Certification Examination Standards – Implementation 8 and 9 – Emergency Operations Procedures/Response Plan and the Business Continuity and Recovery Components

Certification Examination Standards – Implementation 8 and 9 – Emergency Operations Procedures/Response Plan and the Business Continuity and Recovery Components

Back to CEM Corner

By Daryl Lee Spiewak, CEM, TEM, MEP, Lead Trainer for the CEM Commission

Last month we discussed the sixth and seventh sections of the Implementation standards — Operational Procedures and Incident Management. This month we will describe the last two sections of the Implementation standards —Emergency Operations/Response Plan and the Business Continuity and Recovery sections.

NFPA® 1600 version 2013 uses the term “operations/response plans” at the beginning of the standard. Then it changes the term to “emergency action plans.” In public entities, the plan is usually referred to as the “emergency management plan” or something similar. The name of the plan is not important. What is important is the content of the plan, as we will see with the last two sections of the Implementation standard.

The Standard – Emergency Operations/Response Plan

The NFPA® 1600 version 2013 requires an entity’s “emergency operations/response plans to define responsibilities for carrying out specific actions in an emergency.” The plan should be risk-based and cover the roles and responsibilities for life safety, including people with access and/or functional needs, incident stabilization, property conservation, and the environment.

Depending upon the nature and location of the threat or hazard, these “protective actions may include evacuation, shelter-in-place, and lockdown” procedures. Incident stabilization is defined as those actions necessary to “prevent an incident from growing and to minimize the potential impact on life, property, operations, and the environment.” The functions or tasks necessary for incident stabilization will vary depending upon “the nature and location of the threat or hazard, the magnitude of the incident, the actual and potential impact of the incident, applicable regulations that could dictate minimum response capabilities, the entity’s program goals, and the resources available to the entity for incident response.”

The emergency operations/response plans also should include procedures and protocols for warning, notifications and communication; crisis communication and public information; resource management; and donations management, according to the requirements we discussed previously in the appropriate sections of the Implementation standard.

Local regulations and policies may require additional sections or topics in the plans. That is OK. Including them does not violate the standard. These additional sections or topics will not be addressed in the Core examination questions, but may be addressed in some country-specific examinations, such as the USA public sector exams.

The Standard – Business Continuity and Recovery

This section includes two parts. The first part is the business continuity requirement, and the second is the recovery requirement. When studying business continuity, you will find processes or plans called business continuity, continuity of government, or continuity of operations. These processes and plans are generally similar in intent and somewhat less similar in content, but the purpose of these processes and plans remain the same regardless of their title.

  • Business Continuity. NFPA® 1600 version 2013 defines business continuity as “an ongoing process to ensure that the necessary steps are taken to identify the impacts of potential losses and maintain viable recovery strategies, recovery plans, and continuity of services.” The definition does not distinguish between public and private entities. Both need business continuity and recovery plans and procedures.

    The standard also requires that the continuity plan “include recovery strategies to maintain critical or time-sensitive functions and processes identified during the business impact analysis.” Therefore, the plan “shall identify stakeholders that need to be notified; critical and time-sensitive applications; alternative work sites; vital records, contact lists, functions, and processes that must be maintained; and personnel, procedures and resources that are needed while the entity is recovering.”

    The continuity plan is similar to the emergency operations/response plan discussed above, but it is slightly different, and it supports or supplements the emergency operations/response plan. So entities need both, and the emergency manager needs to understand each of them.
  • Recovery. The standard states, “Recovery planning for the public and private sectors should provide for continuity of operations to return the entity, infrastructure, and individuals back to an acceptable level. This includes implementation of mitigation measures to facilitate short-term and long-term recovery.” The standard does not specify or define what an acceptable level is. Local officials and members of the entity need to make that determination.

    The outcome of the recovery planning process is the recovery plan. The standard requires a recovery plan that “provides for restoration of functions, services, resources, facilities, programs, and infrastructure.” The recovery plan could be a stand-alone plan or incorporated into other plans.

Notice the Implementation standard does not specify who or how the various plans should be developed or how they should be maintained. It doesn’t say whether these should be separate plans or one comprehensive plan. Those decisions are left up to the individual entities and local or state requirements. The FEMA references described at the end of this article will provide more details on these plans and the planning process, which will be part of the CEM/AEM examination.


For information and discussion on Implementation (8 and 9): Emergency Operations/Response Plan and the Business Continuity and Recovery Requirements, refer to the recommended FEMA Independent Study courses and other related references mentioned below. Do not confuse these general resource requirements with the specific procedures found within your organization. While an emergency manager needs to understand and know local procedures to be effective in the position, those procedures could easily differ from the general procedures discussed in the study references and are not found on the certification exam.

The applicable FEMA Independent Study (IS) courses that should be reviewed by candidates when studying the Implementation Requirements are:

  • IS-1a – Emergency Manager: An Orientation to the Position
  • IS-230d – Fundamentals of Emergency Management
  • IS-235b – Emergency Planning
  • IS-520 – Introduction to Continuity of Operations Planning for Pandemic Influenzas
  • IS-524 – Continuity of Operations (COOP) Planner’s Workshop
  • IS-545 – Reconstitution Planning Course
  • IS-546a – Continuity of Operations Awareness Course
  • IS-547a – Introduction to Continuity of Operations
  • IS-558 – Public Works and Disaster Recovery
  • S-632a – Introduction to Debris Operations

For those taking the USA version of the exam, review the following additional references:

  • IS-453 – Introduction to Homeland Security Planning
  • IS-2900 – National Disaster Recovery Framework (NDRF) Overview
  • Comprehensive Preparedness Guide 101, Version 2.0
  • National Disaster Recovery Framework

Next Month

This completes the Implementation standard. Next month we will describe the Exercises and Tests standard. We also will provide a recommended list of FEMA Independent Study courses and/or other references to study.

IAEM Bulletin, October 2014

AEM® and CEM® are registered trademarks of the International Association of Emergency Managers.

Back to CEM Corner