Emergency Management Portal

Executive Summary

The Emergency Management Portal is a web-based reporting tool that will provide senior management and operational teams at Headquarters (HQ) and missions with a centralized view of international emergencies affecting our missions around the world.  It will consolidate all emergency management activities and information for the purpose of monitoring, managing and reporting on international emergencies; humanitarian, consular, global health, security, environmental, technological, political and economic crises.  The portal will provide real-time situational awareness, analysis and lessons learned to improve emergency and crisis management.

The Emergency Management Portal is expected to have a very wide audience within DFAIT - HQ and also missions abroad (accessible via SIGNET and to Departmental Intranet users).  Any sectoral, geographic or mission officer may access the Emergency Management Portal for awareness of events related to their sphere of responsibilities.  However, in order for the Emergency Management Portal to remain an authoritative source of emergency management information, the portal will have user access restrictions for certain information management tasks.

It is these authorized users, along with the staff of the Emergency Operations Centre, who will have the authority to update the portal with updated information, including the latest situation reports.

The Consular Services and Emergency Management Branch at DFAIT is responsible for the provision of consular services to Canadian citizens travelling abroad.  The services provided vary in response to the nature of the event, or request, and range from answering calls from concerned relatives to evacuations in the event of conflicts or natural disasters.

Key Business Success Factors

Timely communication of information during a crisis is critical to the management of the crisis and its outcome.  The Portal will be the focal point to house all information pertinent to a crisis.  Access to this information needs to be timely, and the information concise and clear. 

The key business success factors to be achieved with the Emergency Management Portal are:

• Ease of usability providing timely and accurate information regarding emerging situations and associated facts. 
• Enabling rapid responses during times of crisis while fostering increased confidence levels in the information being disseminated.
• Reducing speculative interpretations of information and improving the overall awareness of the crisis situation;
• Centralized repository providing a focal point for maintaining key information leading to consistent messaging across the organization while reducing time invested entering or searching for similar / like information into silo programs; and
• Reducing the need to manage dissemination of information using e-mail distribution lists.

WorldReach, the vendor which supplies the Consular Case Management System (COSMOS) used by the Consular branch, has subsequently been contracted by DFAIT to augment the COSMOS suite of tools in order to provide the functionality requirements of the Emergency Management Portal.

Close attention will be paid throughout the development lifecycle of the Emergency Management Portal to a series of Critical Success Factors (CSFs) that have been established for the portal.  These CSFs have been derived from client workshops and also from lessons learned about the management of the H1N1 virus emergency.  The CSFs are:

• Less email.  Users will be directed to the portal for the latest information.
• Less “recipients list” management.  Users will be able to self-subscribe to information.
• Less confusion over versions and “what’s new?”  The latest information will be posted on the portal and time stamped.
• Provides overall view for DFAIT senior managers. A cartographic application will provide rapid understanding of situations.
• Not making assumptions about the mission’s working conditions. A mission’s infrastructure may be down and (for example) BlackBerry may provide a partial solution.
• Not using the Crisis Portal is OK.  Missions may phone in and dictate a situation report to the Emergency Management Operations Centre.
• Stability.  The portal software must be stable right from the start for effective use in emergencies.
• Integration with other systems (no data entry).  Systems integration and information sharing will provide an improved user experience.
• Information management (info-management team).  Good IM practices will ensure the portal remains the authoritative source of emergency-related information.
• Good response time (COSMOS is the benchmark).  The portal will be accessed from around the world and must be responsive in times of crises.

The Emergency Management Portal is designed to automatically access and present select emergency related information from other Departmental systems such as COSMOS, and the Register of Canadians Abroad (ROCA). No personal information is exchanged between the above systems and the Emergency Management Portal.

• COSMOS is DFAIT’s Consular case management system. The Emergency Management Portal will only be provided with a list of statistics associated with the emergency.
• ROCA is the Register of Canadians Abroad. The Emergency Management Portal will only be provided with the number of Canadians who may be affected by the emergency in a certain region.

In general, information from COSMOS and ROCA is displayed dynamically by the portal. Most statistical information received by the portal will not be stored or managed by the Emergency Management Portal. However, certain statistical information from either system is stored and managed on the Emergency Management portal. Furthermore, select information captured from COSMOS or ROCA may be edited and modified by the Emergency Watch and Response Center personnel, and/or the information manager, as needed. The Emergency Watch and Response Center is responsible for uploading all information, including the briefings and Qs &As. Missions will be responsible for uploading region-specific information.  Select experts from various DFAIT Branches will be given permission to upload information and data related to each specific emergency and region. 

The Emergency Management Portal will reside on the SIGNET-D network (DFAIT’s encrypted wide-area-network) and will only contain information up to the Protected ‘A’ level that is currently being stored or distributed by other means on the SIGNET-D network (e.g. email or shared drives). The update to the website is logged, and updates are performed by the system administrators. All notifications are sent through the Departmental email and Blackberry.

It is anticipated that future phases of the Emergency Management Portal will exchange crisis-related information with other Government departments (OGDs) as part of the Multi-Agency Situational Awareness System (MASAS) project.  As such, the portal’s architecture will be structured to ensure that it can adapt to Public Safety Canada’s MASAS architecture.  The MASAS project charter is to “establish an operational capability to enable the sharing and accessing of geospatial data and information between public safety and security community members in order to improve situational awareness.”  More information is available in the Multi-Agency Situational Awareness System Version 1.0 Architecture Model (November 5, 2008) and here: http://www.geoconnections.org/en/communities/publicsafety/index.html.

This information is provided to give the reader an understanding of the direction of the project but it should be noted that the first phases of the Emergency Management Portal will not be exchanging any information outside of the SIGNET network.

Privacy Risks

The Preliminary Privacy Impact Assessment (PPIA) that was completed provides insight into possible risks to personal information and recommends appropriate courses of action. The assessment was part of the Department’s commitment to protection of personal information.  It also meets the Management of Information Technology and Security Policy MITS requirements. The PPIA assessed the risks in accordance with the ten privacy principles listed below.

• Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles.
• Collection: The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
• Consent: The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
• Use: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
• Disclosure, Retention, & Disposition: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfilment of those purposes.
• Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
• Safeguarding: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information by the Department.
• Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
• Access: Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
• Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance.

The PPIA concludes that there is no additional requirement for a more comprehensive privacy assessment. However, it is recommended that DFAIT should undertake a Privacy Impact Assessment when this tool progresses into the next phases of its development, in which the Emergency Management website will be made available to other government departments such as the Royal Canadian Mounted Police, Department of National Defence, Canadian Food Inspection Agency, Treasury Board Secretariat, etc.