Incident Command Systems: How To Establish an ICS

Standardizing the management and coordination of incident response and resolution activities across different independent agencies is challenging. As part of its mission to help people before, during, and after disasters, the Federal Emergency Management Agency (FEMA) created the Incident Command System (ICS) as one of the components of the National Incident Management System (NIMS).

What is the ICS?

The Incident Command System provides a standardized approach for on-scene all-hazards incident management so that all agencies can prepare for and manage incidents with the same organizational structure — no matter the size, type, or location of the incident. Such incidents include natural disasters, infrastructure collapse, cyberattacks, and terrorist threats, among others.

This allows all responders to adopt an integrated structure that matches the complexities and demands of the incident while respecting agency and jurisdictional authorities.

Who can use the ICS?

Any team, organization, or agency, public or private, can implement the ICS. Whether managing a natural disaster, a cyberattack, or a large event, ICS provides a flexible framework for structured response.

(Related reading: incident management)

How the ICS supports incident response and resolution

The National Incident Management System (NIMS) was created in March 2004 following a review of existing command and control and incident management systems by FEMA. It represented a core set of doctrines, concepts, principles, terminology, and organizational processes to enable the effective, efficient, and collaborative management of incidents. The NIMS guides all level of government, NGO and private sector to work together to prevent, protect against, mitigate, respond to, and recover from incidents.

Updated in 2017, the guidance is based on three guiding principles: flexibility, standardization, and unity of effort, and describes three components that explain the diverse and essential functions of incident management i.e.:

• Resource management: This guidance enables multiple jurisdictions and agencies to collaborate and coordinate to systematically manage resources (personnel, teams, facilities, equipment, and supplies) and leverage the combined resources for more effective incident management.
• Command and coordination: This guidance standardizes incident command and coordination systems to allow the efficient integration of communication systems in a multijurisdictional or multidisciplinary environment.
• Communication and Information Management: This guidance establishes and maintains situational awareness and ensures accessibility and voice and data interoperability in order to facilitate information dissemination among command and support entities.

Characteristics of incident command systems

The ICS is a subset of the Command and Coordination component which uses a standardized management approach to incident management through the use of a common organizational structure for managing resources, making decisions, and assigning tasks.

The ICS is based on the following 14 proven NIMS management characteristics, each of which contributes to the strength and efficiency of the overall system:

Common terminology

This ensures common understanding among all parties involved in managing an incident by defining common terms for organizational functions, resource descriptions, and incident facilities. Parties should avoid radio codes, agency-specific terminology, acronyms, or jargon, which can cause confusion and misinterpretation.

Modular organization

The ICS organizational structure develops in a top-down modular fashion that is based on the size and complexity of the incident, as well as the specifics of the hazard environment. The structure is flexible and expands as responsibilities are delegated.

Management by objectives

Specific and measurable objectives are established to drive incident operations. Strategies, tactics, tasks, and activities to achieve these objectives are then identified, resourced and implemented, with the results documented.

Incident action planning

Every incident response has a strategy termed an incident action plan (IAP) which consists of a concise, coherent means of capturing and communicating overall incident priorities, objectives, strategies, tactics and assignments in the context of both operational and support activities. It covers a specific timeframe and is proactive.

Manageable span of control

This refers to the number of individuals or resources that one supervisor can manage effectively during an incident. According to the ICS, the optimal span of control is one supervisor to five subordinates (1:5) but incident personnel should use their best judgement to determine the appropriate ratio for a specific incident.

Incident facilities and locations

Depending on the incident size and complexity, designated support facilities may be established by the incident command. These typically include incident command post, incident base, staging areas, mass casualty triage areas, point-of-distribution, and emergency shelters.

Comprehensive resource management

This describes standard mechanisms to identify requirements, order and acquire, mobilize, track and report, demobilize, and reimburse and restock resources. Key resource management activities include resource identification and typing, planning, acquisition, storing and inventorying.

Integrated communications

Incident communications are facilitated through the development and use of a common communication plan and interoperable communication processes and systems that include voice and data links. Integrated communications are necessary to maintain connectivity, achieve situational awareness, and facilitate information sharing.

Establishment and transfer of command

The command function should be clearly established at the beginning of an incident by the jurisdiction or organization with primary responsibility for the incident. Transfer of command should include a briefing that captures all essential information for continuing safe and effective operations.

Unified command

In some cases there is no single “incident commander”, but a unified command that manages the incident through jointly approved objectives. This happens in where no single entity has the authority and/or resources to manage the incident on its own.

Chain of command and unity of command

The chain of command is an orderly line that details how authority flows through the incident management organization hierarchy. It allows an incident commander to direct and control the actions of all personnel on the incident and avoids confusion by requiring that orders flow from supervisors.

Accountability

This requires abiding by applicable policies, guidelines, rules and regulations. Principles for accountability include check-in/check-out, incident action planning, unity of command, personal responsibility, span of control, and resource tracking.

Dispatch/deployment

Resources should be deployed only when requested or when dispatched by an appropriate authority through established resource management systems. Resource management should adjust to changing conditions.

Information and intelligence management

Incident management must establish a process for gathering, analyzing, assessing, sharing, and managing incident-related information and intelligence. Intelligence is threat-related information developed by law enforcement, medical surveillance, and other investigative organizations.

How to structure an incident command system

There are five major ICS functional areas that are the foundation on which an incident management organization develops. These areas facilitate the identification and assessment of incidents, and the planning to deal with them, including the acquisition of necessary resources.

Command

When using the ICS to manage the incident, an incident commander (IC) is assigned. This role has the authority to set the incident objectives, strategies, and priorities, and has overall responsibility for the incident. The Incident Commander is the only position that is always staffed in ICS applications, since in smaller incidents, the role may accomplish the other functions. This role also:

• Provides information to internal and external stakeholders.
• Establishes liaison with other participating agencies.

If significant incidents require relief capacity, supervisors may appoint deputies who are equally capable of assuming the primary role.

Operations

This section implements strategies and develops tactics to carry out the incident objectives. This role:

• Directs the management of all tactical activities on behalf of the incident commander.
• Supports the development of the incident action plan.
• Coordinates the organization and assignment of tactical response resources.

Planning

This section supports the incident action planning process by tracking resources, collecting/analyzing information, and maintaining documentation. Planning activities include:

• Preparing and documenting IAPs
• Maintaining situational awareness.
• Developing plans for demobilization.

Logistics

This section is responsible for all services and support needs. It arranges for resources and needed services (such as personnel, equipment, teams, supplies, and facilities) to support achievement of the incident objectives. Logistical activities include putting in place communication resources, food services for responders, incident facilities, support transportation, and medical services.

Finance/Administration

This section is set up for any incident that requires incident-specific financial management including contracting, time keeping, cost analysis, compensation for injury/property damage, and documentation for reimbursement. The role monitors costs related to the incident and provides accounting and procurement capacity.

As needed: Intelligence and investigations

A sixth functional area that is established on a case-by-case basis is the Intelligence and Investigations area. It establishes a process for gathering, assessing, analyzing, sharing and managing incident related information and intelligence for specific incidents that involve a criminal or terrorist act, or non-law-enforcement investigative efforts such as epidemiological investigations.

How to establish your own incident command system

1. Designate an Incident Commander.
2. Define incident objectives and priorities.
3. Establish the ICS functional areas as needed.
4. Assign staff to roles within those areas.
5. Develop an Incident Action Plan.
6. Set up communications and resource tracking.
7. Review and adapt as the incident unfolds.

Reference authoritative resources for further support.

Benefits of the ICS

Using the ICS for every incident helps hone and maintain skills needed to coordinate efforts effectively. It applies across disciplines, and enables incident managers from different organizations to work together seamlessly through a common hierarchy that promotes effectiveness. The ICS aids in identifying the key concerns associated with the incident — often under urgent conditions — without sacrificing attention to any component. It clarifies the chain of command, leverages resources, provides an orderly, systematic planning process, and fosters cooperation between diverse disciplines.

Without the ICS, incident responses typically result in lack of accountability, poor communication, hampered inter-agency integration, poor resource management, and failure to properly delegate responsibilities. The result could mean that the harmful effects of an incident are exacerbated, beyond what could have been contained if the ICS is deployed.