Applying NIMS to your business: lessons from 9/11

Today is a day of national remembrance. On September 11, 2001, a series of coordinated terrorist attacks occurred in the United States. Do you remember where you were when we were under attack? I do, and it seems like just yesterday. Besides being a day of remembrance, today is also a good day to reflect upon the lessons we learned from 9/11. Many of those lessons apply to your own personal and business preparedness planning.

Although there have been isolated incidents over the years, the attacks on 9/11/01 were the first large-scale attack by a foreign power on the United States mainland since the War of 1812. These attacks are often referred to as “9/11” and had a profound and lasting impact on the country and the world. Our country had to be resilient in order to react and respond to the attack on 9/11.

“Communities across the nation experience a diverse set of threats, hazards, and events. The size, frequency, complexity and scope of these incidents vary, but all involve a range of personnel and organizations to coordinate efforts to save lives, stabilize the incident, and protect property and the environment.” – Introduction from National Incident Management System (NIMS) developed by the Federal Emergency Management Agency (FEMA) and the Department of Homeland Security

NIMS was born In the aftermath of the 9/11 disaster and offers lessons that can be equally applied to government agencies and businesses. It is built on six key principles: 1) Command and Management; 2) Preparedness; 3) Resource Management; 4) Communications and Information Management; 5) Supporting Technologies; and 6) Ongoing Management and Maintenance.

Although not normally as life-threatening, a business has to respond to incidents, threats, and attacks that occur during the normal course of business operations. These may include:

• Cyber attacks
• Theft and fraud
• Natural disasters
• Supply chain disruptions
• Financial challenges
• Reputation damage
• Legal and regulatory problems
• Environmental issues
• Market competition
• Health and safety concerns
• Lack of resources

Not all threats and attacks are deliberate; some manifest themselves in the marketplace as a consequence of doing business. Instead of addressing each threat specifically, let’s apply some lessons in resilience learned from 9/11 by examining NIMS. In addition to that, I’ll incorporate experiences from my time in the US Army and my civilian training in various components of NIMS and the Incident Command System (ICS). I’m going to paraphrase NIMS and ICS principles to apply them in a business context:

1. React to the situation appropriately – It should go without saying that when a threatening situation is encountered, it must be addressed. Ignoring a problem does not make it go away. In the Army, we would react to an attack by taking cover and returning fire. In a non-combat emergency situation, appropriate personnel and resources are dispatched to handle it.
2. Establish communications – If a robust means of communication is not already in place, it’s important to establish one. In today’s high-tech world, it’s rare not to have a means of communication. Often, the issue is that there are too many communication methods, and it’s not clear when to use each technology. When email and phones go down, how should your employees communicate with you?
3. Assess the situation – Gather information about what’s going on, including the nature of the issue, the scope of the situation, and its likely impact on your organization.
4. Establish command – Make it clear who will be in charge of handling the situation. Is it you, the business owner? Should you delegate the situation to one of your managers? It’s crucial that everyone knows who will take the lead. In NIMS, we call this establishing an Incident Command. This same principle can be applied in business.
5. Create a plan – Based on the situational assessment, the person in charge needs to formulate a plan for handling the situation or threat. The plan should outline objectives, strategies, and tactics for addressing the situation and be flexible enough to adapt to changing circumstances.
6. Acquire and manage needed resources – Once a plan is in place, the next step is to acquire and manage any necessary resources, such as staff, technology, communications, financing, and outside assistance.
7. Manage operations – Using the plan and allocated resources, the person in charge should effectively oversee the operations involved in addressing the situation. This includes managing communications, collaboration, information management, supervising activities, and resource handling.
8. Document and report – The team responding to the situation should document ongoing developments and report progress. Detailed records of incident activities, resource assignments, and expenditures should be maintained. Reporting to stakeholders ensures their buy-in and establishes confidence that the situation is being handled properly.
9. Conclude the operation – Once the situation is under control, the organization or team managing it should transition back to a normal pace of operations. Staying on high alert for extended periods is unsustainable. Restore normalcy as soon as possible.
10. Evaluate and improve – Take the time to conduct an “after-action review (AAR)” and assess how the situation was handled. Evaluate the response’s effectiveness and identify lessons learned. Use feedback to enhance future response efforts and update response plans as needed.

NIMS, based on lessons learned from 9/11, reminds us of the power of resilience and the importance of having a well-defined framework for dealing with tough times. This model teaches us to learn from past emergencies and continually enhance our response capabilities. Allow the memory of 9/11 to motivate your business (and personal life) to grow and improve in the face of challenges. We can draw lessons from that day to inspire innovation, strengthen resilience, and strive for excellence, ensuring we are well-prepared for the uncertainties of the future. What are you doing to prepare for unforeseen circumstances and how will you deal with them?

PERSONAL NOTE – In the aftermath of the 9/11 disaster, I decided it was important to have a backup method of communication, so I obtained my FCC Amateur Radio License (aka ham radio). My wife Mary Catherine has her license as well. In order to be in a position to volunteer during incidents, I also received training in NIMS, ICS (Incident Command System), CERT (Community Emergency Response Team), Communications Unit Leader (COML), Communications Unit Technician (COMT), and Auxiliary Communications (AUXC). As a civilian, I volunteer at the local level through ARES (Amateur Radio Emergency Service) and at the state level through the GEMA/HS (Georgia Emergency Management Agency / Homeland Security) AUXCOMM (Auxiliary Communications) program. If you would like to know more about any of these program, feel free to contact me directly – email: ki4ask@arrl.net.

[Joe Domaleski, a Fayette County resident for 25 years, is the owner of Country Fried Creative – an award-winning digital marketing agency located in Peachtree City. His company was the Fayette Chamber’s 2021 Small Business of the Year.  Joe is a husband, father of three grown children, and proud Army veteran.  He has an MBA from Georgia State University and enjoys sharing his perspectives drawing from thirty years of business leadership experience. ]