Built into the ICS is an approach to managing the safety of responders. Response organizations carry out the three functions of the safety management cycle —gathering information, analyzing options and making decisions, and taking action —within this framework. Because the ICS is a recognized standard for managing emergency response operations, we used the ICS approach to managing responder safety as the baseline for our research. As we explored how the emergency response community can build upon its existing strengths and further expand its capabilities, we considered the ICS as the benchmark.

Origins of the Incident Command System

Initial efforts to create a systematic approach to managing emergency response operations grew out of the wildland firefighting community, which historically had faced serious problems managing multiagency participation in responses to major fires. These issues included

• lack of common command structures
• lack of common terminology and communications practices
• lack of a mechanism to effectively assign resources
• no means of coordinating functions and tasks
• lack of a clear leader
• unproductive competition for resources among responding organizations [Maniscalco and Christen 2001; Christen et al. 2001].

In 1972, Congress charged a group of firefighting agencies named the FIRESCOPE coalition “to develop a system for multiagency coordination of complex emergencies that exceeded the capabilities of any single jurisdiction” [Cole 2000].

In response, FIRESCOPE developed the ICS. Since its inception, ICS has evolved considerably through a range of initiatives [Kipp and Loflin 1996]:

• integrating command systems designed for smaller-scale, single organization operations [Brunacini 2002]
• incorporating components to address the needs of different types of operations —for example, multicasualty incidents, hazardous materials response, highrise fires, and marine operations
• supplementing the core command system with training and doctrine for particular types of operations [U.S. Forest Service 2003]
• codifying the system into standards and model practices [National Fire Protection Association (NFPA) 2002c; National Fire Service Incident Management Consortium (NFSIMC) 2000]
• adapting the system for use by different response disciplines, such as law enforcement and hospital response operations [Christen et al. 2001; Cardwell and Cooney 2000].¹

How the Incident Command System Works

The ICS includes five major sections, each with a defined function [FEMA 1998], as shown in Figure 3.1:

• Incident Commander and Command Staff
• Operations
• Logistics
• Planning
• Administration/Finance.

These operational sections provide a template for organizing activities and resources during a response. By providing a standard organizational structure, the ICS facilitates interagency coordination: Agencies can “plug” their resources and assets into the appropriate ICS sections and coordinate with other responder organizations as they carry out their tasks.²

To accommodate the great variation in emergency incidents, the ICS is flexible and scalable. The roles shown in Figure 3.1 are only filled as required during a response. For example, at smaller-scale incidents, not every position will need to be staffed. In contrast, given the scale and duration of major disaster operations, all the elements of the command structure will likely be filled.

The four functional sections of the ICS—Operations, Logistics, Planning, and Administration/Finance—can be subdivided as needed into different branches, divisions, groups, or task forces. Such breakdowns can be used to group types of resources or organize resources that have been assigned to particular roles within an incident response. By building in intermediate levels of management, the ICS provides a mechanism to ensure that individual managers have a reasonable number of individuals and responsibility areas under their command. Maintaining a workable span of control is critical for effective management.³

Figure 3.1 Incident Command System Structure

RAND MG170

Unified Command. To further facilitate multiagency coordination, the ICS includes the concept of “Unified Command.” This concept provides a mechanism for a response to be managed by a command team of representatives from multiple organizations, rather than by a single Incident Commander.⁴ In essence, a Unified Command team brings together Incident Commanders from response organizations that have disparate jurisdictional or other responsibilities.⁵ In this way, a Unified Command provides a mechanism for response agencies to determine a collective set of strategies, which ideally prevents agencies from working at cross purposes and ensures that all available resources are effectively applied to deal with the disaster [Auf der Heide 1989].

Use of a Unified Command does not necessarily mean that all participating organizations will be equally involved in all management decisions. Depending on the nature of the incident, there will likely be a lead agency with primary authority or responsibility.⁶ In that case, representatives from other agencies would defer to the Incident Commander from the agency with primary authority and responsibility at the incident [U.S. National Response Team, not dated]. In other cases, different individuals might take on this role of “focal point” of the Unified Command during different phases of the incident [Kane 2001].

The National Incident Management System

On February 28, 2003, during the later phases of data gathering for this study, the White House released Homeland Security Presidential Directive (HSPD)-5, 2003. This directive aims to further institutionalize a standard management approach to major incidents by establishing a “single, comprehensive national incident management system” [HSPD-5 2003]. The Secretary of Homeland Security is charged with administering a National Incident Management System (NIMS) as part of the National Response Plan (NRP). The NRP is intended to integrate federal government activities involving domestic prevention, preparedness, response, and recovery plans into a single, all-discipline, all-hazards plan.

According to the presidential directive, the NIMS will provide a nationwide approach that enables federal, state, and local government agencies to “work effectively and efficiently together to prepare for, respond to, and recover from domestic incidents, regardless of cause, size, or complexity” [HSPD-5 2003, 2]. The NIMS is expected to provide concepts, terminology, coordination systems, training, and other features (including Unified Command) that will encourage interoperability and compatibility among federal, state, and local agencies.⁷ At this writing, initial versions of the NIMS and NRP had been released.

Safety Within the Incident Command System

Responding organizations using the ICS assemble the overall command structure at an emergency scene as needed. In the same way, they put together the staff and structure for managing responder safety as an incident evolves and needs become apparent. When a response begins, responsibility for the entire operation—including responder safety—lies with the Incident Commander. For small and relatively straightforward incidents, the Incident Commander may retain safety responsibility throughout the response. But for larger, more complex incidents—though “the Incident Commander’s first priority” ultimately remains “the life safety of the emergency responders and the public” [FEMA 1998, 1–10]⁸—he or she may simply be unable to devote as much attention to the task as it demands. To accommodate such situations, the ICS provides a mechanism for the Incident Commander to delegate authority to an Incident Safety Officer (ISO).⁹ This ensures that sufficient attention is focused on the safety, health, and welfare of responders.

Within the ICS structure, the ISO is part of the Command Staff (Figure 3.2), reporting directly to the Incident Commander.¹⁰ In this role, the ISO serves as risk manager for the incident, with immediate authority to stop unsafe acts or hazardous activities in order to protect responders [FEMA 1999a].

As the risk manager, the ISO evaluates response activities in light of the evolving hazard environment. This activity includes carrying out all phases of the safety management cycle described above. Specifically, he or she

• assesses hazards and reports them to the Incident Commander
• provides the Incident Commander with risk assessments
• communicates instances of injury, illness, or exposure to the Incident Commander
• makes predictions about issues for responder safety that could arise during the incident
• ensures that safety systems (such as personnel accountability/tracking, rehabilitation, etc.) are in place and safety policies are followed
• monitors incident communications for events that pose safety concerns
• confirms that needed hazard information is being communicated effectively to all responders.¹¹

Figure 3.2 Safety Responsibility in the Incident Command System

RAND MG170-3.2

By maintaining awareness of the overall scene and how its changing circumstances affect responder safety, an effective ISO provides a vital strategic-level view of the safety concerns inherent in all the diverse response activities taking place at an incident. However, the nature of disaster response situations significantly increases the demands on an ISO and, in the absence of supplementary resources and capabilities, makes it much more difficult to effectively fill this role. The recommendations in the following chapters seek to build the needed functional capabilities and organizational structures to allow safety management to effectively scale up for large-scale, multi organizational disaster response operations.

¹ In some areas and jurisdictions, the ICS is referred to as the incident management system [e.g., Christen et al. 2001]. The recommendations for improving safety management in this report are intended to be relevant to all jurisdictions whatever terminology they currently use.

² While a common structure is a necessary condition for effective coordination, it is not sufficient on its own. Also required are common terminology; integrated communications; and designated incident facilities, such as command posts and staging areas, used by all responding organizations [FEMA 1998].

³ Span of control refers to each manager having a reasonable number of individuals whose activities they are supervising. To ensure effective oversight, managers should only have between three and seven individuals under their command [FEMA 1998].

⁴ Participation in a Unified Command does not take away the authority, responsibility, or accountability of those organizations for activities in the response [FEMA 1998, 1–13].

⁵ The requirements to participate in an operational Unified Command have been defined primarily in terms of legal responsibilities for the incident. See USCG, 2001, for an exemplary set of such requirements.

⁶ The details of implementing a Unified Command in response operations—such as organizational roles, responsibilities, and relationships—can differ significantly from area to area and among types of response operations. As a result, the details must be defined during multiagency preparedness planning to ensure that response operations can be managed effectively.

⁷ More specifically, HSPD-5, 2003, directs that the NIMS include a core set of concepts, principles, terminology, and technologies covering the ICS; multiagency coordination systems; Unified Command; training, identification, and management of resources (including systems for classifying types of resources); qualifications and certification; and collection, tracking, and reporting of incident information and incident resources [HSPD-5 2003, 2].

⁸ See also NFPA, 2002a, p. 8.1.5.

⁹ “As incidents escalate in size and complexity, the incident commander shall . . . assign an incident safety officer to assess the incident scene for hazards or potential hazards” [NFPA 2002a, 8.1.6].

¹⁰ The Command Staff also includes a liaison officer, an information officer, and other command aides that support the commander and contribute to protecting responder safety. The liaison officer serves as the connection between the command structure and supporting or cooperating agencies that are not under the ICS [USCG 2001].

¹¹ Adapted from NFPA, 2002c, pp. 9–10; FEMA, 1999a; NFSIMC, 2000; and Kipp and Loflin, 1996.