Skip Ribbon Commands
Skip to main content
Skip over global navigation links
U.S. Department of Health and Human Services

Emergency Management and the Incident Command System

Emergency management and Incident Command System (ICS) concepts serve as the basis for the MSCC Management System.[7] However, unlike traditional descriptions of emergency management and ICS, which organize assets around a defined scene, the MSCC Management System has adapted the concepts to be more applicable to large-scale medical and public health response where there is no defined scene, or where multiple incident scenes may exist (e.g., infectious disease outbreak). Public health and medical professionals must understand the utility of emergency management and ICS concepts as they relate to public health and medical disciplines.[8]

The following pages examine key distinctions between emergency management and ICS and the roles that each is designed to fulfill during a major medical incident.

1.3.1 Emergency Management

Emergency management describes the science of managing complex systems and multidisciplinary personnel to address extreme events, across all hazards, and through the phases of mitigation, preparedness, response, and recovery. Hospital staff and other healthcare personnel might equate emergency management activities to a hospital's Disaster Committee (hence the recommended name change to Emergency Management Committee). The sum of all emergency management activities conducted by a response organization may be collectively referred to as an Emergency Management Program (EMP) for that entity. The term program is used because it denotes activity that is continuously ongoing, whereas a plan is often considered a series of actions that occur only in response to defined circumstances.

The activities of the EMP address the phases of mitigation, preparedness, response, and recovery. They are based on a hazard vulnerability analysis (HVA), which if properly accomplished, will identify potential hazards, assess their likelihood of occurrence, their potential impact and the organization's vulnerabilities to the impact, and provide a basis for understanding how the hazard likelihood and organizational vulnerabilities can be addressed. Each EMP phase is briefly described below.

  • Mitigation encompasses all activities that reduce or eliminate the probability of a hazard occurrence, or eliminate or reduce the impact from the hazard if it should occur. In Comprehensive Emergency Management, mitigation activities are undertaken during the time period prior to an imminent or actual hazard impact. Once an imminent or actual hazard impact is recognized, subsequent actions are considered response actions and are not called "mitigation." This avoids the confusion that occurs with the HAZMAT discipline's use of mitigation, which applies to response actions that reduce the impact of a hazardous materials spill. Mitigation is the cornerstone of emergency management because any response strategy relies on medical assets surviving a hazard and maintaining operations in the post-impact environment (i.e., medical system resiliency). An effective mitigation effort should begin with, and be based on, a valid HVA as this will help an organization prioritize issues during follow-on mitigation and preparedness planning.
  • Preparedness encompasses actions designed to build organizational resiliency and/or organizational capacity and capabilities for response to and recovery from hazard impacts. It includes activities that establish, exercise, refine, and maintain systems used for emergency response and recovery. The critical task in preparedness planning is to define the system (how assets are organized) and processes (actions and interactions that must occur) that will guide emergency response and recovery. This is accomplished through the development of an effective EOP (see below for suggested EOP formats). Staff should be educated and trained on the system so they gain the knowledge and skills necessary to adequately perform their assigned roles.
    • It is important to note that the procedures and systems used to conduct preparedness activities (committee structure and meetings, memo writing, regular email notification of meetings, etc.) are typically not adequate for use during emergency response. This point is often missed by organizations as they attempt to utilize emergency preparedness committees and their associated structures and processes to manage response to an event. The EOP defines effective process and procedures for the context of emergency response (emergency notification procedures, establishing an incident management team, processing of incident information, etc.). It is recommended that, to the extent possible, emergency response process and procedures be used to conduct preparedness activities.[9]
  • Response activities directly address the hazard impact, including actions taken in anticipation of an impending event (e.g., hurricane, tornado) and actions during and after an impact has occurred. Specific guidance for incident response, including processes for asset deployment, is addressed in an EOP. An effective EOP not only guides the initial (reactive) response actions but also promotes transition to subsequent (proactive) incident management.
  • Recovery activities restore the community to "normal" after a major incident. The initial recovery stage (which actually begins in the late stages of response) is integrated with response mechanisms, and the EOP incident management process should be extended into recovery. The management transition from response to recovery (both timing and methods) must be carefully planned and implemented to avoid problems. As recovery progresses, recovery management transitions to regular agency management processes or some intermediate method defined by the responsible organizations.

1.3.2 Incident Command System

The ICS provides guidance for how to organize assets to respond to an incident (system description) and processes to manage the response through its successive stages (concept of operations). All response assets are organized into five functional[10] areas: Command, Operations, Planning, Logistics, and Administration/Finance. Figure 1-3 highlights the five functional areas of ICS and their primary responsibilities.

Figure 1-3. Incident Command System

Figure 1-3 shows the Five functional areas of the ICS: Command, operations, logistics, planning, and admin/finance. The following are the primary responsibilities of each function area. Command defines the incident goals and operational period objectives and includes incident commander, safety officer, public information officer, senior liaison, and senior advisors. Operations establishes strategy or methodology and specific tactics or actions to accomplish the goals and objectives. Operations also coordinates and executes strategy and tactics to achieve response objectives. Logistics supports command and operation sin their use of personnel, supplies, and equipment and performs technical activities required to maintain the function of operational facilities and processes. Planning coordinates support activities for incident planning as well as contingency, long-range, and demobilization planning. Planning also supports command and operations in processing incident information and coordinates the information activities across the response system. Finally, admin/finance supports command and operations with administrative issues as well as tracking and processing incident expenses. Admin/finance also covers such issues as licensure requirements, regulatory compliance, and financial accounting.

The ICS, as described in NIMS, refers to the combination of facilities, equipment, personnel, procedures, and communications operating within a common organizational structure and designed to aid in the management of resources during incident response. The ICS is based on eight concepts that contribute to the successful application of this system

Exhibit 1-3. Incident Command System Core Concepts

  • Common terminology - use of similar terms and definitions for resource descriptions, organizational functions, and incident facilities across disciplines.
  • Integrated communications - ability to send and receive information within an organization, as well as externally to other disciplines.
  • Modular organization -response resources are organized according to their responsibilities. Assets within each functional unit may be expanded or contracted based on the requirements of the event.
  • Unified command structure - multiple disciplines work through their designated managers to establish common objectives and strategies to prevent conflict or duplication of effort.
  • Manageable span of control - response organization is structured so that each supervisory level oversees an appropriate number of assets (varies based on size and complexity of the event) so it can maintain effective supervision.
  • Consolidated action plans - a single, formal documentation of incident goals, objectives, and strategies defined by unified incident command.
  • Comprehensive resource management - systems in place to describe, maintain, identify, request, and track resources.
  • Pre-designated incident facilities - assignment of locations where expected critical incident-related functions will occur.


For ICS to be effective, the incident must be formally defined so that there is clarity and consistency as to what is being managed. This may be best accomplished by defining the incident response through delineation of response goals and objectives, and by explaining response parameters through an Incident Action Plan (IAP)—the primary documentation that is produced by the incident action planning process.[11]

Early in the response to the Pentagon on 9/11, incident command (headed by the Arlington County, VA, Fire Department) defined the incident as managing the fire suppression, building collapse, and the search and rescue activities at the Pentagon. It did not include objectives for managing the disruption of traffic or other countywide ramifications of the plane crash. Arlington County emergency management officials, therefore, quickly knew they had to manage these other problems through their Emergency Operations Center (EOC), which was geographically separate from, but closely coordinated with, incident command at the Pentagon.

The utility of ICS becomes evident when analyzing the demands encountered during an incident response.

Figure 1-4. Types of Demands Encountered in Incident Response

Figure 1-4 shows the two sets of simultaneous demands that are encountered during an incident response: “hazard-generated demands” and “response-generated demands”.  Hazard-generated demands are: warning, pre-impact preparations, search and rescue, care of injured and dead, welfare needs, restoration of essential services, protection against continuing threat, and community order.  Response-generated demands are: communications, continuing assessment of situation, mobilization and utilization of resources, coordination, and exercise of authority.

When an incident generates demands on the response system, the issues addressed first are usually demands created by the hazard itself—hazard-generated demands. For example, in a highly contagious disease outbreak, hazard-generated demands include the need to evaluate and treat victims, while controlling the spread of the disease. Simultaneously, the response system itself creates response-generated demands. In the same example, these demands include the need to coordinate disparate resources, to process widely dispersed data into accurate epidemiological information, to coordinate the public message, and to protect healthcare workers. Too often, the response community focuses on the hazard demands and neglects response demands until the latter create a significant impediment to overall response effectiveness. With well-developed ICS and emergency management support, the incident response proactively addresses both types of demands and, in fact, reduces many response-generated demands to routine status.

  1. Appendix A highlights several critical assumptions that were made in developing the MSCC Management System.
  2. Appendix B describes the basic ICS for public health and medical personnel.
  3. Many of these procedures increase the efficiency of preparedness activities, while essentially training participants on the procedures to be used during response and recovery. Examples include the use of emergency notification procedures for disseminating preparedness information, the use of a management- by- objective approach when planning preparedness tasks, and using tightly managed meetings with detailed agendas.
  4. A function is a key set of tasks that must be performed during incident response. They are grouped according to similarity of purpose but are not positions, per se, because each could entail multiple persons working to fulfill that function.
  5. Key components of an incident action plan are presented in Appendix C.

<< Previous --------- Top of Page --------- Next >>

  • This page last reviewed: February 14, 2012