Humberside Fire and Rescue Authority Review of … Fire and Rescue Service Humberside Fire and Rescue Authority Review of Operational Risk Information Systems 19th March 2010 245

Humberside Fire and Rescue Service

Humberside Fire and Rescue Authority

Review of Operational Risk Information Systems

19th March 2010

245

Issue and Audit Log

Date: Issued by:

Version No: Issued to: Comments:

19/03/2010 DHB No 7 HFRS Draft for consultation

29/04/10 P Jackson No 7a FARMSS Consultation response

24/05/10 P Jackson No 7b FARMSS Inclusion of changes

14/6/2010 Final HFRS Final Report

Page of 26 Final Version 1 246

Contents

Page 3 Executive Summary Page 5 Chapter 1: Introduction Page 6 Chapter 2: Methodology Page 9 Chapter 3: Findings of Review of Operational Risk

Information Systems Page 20 Chapter 4: Summary of Critical Elements identified in

Review Page 24 Chapter 5: Recommendations


Executive Summary Introduction This report has been prepared by Fire and Risk Management Support Services Ltd (FARMSS). The researchers would like to thank those officers and personnel who provided the information requested and took part in the subsequent interviews. Acknowledgement of direction of travel It was acknowledged that the Authority was in the process of undertaking a series of major changes to operational policies and this is linked to the following strategic objectives:- • Making the best use of the resources we have; • Increasing capacity for prevention activity; • Establishing new ways of working; and • Continuing to develop our committed, flexible and skilled workforce. The review team’s findings are intended to complement and/or underpin these processes. Prior to the review being undertaken, HFRS had started the process of aligning their operational risk information systems to the draft consultation document that had been published on ‘National Guidance for the Provision of Operational Risk Information System’ – an activity for which they are commended. Summary of Findings Currently the Authority is considered to be at risk from the provision and management of operational information. Examples are:

• New policies have been developed which are not yet fully supported with systems, procedures and awareness / ownership of personnel.

• Operational risk information is currently held in a number of mainly disconnected silos, with the result that there is no clear quantifiable risk profile for the Service area.

• There is currently no common unique identifier in place for linking appropriate risk records across multiple systems. It is acknowledged that work is at an advanced stage in developing a corporate gazetteer for go live in June 2010, which will provide a single property reference through NLPG.

• The risk information held in Control has been rendered insufficient with the recent ‘updating’ which has seen much of the ‘key’ data being removed.

• The risk information held in Control has been rendered insufficient with the recent cleansing of data in preparation for a new corporate gazetteer


which has seen much of the ‘key’ data being removed. This is in line with new ways of working when FRS’s cutover to RCC’s

• There is a big reliance upon MDT’s for providing operational risk information to the incident ground. Information can also be accessed from the Corporate Information Portal, but this is limited to the Command Unit at an incident and Service Control for remote incident support.

• There is an over reliance upon a limited number of ‘key’ individuals for managing operational risk information.

• Individuals involved in implementing change in the systems for identifying and managing operational risk information lack the necessary capacity to implement change across the Service at an acceptable rate. Critical operational risk information, in particular generated from TFS is being lost due the lack of integration between systems.

• The current IT infrastructure at satellite sites is slow to operate, causing frustrations amongst users and potential loss of ownership and engagement.


Chapter 1 Introduction 1.1 In January 2010 Fire and Risk Management Support Services Ltd

(FARMSS) were commissioned to undertake a review of Humberside Fire and Rescue Services (HFRS) Operational Risk Information systems. That review took place over the period 22nd to 24th February – with a ‘hot de-brief’ taking place on 25th February.

1.2 HFRS has over recent years been the subject to a broad range of audits and

reviews. It was recognised that in the most recent formal assessment of Operational performance they were scored as ‘Performing Strongly’. Following each audit officers from the Service have responded by drawing up appropriate improvement plans to address any deficiencies or improvements required arising from audit.

1.3 It was also noted that an Operational Assessment peer review, under the

Comprehensive Area Assessment framework is to be undertaken during March 2010. A copy of the evidence portfolio was provided to the review team from FARMSS once they were on site. The CD ROM contained over three hundred documents that were to help sign post the peer review. A number of issues appertaining to this evidence were highlighted by the reviewers who suggested amendments and corrections prior to the evidence being formally submitted. Much of that corrective intervention was undertaken by HFRS officers before the FARMSS team left the service HQ on 25th February.

1.4 FARMSS would wish to record its thanks to members of the Policy and

Performance Directorate who facilitated all aspects of the review.


Chapter 2 Methodology 2.1 The FARMSS Review Team

Dave Berry:- Project Coordinator. Damian Smith:- Review Team lead. Garry Harney:- Lead Technical and Systems analyst. Dave Lewis:- Senior reviewer and Interviewer

All members of the FARMSS team have extensive experience within the emergency services, at a senior level, of operational risk factors, analysis of systems, and the identification and prioritisation of appropriate interventions. In particular the team used their experience in developing the draft national guidance for the Provision of Operational Risk Information as the basis for the review, audit and assessment.

2.2 A twelve stage review process was utilised.

Review Stages Approach Adopted Background

Use of HFRS, CLG etc Web-sites for background info.

Initial Document Review

Initial suite of documents reviewed prior to physical audit.

Agree Review methodology

Process and timeframe for review, interviews etc agreed

On Site Scene setting

Meeting with HFRS to initiate review and agree plan

Interviews

Total 33 interviews undertaken.

Document Review

Additional documents reviewed.

Systems Analysis

A range of queries run over Mgt Databases impacting upon Operational risk information.

Triangulation

Cross matching of evidence to ensure understanding and relevance.

Hot De-brief

Members of the FARMSS team briefed DCFO Khuri, ACFO Sanders, AM Jackson and GM McKiniry on the issues emerging over the previous three days.

Report drafted

A draft report was prepared

Consultation

Consultation with HFRS on Draft Report

Final Report

Final Report submitted to HFRS


2.3 The first stage of any review is to get a sense and feel for an organisation

through desk top research. Prior to arriving in HFRS a range of documentation was requested by the review team to allow them to develop an understanding of the organisation and to give focus to the review itself. Most of the documentation sought and received related to:-

• Policies and Guidance relating to Operational Risk Information. • Organisational structures. • Determined roles and responsibilities. • Outcomes of organisational audits and reviews.

A significant amount of research by the review team initially focussed

upon recent reports, strategy documents and Authority plans; as well as the corporate risk register. In addition a significant amount of information is held on the Authority’s website.

2.3.1 The Audit and Review was specifically tailored to HFRS following initial

review of associated documentation, it was intended that it would consider issues such as:

• the potential duplication of effort in the gathering and storing of

operational risk information; • the competence and training of the personnel who gather, analyse

and use operational risk information; • the interface with the FSEC or similar risk databases, Fire Safety

Management databases, FireLink and Fire Control projects, and Local Resilience Forum.

2.3.2 On arrival agreement was reached on the personnel the review team

wished to interview, by role and responsibility, and the systems that they wished to analyse. During each phase of the review the FARMSS team had unrestricted access to the personnel who support the various operational risk management systems and the databases themselves.

2.4 Key Themes for Review

The Review focused on the following areas for both interviews with reference holders and the collection of evidence.

Capture and Management of Operational Risk Information

o Operational Data Management Policy o Key Organisational Roles o Data Capture Process o Storage of Data /Information

Command and Control System Mobile Data Terminals Fire Service Emergency Cover Community Fire Risk Management Information System HFRS Portal


Operational Practices Training Needs General


Chapter 3 Findings of Review of Operational Risk Information Systems

3.1 Capture and Management of Operational Risk Information

The management of operational risk information relies on the interaction of processes, individuals and systems, to enable the effective capture, holding and dissemination of information across the organisation. In order to describe this process for HFRS a diagram has been produced to indicate the interactions and key issues – See Figure 1 Operational Risk Information – Process Flow Chart below with the red lines depicting the current flow of potential risk critical information.

PersonnelFormsQA Roles

Electronic Systems

MDT’s HFRS Portal

CFRMIS

FSEC

CONTROL

A to D

A

B

SSRI/PP6

FSA – Part ALevel 1

Tech FSLevel 2

RiskPlan

Risk Card

A OperationalB Specialist Fire Safety OfficersC Command & ControlD Specialist & Non Operational Administration

RORM

CPUOSM/PSM

CPUSDM

Operational Pre-Plans

CMS

Transfer of risk Information to new format

Figure 1 Data Capture Process 3.1.1 Data Capture Process

Risk information that may be required in an operational environment is captured by different groups of personnel from across the organisation. These personnel groups are:

A. Operational B. Specialist Fire Safety Officers C. Service Control D. Specialist & Non-Uniformed Administration


There appeared to be no universal understanding across all four groups that they were contributing to the collection of information, with the common objective of managing operational risk. See Recommendation 1 FARMSS found that property and site specific risk issues are being identified and raised by a range of different personnel within the organisation, but that a significant number of these had not been progressed irrespective of whether Level 1 & 2 processes or PP6 processes were applied. The review team were advised that in some cases there was some confusion as personnel assumed that information captured at Level 1 & 2 would be automatically utilised to populate PP6, whilst in other cases there were significant numbers of forms that had not been entered onto the appropriate database due to lack of resources, though there are imminent plans to increase capacity to address this issue. The various forms used to capture risk information have been standardised by the introduction of the SSRI form based on Product 62, however this needs embedding across the organisation. See Recommendation 2) The awareness of relevant processes and procedures relating to the capture, management and subsequent use of operational risk information is an essential element of the competence of all individuals involved in this process. See Recommendation 3 3.1.2 Operational Data Management Policy Within HFRS there are a number of projects dealing with Operational Risk Information which have a significant level of interdependency in respect of an overall successful implementation e.g. Vision, MDT’s, Corporate Gazetteer, Corporate GIS, which present a high risk to the Authority if they fail or do not deliver on time and within budget. See Recommendation 4 A corporate gazetteer has been produced and is scheduled for go live with the replacement mobilising system in June 2010. The Corporate Gazetteer is an essential aspect for new mobilising system. Further work is required to attach the vast amount of legacy data to the property seeds. This is viewed as an organisational vision to resolve issues of silo working through introduction of NLPG Unique Number Referencing (URN). When questioned as to the quality of NLPG (LLPG) it was stated that there had been problems with variable quality of inputs from local authorities. It is agreed that this element in combination with a data cleansing exercise are key factors to the successful implementation of a cohesive operational data strategy. Recommendation 5 The FARMSS review team found that HFRS policies relating to operational risk information has been developed in line with the CFOA South East Region documentation. However whilst consideration has been given to the draft national guidance on the Provision of Operational Risk Information (published during the consultation phase), the HFRS policies have not adopted the national guidance wholesale and remain principally focused on the risk presented to the Firefighter. The FARMSS Review team believe that this places HFRS at risk, with limited emphasis being placed on the other operational risk areas where the Authority has a legislative responsibility. These risk areas include Societal & Individual Risk,


Environmental Risk, Heritage Risk, Community Risk and Economic Risk. See Recommendation 6 The review of site specific risk information has resulted in a prioritised ranked list with a frequency of visit;

• Very High - Annual • High - Annual • Medium - Every 2 Years • Low - Every 3 years • Very Low - Every 5 Years.

In the time available to the FARMSS Review team, and due to the fact that the five databases holding information on premises do not yet share a common premises identifier protocol, it has been impossible to identify the number of premises that fall into the above categories and, therefore, the potential workload for HFRS. See Recommendation 7 Since the alignment of the current CPU’s in January 2008 the RORM and RCC Sections have identified and worked hard to ensure that the operational risk information provided to operational personnel is current and relevant. We understand that the Service is currently in the process of aligning to Regional Command & Control (RCC) Product No.62 to their risk information processes (SSRI format). In time this will provide a standard template on which accurate and relevant information will be recorded. 3.1.3 Key Organisational Roles FARMSS queried whether there were robust systems for benchmarking information and were advised that the Resilience & Operational Risk Manager (RORM) and the Operational Support Managers (OSM’s) participate in a monthly ‘informal’ process to undertake a form of benchmarking. It is understood that no formal minutes of these meetings are kept. See Recommendation 8 3.1.4 Storage of Data/Information.

There are a number of electronic systems used for the storage of site/ premises operational risk data; these are:

Command and Control system – This is currently being upgraded from one

based on street mobilisation to an address specific system. Once done the premises URN needs communicating to crews on turnout to support retrieval of information from MDTs.

Whilst the CFRMIS database is being used to capture Level 1 information prior to entry to FSEC, this needs replicating for Level 2 information captured during Tech fire safety activity.

FSEC database primarily used for the analysis of risk related to the provision of fire cover.

Mobile Data Terminals (MDT’s) – holding site specific risk information in the cabs of appliances.


HFRS Portal – Holding Risk Cards, PP6 forms (both are in the process of being replaced or converted to the SSRI form).

3.1.5 Command and Control System

The Command and Control system currently utilises street based mobilising which is incompatible with premises specific information required on NLPG and for applying specific risk information to a building. However a Fortek ‘Vision’ system is being installed, which is programmed to go live in May this year. A great deal of work has been undertaken to plot operational risk premises utilising Unique Reference Numbering, and this work will assist in implementing the new system with specific premise/ address identification. Approximately 15 years of free text data is held on the existing system, which is unstructured information and not coded, with the result that it is extremely difficult to drill down into the data and extract meaningful information. However there is still some confusion as to who has responsibility for maintaining the availability of the information to operational personnel, however, data is in the process of being cleansed, with validated data being transferred to SSRI forms for upload on to MDTs and the Corporate Portal. However, this work is slow and lacks capacity. Implementing the new command and control system, whilst maintaining the availability of existing operational risk information to personnel as necessary, is risk critical with the number of management systems that are either currently being revised or rolled out in the near future. See Recommendation 7 The quality of Site Specific Operational Risk Information is extremely variable. Over the duration of the review a significant amount of risk information was considered and factors relating to its preparation and use were discussed with a number of personnel. Of some considerable concern was the Corporate decision made in 2005 to rationalise the detail contained within plans for Very High Risk Premises (known as Major Risk Plans) making them little more than contact information. It is acknowledged that these have been replaced by Operational Pre-plans, but these still need populating and priority needs to be on doing this as quickly as possible. See Recommendation 9

Recently Officers from the RORM Section and North Lincolnshire CPU worked together to replace the major risk plan for Humberside Airport. The outcome was a new format for operational pre-plans. That plan was an excellent example of a working SSORI document, albeit it would be further enhanced with CAD drawing of risk areas within the airports perimeter. To enhance all plans relating to high risk sites/premises to the standard of that developed for Humberside airport will take a significant amount of time and will be resource intensive. The Authority does not have any staff employed to prepare CAD drawings. See Recommendation 10 3.1.6 Mobile Data Terminals Each front line appliance is equipped with an MDT. These units provide access currently to between 500 and 600 premises - however this total represents only


just over 2% of the ‘other building’ stock identified within FSEC, although it is expected that this figure is likely to rise significantly. Evidence was presented to the review team that operational personnel seldom use the MDTs, illustrated by one of the personnel interviewed stating that ‘We don’t turn on the MDT’s because they are slow, overly complex, and they add no value', although adding that they may be used if attending incidents in an adjoining station area. This presents a significant risk to the organisation. See Recommendations 11 & 12 There was concern raised by a number of personnel about the resilience of the system, especially in terms of staff supporting the MDT’s, with currently only one Operational Risk Administrator post being employed to work specifically on the provision of mobile data information. Further, until the current roll-out of the Wi-Fi component of the system is completed, it is extremely difficult to input new or refreshed information into MDT’s, as this has to be done by physically visiting each HFRS site to update the system. 3.1.7 Fire Service Emergency Cover Model (FSEC)

The Fire Service Emergency Cover Model allows the profiling of risk information within the FRS topographical area, in respect of appliance attendance times, etc. The system provides extensive information as to the nature of the ‘other building types’ within the FRS area - this was initially provided from valuation office data sets. The FARMSS review team identified 26,845 ‘other’ premises within FSEC of which 59% of the data is still using the default values (never having been updated since first captured). See Table 1 below

Type Groups

No

% of Total of Other Types

Number of premises

updated from Default Values

Hospitals 47 0.2 41 Care Homes 565 2.1 532 HMO 1737 6.5 389 Purpose Built Flat 89 0.3 86 Hostel 40 0.1 40 Hotel 457 1.7 415 Converted Flat 153 0.6 153 Other Sleeping 311 1.2 287 Further Education 62 0.2 45 Public Building 233 0.9 117 Licensed Premises 1589 5.9 1145 School 580 2.2 363 Shop 8768 32.7 3532 Other Premises 1310 4.9 537 Factory 2567 9.6 1577 Office 3519 13.1 1220 Workplace 4818 17.9 507 Total 26845 100 10986

Table 1 FSEC 'Other Buildings' Risk Premises Profile


Page of 26 Final Version 14

The process of updating FSEC is driven by the completion of Operational (Level 1) and Fire Safety (Level 2) inspections which would initially be entered into CFRMIS and then subsequently FSEC. Unfortunately this is a manual process and therefore there are a significant number of records awaiting entry into FSEC. We were informed that there are potentially 15,000 records in CFRMIS waiting to be incorporated into FSEC, however, before this task can be undertaken a data cleansing process must be undertaken1. HFRS are awaiting the integration tool from Inogistics (Software developers of both FSEC and CFRMIS) to enable this task to be completed electronically. FRS’s have been waiting a number of years for this software integration tool. FSEC is a very powerful tool that that is capable of managing and manipulating operational risk information far beyond that required solely for the provision of Fire Service Emergency Cover. One of the main constraints on the use of FSEC has been that it has had to be stand alone in its operation. FARMSS understands that it is quite possible that the next version of FSEC Hardware (soon to be rolled out across the FRS’s) will have the potential to be linked with other databases within the individual Fire & Rescue Service. See Recommendation 7

3.1.8 Community Fire Risk Management Information System

The CFRMIS system is utilised for capturing information from fire safety enforcement and community fire safety visits. The process in respect of fire safety enforcement is to use the data captured from the CFOA Fire Safety Audit form (in paper format) and enter the data manually into CFRMIS. The full functionality of the CFRMIS system (operational / building specific information, workload planning, etc) is not currently adopted by HFRS. A breakdown of the premises types is shown below in Table 2. It should be noted that the numbers of ‘other buildings’ extracted from CFRMIS do not currently match the records contained with FSEC and this will need to be addressed as part of the data cleansing process referenced in footnote 1. See Recommendation 7 On examining CFRMIS, which captures Part A of the CFOA Fire Safety Audit Form, it was noted that a number of areas of operational risk are identified namely Firefighter, Environment, and Heritage. A total of 614 premises have been indentified as having an issue with regard to one or more of these risks groups. The most significant (358 premises = 58%) being in relation to firefighter safety (see Appendix ‘A’ which shows a list of premises currently identified within the CFRMIS system and which includes reference to the Fire Safety Management Status [Fsstatus] - indicating the standard of management within the premises [A being excellent and E being very poor]). This information has also been produced in respect of Environment (Appendix B) and Heritage (Appendix C). 1 The provision of a unique identifier for premises risk information is a key element to ensuring ‘accurate information is captured and maintained within HFRS systems. Reference to NLPG is made in Section 3.1.2

259

Reference to the above Appendices will show that they are a rich source of operational risk information. However whilst the CFRMIS system administrator provides printed reports of the specific risk information (captured from the Fire Safety Audit Form – Level 2) to the C&C personnel; it would appear that the information is not currently prioritised for data entry into any electronic system, or otherwise being made available to operational crews. This presents a significant risk to the organisation as there would be ‘guilty’ knowledge should an accident / injury occur. See Recommendation 13 Interrogation of the CFRMIS through a number of queries was undertaken by FARMSS and outcomes of those queries are detailed in the table, which show the breakdown of premises by type currently in the HFRS CFRMIS. ability to clarify some of the areas highlighted for clarification.

Type Groups

No

% of Total of Other Types

Hospitals 90 0.046069 Care Home 674 0.345002 HMO 861 0.440723 Purpose Built Flats >=4 Storeys 147 0.075245 Hostel 54 0.027641 Hotel 518 0.26515 House converted to flat 872 0.446353 other Sleeping accommodation 153309 78.47472 Further Education 120 0.061425 Public Building 255 0.130528 Licensed Premise 1886 0.965392 School 871 0.445841 Shop 7620 3.900471 Other premises open to the public 1761 0.901408 factory or warehouse 4225 2.162663 Office 4047 2.07155 Other workplace 17594 9.005892 Unknown 457 0.233926

Total 195361 100 Table 2 CFRMIS Premises Breakdown

The Review Team was informed that those members of Technical Fire Safety who did not have a background in operational fire fighting were unlikely to be able to identify risks of hazards to operational personnel. There is, therefore, the potential for these personnel to be (a) consulted on drawings/ proposals containing risks or hazards to operational personnel, or (b) to visit premises containing such risks or hazards, and not to be able to identify them as such. See Recommendation 14


3.1.9 Portal Information

HFRS utilise an intranet based information system (the FRS Portal) for capturing/ managing site specific operational risk information. Three document types exist: a. Risk Cards – recording information requirements for FRSA 7(2)(d) –

currently being replaced by SSRI form b. Risk Plans – High Risk premises information - currently being replaced by

Operational Pre Plans c. PP6 records for premises specific risk information – currently being replaced

by SSRI form

The revised SSRI (PP6) process needs to ensure that the time taken for risk information to be uploaded on to MDTs and the Corporate Portal once identified is kept to the minimum. See Recommendation 15 The Portal displays all records, regardless of status – new, amended, completed, etc, on screen and would probably benefit from additional filtering of information according to an individuals access level to ensure that appropriate action was being taken at the earliest opportunity. The Review team were informed that access to the Portal, and subsequently amending the data, was protracted and that this was a considerable disincentive to its use. See Recommendations 7 & 15 The PP6 (Site Specific Risk) Information, once approved by the Resilience & Operational Risk Manager, is placed on MDT’s and the FRS Portal - however it was indicated that no feedback is given to HFRS Personnel. See Recommendation 16 It was noted that specialist Fire Safety Officers are not informed of operational risks / hazards that are identified by operational personnel. As a result Fire Safety personnel may currently, or in the future, be dealing with premises that have been identified as containing an operational risk, without taking the identified risk into account. It should be noted that the Responsible Person (within the meaning of the Fire Safety (Regulatory Reform Order) should also be made aware of any issues that may impact on the safety of relevant persons in or around their premises. See Recommendation 17 3.2 Operational Risk Information The review team queried how risk information is captured and utilised after an incident, and were informed that there are no formalised arrangements for Formal Operational De-briefs. At present a Post Incident Review form (HS12) is used, which when complete is submitted to HQ Health and Safety Section. This process is soon to be replaced by a new policy for Operational De-briefs (the issue of a formal debriefing process was highlighted during an external audit in 2006) and a new draft document was produced in June 2009, although this has yet to be promulgated. See Recommendation 18 It was identified that new operational systems are focussing principally on Firefighter safety, for instance Procedure and Guidance Notes focus solely on


provisions of 7(2)(d) of the Fire & Rescue Services Act, and not those of 8(2)(d) and 9(3)(d). It is important that when collecting operational risk information consideration should be given to the full range of emergencies attended e.g. flooding, RTC’s, etc. It must be recognised that the legislation and guidance relevant to the roles and responsibilities of the Fire and Rescue Service for obtaining and providing Operational Risk Information is extensive. There is a significant amount of information published on the CLG Web Site, relating to legislative responsibilities and which in relation to operational risk information specifically includes:

• The Management of Health and Safety at Work Regulations 1999 • The Fire and Rescue Services (Emergencies) (England) Order 2007 • Civil Contingencies Act 2004 • Corporate Manslaughter and Corporate Homicide Act 2007

Service policies must be underpinned with relevant information and guidance, however the review team were unable to determine the links into the various risk information sources that currently exist, other than the draft consultation document that had been published by CLG. See Recommendations 19 3.2.2 Security of Information and Data Sharing

With the roll-out of the MDT’s concerns exist about the security of information in the Network. However the Review Team were informed that an officer from the service is now part of a CFOA led regional group which is considering Protective Security strategy and should report on requirements in the near future. It was noted that the Service are currently working towards ISO 27001. The sharing of data with a broad range of partners is a core element of working with other Category 1 and Category 2 Responders, and in developing other partnerships such as those relating to Crime & Disorder. However, currently the sharing of sensitive data with partners is not possible electronically as systems have not been developed to allow the transmission and receipt of sensitive information. Whilst a draft protocol has been produced with the ‘B’ Division of Humberside police it includes a range of technical security requirements which currently cannot be achieved by the Authority. A policy for protective marking in HFRS has been introduced but it appears that this is not being applied fully. A number of data sharing protocols have been drafted (but not implemented) that do not cover issues of protective security. The review team were informed that although the policy/ procedure for holding information relating to individuals has been refined (in order to alleviate issues pertaining to the Data Protection Act) – it is only provides partial anonymity. See Recommendation 20

All information on premises and risks will be held on MDT’s in appliance cabs. the opportunity for a review of the security of operational information should be undertaken to ensure that Authority is fully protected. See Recommendation 21


3.2.3 Training Needs In recent years the emphasis of operational exercises within the Service has been on themed training. However at the time of the review there appeared to be very little linkage between identified operational site or premises risk and training/ exercising requirements. In addition the Review Team was informed that the attendance of officers at those training exercises that were held was not a structured process. See Recommendations 22 & 23 The Review Team confirmed that methods of building construction are no longer included in recruit or ongoing training. This is considered to be a serious risk to operational personnel, as understanding the performance characteristics in a fire of both traditional methods of construction, and the many new building systems that have recently been developed and are increasingly being used, is considered essential. See Recommendation 24

Technical Fire Safety personnel undertake consultation with Building Control Bodies (Local Authority and Approved Inspectors), in respect of proposed new or materially altered buildings. These consultations focus on Part B (Fire Safety) of the Building Regulations. The review team were informed that the Technical Fire Safety personnel consider, and comment, only in respect to matters relating to Part B1 (Means of Warning and Escape), and Part B5 (Access and Facilities for the Fire Service). The Review Team believe that the legal requirement for consultation is in respect of the whole of Part B, as a complete understanding of the impact of Part B2 - Internal Fire Spread (Linings), Part B3 – Internal Fire Spread (Structure), and B4 - External Fire Spread, is essential to ensuring the adequacy of the proposed provision for B1 and B5 (the latter being of particular importance for the safety of operational personnel). See Recommendation 25 3.3 General Providing too much information, and thereby placing the recipient in ‘information overload’, is as serious as the failure to provide no risk information. The delivery of ‘Accurate, Relevant, and Timely’ information is key to the success of any emergency situation where decision making is crucial for the safety of firefighters, other emergency responders, members of the public, the environment, etc, and to ensuring a successful outcome. See Recommendation 26


4. Summary of Critical Elements identified in Review In Section 5 the report comments on the issues identified during the review, and makes a number of recommendations as a result of its findings. The following (also included in Section 5) are considered to be those critical findings and recommendations that will need to be actioned to underpin the subsequent development of a comprehensive and integrated operational risk management system. In no way is the omission, from this section, of any of the recommendations contained in Section 5 intended to detract from their importance. 4.1 The FARMSS review team found that HFRS policies relating to

operational risk information has been developed in line with the CFOA South East Region documentation. However whilst consideration has been given to the draft national guidance on the Provision of Operational Risk Information (published during the consultation phase), the HFRS policies have not adopted the national guidance wholesale and remain principally focused on the risk presented to the Firefighter. The FARMSS Review team believe that this places HFRS at risk, with limited emphasis being placed on the other operational risk areas where the Authority has a legislative responsibility. These risk areas include Societal & Individual Risk, Environmental Risk, Heritage Risk, Community Risk and Economic Risk. Recommendation 6. HFRS Operational Risk Policies, including the collection and dissemination of operational risk information, should encompass all areas where the Authority have a legislative responsibility, including Societal & Individual Risk, Environmental Risk, Heritage Risk, Community Risk and Economic Risk.

4.2 It is important that all the information on site and premises risk

information held in the various databases is accessible to those who have a legitimate reason for accessing that information.

Recommendation 7. A review should be undertaken of the different databases holding site and premises information, and the management of the information contained in them, with a view to ensuring that all operational risk information held for sites or premises is readily and speedily available for whoever has legitimate reasons for the accessing the information. A critical element of this will be the need to ensure that all the databases share a common premises identifier protocol.

4.3 Within HFRS there are a number of projects dealing with Operational

Risk Information e.g. Vision, MDT’s, Corporate Gazetteer, which present a High Risk to the Authority if they fail or do not deliver on time.

Recommendation 4. A high level programme plan should be developed which captures the critical path and interdependencies of each project relating to operational risk information, identifies any conflict and


ensures an integrated approach to the development of the various projects. This should be cross-referenced to the HFRS IT Strategy where appropriate.

Recommendation 5. A common unique identifier must be in place across all systems in order to reduce the risk of silo information. The development of the corporate gazetteer is therefore a key element of the strategic way forward, which should include links to the Vision FX C&C system, fire safety, FSEC, and the HFRS Portal, in order to reduce the risk to HFRS which will also demand a significant effort in respect of data cleansing across all systems.

4.4 The quality of Site Specific Operational Risk Information is extremely

variable. Of some considerable concern was the Corporate decision made in 2005 to rationalise the detail contained within plans for Very High Risk Premises (known as Major Risk Plans) making them little more than contact information. It is acknowledged that these have now been replaced by Operational Pre-plans, but these still need populating and priority needs to be on doing this as quickly as possible.

Recommendation 9. Whilst the decision to reduce the information held on Very High Risk sites or premises to a very basic level has been reviewed, priority should be given to populating operational pre-plans. In addition the detailed information would advise personnel, and control, who may be required to provide support at Silver or Gold Command level.

4.5 Potential specific operational risk information, irrespective of its source,

should be made available to all HFRS personnel who have a legitimate need to access that information.

Recommendation 13. Information on any site or premises that has been initially identified as presenting a specific operational risk, even if this ‘risk’ has not yet been verified by the RORM Section, as a matter of priority should be identified in the C & C system with an outline of the nature of the risk, and its status, being transmitted to the attending appliances. Recommendation 16. Each station should be informed, as soon as possible, of any new operational risk information for its station area (or any premises or site for which it could be reasonably expected to form the first attendance) as soon as it is placed on the MDT’s or temporarily held by the C & C system.

Recommendation 17. Technical Fire Safety should be informed, at the earliest opportunity, of any new operational risk information within its area as soon as it is placed on the MDT’s or temporarily held by the C & C system. A flag should be in place within the Fire Safety system to indicate that Site Specific Operational Risk Information on the premises has been identified, together with information on the nature of that risk.


4.6 Each front line appliance is equipped with an MDT. These units provide access currently to between 500 and 600 premises - however this total represents only just over 2% of the ‘other building’ stock identified within FSEC, although it is expected that this figure is likely to rise significantly. Evidence was presented to the review team that operational personnel seldom use the system, illustrated by one of the personnel interviewed stating that ‘We don’t turn on the MDT’s because they are slow, overly complex, and they add no value', although adding that they may be used if attending incidents in an adjoining station area. This presents a significant risk to the organisation. Recommendation 11. The use of MDT’s to provide operational risk information should be encouraged, and in particular ownership of the information, access to its use and ability to inform and support decision making for the benefit and safety of both operational personnel and society in general. Recommendation 12. The use of MDT’s should be audited to monitor their use, including the information they supply, to support incident command.

4.7 FARMSS were advised that the Resilience & Operational Risk Manager

and the Operational Support Managers (OSM’s) participate in a monthly ‘informal’ process to undertake a form of benchmarking. It is understood that no formal minutes of these meetings are kept.

Recommendation 8. A record of decisions taken at the meetings of the Resilience & Operational Risk Manager and the Operational Support Managers should be prepared and circulated as appropriate.

4.8 The Review Team was informed that those members of Technical Fire

Safety who did not have a background in operational fire fighting were unlikely to be able to identify risks of hazards to operational personnel. There is, therefore, the potential for these personnel to be (a) consulted on drawings/ proposals containing risks or hazards to operational personnel, or (b) to visit premises containing such risks or hazards, and not to be able to identify them as such.

Recommendation 14. All Technical Fire Safety personnel should have appropriate knowledge and understanding of those materials, processes, goods, systems, etc, that are a hazard or risk to fire fighters.


Chapter 5 Recommendations The recommendations made within this chapter of the report have been drawn from the evidence detailed within chapter 3, and include the recommendation contained in Section 4. 1. A steering group, consisting of all departments that contribute to or

utilise operational risk information, should be established to ensure that all departments have a full understanding of their contribution to operational preparedness

2. Depending on the Group concerned, all or part of the forms used to

capture operational risk information should have a common format. 3. All personnel likely to be involved the capture, management and

subsequent use of operational risk information should be trained to ensure that they have the appropriate knowledge, skills and understanding to undertake their role in the process.

4. A high level programme plan should be developed which captures the

critical path and interdependencies of each project relating to operational risk information, identifies any conflict and ensures an integrated approach to the development of the various projects. This should be cross-referenced to the HFRS IT Strategy where appropriate.

5. A common unique identifier must be in place across all systems in order

to reduce the risk of silo information. The development of the corporate gazetteer is therefore a key element of the strategic way forward, which should include links to the Vision FX C&C system, fire safety, FSEC, and the HFRS Portal, in order to reduce the risk to HFRS which will also demand a significant effort in respect of data cleansing across all systems.

6. HFRS Operational Risk Policies, including the collection and

dissemination of operational risk information, should encompass all areas where the Authority have a legislative responsibility, including Societal & Individual Risk, Environmental Risk, Heritage Risk, Community Risk and Economic Risk.

7. A review should be undertaken of the different databases holding site

and premises information, and the management of the information contained in them, with a view to ensuring that all operational risk information held for sites or premises is readily and speedily available for whoever has legitimate reasons for the accessing the information. A critical element of this will be the need to ensure that all the databases share a common premises identifier protocol.

8. A record of decisions taken at the meetings of the Resilience &

Operational Risk Manager (RORM) and the Operational Support Managers should be prepared and circulated as appropriate.


9. Whilst the decision to reduce the information held on Very High Risk sites or premises to a very basic level has been reviewed, priority should be given to populating operational pre-plans. In addition the detailed information would advise personnel, and control, who may be required to provide support at Silver or Gold Command level.

10. The provision of site drawings, or premises plans, is an efficient and

effective way of providing operational personnel with relevant operational risk information. Serious consideration should be given to the provision of a resource for the updating and conversion of legacy hard copy TFS plans to electronic versions and for the drawing and storing of new plans.

11. The use of MDT’s to provide operational risk information should be

encouraged, and in particular ownership of the information, access to its use and ability to inform and support decision making for the benefit and safety of both operational personnel and society in general.

12. The use of MDT’s should be audited to monitor their use, including the

information they supply, to support incident command. 13. Information on any site or premises that has been initially identified as

presenting a specific operational risk, even if this ‘risk’ has not yet been verified by the Risk Control Manager, as a matter of priority should be identified in the C & C system with an outline of the nature of the risk, and its status, being transmitted to the attending appliances.

14. All Technical Fire Safety personnel should have appropriate knowledge

and understanding of those materials, processes, goods, systems, etc, that are a hazard or risk to fire fighters.

15. The structure and content of portal should be reviewed to ensure that

optimum levels of operational information are available easily and speedily, and that all relevant pending management actions have been taken within appropriate timeframes.

16. Each station should be informed, as soon as possible, of any new

operational risk information for its station area (or any premises or site for which it could be reasonably expected to form the first attendance) as soon as it is placed on the MDT’s or temporarily held by the C & C system.

17. Technical Fire Safety should be informed, at the earliest opportunity of

any new operational risk information within its area as soon as it is placed on the MDT’s or temporarily held by the C & C system. A flag should be in place within the Fire Safety system to indicate that Site Specific Operational Risk Information on the premises has been identified, together with information on the nature of that risk.

18. The development of an effective debriefing process following incidents

should, together with the findings of the fire investigation teams, be


developed as essential processes in identifying operational risk information.

19. The available information, guidance and legislation, relevant to the

collection and provision of operational risk information, should be reviewed, including the CLG Web Site relating to IRMPs which identifies over 1500 elements of legislation and guidance that impact on, or provide support to, the fire & rescue service.

20. Data sharing protocols for data protection etc, should be reviewed to

ensure accuracy of information, and the ability of HFRS to share information with other Category 1 and 2 Responders.

21. Whilst it is assumed that the provision of data being transferred to

MDT’s is being addressed through the Firelink/ FiReControl project, the opportunity for a review of the security of operational information should be undertaken to ensure that Authority is fully protected.

22. Consideration should be given to the need to provide training relevant to

operational risks and hazards identified for the station areas concerned., and a process should be introduced to ensure that the learning outcomes from training exercises are taken into account for operational planning purposes.

23. Officer attendance at training exercise should be formalised in line with

the Personnel Development Review (PDR) process to ensure that their ‘core’ competencies are achieved/maintained.

24. All personnel should be trained in both traditional and modern methods

of construction to ensure that they can make maximum effective use of operational risk information whilst continuing to operate both effectively and safely inside a building.

25. Technical Fire Safety personnel must take into account all elements of

Part B of the Building Regulations, when being consulted by the Building Control Body.

26 The structure and nature of the information provided to incident

commanders, (particularly within first 10 minutes), should be reviewed to ensure that the information does not overload them and is provided in a form that will support decision making during an initial assessment.


Page of 26 Final Version 25

270

Documents

Humberside Fire and Rescue Authority Review of … Fire and Rescue Service Humberside Fire and Rescue Authority Review of Operational Risk Information Systems 19th March 2010 245