Sample Exam Questions – Implementation, Part 2

Back to CEM Corner

By Daryl Lee Spiewak, CEM, TEM, MEP, Lead Trainer for the CEM Commission, and Chair, IAEM-Global Communications Work Group

Our last CEM examination article (April 2016) began a discussion on the new topic area of Implementation with a focus on Common Plan Requirements. This month we will continue our discussion of Implementation with a focus on Prevention.

Prevention Definition

NFPA 1600 version 2013 defines prevention as “activities to avoid or stop an incident from occurring.” Under the previous Four Phases of Emergency Management, prevention was considered part of the mitigation phase. Under the new standards, as well as in the policy of the United States, prevention is now a separate and distinct activity from mitigation, which we will discuss in more detail next month.
In the United States, Presidential Policy Directive 8 (PPD-8), March 2001, defines prevention as “the capabilities necessary to avoid, prevent, or stop a threatened or actual act of terrorism.” Specifically, PPD-8 defines the term prevention as meaning “preventing imminent threats” of terrorism. These capabilities and activities are usually performed by law enforcement personnel with emergency management directly involved in the crisis response and recovery phases.

Prevention Strategy

The standard requires a prevention strategy. It says, “The entity shall develop a strategy to prevent an incident that threatens life, property, and the environment.” Based on the entity’s risk, the strategy might include activities such as security patrols, access controls, immunizations, isolation, quarantine, land use restrictions, uninterruptible power supplies, backup generators, personnel management, background investigations, and cyber security, among many others. Notice that none of these strategies apply to natural hazards. They only apply to human-caused and technological hazards. PPD-8 refers only to terrorism.

One important part of the prevention strategy is that it be kept current. NFPA 1600 version 2013 says the strategy be “based on the results of hazard identification and risk assessment, an analysis of impacts, program constraints, operational experience, and a cost-benefit analysis.” It also says the entity shall have a process to monitor the identified hazards and adjust the level of preventive measures to be commensurate with the risk.” This is a lot of work, but what techniques should the emergency manager use when developing a prevention strategy?

Prevention Strategy Development Techniques

While NFPA 1600 version 2013 does not mandate any specific techniques emergency managers must use to develop their prevention strategy, it does offer some suggestions. These techniques for consideration include, but are not limited to:

  • Ongoing hazard identification,
  • Threat assessment,
  • Risk assessment,
  • Analysis of impacts,
  • Operational experience, including incident analysis,
  • Information collection and analysis, and
  • Intelligence and information sharing.

Some prevention strategy techniques under PPD-8 include, but are not limited to, activities such as “information sharing and warning; domestic counterterrorism; and preventing the acquisition or use of weapons of mass destruction (WMD).”

By now you may be wondering about a cost-benefit analysis and how to use its results when this analysis is a critical component of our mitigation action plans. NFPA 1600 version 2013 tells us “the cost-benefit analysis should not be the overriding factor in establishing a prevention strategy. Other considerations have indirect benefits that are difficult to quantify (e.g., safety, property conservation).” So the cost-benefit analysis is simply one of the considerations, but not the main one. Other considerations may take priority instead.

FEMA IS Resources

While FEMA does not have an independent study (IS) course dealing specifically with prevention strategies, FEMA does offer many other supporting IS courses you may want to review for your own program development and implementation. They include:

  • IS-1.a Emergency Manager: An Orientation to the Position.
  • IS-230.d Fundamentals of Emergency Management.
  • IS-394.a Protecting Your Home or Small Business From Disaster.
  • IS-454 Fundamentals of Risk Management.
  • IS-871.a Dams Sector: Security Awareness.
  • IS-872.a Dams Sector: Protective Measures.
  • IS-891 Facility Security Level Determinations for Federal Facilities.
  • IS-892 Physical Security Criteria for Federal Facilities.
  • IS-912 Retail Security Awareness: Understanding the Hidden Hazards.
  • IS-913.a Critical Infrastructure Security and Resilience: Achieving Results through Partnership and Collaboration.
  • IS-914 Surveillance Awareness: What You Can Do.
  • IS-915 Protecting Critical Infrastructure Against Insider Threats.
  • IS-916 Critical Infrastructure Security: Theft and Diversion – What You Can Do.
  • IS-921.a Implementing Critical Infrastructure Security and Resilience.

Essay Requirement

The application process for both the CEM® and the AEM® require the candidate to address prevention as one of the required Knowledge, Skills, and Abilities (KSA) components for the emergency management essay. Many candidates forget to address prevention and usually have to revise and resubmit their essay because of it. Do not forget to address prevention activities in your response to the stated problem scenario. Provide a short discussion of the prevention strategy techniques you would use (or did use) to solve your problem and achieve your objectives.

Practice Questions

For core examination purposes, candidates should be familiar with the principles of Threat Hazard Identification and Risk Assessment (THIRA), risk management, and how these techniques are applied when developing a prevention strategy. Also, know about various techniques that may be used to avoid or stop an incident from occurring.

Here are two core-type questions for our analysis in this article.

1. Which of the following is a prevention technique or activity?

a. Conducting background investigations on personnel who have access to critical infrastructure.
b. Developing plans and making other preparations to save lives and safeguard the environment.
c. Identifying shelter locations and needed supplies.
d. Multi-objective planning by the whole community for local floodway development.

This question is asking you to identify a prevention technique or activity, so you need to be familiar with the prevention definition and some of the techniques or activities under prevention versus those techniques and activities conducted under response, recovery, and mitigation.
The first response of conducting background checks is a prevention activity, in that it seeks to restrict unreliable personnel from having access to critical infrastructure and appears to be the correct one. But before we choose, let’s look at the other three possible responses.

The second response of making plans and conducting other preparations could be prevention. However, the remainder of the answer relates these specifically to saving lives and protecting the environment. That isn’t prevention unless those activities specifically prevent an incident from occurring. Since that isn’t part of the answer, we cannot read that into it. Actually, the activity is something emergency managers do under the preparedness umbrella.

The third response of identifying and gathering resources is part of preparedness and mitigation activities used to reduce the impact of hazards and not prevent them from occurring. The fourth response of multi-objective planning, while involving the whole community is a good and desirable activity, development in the floodway is a mitigation activity. Therefore, the correct response is a. See IS 230d.

2. A sound prevention strategy is based on which of the following factors?

a. Installing and maintaining warning systems.
b. Strengthening zoning and building codes.
c. Training on emergency protective measures.
d. Updating immunization and quarantine policies.

In this question, we are asking you to recognize prevention strategies versus other types of strategies emergency managers develop and implement. The first response is to install and maintain warning systems. Since these do not prevent incidents from occurring, they cannot be prevention strategies.

The second response is to strengthen zoning and building codes. These can prevent or reduce some consequences by restricting development in hazardous zones, such as floodways, but not prevent the incident (in this case a flood) from occurring. This is a mitigation strategy.

The third response is to train on emergency protective measures. These measures are implemented during the response to reduce the consequences of an incident. Therefore, this also is a mitigation strategy and not a prevention strategy.

The fourth response is to update immunization and quarantine policies. This strategy is used to prevent the spread of disease and that is a prevention strategy. Therefore, the only correct response is d. See IS 230d.

When reading the questions and responses, be sure you understand exactly what the question is asking of you. Read each response before selecting the correct one. Don’t get confused between mitigation and prevention strategies. Prevention strategies prevent an incident from occurring, while mitigation strategies reduce the effects of an incident without preventing the incident from occurring.

In the Next CEM Corner

Next month we continue our discussion of Implementation with a focus on mitigation. We also will analyze some practice exam questions. Please send any questions you have about the examination or the certification process to me at info@iaem.com, and I will address them in future articles.

IAEM Bulletin, July 2016

AEM® and CEM® are registered trademarks of the International Association of Emergency Managers.

Back to CEM Corner