Critical Incident Management Plan: Public-Private Protocols

Introduction and Plan Objectives

A critical incident is defined as any event or situation that threatens people and/or their homes, businesses, or community. The objective of a plan to manage such events encompasses several protocols:

(1) the creation of public and private sector understanding of their common goal to protect lives and property while sustaining continuity of community life; (2) providing encouragement to public and private sector entities that may have engaged in assessment and planning processes in isolation to form cooperative partnerships; (3) assisting businesses and communities lacking emergency planning experience in the development of a joint emergency planning process; (4) developing an understanding of mutual or respective goals and recognizing how public and private resources can complement and support each other; and (5) serving as a resource for those engaged in the planning process (Jones, Kowalk, & Miller, 2000).

Risk assessment involves every public and private sector component and includes the identification of all potential hazards and threats, including those that are (1) natural and (2) man-made. Natural threats include tornadoes, floods, winter storms, earthquakes, and power outages. Man-made threats include terrorist attacks, workplace violence, explosions, bombings, and other accidents (Jones, Kowalk, & Miller, 2000).

Risk Assessment

A self-risk assessment includes the following steps: (1) examine the broadest categories of risk, moving from a generalized risk assessment to specific risks; (2) list previous incidents and/or potential threats or events, beginning with the obvious and working toward the less likely; and (3) determine what is vital for continued business operations and what might cause significant business interruptions (Jones, Kowalk, & Miller, 2000).

The next step is prioritizing and identifying the importance of each unit or component to continued business operations. Functions are classified as either: (1) critical; (2) essential; or (3) non-essential (Jones, Kowalk, & Miller, 2000).

Upon identification of critical business functions, those functions must be further classified by timing as: (1) immediate — needed within 0 to 24 hours; (2) delayed — needed within 24 hours to seven days; or (3) deferred — needed beyond seven days. Finally, a determination must be made as to whether the business is: (1) highly vulnerable; (2) vulnerable; or (3) not vulnerable (Jones, Kowalk, & Miller, 2000). The following figure provides an example of these classifications.

Prioritization of Business Functions

Figure 1: Risk Assessment Matrix
Source: Jones, Kowalk, and Miller (2000)

The critical incident management plan is important in shaping the community response, which includes the actions of emergency responders, police officers, fire departments, and others involved in such plans. The first duty of the public sector is to maintain community safety (Jones, Kowalk, & Miller, 2000).

It is important that the critical incident management plan "define situations where public policy or legal mandates require public sector intervention even though the private sector has ample resources to handle the event" (Jones, Kowalk, & Miller, 2000). This delineation ensures that roles and authorities are clearly understood by all parties before an incident occurs.