Chevy Chase Patch: How to Survive an Active Shooter


, ,

I have an emergency preparedness article in the local newspaper ( Here’s the link to my January article. I’ve also copied it below:

After every school shooting, school administrators across the country pledge to review their lockdown plans. However, most people never learn the recommended response to active shooter incidents.

In October 2008, the US Department of Homeland Security (DHS) developed training for the public regarding how to respond to active shooter incidents. The training was developed following the Virginia Tech massacre in 2007. The concepts behind the DHS-recommended active shooter responses are easy yet are all but unknown to most of the public. 

If you hear shots fired, you have a quick decision to make to save your life and the lives of those nearby. You must decide to do one of three options: (1) evacuate, (2) hide, or (3) take action.


EVACUATE: If you can safely leave the area, you should do so. There is no need to hide or stay around an area where there is a shooter if you can immediately evacuate the area. IT IS OK TO RUN!–you don’t need to stay in harm’s way to see what happens. Always take note of any exits or stairwells and have a plan of escape in mind. If you hear shots fired down the hall or in another area of the building, you may be able to immediately escape. Time is of the essence and you must make the decision to evacuate after listening to determine where the shots are coming from. As you leave the building, if you see law enforcement, make sure to show your hands and drop anything you may be carrying.

HIDE: If evacuation is not possible, you must hide. Barricade yourself in a room, if possible. Close and lock all doors and windows. Close any blinds or curtains and turn off the lights. Find a hiding spot that will conceal yourself. If possible, take cover behind items that can stop a bullet. In the military and law enforcement, anything that can stop a bullet is called “cover”. Types of cover include: four feet of dirt, a yard of wood (such as a large tree), 7 inches of concrete, and 1-inch of steel. 

A car door is not cover–but the engine block would stop a bullet. Also, walls in a building are unlikely to stop a bullet. Steel reinforced cinderblock walls may stop a bullet (as opposed to just cinderblocks–which will not stop a bullet) but may fragment and cause further injuries.

While hiding, silence any cell phones or pagers. You do not want to draw attention to yourself. Do not choose a hiding place that traps or restricts your options for movement. If police officers bang on the door and tell you to come out, you have some decisions to make. How do you know they are law enforcement and not the shooter? Some officers are trained to put their badge under the door so occupants know it is actually the police nearby. You may not want to yell back at law enforcement because that could give your position away to an impostor. Ultimately, it is your decision to make regarding whether you remain hiding or if you observe enough signs to reach the conclusion that it is safe to come out.

TAKE ACTION: Finally, as a last resort and only when your life is in imminent danger, take action against the shooter. Use whatever you can, such as a fire extinguisher, chairs, vases, or anything else to try to incapacitate the shooter. If possible, work as a team with others to stop the shooter. Act with physical aggression and do not stop until the shooter is unable to continue firing.

The City of Houston recently made a training video called “Run, Hide, Fight” to demonstrate the techniques I described above. Although I recommend that adults watch this training video, I must warn potential viewers that the video is graphic but not gory. The video shows an actor shooting several people at close range with a shotgun but there is no blood shown. Ideally, the video would be able to accomplish the same educational message without being gratuitously violent. I would NOT recommend this video for children to watch.

Additionally, when you make contact with law enforcement during an active shooter incident (either because you run towards them while you are trying to evacuate or they enter the room in which you are hiding, etc), ALWAYS SHOW YOUR HANDS. Police officers and sheriff deputies do not know that you are not the shooter. They do not know if there are multiple shooters. Do not be surprised if you are searched or questioned. Sometimes shooters have been known to hide among innocent victims in hopes of escaping capture. Law enforcement may be brisk and may run right past you without stopping. Remember, they are trained to respond to the sound of the shots being fired so that they can engage the shooter. Do not stop evacuating just because you see law enforcement. Always follow any instructions given to you by law enforcement. 

Notice how none of those options is “lockdown”? Lockdown procedures originated in prisons. If there was a disturbance or prison riot, the guards would lockdown the prison, extract any remaining guards, and wait for reinforcements to arrive to quell the riot. The lockdown procedures were not intended to protect inmates–but rather safely remove the guards and wait for reinforcements. It is common during prison riots for the guards to form a perimeter and wait for back-up. 

During the Columbine High School massacre in 1999, law enforcement across the country changed their tactics for responding to active shooter incidents. In 1999, the best practice for any type of hostage situation was to form a perimeter and wait for reinforcements to arrive (ideally a special weapons and tactics team–or SWAT). Columbine changed everything though. As patrol officers formed a perimeter, the two active shooters in Columbine never stopped firing. For many, Columbine was the first tragic introduction to active shooters. Rather than a hostage situation, where time is on the side of law enforcement and there is a standard operating procedure for bringing in trained negotiators, active shooter incidents are rapidly evolving situations with an individual actively engaged in killing or attempting to kill people in a confined and populated area. Often, there is no pattern or method to their selection of victims–the active shooter just wants to kill. 

Now, law enforcement officers are trained to immediately enter wherever the active shooter is and move to the sound of gunfire. They no longer turn to the old tactics of setting up a perimeter and we should all re-evaluate whether lockdown tactics are best for our schools, businesses, etc. Please understand that in some circumstances, lockdown procedures are appropriate. For elementary schools, it is unlikely that teachers may be able to herd young children out of the school if they hear shots fired (however, teachers should be trained that evacuation is an option). In hospitals, it may be impossible to move many patients quickly away from a shooter and the best solution for hospitals is often lockdown.

In conclusion, everyone must think about what they would do during an active shooter incident and talk to your friends and family about it as well. Ask if they know about “run, hide, fight” and if they know what to do if they hear shots fired. This information just might save lives.


Todd Jasper is a federal emergency manager and has been happy to call Chevy Chase home since 2008. His emergency management blog is

5 Emerging Trends in Emergency Management

I just returned from Orlando, where I attended (for the first time) the annual conference of the International Association of Emergency Managers (IAEM). While there, not only did I attend about a dozen sessions, but I also had the pleasure of volunteering at the Crisis Technology Center (CTC) hosted by the IAEM Emerging Technology Caucus.

By attending the sessions, having numerous conversations with emergency managers from across the country (and even a few from Canada), and engaging with others at the CTC, I noticed the following emerging themes from the conference:

1. Social media is a big topic, but lacks consistent implementation

Almost every session mentioned social media. Whether it was Facebook, Twitter, YouTube, blogs, photo-sharing sites, or other new technology, social media was constantly being mentioned. At the same time, it is clear that the emergency management field is still easing itself into the social media pool. For every social media enlightened emergency manager, I would estimate that there are about 10-15 that have no idea what social media is. In other words, the emergency manager that uses social media is still in the minority. Enterprising emergency managers, like those of us in the Crisis Technology Center, are trying to change that. Throughout the conference, the CTC answered countless questions and explained/demonstrated social media. While the field is definitely heading towards more open engagement with the communities we serve, new technology is still viewed with some skepticism.

In many ways, I think the reluctance of emergency managers to embrace social media is triggered more by differences in perspective regarding the role of emergency managers rather than simply a technology/generational divide. Personally, it seems like if you are an emergency manager that sees value in engaging with your constituents, you will embrace social media after overcoming the hurdles associated with new technology. On the other hand, if you don’t see the benefit of publicly discussing your job performance with the people that pay your salary, you may resist social media for as long as possible. Just a thought…

2. “Resiliency” is a buzzword, not a core competency

The title of this year’s conference was “resiliency”. I counted about 5-6 sessions that had “resiliency” in the title, but other than being mentioned in the title, sessions rarely mentioned the term again. In discussions I had with other emergency managers, resiliency was rarely mentioned. It seems like a good buzzword, but (as a field) we’re slowly adopting the topic and slowly growing to understand what resilience means to our programs and the whole community.

3. “Whole Community” has a real following

While resiliency wasn’t discussed much, the “whole community” concept was given plenty of airtime (and rightfully so). I don’t think most emergency managers fully understand resiliency (I know I definitely struggle with it), but the “whole community” idea has caught on and has a serious following. The idea of encouraging regionalism, empowering local emergency managers, and acknowledging that the Feds don’t have ALL the answers is very attractive to our field. The concept makes sense and has a catchy name. Whereas resiliency can be somewhat ambiguous, “whole community” serves to represent enough of a departure from current practice that it has garnered a significant following. While some understand that resilience and whole community are intertwined–I think that would come as a surprise to many emergency managers.  The take-away here is that “whole community” has earned recognition and acceptance for which resiliency advocates could only hope…

4. Capability- and risk-based planning vs. all-hazards planning

Risk-based planning and resourcing is gaining traction and was mentioned considerably during many sessions and discussions. I’m not sure what the impetus is for the change. My guess for the change are one or more of the following reasons:

  • Reductions in funding have changed local priorities from all-hazards plans to risk-specific planning. Rather than having general plans that cover many different topics, risk-based plans account for the incidents/damages that are most likely to impact your community.
  • It is too difficult to explain “all-hazards” planning to community members and elected officials who think we ought to just have very specific plans to address obvious risks
  • With the new THIRA process, the focus has clearly shifted to identifying and quantifying risk–it’s natural that planning follows the same evolutionary logic

5. More changes are coming

With the new THIRA guidelines, upcoming frameworks, PPD-8, and the new National Preparedness Goal and National Preparedness System, the emergency management field is still in a state of major doctrinal refinement. The major changes in doctrine pose significant increases in the level of effort required by organizations at all levels of the “whole community”–but it appears the changes will be positive in the long-term. I think the field will need to reconcile the emerging hierarchy of plans, goals, systems, and frameworks–but that will all come with time.


This past week, the US was hit with Superstorm Sandy. I’ve been awed by the pre-positioning of supplies, the timely alert and notification, and the prevention of major loss of life. The loss of property was unavoidable, but it was the heroic actions of first responders and others that prevented a catastrophic loss of life. I know several emergency managers that literally walked to work during the hurricane to ensure as robust of a response as possible. Although terrible, Sandy brought out the best in Americans and I’m convinced that the damages from this storm can be an opportunity for the US to rebuild better than ever before.

Maintaining Resiliency and Shaping Discourse Following a False Alarm

This month’s article stretched over two pages in the Bulletin, so I’ve pasted the text below:

Maintaining Resiliency and Shaping Discourse Following a False Alarm

By Todd J. Jasper

On a Thursday night in October 2011, the University of Maryland (UMD) sent three urgent warnings through a variety of methods to campus personnel about an imminent tornado. As sirens sounded on the UMD campus, students huddled in hallways and concerned parents feared for the worst. “#Terps,” an official tweet announced, “A tornado is forecast to hit the campus within the next 13 minutes. Seek shelter immediately.” Although no tornado actually formed, UMD still had a problem on its hands. The tornado warning was a false alarm.

Despite the fact that the National Weather Service never issued a tornado warning for the area, the University issued its own warnings out of an overabundance of caution. After the false alarm in 2011, the UMD community and the media crucified the university for sending the alert. UMD was accused of “crying wolf”, generating “hype”, and acting prematurely.

False alarms can take many different forms (such as the non-existent tornado at UMD, a fire alarm that sounds when there is no fire, or even a student who is seen walking with a rifle that turns out to be an umbrella). Almost all false alarms hurt the credibility of the agency sending the message and then retracting it. The emergency management and risk communication field relies on constituents’ trust in the senders in order to motivate the public to act when a hazard is imminent. This symbiotic relationship between message senders and message recipients is crucial to maintaining institutional resiliency. The consequences for every false alarm are, unfortunately, not simply limited to any one specific incident; but rather, constitute a threat to the resiliency and future efficacy of the sending agency (and even other jurisdictions).

If we use the DHS Risk Lexicon definition of resiliency as the “ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption”, then it is clear that false alarms serve as a disruption within the normal emergency notification system. Indeed, Major and Erwin’s 1998 article (“Exploring the ‘Cry Wolf’ Hypothesis” in the International Journal of Mass Emergencies and Disasters) finds that “individuals who have experienced predictions of disasters that do not materialize will discount the validity of subsequent disaster warnings.”

From a resiliency standpoint, every false alarm must be considered a disruption in need of remedy in order to mitigate cascading effects false alarms have on the efficacy of future emergency notifications, alerts, and warnings. Through experience and research, the following three points are crucial action items for emergency managers and risk communicators:

Emergency Notification Protocols are a Must-Have

Most agencies and organizations are lucky if they have pre-scripted messages available for the most common incidents. Pre-scripted (or “canned”) messages are helpful for establishing tone, consistency, and avoiding unnecessary emergency management jargon. Even more helpful, though, are emergency notification protocols that explicitly state a framework for when, why, and how emergency notifications will be made. Designing, developing, and then (most importantly!) exercising and training with emergency notification protocols is the most proactive approach to preventing the dissemination of unfounded emergency notifications. If we can prevent false alarms, we can negate the need for recovery from a false alarm.

We all understand that false alarms will occur eventually, but having emergency notification protocols as a justification for sending an alert can provide the media and others critical of the incident a reasonable and logical explanation. Although policies and protocols are not infallible, explaining to an inconvenienced constituency that the system worked as intended (through the use of established and trained protocols) is usually is a compelling response. It is likely that the media will question the appropriateness of the protocols–but that is the first step of shaping the public discourse.

Retract the Warning Immediately

As soon as it is clear that the warning was made in error, the agency or organization should retract the warning using the same means and methods use to distribute the false alarm. Not all retractions are equal. The best retractions state the reason for the false alarm in very simple language, should provide specific guidance for the future, and a method for obtaining additional information. For example, the following retraction accomplishes all of the aforementioned pointed: “The National Weather Service has cancelled the tornado warning at [insert specific time/date]. It is no longer necessary to shelter-in-place. Please be cautious on the roads and be alert for any other weather warnings or watches that may occur in the future. For more information, …”.

Use a False Alarm as an Opportunity for Improvement

False alarms are essentially no-notice full-scale exercises with constituents participating in real-time. While a false alarm is no one’s idea of a good time, it is an opportunity to connect with your constituency in a positive manner. It is a perfect time to spread preparedness guidance, such as “although today’s warning was cancelled, it may be the perfect motivation to check on your emergency supplies, review your family’s emergency plan, and get more information on what to do if today’s threat had been real.”

Additionally, following a false alarm, agencies and organizations should clearly review protocols and procedures for distributing a warning. Any corrective actions should be captured in an after-action report and improvement plan.

The Way Forward

Although false alarms should be rare, it is better to have a false alarm than to delay sending an alert only to discover the threat was real and the public could have been warned sooner. UMD received significant criticism about their premature tornado warning, but their intentions were nothing but honest and good. Ten years prior to the false alarm, two sisters were killed when a tornado tore a destructive path through the UMD campus. At that time, UMD had no warning system.

Emerging Technology for Safeguarding Soft Targets

This month’s article stretched over two pages in the Bulletin, so I’ve pasted the text below:

Emerging Technology for Safeguarding Soft Targets

As technology advances and prices decrease, the emergency management field must collectively look to the next generation of innovative technologies and strategies to safeguard America’s soft targets.

 As a movie played in the background, James Holmes snuck out the rear theater exit and propped the door open. He exited the movie theater, walked to his pre-positioned vehicle, dressed in body armor, and calmly collected his weapons. The tragic act of domestic terrorism that occurred moments later in Aurora, Colorado is a heartbreaking example of attacks against soft targets. Soft targets are everywhere and when they suffer attacks, the results are devastating. More can be done to protect soft targets, but it often comes at a high price.

As technology advances and prices decrease, the emergency management field must collectively look to the next generation of innovative technologies and strategies to safeguard America’s soft targets.


Unless living on a military installation or in a prison, we all spend considerable amounts of time in locations that are considered soft targets. Emergency managers consider soft targets as any area primarily used by civilians that is undefended, unprotected, or under-protected against attack. Soft targets typically have open access points and lax security measures. They afford terrorists a low risk of failure and a high probability of “shock value” when the attack is covered in the media. Although soft targets are not usually selected for their symbolic value, they can be–which leads to attacks on soft targets being highly unpredictable.

Schools, movie theaters, places of worship, restaurants, transit hubs, universities, malls, and hotels are all examples of soft targets. The innocence of these locations coupled with the randomness and unpredictability of attacks on those institutions make assaults on soft targets even more memorable. Who can forget Columbine, Aurora, the Sikh Temple in Wisconsin, the Sbarro suicide-bombing in Israel, the train station bombings in Madrid, the Virginia Tech Massacre, the Salt Lake City Mall shooting, and the 2008 attacks on two hotels in Mumbai, India? The trauma of such barbarism in places of routine safety etches an enduring scar on our memories and challenges the safety and security we try to foster in our communities.

Due to the understandable budget-restraints of soft targets, the following emerging techniques, technologies, and methodologies are tailored specifically for soft targets as cost-savings measures.


The least expensive form of improving security at soft target locations is providing training and outreach to employees, customers, and other visitors. Training employees is terrific, but participating in awareness campaigns for the public and visitors to soft targets is a “force multiplier”. In other words, instead of a dozen or so employees looking for suspicious behavior, potentially dozens or hundreds of customers are encouraged to report untoward circumstances. Much like anything in emergency management, creativity goes a long way and partnerships, ingenuity, and robust training/awareness programs can make the difference between safety and tragedy. The national “See Something, Say Something” campaign has been widely publicized for encouraging the public to report suspicious persons, activity, packages, or other circumstances. Soft targets should consider participating in awareness campaigns to encourage the public to report suspicious activity–vigilance should not end at the ticket booth or the schoolhouse steps.


Because of a lack of resources, many soft targets are lucky to have an unmonitored surveillance systems or a couple of security guards. Soft targets can maximize the deterrent effect of surveillance systems or security guards through several innovative yet inexpensive methods. To make surveillance cameras more noticeable, several jurisdictions (such as the Chicago Police Department) have installed cameras with conspicuous flashing blue lights. Using lights to draw attention to the security cameras is a low-cost but high-visibility method to increase the deterrent effect of the cameras–especially at night when a surveillance camera might be near invisible.

Additionally, security guards can be made more noticeable by issuing bright, neon reflective vests and jackets. Police officers in Britain are famous for wearing highly-reflective vests and trench coats. The memorable attire advertises presence and hopefully deters those with malicious intent from carrying out an attack in the area. In the same vein, many security vehicles are now being outfitted with strobes and other lighting packages that are constantly activated to advertise roving presence. Since early this year, the Philadelphia Police Department has used always-on blue and red lights on their light bars to improve police visibility. For a very low-cost, the increased visibility is substantial.


Strong environmental design with a concentration on security can be cost-effective and efficient in reducing the attractiveness of a soft target. Through the use of open floor plans, reducing blind spots, and improving lighting, soft targets can improve “natural surveillance”. Natural surveillance is the concept that areas can be made easily observed–and thus reduces the likelihood of attacks–by providing adequate lighting, pathways, fencing, and other design-based components.

Many CPTED concepts are relatively inexpensive and can improve safety and security. Improved lighting and lines-of-sight can draw attention to unattended packages and can even serve to deter potential attackers. CPTED doctrine is advanced and can offer many other benefits. Soft targets should consider performing a physical assessment to determine if CPTED concepts could be successfully implemented to improve security.


As the Aurora massacre demonstrated, access control can be the difference between life and death. Sneaking through emergency exits, circumventing common pathways, and propping open exterior doors are all examples of failing to control access points.Soft targets are characteristically easily accessible and can lack alarmed exits. A simple way to reduce a soft target’s desirability is to reduce the number of active egress/ingress routes. This can be done in a variety of ways: by installing door and window alarms or key-card access systems, installing barriers to keep vehicles away from a structure or gathering area, and implementing security checkpoints (both high- and low-tech) for an added layer of deterrence. In addition to physical access control, information access should also be monitored closely; maps, facilities layouts, and other resources should be controlled and only those with a need-to-know should be allowed access.


While improving security and deterring the potential for attack has traditionally been regarded as a resource-intensive process, this article demonstrates how low-cost solutions can be strategically implemented to minimize resources and maximize opportunity. By implementing outreach and training, employing simple design improvements, increasing visibility, and specifically regulating access control, soft targets can decrease vulnerability and reduce their attractiveness to potential attackers. When seconds count and lives are in danger, it just might be that an inexpensive protective measure can save lives and prevent tragedy.

Chevy Chase Patch: What You Need to Know About West Nile Virus




Every month I have an emergency preparedness article in the local newspaper ( Here’s the link to my August article. I’ve also copied it below:

Although most people infected with the virus never know it, West Nile Virus can potentially be life threatening. This week, Maryland suffered its first fatality from the virus.


The virus is spread by mosquitoes that first bite infected birds, then bite a human–which  spreads the West Nile Virus to humans. According to the Mayo Clinic, symptoms can resemble influenza (typical symptoms include high fever, rash, vomiting, and body aches). However, signs of severe West Nile Virus infection include severe headache, stiff neck, disorientation, tremors, or lack of coordination and partial paralysis. Any signs of severe infection require immediate medical attention.


This year, the Washington Post reports, officials say that “an early spring and hot summer” led to a particularly high number of mosquitoes, which has led to increased numbers of infections. For a map of current infection rates, the US Geological Survey (USGS) maintains a website of reported WNV infections in Maryland.


As Montgomery County’s Department of Health and Human Services outreach materials explain, the best way to prevent WNV is to eliminate breeding grounds/conditions of mosquitoes. To reduce mosquitoes:


  • Eliminate standing water (such as in discarded tires, buckets, garbage can lids, wheelbarrows, and wading pools)
  • Clean roof gutters to remove standing water
  • Ensure that tarps and other surfaces that may trap water are able to drain water rather than collect moisture


To protect yourself and your family, the following preventative measures can help:


  • Limit outdoor activities from dawn to dusk (when mosquitoes are most likely to be active)
  • Use screens on all open windows and doors; repair tears as necessary
  • Wear light-colored, loose-fitting, long-sleeved shirts and long pants
  • Use insect repellant when outdoors (make sure to spray clothes with repellant before dressing)
  • Never handle dead birds (as if that wasn’t self-explanatory to begin with)–call 311 if you need to dispose of a dead bird


There is currently no vaccine or treatment for WNV and the virus has shown a greater impact on individuals with compromised immune systems, infants, the elderly, and pregnant women. The protective and preventative measures mentioned above are crucial in the fight to stop the spread of WNV. Please do your part and contain the spread of West Nile Virus by eliminating standing water and spraying insecticides around your property to prevent mosquitoes from reproducing. It just might save a life.


Todd Jasper is a federal emergency manager and has been happy to call Chevy Chase home since 2008. His emergency management blog is

IAEM Bulletin: Emerging Tech School of Hard Knocks

An Excerpt from the August 2012 Bulletin of the
International Association of Emergency Managers (IAEM)

Here’s a plain text version as well:

Emerging Tech School of Hard Knocks

By Todd J. Jasper

Responding to disasters and emergencies is hard work. It is even worse when technology fails. Don’t let your agency fall victim to the following five technology blunders.

1. Updates Don’t Take Vacations…

The worst time to discover that you need to update your software is during an emergency. When seconds count, the last thing you need to see on the screen is an operating system warning box, the infamous swirling hourglass, or an error screen. For those of us that routinely defer downloading updates, the consequences can be lead to unexpected delays.

Recently, I heard of an agency that arrived at their continuity of operations facility only to discover that none of the continuity personnel could log onto any of the computers at the hot site. All the computers had to go through an extensive update process before the continuity personnel could even log in!

2. Paper or Plastic?

Using online forms, databases, automated ICS forms, and sophisticated mapping and dispatching systems has revolutionized the emergency management field. Never before has the field had more automated, electronic, and interoperable solutions for managing incidents, emergencies, and disasters. The problem is that technology can fail. Whether due to utility failure, network failure, or other “technical difficulties”, all emergency management organizations must have a way of using paper documents and processes as a last resort.

3. No Single Technology is a Panacea

It seems that every week a new software package, program, suite, or other service offering is released and it is a “must have”, “all-in-one”, “state-of-the-art”, and even makes sandwiches! While it is always advisable to conduct thorough due diligence and market research, sometimes the marketing materials are just too good to be true.  Emergency managers ought to be naturally skeptical regarding marketing pitches that seem to promise too much.

4. Got Passwords?

With more IT systems being sold as “software-as-a-service” (SaaS), the need to log-in to multiple online systems using a unique username and password is becoming ubiquitous. Oftentimes, various IT systems force users to update passwords at different intervals. For many of us, if a username or a password fails to auto-complete, we would be lost or delayed while we search for a written note. Many of us keep passwords in rolodexes, sticky notes, or taped under our keyboards. But what if we need to relocate quickly? Will we have our passwords and usernames handy?

Other emergency managers use smart phone applications to keep all usernames and passwords in one secure program. Discovering that you cannot log into your emergency management software during an emergency is definitely a lesson learned the hard way.

5. Sometimes Free is Better than Paid

Finally, many of us have had to learn that sometimes free software can meet or exceed the capabilities of costly, customized, and/or proprietary software platforms. Unfortunately, many of us have had to learn that a free software platform better meets our needs than a paid version after years of paying for the expensive stuff. Emergency managers ought to evaluate IT needs against not just the expansive inventory of paid-for-use software, but also free and open-source software.

For example, at the joint field office in Texas following Hurricane Ike, I was fortunate to load a free mapping program on a FEMA laptop with a projector. The software cost nothing and our entire team could instantly view topographical maps, learn of local infrastructure, take measurements, and even overlay current weather reports. While the JFO had an extensive GIS group, the GIS team took several hours to process orders and could quickly see their operations re-prioritized due to the needs of leadership or requests from the field. With free software, we had instant maps and geographical information at our fingertips sooner than anyone else in the JFO.

Lessons Learned the Hard Way

While the field of emergency management is becoming more integrated with increasingly sophisticated and interoperable communications, it is important to be cognizant of the downsides and lessons learned the hard way from other IT blunders. As a community and field, it is important to share best practices and improve upon common IT flaws that can have a detrimental impact on emergency operations. Otherwise, your agency might just find itself using overpriced, low-performing, non-updated “all-in-one” software that is requesting a password you don’t have in the middle of a disaster–all the while a perfectly good, free version that requires no password is available online.

Review of Recently Released CERT Liability Guide

Recently, several local agencies partnered with the national CERT program to release the CERT Liability Guide: A Risk Management Overview for Local CERT ProgramsI’ve been a volunteer with the Montgomery County, MD Community Emergency Response Team (CERT) since March of this year and recently completed the CERT instructor course. I think the CERT program is one of the most proactive training and outreach programs available to local government and I firmly believe in the potential for CERT to expand and mature in the future.

As a relatively new program though, CERT is still developing infrastructure, foundational doctrine, and other best practices. The recently released CERT Liability Guide was sorely needed. I summarized the key points below:

“CERT program activities can create risk and adverse consequences; however, perceptions about liability may be a larger barrier for CERT formation, activities and partnerships than is justified by reality. There is no indication that CERT programs have any unusual liability experience.” (Page 1)

  • In other words, currently there’s no evidence that CERT programs are more prone to lawsuits or liability than other similar volunteer programs within local government.

“Unfortunately, there is no simple, complete, and uniform remedy to address liability. Various state laws provide some relief, but many laws have detailed requirements and exclusions. Liability protections differ significantly from state to state… Even the Federal Volunteer Protection Act of 1997 (VPA) provides only limited protection, which leaves much control in the hands of the states. Thus, for the present, liability protection for most CERT members is likely to remain primarily at the state level. (Page 2)

  • It’s probably best if the emergency management agency for each state were to conduct a review (usually with the Attorney General) of the liability implications for CERT programs and issue guidance using the specific laws, requirements, and exclusions specific to the respective state.

Benefits of Risk Management (Pages 3-4) include “confidence in the program, positive public image, reduced expenses, reduced insurance costs, preservation of the CERT program’s investment in members, increased participation in CERT”.

  • There is little doubt that having a formal risk management process is helpful to an agency–if continued conscientiously. Many times volunteer agencies can suffer lulls in operational tempo, thus it is important to ensure certain activities/processes are given high priority. I would assert that a risk management program ought to be considered a high priority within volunteer organizations active in disaster, such as CERT.

The liability guide provides “Five Steps for Managing Risk” (page 4-32)

  • Step #1: Get Leadership Support
  • Step #2: Gather Information
  • Step #3: Identify and Analyze Risk
  • Step #4: Adopt Strategies to Manage Risk
  • Step #5: Maintain the Momentum

I’ll review each step below

Step #1: Get Leadership Support

  • “Leaders who oppose the use of non-professionals–especially in operational activities — may see liability as an argument against starting or maintaining a CERT program. Not everyone understands the role and importance of CERT, therefore, it helps to begin with leaders who already support the CERT program and appreciate its value to the community.” (page 5)

Step #2: Gather Information 

  • “Gather documentation about current and past volunteers and review past claims, losses, or “near-miss” events that can help identify the CERT program’s liability exposures.” (Page 7)
  • “A CERT program that has members under the age of 18 may have to comply with child labor law and must train its personnel about special issues related to interaction with minors, adapt its procedures to protect minors, and document parental consent for their participation in the program.” (Page 7)
  • “CERT Basic Training provides forms that are designed to document operational activities and communicate necessary information. Individual CERT programs may adopt other forms as well. Consistent use of adopted forms is important, so gather a complete set.” (Page 7)
  • Are the members of a CERT program sponsored by a fire department identified as “members” in the fire department’s by-laws? Identification as members of a fire department may entitle volunteers to different protection under the law or the department’s insurance in some circumstances.” (Page 7)
  • Does CERT have a safety officer?
  • Are written training records kept for all volunteers?
  • “Does the CERT program deploy teams to other states to assist in disaster response? If yes, find out whether the program works with state emergency management officials to ensure that CERT members are designated as part of the state’s response force under the Emergency Management Assistance Compact (EMAC).” (Page 7)

Step #3: Identify and Analyze Risk

  • Civil Liability: Different types of civil liability: negligent acts or omissions, intentional acts, strict liability, liability for the acts of others
  • Non-Operational Risk: Consider the non-operational community service opportunities that are not described in CERT Basic Training, because they also have risks, for example, lifting heavy — or not so heavy — boxes of brochures, driving motor vehicles, helping to manage crowds or traffic, distributing materials from house to house…
  • Standard Operating Procedures: Standard operating procedures and rules of conduct minimize liability by instructing CERT leaders and members how to carry out their responsibilities
  • Absence of Procedures…the absence of procedures for and documentation of activation, assignment, and deactivation is also a risk.

Step #4: Adopt Strategies to Manage Risk

  • Job Descriptions: Position or job descriptions are important risk management tools for most organizations. They help the organization identify risk and ensure the best fit between applicants and jobs.
  • Managers Assume Broader Liability: Some CERT members may assume managerial responsibilities. These include the CERT leader and any section chiefs designated by that leader during an operational response. Their responsibilities require additional management, communication, documentation, and organizational skills, and their decisions may affect the safety of more people. Consequently, their liability exposures are broader than those of team members who are assigned to individual tasks.
  • Standard Application Process: Using a standard application form helps the program collect consistent information about each [CERT] applicant…Avoid including questions that could lead to actions that would be discriminatory in an employment setting (for example, questions about age, race, religion, national origin, pregnancy, disability, health problems, and prior workers’ compensation claims)
  • Written Permission for Minors to Join CERT: Programs that accept participants under the age of 18 should also require the youth to provide a parent’s or guardian’s written permission to participate.
  • Waiver of Liability: Require any participant and, if the participant is a youth, his or her parents or guardians, to sign a written waiver of liability that describes the risks of the CERT program’s activities. Waivers of liability are often not enforceable under a state’s laws, especially against minors, however, a waiver that describes the activities and associated risks shows that the volunteer (and his or her parents) knew of the risks and chose to participate.
  • Screening: To avoid claims of wrongful discrimination, screen all applicants in the same manner. Identify in advance how the program will address specific findings and equally enforce those consequences with all applicants. To avoid liability for failure to identify an applicant who poses a risk, be certain to meet state requirements for screening individuals who will work with vulnerable populations. Keep complete records of all screening results for both accepted and declined applicants, and be certain those results are addressed consistently with each applicant.
  • Written Offer Letter: The program can avoid possible misunderstandings by putting information into a written offer letter or service agreement to be signed by the member and the member’s parents, for minors.
  • Uniform: Require that CERT members wear ―uniforms‖ and carry program identification while they are participating in CERT activities.
  • Reporting Injuries/Accidents/Illness: Require CERT members to report any injuries or illnesses they believe to be related to their CERT activities
  • Statements to Media: Require that CERT members refer media representatives to a designated public relations contact.
  • Confidentiality and Privacy:Prohibit disclosure of confidential or private information about the program, its members, the sponsoring agency and its employees, members of the public, and others.
  • Wrongful Discrimination: Prohibit discrimination, including but not limited to discrimination based on race, gender, religion, color, national origin, age, marital status, disability, and sexual orientation.
  • Harassment (Sexual and Other): Prohibit all harassment as well as the display of sexually suggestive or other offensive materials.
  • Alcohol and Drug Use: Prohibit the use of alcohol, drugs, or substances that can impair physical or mental functioning while participating in CERT activities.
  • Smoking: Prohibit smoking while participating in CERT activities.
  • Carrying Weapons: Prohibit members from bringing weapons to CERT activities unless they are sworn law enforcement officers and carrying the weapon is part of their job.
  • Reporting Changes in Driving Record, Criminal Background, or Professional Licensure Status: Require members to report any change in their driving record, criminal record, professional licensure, or other record required for the position they  hold.
  • Supervision: Every CERT program should assign a supervisor for its members.
  • Discipline and Termination: A procedure for progressive discipline and termination will help the CERT program manage these situations consistently and successfully. The program should develop the procedure with the advice of an employment attorney or skilled human resources professional.
  • Self-Activation May Not Reduce Liability: Self-activation may be pursuant to a standing order, and not all that different – for liability purposes – from an order to activate issued at the time of an emergency… By accepting members and instructing them to self-activate, some might argue that the CERT program has implicitly made a decision that the members are capable of responding without supervision
  • Workers’ Compensation: Occasionally workers’ compensation protection will be available because the state’s workers’ compensation statute specifically includes emergency volunteers in its definition of ―employee.‖ Benefits for emergency volunteers may be subject to limitations or contingencies that do not apply to regular employees.
  • Volunteer Protection Laws: The federal and many state governments have adopted volunteer protection laws that provide certain volunteers with limited immunity. The protection offered by state laws can differ, so this discussion is based on the federal Volunteer Protection Act of 1997 (VPA).
  • Good Samaritan Laws: ―Good Samaritan law‖ is the popular name for statutes that provide limited immunity to individuals who, in good faith, without a duty, and without compensation, help a person who is experiencing a health emergency in a setting where there is no ready access to professional care. Protection is not limited to declared emergencies, so Good Samaritan laws can protect people who happen to be present at the scene of an emergency as well as CERT members or teams who self-activate, if they meet the other requirements of the statute
  • Interstate Mutual Aid & EMAC: Some CERT programs operate teams that are capable of responding to disasters across state lines. Activities outside the home state often raise concerns about the adequacy of liability protection in the state where the aid is being provided. These concerns can be warranted, because protection varies from state to state, and CERT members are protected outside their home state only to the extent that the other state has adopted protection for emergency management volunteers. Many states’ emergency management laws protect emergency workers from other states who are responding to an official request for assistance. It pays to be familiar with the liability protection provided by the states to which the CERT(s) responds, but this can be difficult due to variation in state laws and the speed with which response takes place in the aftermath of a disaster. The Emergency Management Assistance Compact (EMAC) is a partial remedy to this challenge, but its effect is limited. Under EMAC, a responding state and its officers and employees are protected from liability.
  • Liability Insurance: Liability insurance that covers emergency management volunteers is less likely to have some of the exclusions and limitations that leave gaps in the protection offered by immunity statutes, and, unlike immunity laws, liability insurance also provides funds to pay defense costs, settlements, and judgments.

Step #5: Maintain the Momentum

  • Working through the five steps every few years –especially with new participants – gives the program a fresh perspective on vulnerabilities and new ideas about strategies. Secondly, the five steps suggest how the organization can incorporate managing liability into its ongoing operations, ensuring that everyone from the chief to the newest volunteer thinks about liability when working.

The guide was an excellent resource for non-lawyers because it did a great job of explaining legal concepts in a way that laypersons can understand. For example, when explaining the differences between immunity and indemnity, the guide takes only a few sentences to clearly detail both concepts in an easy-to-understand way: “immunity and indemnity are complementary. Immunity limits an injured person’s legal right to recover damages from the volunteer, but does not pay any costs to defend the volunteer. Indemnity does not limit the injured person’s rights to recover, but it provides the volunteer with a legal defense and pays judgments and settlements, if necessary…”

I would definitely recommend that CERT Program Managers read this guide in full–but not stop there. Then CERT PMs ought to take this guidance to their agency’s HR department and counsel to determine how to implement a robust risk management program for their volunteers. Most importantly, the conversation can’t stop there. There must be a risk management cycle that continues so that conversations about risks are common and routine. Just because CERT is volunteer-driven doesn’t mean we can ignore the risks, the liability, or legal implications of our actions.