises, personnel qualification and certification standards, equipment acquisition and certification standards, and publication management processes and activities. (1) Planning. Plans describe how personnel, equipment, and other resources are used to support incident management and emergency response activities. Plans provide mechanisms and systems for setting priorities, integrating multiple entities and functions, and ensuring that communications and other systems are available and integrated in support of a full spectrum of incident management requirements. (2) Training. Training includes standard courses on multiagency incident command and management, organizational structure, and operational procedures; discipline- specific and agency-specific incident management courses; and courses on the integration and use of supporting technologies. (3) Exercises. Incident management organizations and personnel must participate in realistic exercises—including multidisciplinary, multijurisdictional, and multisector interaction—to improve integration and interoperability and optimize resource utilization during incident operations. (4) Personnel Qualification and Certification. Qualification and certification activities are undertaken to identify and publish national-level standards and measure performance against these standards to ensure that incident management and emergency responder personnel are appropriately qualified and officially certified to perform NIMS- related functions. (5) Equipment Acquisition and Certification. Incident management organizations and emergency responders at all levels rely on various types of equipment to perform mission essential tasks. A critical component of operational preparedness is the acquisition of equipment that will perform to certain standards, including the capability to be interoperable with similar equipment used by other jurisdictions. (6) Mutual Aid. Mutual-aid agreements are the means for one jurisdiction to provide resources, facilities, services, and other required support to another jurisdiction during an incident. Each jurisdiction should be party to a mutual-aid agreement with appropriate jurisdictions from which they expect to receive or to which they expect to provide assistance during an incident. (7) Publications Management. Publications management refers to forms and forms standardization, developing publication materials, administering publications—including establishing naming and numbering conventions, managing the publication and promulgation of documents, and exercising control over sensitive documents—and revising publications when necessary. c. Resource Management. The NIMS defines standardized mechanisms and establishes requirements for processes to describe, inventory, mobilize, dispatch, track, and recover resources over the life cycle of an incident. d. Communications and Information Management. The NIMS identifies the requirement for a standardized framework for communications, information management (collection, analysis, and dissemination), and information- sharing at all levels of incident management. These elements are briefly described as follows: (1) Incident Management Communications. Incident management organizations must ensure that effective, interoperable communications processes, procedures, and systems exist to support a wide variety of incident management activities across agencies and jurisdictions. (2) Information Management. Information management processes, procedures, and systems help ensure that information, including communications and data, flows efficiently through a commonly accepted architecture supporting numerous agencies and jurisdictions responsible for managing or directing domestic incidents, those impacted by the incident, and those contributing resources to the incident management effort. Effective information management enhances incident management and response and helps insure that crisis decision- making is better informed. e. Supporting Technologies. Technology and technological systems provide supporting capabilities essential to implementing and continuously refining the NIMS. These include voice and data communications systems, information management systems (i.e., record keeping and resource tracking), and data display systems. Also included are specialized technologies that facilitate ongoing operations and incident management activities in situations that call for unique technology-based capabilities. f. Ongoing Management and Maintenance. This component establishes an activity to provide strategic direction for and oversight of the NIMS, supporting both routine review and the continuous refinement of the system and its components over the long term. 2. Appendices. The appendices to this document provide additional system details regarding the ICS and resource typing. Chapter II NIMS - Command and Management This chapter describes the systems used to facilitate domestic incident command and management operations, including the ICS, multiagency coordination systems, and the Joint Information System (JIS). Additional details on incident command and management are contained in Appendix A. A. INCIDENT COMMAND SYSTEM. The ICS is a management system designed to enable effective and efficient domestic incident management by integrating a combination of facilities, equipment, personnel, procedures, and communications operating within a common organizational structure, designed to enable effective and efficient domestic incident management. A basic premise of ICS is that it is widely applicable. It is used to organize both near-term and long-term field-level operations for a broad spectrum of emergencies, from small to complex incidents, both natural and manmade. ICS is used by all levels of government—Federal, State, local, and tribal—as well as by many private-sector and nongovernmental organizations. ICS is also applicable across disciplines. It is normally structured to facilitate activities in five major functional areas: command, operations, planning, logistics, and finance and administration. Acts of biological, chemical, radiological, and nuclear terrorism represent particular challenges for the traditional ICS structure. Events that are not site specific, are geographically dispersed, or evolve over longer periods of time will require extraordinary coordination between Federal, State, local, tribal, private-sector, and nongovernmental organizations. An area command may be established to oversee the management of such incidents. (See Appendix A, Tab 6.) 1. Concepts and Principles. a. Most Incidents Are Managed Locally. The initial response to most domestic incidents is typically handled by local " 911" dispatch centers, emergency responders within a single jurisdiction, and direct supporters of emergency responders. Most responses need go no further. In other instances, incidents that begin with a single response discipline within a single jurisdiction may rapidly expand to multidiscipline, multijurisdictional incidents requiring significant additional resources and operational support. Whether for incidents in which additional resources are required or are provided from different organizations within a single jurisdiction or outside the jurisdiction, or for complex incidents with national-level implications (such as an emerging infectious disease or a bioterror attack), the ICS provides a flexible core mechanism for coordinated and collaborative incident management. When a single incident covers a large geographical area, multiple local ICS organizations may be required. Effective cross-jurisdictional coordination using processes and systems described in the NIMS is absolutely critical in this instance. b. The NIMS Requires That Field Command and Management Functions Be Performed in Accordance with a Standard Set of ICS Organizations, Doctrine, and Procedures. However, Incident Commanders generally retain the flexibility to modify procedures or organizational structure to align as necessary with the operating characteristics of their specific jurisdictions or to accomplish the mission in the context of a particular hazard scenario. c. ICS Is Modular and Scalable. ICS is designed to have the following operating characteristics; it should be >suitable for operations within a single jurisdiction or single agency, a single jurisdiction with multiagency involvement, or multiple jurisdictions with multiagency involvement; >applicable and acceptable to users throughout the country; >readily adaptable to new technology; >adaptable to any emergency or incident to which domestic incident management agencies would be expected to respond; and >have a scalable organizational structure that is based on the size and complexity of the incident. d. ICS Has Interactive Management Components. These set the stage for effective and efficient incident management and emergency response. e. ICS Establishes Common Terminology, Standards, and Procedures that Enable Diverse Organizations to Work Together Effectively. These include a standard set of predesignated organizational elements and functions, common names for resources used to support incident operations, common "typing" for resources to reflect specific capabilities, and common identifiers for facilities and operational locations used to support incident operations. f. ICS Incorporates Measurable Objectives. Measurable objectives ensure fulfillment of incident management goals. Objective-setting begins at the top and is communicated throughout the entire organization. g. The Implementation of ICS Should Have the Least Possible Disruption On Existing Systems and Processes. This will facilitate its acceptance across a nationwide user community and to insure continuity in the transition process from normal operations. h. ICS Should Be User Friendly and Be Applicable Across a Wide Spectrum of Emergency Response and Incident Management Disciplines. This will enable the communication, coordination, and integration critical to an effective and efficient NIMS. 2. Management Characteristics. ICS is based on proven management characteristics. Each contributes to the strength and efficiency of the overall system. a. Common Terminology. ICS establishes common terminology that allows diverse incident management and support entities to work together across a wide variety of incident management functions and hazard scenarios. This common terminology covers the following: (1) Organizational Functions. Major functions and functional units with domestic incident management responsibilities are named and defined. Terminology for the organizational elements involved is standard and consistent. (2) Resource Descriptions. Major resources—including personnel, facilities, and major equipment and supply items—used to support incident management activities are given common names and are "typed" with respect to their capabilities, to help avoid confusion and to enhance interoperability. The process for accomplishing this task is specified in Chapter IV. (3) Incident Facilities. Common terminology is used to designate the facilities in the vicinity of the incident area that will be used in the course of incident management activities. b. Modular Organization. The incident command organizational structure develops in a top-down, modular fashion that is based on the size and complexity of the incident, as well as the specifics of the hazard environment created by the incident. When needed, separate functional elements can be established, each of which may be further subdivided to enhance internal organizational management and external coordination. Responsibility for the establishment and expansion of the ICS modular organization ultimately rests with the Incident Commander (IC), who bases these on the requirements of the situation. As incident complexity increases, the organization expands from the top down as functional responsibilities are delegated. Concurrently with structural expansion, the number of management positions expands to adequately address the requirements of the incident. c. Management by Objectives. Management by objectives represents an approach that is communicated throughout the entire ICS organization. This approach includes the following: >establishing overarching objectives; >developing and issuing assignments, plans, procedures, and protocols; >establishing specific, measurable objectives for various incident management functional activities, and directing efforts to attain them, in support of defined strategic objectives; and >documenting results to measure performance and facilitate corrective action. d. Reliance on an Incident Action Plan. Incident action plans (IAPs) provide a coherent means of communicating the overall incident objectives in the contexts of both operational and support activities. e. Manageable Span of Control. Span of control is key to effective and efficient incident management. Within ICS, the span of control of any individual with incident management supervisory responsibility should range from three to seven subordinates. The type of incident, nature of the task, hazards and safety factors, and distances between personnel and resources all influence span-of-control considerations. f. Predesignated Incident Locations and Facilities. Various types of operational locations and support facilities are established in the vicinity of an incident to accomplish a variety of purposes, such as decontamination, donated goods processing, mass care, and evacuation. The IC will direct the identification and location of facilities based on the requirements of the situation at hand. Typical predesignated facilities include incident command posts, bases, camps, staging areas, mass casualty triage areas, and others, as required. For a more complete discussion of predesignated locations and facilities, see Appendix A, Tab 7. g. Comprehensive Resource Management. Maintaining an accurate and up-to-date picture of resource utilization is a critical component of domestic incident management. Resource management includes processes for categorizing, ordering, dispatching, tracking, and recovering resources. It also includes processes for reimbursement for resources, as appropriate. Resources are defined as personnel, teams, equipment, supplies, and facilities available or potentially available for assignment or allocation in support of incident management and emergency response activities. h. Integrated Communications. Incident communications are facilitated through the development and use of a common communications plan and interoperable communications processes and architectures. This integrated approach links the operational and support units of the various agencies involved and is necessary to maintain communications connectivity and discipline and enable common situational awareness and interaction. Preparedness planning must address the equipment, systems, and protocols necessary to achieve integrated voice and data incident management communications. i. Establishment and Transfer of Command. The command function must be clearly established from the beginning of incident operations. The agency with primary jurisdictional authority over the incident designates the individual at the scene responsible for establishing command. When command is transferred, the process must include a briefing that captures all essential information for continuing safe and effective operations. j. Chain of Command and Unity of Command. Chain of command refers to the orderly line of authority within the ranks of the incident management organization. Unity of command means that every individual has a designated supervisor to whom they report at the scene of the incident. These principles clarify reporting relationships and eliminate the confusion caused by multiple, conflicting directives. Incident managers at all levels must be able to control the actions of all personnel under their supervision. k. Unified Command. In incidents involving multiple jurisdictions, a single jurisdiction with multiagency involvement, or multiple jurisdictions with multiagency involvement, unified command allows agencies with different legal, geographic, and functional authorities and responsibilities to work together effectively without affecting individual agency authority, responsibility, or accountability. l. Accountability. Effective accountability at all jurisdictional levels and within individual functional areas during incident operations is essential. To that end, the following principles must be adhered to: (1) Check-In. All responders, regardless of agency affiliation, must report in to receive an assignment in accordance with the procedures established by the IC. (2) Incident Action Plan. Response operations must be directed and coordinated as outlined in the IAP. (3) Unity of Command. Each individual involved in incident operations will be assigned to only one supervisor. (4) Span of Control. Supervisors must be able to adequately supervise and control their subordinates, as well as communicate with and manage all resources under their supervision. (5) Resource Tracking. Supervisors must record and report resource status changes as they occur. TOP m. Deployment. Personnel and equipment should respond only when requested or when dispatched by an appropriate authority. n. Information and Intelligence Management. The incident management organization must establish a process for gathering, sharing, and managing incident-related information and intelligence. 3. ICS Organization and Operations. a. Command and General Staff Overview. The ICS organization has five major functions. These are: command, operations, planning, logistics, and finance and administration (with a potential sixth functional area to cover the intelligence function, as described in paragraph 2.n. above). (1) Command. Command comprises the IC and Command Staff. Command Staff positions are established to assign responsibility for key activities not specifically identified in the General Staff functional elements. These positions may include the Public Information Officer (PIO), Safety Officer (SO), and Liaison Officer (LNO), in addition to various others, as required and assigned by the IC. (2) General Staff. The General Staff comprises incident management personnel who represent the major functional elements of the ICS including the Operations Section Chief, Planning Section Chief, Logistics Section Chief, and Finance/Administration Section Chief. (More detailed information regarding these functional elements is contained in Appendix A.) Command Staff and General Staff must continually interact and share vital information and estimates of the current and future situation and develop recommended courses of action for consideration by the IC. Additional information on the specific functions and makeup of the individual units within each of these sections is provided in Appendix A. b. The Command Staff. Command Staff is responsible for overall management of the incident. This includes Command Staff assignments required to support the command function. (1) The Command Function. The command function may be conducted in two general ways: (a) Single Command IC. When an incident occurs within a single jurisdiction and there is no jurisdictional or functional agency overlap, a single IC should be designated with overall incident management responsibility by the appropriate jurisdictional authority. (In some cases in which incident management crosses jurisdictional and/or functional agency boundaries, a single IC may be designated if all parties agree to such an option.) Jurisdictions should consider predesignating ICs in their preparedness plans. The designated IC will develop the incident objectives on which subsequent incident action planning will be based. The IC will approve the Incident Action Plan (IAP) and all requests pertaining to the ordering and releasing of incident resources. (b) Unified Command. UC is an important element in multijurisdictional or multiagency domestic incident management. It provides guidelines to enable agencies with different legal, geographic, and functional responsibilities to coordinate, plan, and interact effectively. As a team effort, UC overcomes much of the inefficiency and duplication of effort that can occur when agencies from different functional and geographic jurisdictions, or agencies at different levels of government, operate without a common system or organizational framework. All agencies with jurisdictional authority or functional responsibility for any or all aspects of an incident and those able to provide specific resource support participate in the UC structure and contribute to the process of determining overall incident strategies; selecting objectives; ensuring that joint planning for tactical activities is accomplished in accordance with approved incident objectives; ensuring the integration of tactical operations; and approving, committing, and making optimum use of all assigned resources. The exact composition of the UC structure will depend on the location(s) of the incident (i.e., which geographical administrative jurisdictions are involved) and the type of incident (i.e., which functional agencies of the involved jurisdiction(s) are required). In the case of some multijurisdictional incidents, the designation of a single IC may be considered to promote greater unity of effort and efficiency. Advantages of Using Unified Command >A single set of objectives is developed for the entire incident. >A collective approach is used to develop strategies to achieve incident objectives. >Information flow and coordination is improved between all jurisdictions and agencies involved in the incident. >All agencies with responsibility for the incident have an understanding of joint priorities and restrictions. >No agency's legal authorities will be compromised or neglected. >The combined efforts of all agencies are optimized as they perform their respective assignments under a single Incident Action Plan. (i) The designated agency officials participating in the UC represent different legal authorities and functional areas of responsibility and use a collaborative process to establish incident objectives and designate priorities that accommodate those objectives. Agencies heavily involved in the incident that lack jurisdictional responsibility are defined as supporting agencies. They are represented in the command structure and effect coordination on behalf of their parent agency through the Liaison Officer. Jurisdictional responsibilities of multiple incident management officials are consolidated into a single planning process (discussed more fully in Appendix A, Tab 8), including: >responsibilities for incident management; >incident objectives; >resource availability and capabilities; >limitations; and >areas of agreement and disagreement between agency officials. (ii) Incidents are managed under a single, collaborative approach, including the following: >common organizational structure; >single incident command post; >unified planning process; and >unified resource management. (iii) Under UC, the IAP is developed by the Planning Section Chief and is approved by the UC. A single individual, the Operations Section Chief, directs the tactical implementation of the IAP. The Operations Section Chief will normally come from the agency with the greatest jurisdictional involvement. UC participants will agree on the designation of the Operations Section Chief. (iv) UC works best when the participating members of the UC collocate at the Incident Command Post and observe the following practices: >Select an Operations Section Chief for each operational period; >Keep each other informed of specific requirements; >Establish consolidated incident objectives, priorities, and strategies; >Coordinate to establish a single system for ordering resources; >Develop a consolidated IAP, written or oral, evaluated and updated at regular intervals; and >Establish procedures for joint decision-making and documentation. (v) The primary differences between the single command structure and the UC structure are that: >In a single command structure, the IC is solely responsible (within the confines of his or her authority) for establishing incident management objectives and strategies. The IC is directly responsible for ensuring that all functional area activities are directed toward accomplishment of the strategy. >In a UC structure, the individuals designated by their jurisdictional authorities (or by departments within a single jurisdiction) must jointly determine objectives, strategies, plans, and priorities and work together to execute integrated incident operations and maximize the use of assigned resources. (2) Command Staff Responsibilities. In an incident command organization, the Command Staff consists of the Incident Command and various special staff positions. The special staff positions are specifically designated, report directly to the Incident Command, and are assigned responsibility for key activities that are not a part of the ICS General Staff functional elements. Three special staff positions are typically identified in ICS: Public Information Officer, Safety Officer, and Liaison Officer. Additional positions may be required, depending on the nature, scope, complexity, and location(s) of the incident(s), or according to specific requirements established by the IC. (a) Public Information Officer. The PIO is responsible for interfacing with the public and media and/or with other agencies with incident-related information requirements. The PIO develops accurate and complete information on the incident's cause, size, and current situation; resources committed; and other matters of general interest for both internal and external consumption. The PIO may also perform a key public information- monitoring role. Whether the command structure is single or unified, only one incident PIO should be designated. Assistants may be assigned from other agencies or departments involved. The IC must approve the release of all incident-related information. (b) Safety Officer. The SO monitors incident operations and advises the IC on all matters relating to operational safety, including the health and safety of emergency responder personnel. The ultimate responsibility for the safe conduct of incident management operations rests with the IC or UC and supervisors at all levels of incident management. The SO is, in turn, responsible to the IC for the set of systems and procedures necessary to ensure ongoing assessment of hazardous environments, coordination of multiagency safety efforts, and implementation of measures to promote emergency responder safety, as well as the general safety of incident operations. The SO has emergency authority to stop and/or prevent unsafe acts during incident operations. In a UC structure, a single SO should be designated, in spite of the fact that multiple jurisdictions and/or functional agencies may be involved. Assistants may be required and may be assigned from other agencies or departments constituting the UC. The SO, Operations Section Chief, and Planning Section Chief must coordinate closely regarding operational safety and emergency responder health and safety issues. The SO must also ensure the coordination of safety management functions and issues across jurisdictions, across functional agencies, and with private-sector and nongovernmental organizations. It is important to note that the agencies, organizations, or jurisdictions that contribute to joint safety management efforts do not lose their individual identities or responsibility for their own programs, policies, and personnel. Rather, each entity contributes to the overall effort to protect all responder personnel involved in incident operations. (c) Liaison Officer. The LNO is the point of contact for representatives of other governmental agencies, nongovernmental organizations, and/or private entities. In either a single or UC structure, representatives from assisting or cooperating agencies and organizations coordinate through the LNO. Agency and/or organizational representatives assigned to an incident must have the authority to speak for their parent agencies and/or organizations on all matters, following appropriate consultations with their agency leadership. Assistants and personnel from other agencies or organizations (public or private) involved in incident management activities may be assigned to the LNO to facilitate coordination. (d) Assistants. In the context of large or complex incidents, Command Staff members may need one or more assistants to help manage their workloads. Each Command Staff member is responsible for organizing his or her assistants for maximum efficiency. (e) Additional Command Staff. Additional Command Staff positions may also be necessary depending on the nature and location(s) of the incident, and/or specific requirements established by the IC. For example, a Legal Counsel may be assigned directly to the Command Staff to advise the IC on legal matters, such as emergency proclamations, legality of evacuation orders, and legal rights and restrictions pertaining to media access. Similarly, a Medical Advisor may be designated and assigned directly to the Command Staff to provide advice and recommendations to the IC in the context of incidents involving medical and mental health services, mass casualty, acute care, vector control, epidemiology, and/or mass prophylaxis considerations, particularly in the response to a bioterrorism event. c. The General Staff. The General Staff represents and is responsible for the functional aspects of the incident command structure. The General Staff typically consists of the Operations, Planning, Logistics, and Finance/Administration Sections, which are discussed below: (1) Operations Section. This section is responsible for all activities focused on reduction of the immediate hazard, saving lives and property, establishing situational control, and restoration of normal operations. In some cases, the Operations Section's organizational structure will be determined by jurisdictional boundaries. In other cases, a strictly functional approach will be used. In still others, a mix of functional and geographical considerations may be appropriate. The ICS offers flexibility in determining the right structural approach for the specific circumstances of the incident at hand. Major Organizational Elements of Operations Section (a) Operations Section Chief. The Operations Section Chief is responsible to the IC or UC for the direct management of all incident-related operational activities. The Operations Section Chief will establish tactical objectives for each operational period, with other section chiefs and unit leaders establishing their own supporting objectives. The Operations Section Chief may have one or more deputies assigned, with the assignment of deputies from other agencies encouraged in the case of multijurisdictional incidents. An Operations Section Chief should be designated for each operational period and should have direct involvement in the preparation of the IAP for the corresponding period of responsibility. (b) Branches. Branches may be used to serve several purposes, and may be functional or geographic in nature. In general, branches are established when the number of divisions or groups exceeds the recommended span of control of one supervisor to three to seven subordinates for the Operations Section Chief (a ratio of 1:5 is normally recommended, or 1:8 to 1:10 for many larger-scale law enforcement operations). (c) Divisions and Groups. Divisions and Groups are established when the number of resources exceeds the manageable span of control of the IC and the Operations Section Chief. Divisions are established to divide an incident into physical or geographical areas of operation. Groups are established to divide the incident into functional areas of operation. For certain types of incidents, for example, the IC may assign intelligence-related activities to a functional group in the Operations Section. There also may be additional levels of supervision below the Division or Group level. (d) Resources. Resources refer to the combination of personnel and equipment required to enable incident management operations. Resources may be organized and managed in three different ways, depending on the requirements of the incident: (i) Single Resources. These are individual personnel and equipment items and the operators associated with them. (ii) Task Forces. A Task Force is any combination of resources assembled in support of a specific mission or operational need. All resource elements within a Task Force must have common communications and a designated leader. (iii) Strike Teams. Strike Teams are a set number of resources of the same kind and type that have an established minimum number of personnel. The use of Strike Teams and Task Forces is encouraged, wherever possible, to optimize the use of resources, reduce the span of control over a large number of single resources, and reduce the complexity of incident management coordination and communications. (2) Planning Section. The Planning Section collects, evaluates, and disseminates incident situation information and intelligence to the IC or UC and incident management personnel, prepares status reports, displays situation information, maintains status of resources assigned to the incident, and develops and documents the IAP based on guidance from the IC or UC. For a more detailed discussion of the Planning Section see Appendix A, Tab 3. The Planning Section comprises four primary units-Resources, Situation, Demobilization and Documentation-as well as a number of technical specialists to assist in evaluating the situation, developing planning options, and forecasting requirements for additional resources. The Planning Section is normally responsible for gathering and disseminating information and intelligence critical to the incident, unless the IC places this function elsewhere. The Planning Section is also responsible for developing and documenting the IAP. The IAP includes the overall incident objectives and strategies established by the IC or UC. In the case of UC, the IAP must adequately address the mission and policy needs of each jurisdictional agency, as well as interaction between jurisdictions, functional agencies, and private organizations. The IAP also addresses tactical objectives and support activities required for one operational period, generally 12 to 24 hours. The IAP also contains provisions for continuous incorporation of "lessons learned" as incident management activities progress. An IAP is especially important when: (a) resources from multiple agencies and/or jurisdictions are involved; (b) multiple jurisdictions are involved; (d) the incident will effectively span several operational periods; (d) changes in shifts of personnel and/or equipment are required; or (e) there is a need to document actions and/or decisions. Sample IAP Outline The IAP will typicall contain a number of components: Common Components Normally Prepared by Incident Objectives Incident Commander Organization List or Chart Resources Unit Assignment List Resources Unit Communications Plan Communications Unit Logistics Plan Logistics Unit Responder Medical Plan Medical Unit Incident Map Situation Unit Health and Safety Plan Safety Officer Other Potential Components (Scenario dependent) Air Operations Summary Air Operations Traffic Plan Ground Support Unit Decontamination Plan Technical Specialist Waste Management or Disposal Plan Technical Specialist Demobilization Plan Demobilization Unit Operational Medical Plan Technical Specialist Evacuation Plan Technical Specialist Site Security Plan Law Enforcement Specialist Investigative Plan Law Enforcement Specialist Evidence Recovery Plan Law Enforcement Specialist Other As Required (3) Logistics Section. The Logistics Section is responsible for all support requirements needed to facilitate effective and efficient incident management, including ordering resources from off-incident locations. It also provides facilities, transportation, supplies, equipment maintenance and fuel, food services, communications and information technology support, and emergency responder medical services, including inoculations, as required. For a more detailed discussion of the Logistics Section see Appendix A, Tab 4. The Basic Organization structure for a Logistics Section >Supply Unit >Food Unit >Ground Support Unit >Communications Unit >Facilities Unit >Medical Unit (4) Finance/Administration Section. A Finance/Administration Section is established when the agency(s) involved in incident management activities require(s) finance and other administrative support services. Not all incidents will require a separate Finance/Administration Section. In cases that require only one specific function (e.g., cost analysis), this service may be provided by a technical specialist in the Planning Section. The basic organizational structure for a Finance/Administration Section is shown in Figure 6. When such a section is established, the depicted units may be created, as required. Appendix A, Tab 5, provides additional information relative to the function and responsibilities of each unit in this section. The Basic Organization Structure for a Finance/Administration Section >Compensation/Claims Unit >Procurement Unit >Cost Unit >Time Unit (5) Information and Intelligence Function. The analysis and sharing of information and intelligence are important elements of ICS. In this context, intelligence includes not only national security or other types of classified information but also other operational information, such as risk assessments, medical intelligence (i.e., surveillance), weather information, geospatial data, structural designs, toxic contaminant levels, and utilities and public works data, that may come from a variety of different sources. Traditionally, information and intelligence functions are located in the Planning Section. However, in exceptional situations, the IC may need to assign the information and intelligence functions to other parts of the ICS organization. In any case, information and intelligence must be appropriately analyzed and shared with personnel, designated by the IC, who have proper clearance and a " need-to-know" to ensure that they support decision-making. The intelligence and information function may be organized in one of the following ways: (a) Within the Command Staff. This option may be most appropriate in incidents with little need for tactical or classified intelligence and in which incident-related intelligence is provided by supporting Agency Representatives, through real-time reach-back capabilities. (b) As a Unit Within the Planning Section. This option may be most appropriate in an incident with some need for tactical intelligence and when no law enforcement entity is a member of the UC. (c) As a Branch Within the Operations Section. This option may be most appropriate in incidents with a high need for tactical intelligence (particularly classified intelligence) and when law enforcement is a member of the UC. (d) As a Separate General Staff Section. This option may be most appropriate when an incident is heavily influenced by intelligence factors or when there is a need to manage and/or analyze a large volume of classified or highly sensitive intelligence or information. This option is particularly relevant to a terrorism incident, for which intelligence plays a crucial role throughout the incident life cycle. Regardless of how it is organized, the information and intelligence function is also responsible for developing, conducting, and managing information- related security plans and operations as directed by the IC. These can include information security and operational security activities, as well as the complex task of ensuring that sensitive information of all types (e.g., classified information, sensitive law enforcement information, proprietary and personal information, or export-controlled information) is handled in a way that not only safeguards the information but also ensures that it gets to those who need access to it so that they can effectively and safely conduct their missions. The information and intelligence function also has the responsibility for coordinating information- and operational-security matters with public awareness activities that fall under the responsibility of the PIO, particularly where such public awareness activities may affect information or operations security. 4. Area Command. a. Description. An Area Command is activated only if necessary, depending on the complexity of the incident and incident management span-of-control considerations. An agency administrator or other public official with jurisdictional responsibility for the incident usually makes the decision to establish an Area Command. An Area Command is established either to oversee the management of multiple incidents that are each being handled by a separate ICS organization or to oversee the management of a very large incident that involves multiple ICS organizations, such as would likely be the case for incidents that are not site specific, geographically dispersed, or evolve over longer periods of time, (e.g., a bioterrorism event). In this sense, acts of biological, chemical, radiological, and/or nuclear terrorism represent particular challenges for the traditional ICS structure and will require extraordinary coordination between Federal, State, local, tribal, private-sector, and nongovernmental organizations. Area Command is also used when there are a number of incidents in the same area and of the same type, such as two or more hazardous material (HAZMAT) or oil spills, and fires. These represent incidents that may compete for the same resources. When incidents do not have similar resource demands, they are usually handled separately and are coordinated through an Emergency Operations Center (EOC). If the incidents under the authority of the Area Command are multijurisdictional, then a Unified Area Command should be established. This allows each jurisdiction to have representation in the command structure. Area Command should not be confused with the functions performed by an EOC. An Area Command oversees management of the incident(s), while an EOC coordinates support functions and provides resources support. (See Section B.2.a. below for further discussion of the EOC.) b. Responsibilities. For incidents under its authority, an Area Command has the responsibility to: >set overall incident-related priorities; >allocate critical resources according to priorities; >ensure that incidents are properly managed; >ensure that incident management objectives are met and do not conflict with each other or with agency policy; >identify critical resource needs and report them to EOCs and/or multiagency coordination entities; and >ensure that short-term emergency recovery is coordinated to assist in the transition to full recovery operations. See Appendix A, Tab 6 for additional information and guidance on establishing Area Commands. B. MULTIAGENCY COORDINATION SYSTEMS. 1. Definition. A multiagency coordination system is a combination of facilities, equipment, personnel, procedures, and communications integrated into a common system with responsibility for coordinating and supporting domestic incident management activities. The primary functions of multiagency coordination systems are to support incident management policies and priorities, facilitate logistics support and resource tracking, inform resource allocation decisions using incident management priorities, coordinate incident related information, and coordinate interagency and intergovernmental issues regarding incident management policies, priorities, and strategies. Direct tactical and operational responsibility for conducting incident management activities rests with the Incident Command. 2. System Elements. Multiagency coordination systems may contain EOCs and (in certain multijurisdictional or complex incident management situations) multiagency coordinating entities: a. Emergency Operations Center. For purposes of this document, EOCs represent the physical location at which the coordination of information and resources to support incident management activities normally takes place. The Incident Command Post (ICP) located at or in the immediate vicinity of an incident site, although primarily focused on the tactical on-scene response, may perform an EOC-like function in smaller-scale incidents or during the initial phase of the response to larger, more complex events. Standing EOCs, or those activated to support larger, more complex events, are typically established in a more central or permanently established facility; at a higher level of organization within a jurisdiction. EOCs are organized by major functional discipline (fire, law enforcement, medical services, and so on); by jurisdiction (city, county, region, and so on); or, more likely, by some combination thereof. Department Operations Centers (DOCs) normally focus on internal agency incident management and response and are linked to and, in most cases, are physically represented in a higher level EOC. ICPs should also be linked to DOCs and EOCs to ensure effective and efficient incident management. For complex incidents, EOCs may be staffed by personnel representing multiple jurisdictions and functional disciplines and a wide variety of resources. For example, a local EOC established in response to a bioterrorism incident would likely include a mix of law enforcement, emergency management, public health, and medical personnel (representatives of health care facilities, prehospital emergency medical services, patient transportation systems, pharmaceutical repositories, laboratories, etc.). EOCs may be permanent organizations and facilities or may be established to meet temporary, short-term needs. The physical size, staffing, and equipping of an EOC will depend on the size of the jurisdiction, resources available, and anticipated incident management workload. EOCs may be organized and staffed in a variety of ways. Regardless of the specific organizational structure used, EOCs should include the following core functions: coordination; communications; resource dispatch and tracking; and information collection, analysis, and dissemination. EOCs may also support multiagency coordination and joint information activities as discussed below. On activation of a local EOC, communications and coordination must be established between the IC or UC and the EOC, when they are not collocated. ICS field organizations must also establish communications with the activated local EOC, either directly or through their parent organizations. Additionally, EOCs at all levels of government and across functional agencies must be capable of communicating appropriately with other EOCs during incidents, including those maintained by private organizations. Communications between EOCs must be reliable and contain built-in redundancies. The efficient functioning of EOCs most frequently depends on the existence of mutual-aid agreements and joint communications protocols among participating agencies. Such agreements are discussed in Chapter III. b. Multiagency Coordination Entities. When incidents cross disciplinary or jurisdictional boundaries or involve complex incident management scenarios, a multiagency coordination entity, such as an emergency management agency, may be used to facilitate incident management and policy coordination. The situation at hand and the needs of the jurisdictions involved will dictate how these multiagency coordination entities conduct their business, as well as how they are structured. Multiagency coordination entities typically consist of principals (or their designees) from organizations and agencies with direct incident management responsibility or with significant incident management support or resource responsibilities. These entities are sometimes referred to as crisis action teams, policy committees, incident management groups, executive teams, or other similar terms (For example, the wildland fire community has such an entity, the Multiagency Coordination Group (MAC Group)). In some instances, EOCs may serve a dual function as a multiagency coordination entity; in others, the preparedness organizations discussed in Chapter III may fulfill this role. Regardless of the term or organizational structure used, these entities typically provide strategic coordination during domestic incidents. If constituted separately, multiagency coordination entities, preparedness organizations, and EOCs must coordinate and communicate with one another to provide uniform and consistent guidance to incident management personnel. Regardless of form or structure, the principal functions and responsibilities of multiagency coordination entities typically include the following: >ensuring that each agency involved in incident management activities is providing appropriate situational awareness and resource status information; >establishing priorities between incidents and/or Area Commands in concert with the IC or UC(s) involved; >acquiring and allocating resources required by incident management personnel in concert with the priorities established by the IC or UC; >anticipating and identifying future resource requirements; >coordinating and resolving policy issues arising from the incident(s); and >providing strategic coordination as required. Following incidents, multiagency coordination entities are also typically responsible for ensuring that improvements in plans, procedures, communications, staffing, and other capabilities necessary for improved incident management are acted on. These improvements should also be coordinated with appropriate preparedness organizations (see Chapter III), if these organizations are constituted separately. C. PUBLIC INFORMATION SYSTEMS. Systems and protocols for communicating timely and accurate information to the public are critical during crisis or emergency situations. This section describes the principles, system components, and procedures needed to support effective emergency public information operations. 1. Public Information Principles. a. The PIO Supports the Incident Command. Under the ICS, the Public Information Officer (PIO) is a key staff member supporting the incident command structure. The PIO represents and advises the Incident Command on all public information matters relating to the management of the incident. The PIO handles media and public inquiries, emergency public information and warnings, rumor monitoring and response, media monitoring, and other functions required to coordinate, clear with appropriate authorities, and disseminate accurate and timely information related to the incident, particularly regarding information on public health and safety and protection. The PIO is also responsible for coordinating public information at or near the incident site and serving as the on-scene link to the Joint Information System (JIS). In a large-scale operation, the on- scene PIO serves as a field PIO with links to the Joint Information Center (JIC), which is typically collocated with the Federal, regional, State, local, or tribal EOC tasked with primary incident coordination responsibilities. The JIS provides the mechanism for integrating public information activities among JICs, across jurisdictions, and with private-sector and nongovernmental organizations. b. Public Information Functions Must Be Coordinated and Integrated Across Jurisdictions and Across Functional Agencies; Among Federal, State, Local, and Tribal Partners; and with Private-Sector and Nongovernmental Organizations. During emergencies, the public may receive information from a variety of sources. The JIC provides a location for organizations participating in the management of an incident to work together to ensure that timely, accurate, easy-to-understand, and consistent information is disseminated to the public. The JIC comprises representatives from each organization involved in the management of an incident. In large or complex incidents, particularly those involving complex medical and public health information requirements, JICs may be established at various levels of government. All JICs must communicate and coordinate with each other on an ongoing basis. Public awareness functions must also be coordinated with the information- and operational- security matters that are the responsibility of the information and intelligence function of the ICS, particularly when public awareness activities may affect information or operations security. c. Organizations Participating in Incident Management Retain Their Independence. ICs and multiagency coordination entities are responsible for establishing and overseeing JICs including processes for coordinating and clearing public communications. In the case of UC, the departments, agencies, organizations, or jurisdictions that contribute to joint public information management do not lose their individual identities or responsibility for their own programs or policies. Rather, each entity contributes to the overall unified message. 2. System Description and Components. a. Joint Information System. The JIS provides an organized, integrated, and coordinated mechanism to ensure the delivery of understandable, timely, accurate, and consistent information to the public in a crisis. It includes the plans, protocols, and structures used to provide information to the public during incident operations, and encompasses all public information operations related to an incident, including all Federal, State, local, tribal and private organization PIOs, staff, and JICs established to support an incident. Key elements include the following: >interagency coordination and integration; >developing and delivering coordinated messages; >support for decision-makers; and >flexibility, modularity, and adaptability. b. Joint Information Center. A JIC is a physical location where public affairs professionals from organizations involved in incident management activities can collocate to perform critical emergency information, crisis communications, and public- affairs functions. It is important for the JIC to have the most current and accurate information regarding incident management activities at all times. The JIC provides the organizational structure for coordinating and disseminating official information. JICs may be established at each level of incident management, as required. Note the following: >The JIC must include representatives of each jurisdiction, agency, private- sector, and nongovernmental organization involved in incident management activities. >A single JIC location is preferable, but the system should be flexible and adaptable enough to accommodate multiple JIC locations when the circumstances of an incident require. Multiple JICs may be needed for a complex incident spanning a wide geographic area or multiple jurisdictions. >Each JIC must have procedures and protocols to communicate and coordinate effectively with other JICs, as well as with other appropriate components of the ICS organization. The Basic Organization of the Joint Information Center JOINT INFORMATION CENTER >Press Secretary >Liaison (as required) >Research Team >Media Operations >Logistic Team