SNS Local Questions

SAFECOM Nationwide Surveys Generic Clearance

Attachment_1_sns_2023_local_version_03172023

SAFECOM Nationwide Survey

OMB: 1670-0048

Document [docx]

Download: docx | pdf

Shape9

OMB No. 1670-0048

Expiration date: 11/30/2025

SAFECOM Nationwide Survey Due Date: TBD

Paperwork Reduction Act Statement

The public reporting burden to complete this information collection is estimated at 30 minutes per response, including the time for reviewing instructions, searching existing data sources, gathering the data needed, and completing and submitting the information. The collection of information is voluntary. An agency may not conduct or sponsor, and a person is not required to respond to a collection of information, unless it displays a current valid Office of Management and Budget (OMB) control number and expiration date. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to [email protected] or via mail to:

ECD – ATTN: Mark Carmel Rm 967

CISA NGR STOP 0645

Cybersecurity and Infrastructure Security Agency

1110 N. Glebe Road

Arlington, VA 20598-0645

Confidentiality Statement

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) will track responses and participation; however, CISA will not collect personally identifiable information and only aggregated survey data will be made publicly available so that individual responses will not be distinguishable.

SAFECOM Nationwide Survey

SAFECOM in partnership with the U.S Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is conducting the SAFECOM Nationwide Survey (SNS). The SNS focuses on public safety organizations and their emergency communications capability needs and gaps. The SNS aims to achieve the following objectives:

Raise national awareness by reiterating how the role of emergency communications operability, interoperability, and continuity helps keep America safe, secure, and resilient;
Build industry knowledge by providing stakeholders with statistically valid data and findings on the current and future state of emergency communications;
Influence public policy by informing decision-makers and officials at all government levels about needed support for emergency communications, programs, and services; and
Drive capability improvements by identifying nationwide progress, best practices, and gaps, and by formulating data-driven, evidence-based guidance and resources.

Taking the Survey:

Plan: The estimated time to complete the SNS is 30 minutes; however, it does not need to be completed in one session.
Coordinate: SNS results will represent organizational-level responses. Each organization should identify a single point of contact who is responsible for completing the survey on behalf of the organization. This person is encouraged to coordinate with the appropriate colleagues to help answer questions on technical and operational subject matter.
Review: Respondents are encouraged to review the entire survey prior to starting it to determine which questions may require collaboration with colleagues across the organization.

Submissions:

SNS submissions are due by XXX.
For questions or technical assistance, e-mail [email protected], or call 1-800-915-5712.

Completed surveys can be returned via:

U.S. Postal Service to:

ECD – ATTN: Mark Carmel Rm 967

CISA NGR STOP 0645

Cybersecurity and Infrastructure Security Agency

1110 N. Glebe Road

Arlington, VA 20598-0645

A scanned copy e-mailed to: [email protected]; or
A faxed copy transmitted to: DHS – CISA, ATTN: Mark Carmel at XXX.

Question and Response Example

Format: The question below illustrates one of the survey’s matrix formats with hypothetical responses.

Guidance: Tips on how to answer matrix question types are listed below:

Read the question and pay close attention to any underlined terms.
From top to bottom, read the descriptions in the first column on the left.
From left to right, read the descriptions in the first row across the top.
Select one response per row (not by column) that best reflects your organization.
Definitions of key terms (“Capital Investments”) are listed below the answer options.

Select the responses that best characterize the funding of the following items related to the network/system(s) used by your organization: (For each row, select one response)

Funding Items	There is no funding for this item	There is funding, but it is insufficient to meet needs	There is funding, and it is sufficient for all needs	Funding is sufficient and has been identified to address needs beyond the current budget cycle	Don’t know	Not applicable
Network/system(s) – capital investments	☐		☐	☐	☐	☐
Network/system(s) – operating costs	☐		☐	☐	☐	☐
Network/system(s) – Maintenance	☐	☐		☐	☐	☐
Network/system(s) upgrade(s)	☐	☐	☐		☐	☐
Network decommissioning		☐	☐	☐	☐	☐
Applications and services development and implementation	☐	☐		☐	☐	☐
Telecommunications Service Priority (TSP)	☐	☐	☐		☐	☐

Capital Investments: Equipment and other one-time costs.

Network Decommissioning: The process of removing systems and equipment from active service.

Telecommunications Service Priority: A CISA program that authorizes National Security and Emergency Preparedness organizations to receive priority treatment for vital voice and data circuits or other telecommunications services.

Reminder: The completed matrix above is only one example of SNS question types and responses. Throughout the SNS, question formats change and present other instructions. For example, other instructions include the following prompts:

For each column, select one response;
For each column, select all that apply; and,
For each row, select one response per column.

Please remember to closely read all questions, underlined terms, and definitions. For any questions or technical help, e-mail [email protected] or call 1-800-915-5712. Thank you for your participation!

Demographic Questions

List your organization’s location: (For each line, enter one response; no acronyms)

State/Territory
County
Locality (e.g., city, town, district)
Zip Code

Enter your organization’s formal name (no acronyms/no abbreviations)

Select the responses that characterize your organization’s public safety discipline: (Select all that apply)

Fire
Law Enforcement
Emergency Medical Services
Emergency Management
Emergency Communications Center (ECC)/Public Safety Answering Point (PSAP)
Other Emergency Response Discipline

If your organization is characterized as “Fire,” answer Questions 3a-b.
If your organization is characterized as “Emergency Medical Services,” skip to Question 3b.
Otherwise, skip to Question 4.

3a. Select the response that best characterizes your organization’s fire department: (Select one response)

Wildland
Structural
Both

3b. Select the response that best characterizes the staffing structure of your organization: (Select one response)

Career
Volunteer
Hybrid

Select the response that best characterizes the role of the individual coordinating the survey response for your organization: (Select one response)

Executive Leadership
Senior Leadership
Supervisory Personnel
Investigative Personnel
Line and Support Personnel

Estimate the number of personnel in your organization: (Select one response)

Fewer than 50
51 – 250
251 – 500
Emergency Communications: The means and methods for exchanging communications and information necessary for successful incident management.
501 – 1,000
1,001 – 5,000
5,001 – 10,000
More than 10,000

Estimate the population size that your organization serves: (Select one response)

Fewer than 2,500
2,501 – 4,999
5,000 – 9,999
10,000 – 24,999
25,000 – 249,999
250,000 – 1 million
More than 1 million

Governance — the following questions address your organization’s involvement in decision-making groups.

My organization participates in informal decision-making groups that address emergency communications that include representatives from: (Select all that apply)

Within my organization
Other public safety organizations in the same jurisdiction
Other government organizations in the same jurisdiction that support public safety
Other local governments
State/territorial governments
Tribal governments/organizations
Federal departments/agencies
Nongovernmental organizations (NGO)/private sector
International/cross-border entities
My organization does not participate in informal decision-making groups

My organization participates in formal decision-making groups that address emergency communications that include representatives from: (Select all that apply)

Within my organization
Other public safety organizations in the same jurisdiction
Other government organizations in the same jurisdiction that support public safety
Other local governments
State/territorial governments
Tribal governments/organizations
Federal departments/agencies
NGOs/private sector
International/cross-border entities
My organization does not participate in formal decision-making groups

Shape5

Decision-Making Groups: A group or governing body with a published agreement that designates its authority, mission, and responsibilities.

Other Public Safety Organizations in the Same Jurisdiction: Other government agencies outside your own department (e.g., police department or sheriff’s office, fire department, ECCs/PSAPs, emergency management, emergency medical service agency).

Other Government Organizations in the Same Jurisdiction that Support Public Safety: Other government agencies (e.g., public health, public works, transportation, information technology).

Nongovernmental Organizations (NGO)/Private Sector: Non-profit or for-profit organizations participating in public safety/emergency communications planning, use or reconstitution (e.g., utilities, auxiliary communications, communication service providers, equipment operators, transportation, food distribution, Volunteer Organizations Active in Disasters).

International/Cross-Border Entities: Foreign organizations (e.g., Canadian or Mexican organizations).

Governance — the following questions address your organization’s involvement in decision-making groups.

Do your formal decision-making groups invite and/or recruit participants beyond first responders? (Select one response)

If your organization responds with “yes” answer Question 3a.
Otherwise, answer Question 4.

3a. What type of participants beyond first responders are invited to your organization’s formal decision-making groups? (Select all that apply)

Emergency Support Functions (ESF)* #1 – Transportation
ESF #2 – Communications
ESF#3 – Public Works and Engineering
ESF #4 – Firefighting
ESF #5 – Information and Planning
ESF #6 – Mass Care, Emergency Assistance, Temporary Housing, and Human Resources
ESF #7 – Logistics
ESF #8 – Public Health and Medical Services
ESF #9 – Search and Rescue
ESF#10 – Oil and Hazardous Materials Response
ESF #11 – Agriculture and Natural Resources
ESF #12 – Energy
ESF #13 – Public Safety and Security
ESF #14 – Cross-Sectional Business and Infrastructure
ESF #15 – External Affairs
Information Technology Advisors or Providers
Cybersecurity Advisors or Providers
Non-governmental Organizations (NGOs)
Private Sector
Academia

* Note: for definitions and more information regarding the Emergency Support Functions (ESF), please see the Federal Emergency Management Agency’s (FEMA) National Response Framework (NRF) at https://www.fema.gov/emergency-managers/national-preparedness/frameworks/response. The ESF list is based on FEMA’s NRF but is intended to also apply to relevant departments, agencies, and/or organizations at the state, local, tribal, and territorial levels. ESF categories may vary by state or local policy.

Do the decision-making groups in which your organization participates sufficiently support your organization’s need for communications: (For each row, select one response per column)

	For “day-to-day” situations?	For “out-of-the-ordinary” situations?
Operability	o Yes o No	o Yes o No
Interoperability	o Yes o No	o Yes o No
Continuity	o Yes o No	o Yes o No

Shape12

Decision-Making Groups: A group or governing body with a published agreement that designates its authority, mission, and responsibilities.

Other Government Organizations in the Same Jurisdiction that Support Public Safety: Other government agencies (e.g., public health, public works, transportation, information technology).

International/Cross-Border Entities: Foreign organizations (e.g., Canadian or Mexican organizations).

Operability: Ability to provide and maintain reliable communications functionality throughout the area of responsibility.

Interoperability: Ability of emergency response providers and relevant government officials to communicate across jurisdictions, disciplines, and levels of government as needed and as authorized.

Continuity: Ability to provide and maintain acceptable levels of communications during disruptions in operations.

Day-to-Day Situations: Situations within the general normal structure for an organization, including routine operations.

Out-of-the-Ordinary Situations: Situations that may stretch and/or overwhelm the abilities of an organization.

Governance — the following questions address your organization’s agreements.

Select the responses that best characterize the agreements your organization has made to enable emergency communications interoperability: (For each row, select one response). Note: Reading from left to right, the first four responses are progressive (i.e., to select the fourth response, an organization must have surpassed all of the first three response criteria)

	There are informal, undocumented agreements in practice with	There are published and active agreements with some	There are published and active agreements with most	Agreements are reviewed every 3-5 years, after system upgrades, or incidents that test capabilities with	Not Applicable
Other public safety organizations in the same jurisdiction	☐	☐	☐	☐	☐
Other government organizations in the same jurisdiction that support public safety	☐	☐	☐	☐	☐
Other local governments	☐	☐	☐	☐	☐
State/territorial governments	☐	☐	☐	☐	☐
Tribal governments/tribal organizations	☐	☐	☐	☐	☐
Federal departments/ agencies	☐	☐	☐	☐	☐
NGOs/private sector	☐	☐	☐	☐	☐
International/cross-border entities	☐	☐	☐	☐	☐

Shape14

Agreements: Formal mechanisms to govern interagency coordination and the use of interoperable emergency communications solutions.

Interoperability: Ability of emergency response providers and relevant government officials to communicate across jurisdictions, disciplines, and levels of government as needed and as authorized.

Other Government Organizations in the Same Jurisdiction that Support Public Safety: Other government agencies (e.g., public health, public works, transportation, information technology).

Published and Active Agreements: Memoranda of Understanding, Executive Orders, legislation, Intergovernmental agreements, etc.

International/Cross-Border Entities: Foreign organizations (e.g., Canadian or Mexican organizations).

Shape15

Governance — the following questions address your organization’s agreements and funding of your organization’s communications capabilities, regardless of whether the items it uses are owned, shared, or subscription-based.

Do your organization’s agreements meet its needs to achieve: (For each row, select one response per column)

	For “day-to-day” situations?	For “out-of-the-ordinary” situations?
Operability	o Yes o No	o Yes o No
Interoperability	o Yes o No	o Yes o No
Continuity	o Yes o No	o Yes o No

Select the responses that best characterize the funding of the following items related to the network/system(s) used by your organization: (For each row, select one response)

Funding Items	There is no funding for this item	There is funding, but it is insufficient to meet needs	There is funding, and it is sufficient for all needs	Funding is sufficient and has been identified to address needs beyond the current budget cycle	Don’t know	Not applicable
Network/system(s) – capital investments	☐	☐	☐	☐	☐	☐
Network/system(s) – operating costs	☐	☐	☐	☐	☐	☐
Network/system(s) – maintenance	☐	☐	☐	☐	☐	☐
Network/system(s) upgrade(s)	☐	☐	☐	☐	☐	☐
Network decommissioning	☐	☐	☐	☐	☐	☐
Applications and services development and implementation	☐	☐	☐	☐	☐	☐
Telecommunications Service Priority (TSP)	☐	☐	☐	☐	☐	☐
Nationwide Public Safety Broadband Network (NPSBN)/FirstNet	☐	☐	☐	☐	☐	☐
Integrated Public Alert & Warning System (IPAWS) alerting software	☐	☐	☐	☐	☐	☐
Next Generation 911 (NG911)	☐	☐	☐	☐	☐	☐

Shape18

Agreements: Formal mechanisms to govern interagency coordination and the use of interoperable emergency communications solutions.

Operability: Ability to provide and maintain reliable communications functionality throughout the area of responsibility.

Interoperability: Ability of emergency response providers and relevant government officials to communicate across jurisdictions, disciplines, and levels of government as needed and as authorized.

Continuity: Ability to provide and maintain acceptable levels of communications during disruptions in operations.

Day-to-Day Situations: Situations within the general normal structure for an organization, including routine operations.

Out-of-the-Ordinary Situations: Situations that may stretch and/or overwhelm the abilities of an organization.

Capital Investments: Equipment and other one-time costs.

Network Decommissioning: The process of removing systems and equipment from active service.

Governance — the following questions address the funding of your organization’s communications capabilities, regardless of whether the items it uses are owned, shared, or subscription-based.

Select the responses that best characterize the funding for the following items related to the equipment used by your organization: (For each row, select one response)

Funding Items	There is no funding for this item	There is funding, but it is insufficient to meet needs	There is funding, and it is sufficient for all needs	Funding is sufficient and has been identified to address needs beyond the current budget cycle	Don’t know	Not applicable
Equipment management	☐	☐	☐	☐	☐	☐
Equipment upgrades	☐	☐	☐	☐	☐	☐
Equipment disposal	☐	☐	☐	☐	☐	☐

Select the responses that best characterize the funding of the following related to the interoperability solutions used by your organization: (For each row, select one response)

Funding Items	There is no funding for this item	There is funding, but it is insufficient to meet needs	There is funding, and it is sufficient for all needs	Funding is sufficient and has been identified to address needs beyond the current budget cycle	Don’t know	Not applicable
Interoperability solutions – capital investments	☐	☐	☐	☐	☐	☐
Interoperability solutions – operating costs	☐	☐	☐	☐	☐	☐
Interoperability solutions – maintenance costs	☐	☐	☐	☐	☐	☐
Interoperability solutions – research and development	☐	☐	☐	☐	☐	☐

Select the responses that best characterize the funding of the following items related to cybersecurity within your organization: (For each row, select one response)

Items	There is no funding for this item	There is funding, but it is insufficient to meet needs	There is funding, and it is sufficient for all needs	Funding is sufficient and has been identified to address needs beyond the current budget cycle	Don’t know	Not applicable
Cybersecurity – capital investments	☐	☐	☐	☐	☐	☐
Cybersecurity – operating costs	☐	☐	☐	☐	☐	☐
Cybersecurity – maintenance costs	☐	☐	☐	☐	☐	☐

Shape21

Interoperability Solution: Any method, process, or system used to enable interoperability (e.g., radio swaps, channel or console cross-patching, shared systems or channels).

Governance — the following questions address the funding of your organization’s emergency communications capabilities.

Select the sources used by your organization to fund emergency communications: (Select all that apply)

Discretionary funding
Appropriated/dedicated funding (e.g., operational and/or capital budgets)
Grants
Bonds
Specialized taxes
Fees
Shared resources (e.g., operations and maintenance, systems, equipment, real estate)
Private individuals or organizations
Personally supplied communications equipment (e.g., bring-your-own device)
Don’t know

Select all organizations with whom your organization shares costs or resources: (For each column, select all that apply)

	Costs	Resources
Other public safety organizations in the same jurisdiction	☐	☐
Other government organizations in the same jurisdiction that support public safety	☐	☐
Other local governments	☐	☐
State/territorial governments	☐	☐
Tribal governments/organizations	☐	☐
Federal departments/ agencies	☐	☐
NGOs/private sector	☐	☐
International/cross-border entities	☐	☐
None	☐	☐

Shape24

Resources: Communications personnel, equipment, supplies, and facilities available or potentially available for assignment to incident operations and for which status is maintained.

Costs: Sharing the responsibility to pay, allocate budgeted funds, or contribute fiscal support for acquisition, operations, and maintenance expenses associated with emergency communications capabilities.

Other Government Organizations in the Same Jurisdiction that Support Public Safety: Other government agencies (e.g., public health, public works, transportation, information technology).

International/Cross-Border Entities: Foreign organizations (e.g., Canadian or Mexican organizations).

Governance — the following questions address your organization’s strategic planning for emergency communications.

Select the response that best characterizes your organization’s strategic planning process for emergency communications: (Select one response). Note: Responses are progressive (i.e., to select the fourth response, an organization must have surpassed all of the first three response criteria)

No planning process or plan is in place
A planning process is in place and a plan for addressing emergency communications is under development
A plan for addressing emergency communications is in place and operationalized by participating organizations
A plan for addressing emergency communications is in place and is reviewed annually, after system upgrades and incidents/events that test organizational capabilities

If your organization has “no planning process or plan in place,” skip to Question 14 on the next page.
Otherwise, answer Question 13a.

13a) Identify organizations included in your strategic planning processes for emergency communications: (Select all that apply)

Other public safety organizations in the same jurisdiction
Other government organizations in the same jurisdiction that support public safety
Other local governments
State/territorial governments
Tribal governments/organizations
Federal departments/agencies
NGOs/private sector
International/cross-border entities
None of the above

Shape28

Other Government Organizations in the Same Jurisdiction that Support Public Safety: Other government agencies (e.g., public health, public works, transportation, information technology).

Nongovernmental Organizations (NGO)/Private Sector: Non-profit or for-profit organizations participating in public safety/emergency communications planning, use or reconstitution (e.g., auxiliary communications, utilities, communication service providers, equipment operators, transportation, food distribution, Volunteer Organizations Active in Disasters).

International/Cross-Border Entities: Foreign organizations (e.g., Canadian or Mexican organizations).

Governance — the following question addresses your organization’s strategic planning for emergency communications.

Does your organization’s strategic planning process sufficiently meet its need for: (For each row, select one response per column)

	For “day-to-day” situations?	For “out-of-the-ordinary” situations?
Operability	o Yes o No	o Yes o No
Interoperability	o Yes o No	o Yes o No
Continuity	o Yes o No	o Yes o No

Standard Operating Procedures/Guidelines (SOPs/SOGs) – the following question addresses your organization’s SOPs/SOGs.

Select the responses that apply to your organization’s SOPs/SOGs: (Select all that apply)

No communications SOPs/SOGs currently exist

Communications personnel SOPs/SOGs exist (e.g., mobilization, deployment, demobilization)
Communications resources SOPs/SOGs exist (e.g., activation, deployment, deactivation)
SOPs/SOGs are updated on a regular basis

Shape31

Strategic Planning: A planning process that establishes organizational goals and identifies, scopes, and establishes requirements for the provisioning of capabilities and resources to achieve them.

Operability: Ability to provide and maintain reliable communications functionality throughout the area of responsibility.

Interoperability: Ability of emergency response providers and relevant government officials to communicate across jurisdictions, disciplines, and levels of government as needed and as authorized.

Continuity: Ability to provide and maintain acceptable levels of communications during disruptions in operations.

Day-to-Day Situations: Situations within the general normal structure for an organization, including routine operations.

Out-of-the-Ordinary Situations: Situations that may stretch and/or overwhelm the abilities of an organization.

Standard Operating Procedures (SOP): Generally, refers to a reference document or an operations manual that provides the purpose, authorities, duration, and details for the preferred method of performing a single function or a number of interrelated functions in a uniform manner.

Standard Operating Guidelines (SOG): A document that outlines best practices. They are not mandatory, but help personnel follow the rules while allowing for flexibility.

Standard Operating Procedures/Guidelines (SOPs/SOGs) – the following questions address your organization’s SOPs/SOGs.

If “no communications SOPs/SOGs currently exist” for your organization, skip to Question 16 on page 17.
Otherwise, answer Questions 15a-d.

Shape32

Shape34 15a) Select the responses that best characterize your organization’s SOPs/SOGs: (For each row, select one response). Note: Reading from left to right, the first four responses are progressive (i.e., to select the fourth response, an organization must have surpassed all of the first three response criteria)

	Informal practices and procedures are in place	Formal policies/ practices/ procedures enable day-to-day situations’ interoperability	Formal policies/ practices/ procedures enable out-of-the-ordinary situations’ interoperability	Processes for SOP/SOG development and review exist for consistency across responders	Not Applicable
Within my organization	o	o	o	o	o
With other public safety organizations in the same jurisdiction	o	o	o	o	o
With other government organizations in the same jurisdiction that support public safety	o	o	o	o	o
With other local governments	o	o	o	o	o
With state/territorial governments	o	o	o	o	o
With tribal governments/organizations	o	o	o	o	o
With federal departments/ agencies	o	o	o	o	o
With NGOs/private sector	o	o	o	o	o
With international/ cross-border entities	o	o	o	o	o

Shape35

SOP: Generally, refers to a reference document or an operations manual that provides the purpose, authorities, duration, and details for the preferred method of performing a single function or a number of interrelated functions in a uniform manner.

SOG: A document that outlines best practices. They are not mandatory, but help personnel follow the rules while allowing for flexibility.

Other Government Organizations in the Same Jurisdiction that Support Public Safety: Other government agencies (e.g., public health, public works, transportation, information technology).

Nongovernmental Organizations (NGO)/Private Sector: Non-profit or for-profit organizations participating in public safety/emergency communications planning, use or reconstitution (e.g., auxiliary communications, utilities, communication service providers, equipment operators, transportation, food distribution, Volunteer Organizations Active in Disasters).

International/Cross-Border Entities: Foreign organizations (e.g., Canadian or Mexican organizations).

Standard Operating Procedures/Guidelines (SOPs/SOGs) – the following questions address your organization’s SOPs/SOGs.

If “no communications SOPs/SOGs currently exist” for your organization, skip to Question 16 on the next page.
If not, answer Questions 15b-d.

Shape36

Shape38 15b) Select the guidelines or standards that have influenced your organization’s communications SOPs/SOGs: (Select all that apply)

Local guidance
State guidance
Territorial guidance
Tribal guidance
National/federal guidance
Industry guidance (e.g., vendor, provider, trade organization)
None of the above

15c) Select the national/federal sources, guidelines, or standards that have influenced your organization’s communications SOPs/SOGs: (Select all that apply)

Communications Security, Reliability, and Interoperability Council's (CSRIC) guidance
Criminal Justice Information Services (CJIS) guidance
DHS Communications Sector-Specific Plan (CSSP)
DHS Project 25 (P25) Compliance Assessment Program Approved (Grant Eligible) Equipment List
Federal Partnership for Interoperable Communications (FPIC)
Federal Plain Language Guidelines
Information Sharing and Analysis Centers (ISAC)
Information Sharing and Analysis Organizations (ISAO)
National Emergency Communications Plan (NECP)
National Infrastructure Protection Plan (NIPP)
National Interoperability Field Operations Guide (NIFOG)
National Incident Management System (NIMS)/Incident Command System (ICS) guidance
National Information Exchange Model (NIEM) guidance
National Institute of Standards and Technology (NIST) Cybersecurity Framework
National Response Framework (NRF)
NIMS/ICS Communications Unit
SAFECOM Approach for Developing an Interoperable Information Sharing Framework (ISF)
SAFECOM Guidance on Emergency Communications Grants
SAFECOM Interoperability Continuum
Other joint SAFECOM/National Council of Statewide Interoperability Coordinators (NCSWIC) guidance (e.g., Guidelines for Encryption in Land Mobile Radio [LMR] Systems, Next Generation 911 [NG911] Cybersecurity Primer)
Other
None of the above

Shape39

Standard Operating Guidelines (SOG): A document that outlines best practices. They are not mandatory, but help personnel follow the rules while allowing for flexibility.

Standard Operating Procedures/Guidelines (SOPs/SOGs) – the following questions address your organization’s SOPs/SOGs.

Shape40 15d) Select the topics that are included in your organization’s SOPs/SOGs: (Select all that apply)

Land mobile radio (LMR)
Broadband
Project 25 (P25) encryption
Social media
Cybersecurity
Priority Telecommunications Services
Next Generation 911 (NG911)
Alerts, warnings, and notifications (e.g., Wireless Emergency Alert, Emergency Alert System)

Continuity of communications (e.g., resiliency, redundancy, primary/secondary/backup)
Physical security
Position, navigation, and timing (PNT)
None of the above

Do your organization’s SOPs/SOGs sufficiently support its need for: (For each row, select one response per column)

	For “day-to-day” situations?	For “out-of-the-ordinary” situations?
Operability	o Yes o No	o Yes o No
Interoperability	o Yes o No	o Yes o No
Continuity	o Yes o No	o Yes o No

Shape42

Standard Operating Guidelines (SOG): A document that outlines best practices. They are not mandatory, but help personnel follow the rules while allowing for flexibility.

Priority Telecommunications Services: Three services (Government Emergency Telecommunications Service, Wireless Priority Services, Telecommunications Service Priority) that enable essential personnel to communicate when networks are degraded or congested (Government Emergency Telecommunications Service, Wireless Priority Services, Telecommunications Service Priority).

Continuity of Communications: The ability of emergency response agencies to maintain communications capabilities when primary infrastructure is damaged or destroyed.

Operability: Ability to provide and maintain reliable communications functionality throughout the area of responsibility.

Interoperability: Ability of emergency response providers and relevant government officials to communicate across jurisdictions, disciplines, and levels of government as needed and as authorized.

Continuity: Ability to provide and maintain acceptable levels of communications during disruptions in operations.

Day-to-Day Situations: Situations within the general normal structure for an organization, including routine operations.

Out-of-the-Ordinary Situations: Situations that may stretch and/or overwhelm the abilities of an organization.

Technology — the following questions address your organization’s technology solutions.

Select the interoperability solutions your organization employs, regardless of whether the systems in use are owned, shared, or subscription-based: (Select all that apply)

Channel/console cross-patching
Cloud-based environment
Commercial wireless equipment (e.g., bring-your-own-device)
Commercial wireless equipment (e.g., government furnished equipment)
Commercial wireless service offering (e.g., mission critical push-to-talk [MCPTT], direct mode)
Common applications (e.g., use of same or compatible applications to share data)
Console-to-console intercom interconnections (e.g., center-to-center voice and data)
Crossband repeaters
Custom-interfaced applications (e.g., custom linking of proprietary applications or use of middleware to share data)
Data exchange hubs (e.g., computer-aided dispatch [CAD]-to-CAD, integrated message switching systems [MSS])
Deployable audio/gateway switch
Deployable site infrastructure (e.g., cell on wheels [COW]/cell on light truck [COLT], transportable land-mobile radio)
Established channel sharing agreements
Fixed audio/gateway switch
Inter-Radio Frequency (RF) Subsystem Interface (ISSI)/Console
Console Subsystem Interface (CSSI)
Mobile command post/mobile communications center
Mutual aid channels/talkgroups (e.g., shared channels/talkgroups)
Nationwide Public Safety Broadband Network (NPSBN)/FirstNet
National Information Exchange Model (NIEM)-based data exchange
National Public Safety Planning Advisory Committee (NPSPAC) channels
One-way standards-based sharing of data (e.g., applications to “broadcast/push” or “receive/pull” data from systems)
Radio cache/radio exchange
Radio reprogramming
Shared system (conventional or trunked)
Standards-based shared systems (e.g., Project 25 [P25])
None of the above

Select the types of information that are exchanged between your organization and others: (Select all that apply)
- Voice
- Video
- Geographic information system (GIS) data
- Evacuee/patient tracking data
- Accident/crash (telematics) data
- Resource data (available equipment, teams, shelter/hospital beds)
- Biometric data
- Computer-Aided Dispatch (CAD) data
- Automatic vehicle location (AVL) data
- Common operating picture data/Situational awareness
- Records management system (RMS)
- Threat intelligence data
- Sensor or Internet of Things (IoT)-based data
- Other types of data

Shape45

Interoperability: Ability of emergency response providers and relevant government officials to communicate across jurisdictions, disciplines, and levels of government as needed and as authorized.

Technology — the following questions address your organization’s technology solutions, regardless of whether the systems in use are owned, shared, or subscription-based.

Select the extent to which the following factors have impacted your organization’s ability to communicate: (For each row, select one response)

Factors	None	Little extent	Some extent	Great extent	Not applicable
Unplanned system/equipment failure	☐	☐	☐	☐	☐
Excessive planned downtime	☐	☐	☐	☐	☐
Frequency interference	☐	☐	☐	☐	☐
System congestion (e.g., limited spectrum capacity, insufficient frequencies)	☐	☐	☐	☐	☐
Cybersecurity disruption or breach	☐	☐	☐	☐	☐
Poor coverage (in-building)	☐	☐	☐	☐	☐
Poor coverage (outdoors)	☐	☐	☐	☐	☐
Poor subscriber unit quality	☐	☐	☐	☐	☐
Insufficient site hardening	☐	☐	☐	☐	☐
Insufficient system/equipment redundancy	☐	☐	☐	☐	☐
Insufficient route diversity	☐	☐	☐	☐	☐
Insufficient wireless voice application interoperability	☐	☐	☐	☐	☐
Insufficient wireless data application interoperability	☐	☐	☐	☐	☐
Deferred maintenance	☐	☐	☐	☐	☐
Deferred capital expenditures	☐	☐	☐	☐	☐
Diminished service due to adding users from beyond our organization	☐	☐	☐	☐	☐
System/equipment failure beyond the ownership or control of our organization	☐	☐	☐	☐	☐
Incompatibility of proprietary systems, modes, and algorithms	☐	☐	☐	☐	☐

Does your organization have the appropriate infrastructure, systems, equipment, and facilities to continue to communicate (i.e., achieve continuity of communications): (For each row, select one response)

Strongly disagree

Disagree

Neutral

Agree

Strongly

agree

For “day-to-day” situations?

☐

For “out-of-the-ordinary” situations?

☐

Shape48

Insufficient System/Equipment Redundancy: Inability of additional or duplicate communications assets to share the load or provide backup to the primary asset.

Insufficient Route Diversity: A single point of failure or dependence on a single provider causing diminished ability to communicate (e.g., backhaul servers buried cable and causes outage).

Day-to-Day Situations: Situations within the general normal structure for an organization, including routine operations.

Out-of-the-Ordinary Situations: Situations that may stretch and/or overwhelm the abilities of an organization.

Continuity of Communications: The ability of emergency response agencies to maintain communications capabilities when primary infrastructure is damaged or destroyed.

Technology — the following questions address the sufficiency of your organization’s technology solutions.

Does your organization have the appropriate fixed, portable, mobile, deployable, and/or temporary solutions to support interoperability? (For each row, select one response)

Strongly disagree

Disagree

Neutral

Agree

Strongly

agree

For “day-to-day” situations?

☐

For “out-of-the-ordinary” situations?

☐

Select the response that best characterizes how well your organization’s communications systems meet its mission requirements: (Select one response)

Systems do not currently meet mission requirements
Systems meet only basic mission requirements
Systems meet mission requirements of day-to-day situations, but not out-of-the-ordinary situations
Systems meet all mission requirements of day-to-day and most out-of-the-ordinary situations

Cybersecurity — the following questions address your organization’s approach to cybersecurity.

Has your organization engaged in cybersecurity planning and/or implementation? (Select one response)

Shape51

Interoperability: Ability of emergency response providers and relevant government officials to communicate across jurisdictions, disciplines, and levels of government as needed and as authorized.

Day-to-Day Situations: Situations within the general normal structure for an organization, including routine operations.

Out-of-the-Ordinary Situations: Situations that may stretch and/or overwhelm the abilities of an organization.

Cybersecurity — the following questions address your organization’s approach to cybersecurity.

If your organization “has engaged in cybersecurity planning or implementation,” answer Questions 23a-c.
Otherwise, skip to Question 24 on page 24.

Shape53 23a) Select the cybersecurity planning measures your organization uses: (Select all that apply)

Risk assessment
Incident response plans/policies
Vulnerability response plans/policies
Coordination lead (e.g., incident manager)
Incident response team (IRT)
Integration of cyber threat intelligence (CTI) sources
Means for collecting digital forensics and other data or evidence
Agreement with another entity that provides cybersecurity services (e.g., commercial vendor, internal IT department or function)
Cybersecurity insurance
Recovery exercises (e.g., use of failover systems, backup recovery)
None of the above

23b) Select the cybersecurity measures that your organization has implemented: (Select all that apply)

Single factor authentication (e.g., passwords)
Multi-factor authentication (e.g., smart cards, personal identification verification [PIV] cards, tokens)
Continuous monitoring (e.g., antivirus, intrusion detection)
Backups
Automated updates
Failover system
Hardened workstations for monitoring and response activities
Disk and active memory imaging
Coordinated response and restoration activities with internal and external parties
Post-incident lessons learned analysis (e.g., hotwash, after-action report)
None of the above

Cybersecurity — the following questions address your organization’s approach to cybersecurity.

If your organization has implemented “continuous monitoring” answer Question 23b1.
Otherwise, skip to Question 23b2.

Shape55

Shape56 23b1) Indicate which continuous monitoring capabilities your organization uses: (Select all that apply)

Antivirus (AV) software
Endpoint detection and response (EDR) solutions
Data loss prevention (DLP) capabilities
Intrusion detection and prevention systems (IDPS)
Authorization, host, application, and cloud logs
Network flows
Packet capture (PCAP)
Security information and event management (SIEM) systems
Other

If your organization has implemented “backups,” answer Question 23b2.
Otherwise, skip to Question 24 on page 23. Otherwise, skip to Question 24 on page 24.

23b2) Indicate which backup capabilities and practices your organization uses: (Select all that apply)

Manual backups
Automated backups
Offline backups
Frequent training on backups
Exercises on restoring from backups
Other

Cybersecurity — the following questions address your organization’s approach to cybersecurity.

If your organization “has engaged in cybersecurity planning or implementation,” answer Questions 23a-c.
Otherwise, skip to Question 24 on the page 23.Otherwise, skip to Question 24 on the next page..

Shape59

Shape60 23c) Select the CISA cybersecurity resources your organization uses in its cybersecurity planning and implementation: (Select all that apply)

Advanced Malware Analysis Center (AMAC) Services
Assessment Evaluation and Standardization Program (AES)
CISA Central
Cyber Essentials
Cyber Infrastructure Survey
Cyber Resiliency Review (CRR)
Cybersecurity Advisory (CSA) Program
Cybersecurity Assessment and Risk Management Approach
Cybersecurity Evaluation Tool (CSET®)
Continuous Diagnostics and Mitigation (CDM)
Enhanced Cybersecurity Services (ECS)
External Dependencies Management (EDM) Assessment
Federal Virtual Training Environment (FedVTE)
Hunt and Incident Response Team (HIRT) Services
ICTAP 9-1-1/PSAP/LMR Cyber Assessment
ICTAP 9-1-1/PSAP/LMR Cyber Awareness Course
Joint Cyber Defense Collaborative (JCDC)
Public Safety Communications and Cyber Resiliency Toolkit
Remote penetration testing (RPT)
Vulnerability/cyber hygiene scanning
Web application scanning
None of the above

Cybersecurity — the following questions address your organization’s approach to cybersecurity.

In the event of a cyber incident, which entities are alerted or engaged by your organization? (Select all that apply)

Agency’s own IT resources
Parent organization or agency’s IT resources
IT cybersecurity vendor
Organizations with interconnected networks (e.g., equipment vendors, partner agencies)
Cybersecurity and Infrastructure Security Agency (CISA) (e.g., CISA Central, Automated Indicator Sharing [AIS])
Federal Bureau of Investigation (FBI) (e.g., field offices, Internet Crime Complaint Center [IC3], InfraGard)
Multi-State Information Sharing and Analysis Center (MS-ISAC)®
United States Secret Service
Region-based support
State-based support (e.g., National Guard, fusion center, state-sponsored cyber unit)
Local-based support beyond the immediate organization
Tribal-based support
Other
None of the above

Indicate the types of cyber attacks that your organization has experienced: (Select all that apply)

Phishing/email spoofing attack
Ransomware attack
Password or credential attack (i.e., unauthorized use of password or credential)
Denial of service attack
Telephony denial of service (TDoS) attack
Jamming
Domain name service (DNS) tunneling attack
Doxing attack (i.e., data access with information threatened to be sold or revealed)
Other malware (e.g., viruses, trojans)
Internet of Things-based attack (i.e., attacker entered network through “smart” devices or systems)
Other types of attack (e.g., SQL injection, cross-scripting, eavesdropping)
Attacks of unknown type
Our organization has not identified any cyber attacks
Don’t know

Cybersecurity — the following questions address your organization’s approach to cybersecurity.

Complete this sentence: “Our organization is _______________ in our ability to detect and respond to cybersecurity threats and vulnerabilities.” (Select one response)

Not confident
Somewhat confident
Confident
Very confident

Complete this sentence: “Since 2018, cybersecurity incidents have had _______________ on the ability of our organization to communicate.” (Select one response)

Severe impact
Some impact
Minimal impact
No impact
Don’t know

Shape65

Physical Security — the following question addresses your organization’s physical security posture.

Select the response that best characterizes your organization’s physical security for facilities and communications infrastructure: (For each row, select one response). Note: Reading from left to right, responses are progressive (i.e., to select the third response, an organization must have surpassed both of the first two response criteria)

	Physical security is present only as a consequence of other requirements (e.g., building codes, zoning requirements, architectural recommendations/guidance, SOPs/SOGs) and what may be found in a similar commercial building or facility	Solution sets designed and implemented for the intended occupancy, purpose, and use of the building/facility	Mitigation, response, and recovery procedures identified through formal risk assessment(s) are regularly trained and exercised, incorporating the physical security
Facilities	o	o	o
Communications infrastructure	o	o	o

Shape66

Facilities: Structures and premises staffed on a day-to-day or around-the-clock basis, including Emergency Communications Centers/Public Safety Answering Points, police, fire, and emergency medical stations, and emergency operations centers.

Communications Infrastructure: Fixed structures and deployable platforms that shelter communications equipment, including tower and repeater sites, data centers, network hubs, and console systems.

Training – the following questions address your organization’s end user training practices for emergency communications.

Select the responses that best characterize your organization’s emergency communications training: (Select one response)

No personnel have received training
Personnel have received informal training, at most
Some personnel have received formal training
Substantially all personnel have received formal and regular training

If “no personnel have received training” in your organization, skip to Question 30 on the next page.
Otherwise, answer Questions 29a–c.

29a) Evaluations of training are documented and assessed along with the changing operational environment to adapt future training to address gaps and needs. (Select one response)

29b) Select the topics that are included in your organization’s emergency communications training: (Select all that apply)

National Incident Management System (NIMS) Incident Command System (ICS)
Software training/refresher
Communications Unit (COMU)
Commonly used frequencies
Frequency jamming detection/location
Equipment training/refresher
Backup systems
Cybersecurity
Radio/device encryption
Radio etiquette and terminology
National Interoperability Field Operations Guide (NIFOG)
Continuity procedures
Health and wellness (e.g., ergonomics, fatigue)
Psychological impacts of video and data use (e.g., overload, consumption of disturbing/graphic images)
Interoperability plans and practices specific to our organization
Priority Telecommunications Services
End User: Individuals receiving or transmitting information.

Personnel: Individuals responsible for communications installations, operations, and maintenance.

Informal Training: Training with no lesson plans or assessments of student performance; may be on-the-job training or educational materials.

Formal Training: Training that includes a lesson plan and an assessment of student performance, change or behavior; may be in a classroom or on-the-job.

Interoperability: Ability of emergency response providers and relevant government officials to communicate across jurisdictions, disciplines, and levels of government as needed and as authorized.

Priority Telecommunications Services: Three services (Government Emergency Telecommunications Service, Wireless Priority Services, Telecommunications Service Priority) that enable essential personnel to communicate when networks are degraded or congested (Government Emergency Telecommunications Service, Wireless Priority Services, Telecommunications Service Priority).
None of the above

Training – the following questions address your organization’s end user training practices for emergency communications.

If “no personnel have received training” in your organization, skip to Question 30.
Otherwise, answer Questions 29c.

Shape71

Shape72 29c) Select the external groups that are included in your organization’s emergency communications training: (Select all that apply)

Other public safety organizations in the same jurisdiction
Other government organizations in the same jurisdiction that support public safety
Other local governments
State/territorial governments
Tribal governments/organizations
Federal departments/agencies
NGOs/private sector
International/cross-border entities
None of the above

Are your organization’s personnel adequately trained in: (For each row, select one response per column)

	For “day-to-day” situations?	For “out-of-the-ordinary” situations?
Operability	o Yes o No	o Yes o No
Interoperability	o Yes o No	o Yes o No
Continuity	o Yes o No	o Yes o No

Shape74

Other Government Organizations in the Same Jurisdiction that Support Public Safety: Other government agencies (e.g., public health, public works, transportation, information technology).

International/Cross-Border Entities: Foreign organizations (e.g., Canadian or Mexican organizations).

Personnel: Individuals responsible for communications installations, operations, and maintenance.

Operability: Ability to provide and maintain reliable communications functionality throughout the area of responsibility.

Interoperability: Ability of emergency response providers and relevant government officials to communicate across jurisdictions, disciplines, and levels of government as needed and as authorized.

Continuity: Ability to provide and maintain acceptable levels of communications during disruptions in operations.

Day-to-Day Situations: Situations within the general normal structure for an organization, including routine operations.

Out-of-the-Ordinary Situations: Situations that may stretch and/or overwhelm the abilities of an organization.

Exercises – the following questions address your organization’s exercises.

Does your organization participate in or conduct exercises? (Select one response)

If your organization DOES “participate in or conduct exercises,” answer Questions 31a–c.
If your organization DOES NOT “participate in or conduct exercises,” skip to Question 31d on the next page.

31a) Select the types of capabilities included as part of the exercises in which your organization either participates or conducts: (Select all that apply)

Communications operability (voice)
Communications operability (data)
Communications interoperability (voice)
Communications interoperability (data)
Communications continuity (voice)
Communications continuity (data)
Cyber incident response and recovery
Radio/device encrypted interoperability
Social media
None of the above

31b) Select the types of roles included as part of the exercises in which your organization either participates or conducts: (Select all that apply)

Auxiliary Communications (AUXCOMM)
Incident Tactical Dispatch (INTD)
Communications Unit Leader (COML)
Communications Unit Technician (COMT)
Communications Coordinator (COMC)
IT Service Unit Leader (ITSL)
Mobile command post/mobile communications center
None of the above

31c) Select the statement that best characterizes how your organization evaluates communications as an exercise objective: (Select one response)

Communications is not an exercise objective
Communications is not evaluated
Communications is evaluated but not documented
Communications is evaluated and documented
Communications is evaluated and documented in accordance with the Homeland Security Exercise Evaluation Program (HSEEP)

Shape78

Interoperability: Ability of emergency response providers and relevant government officials to communicate across jurisdictions, disciplines, and levels of government as needed and as authorized.

Continuity: Ability to provide and maintain acceptable levels of communications during disruptions in operations.

Auxiliary Communications (AUXCOMM): Backup emergency radio communications provided by volunteers who support public safety and emergency response professionals and their agencies.

Exercises – the following questions address your organization’s exercises.

If your organization DOES NOT “participate in or conduct exercises,” answer Question 31d.
Otherwise, skip to Question 32.

31d) My organization does not participate in exercises because it has: (Select all that apply)

No personnel for exercise coordination
Chronically low staffing levels
No funding available to participate in exercises sponsored by other organizations
No funding available to backfill personnel attending exercises
Insufficient overtime funding to allow staff to participate in exercises conducted by my organization
Insufficient overtime funding to allow staff to participate in exercises conducted by other organizations
Limited exercises opportunities
Competing organizational priorities
None of the above

Complete this sentence: “My organization ___________ emergency communications-focused exercises.” (Select one response)

Does not participate in or conduct
Participates in
Conducts
Participates in and conducts

If your organization does not “participate in or conduct emergency communications-focused exercises,” skip to Question 33 on page 32.
Otherwise, answer Questions 32a-g.

Shape82

32a) Select the types of emergency communications-focused exercises your organization participates in or conducts: (Select all that apply)

Simulations
Equipment tests and/or drills
Seminars/workshops
Tabletops
Functional
Full-scale

Shape83

Personnel: Individuals responsible for communications installations, operations, and maintenance.

Exercises – the following questions address your organization’s emergency communications-focused exercises.

If your organization does not “participate in or conduct emergency communications-focused exercises,” skip to Question 33 on page 32.
Otherwise, answer Questions 32b-g.

Shape84

32b) The emergency communications-focused simulations our organization participates in or conducts include: (Select all that apply)

Other public safety organizations in the same jurisdiction
Other government organizations in the same jurisdiction that support public safety
Other local governments
State/territorial governments
Tribal governments/organizations
Federal departments/agencies
NGOs/private sector
International/cross-border entities
My organization does not participate in or conduct simulations

32c) The emergency communications-focused equipment tests and/or drills our organization participates in or conducts include: (Select all that apply)

Other public safety organizations in the same jurisdiction
Other government organizations in the same jurisdiction that support public safety
Other local governments
State/territorial governments
Tribal governments/organizations
Federal departments/agencies
NGOs/private sector
International/cross-border entities
My organization does not participate in or conduct equipment tests and/or drills

Shape87

Other Government Organizations in the Same Jurisdiction that Support Public Safety: Other government agencies (e.g., public health, public works, transportation, information technology).

International/Cross-Border Entities: Foreign organizations (e.g., Canadian or Mexican organizations).

Exercises – the following questions address your organization’s emergency communications-focused exercises.

If your organization does not “participate in or conduct emergency communications-focused exercises,” skip to Question 33 on page 32.
Otherwise, answer Questions 32d-g.

Shape88

32d) The emergency communications-focused seminars/workshops our organization participates in or conducts include: (Select all that apply)

Other public safety organizations in the same jurisdiction
Other government organizations in the same jurisdiction that support public safety
Other local governments
State/territorial governments
Tribal governments/organizations
Federal departments/agencies
NGOs/private sector
International/cross-border entities
My organization does not participate in or conduct seminars/workshops

32e) The emergency communications-focused tabletop exercises our organization participates in or conducts include: (Select all that apply)

Other public safety organizations in the same jurisdiction
Other government organizations in the same jurisdiction that support public safety
Other local governments
State/territorial governments
Tribal governments/organizations
Federal departments/agencies
NGOs/private sector
International/cross-border entities
My organization does not participate in or conduct tabletop exercises

Shape91

Other Government Organizations in the Same Jurisdiction that Support Public Safety: Other government agencies (e.g., public health, public works, transportation, information technology).

International/Cross-Border Entities: Foreign organizations (e.g., Canadian or Mexican organizations).

Exercises – the following questions address your organization’s emergency communications-focused exercises.

If your organization does not “participate in or conduct emergency communications-focused exercises,” skip to Question 33 on the next page.
Otherwise, answer Questions 32f-g.

Shape93 32f) The emergency communications-focused functional exercises our organization participates in or conducts include: (Select all that apply)

Other public safety organizations in the same jurisdiction
Other government organizations in the same jurisdiction that support public safety
Other local governments
State/territorial governments
Tribal governments/organizations
Federal departments/agencies
NGOs/private sector
International/cross-border entities
My organization does not participate in or conduct functional exercises

32g) The emergency communications-focused full-scale exercises our organization participates in or conducts include: (Select all that apply)

Other public safety organizations in the same jurisdiction
Other government organizations in the same jurisdiction that support public safety
Other local governments
State/territorial governments
Tribal governments/organizations
Federal departments/agencies
NGOs/private sector
International/cross-border entities
My organization does not participate in or conduct full-scale exercises

Shape95

Other Government Organizations in the Same Jurisdiction that Support Public Safety: Other government agencies (e.g., public health, public works, transportation, information technology).

International/Cross-Border Entities: Foreign organizations (e.g., Canadian or Mexican organizations).

Exercises – the following questions address your organization’s exercises.

Have exercises adequately prepared your organization’s personnel to achieve: (For each row, select one response per column)

	For “day-to-day” situations?	For “out-of-the-ordinary” situations?
Operability	o Yes o No	o Yes o No
Interoperability	o Yes o No	o Yes o No
Continuity	o Yes o No	o Yes o No

Usage — the following questions address the usage of your organization’s emergency communications capabilities.

Select the emergency communications capabilities that are used or tested: (For each row, select all that apply)

Capabilities	For “day-to-day” situations	For “out-of-the-ordinary” situations	With personnel beyond our organization	In accordance with SOPs/SOGs
Primary voice	☐	☐	☐	☐
Primary data	☐	☐	☐	☐
Voice interoperability	☐	☐	☐	☐
Data interoperability	☐	☐	☐	☐
Backup voice	☐	☐	☐	☐
Backup data	☐	☐	☐	☐
Alerts and warnings	☐	☐	☐	☐

Shape97

Shape98

Personnel: Individuals responsible for communications installations, operations, and maintenance.

Operability: Ability to provide and maintain reliable communications functionality throughout the area of responsibility.

Interoperability: Ability of emergency response providers and relevant government officials to communicate across jurisdictions, disciplines, and levels of government as needed and as authorized.

Continuity: Ability to provide and maintain acceptable levels of communications during disruptions in operations.

Day-to-Day Situations: Situations within the general normal structure for an organization, including routine operations.

Out-of-the-Ordinary Situations: Situations that may stretch and/or overwhelm the abilities of an organization.

Standard Operating Guidelines (SOG): Intended to outline best practice - they are not mandatory, but help personnel follow the rules while allowing for flexibility.

Usage — the following questions address the usage of your organization’s emergency communications capabilities.

Select the response that best characterizes whether your organization uses Telecommunications Service Priority (TSP) for restoration or priority provisioning of critical telecommunications services: (Select one response)

No policy for use has been established
No, as our organization is unaware of this program
No, the fees are cost prohibitive
No, will only use this service for priority provisioning of new services
Yes, but only some critical circuits/services are registered for priority restoration
Yes, all critical voice, video, and data circuits/services are registered for priority restoration
Yes, all critical voice, video, and data circuits/services are registered for priority restoration and the organization is aware and proficient in priority provisioning
None of the above

Select the responses that best characterize whether your organization uses Government Emergency Telecommunications Service (GETS)/Wireless Priority Service (WPS) for priority call processing: (Select all that apply)

No, as our organization is unaware of these programs
No, as it is too cumbersome to sign up for these programs
No, as these programs do not improve our call success
Yes, but it is challenging/cumbersome to make calls with this program
Yes, but only during periods of network congestion and/or degradation (e.g., weather event, cyber event, infrastructure damage)
Yes, for most calls, including normal business/operations
Yes, and our organization makes regular test calls
None of the above

Select the responses that best characterize your organization’s emergency communications resource capacity: (For each row, select one response)

Communications Resource	Insufficient for day-to-day situations	Sufficient for day-to-day situations but not for out-of-the-ordinary situations	Sufficient for day-to-day and most out-of-the-ordinary situations	Sufficient for almost all situations, including those requiring resources beyond our organization	My organization does not have this resource
Primary voice	☐	☐	☐	☐	☐
Primary data	☐	☐	☐	☐	☐
Voice interoperability	☐	☐	☐	☐	☐
Data interoperability	☐	☐	☐	☐	☐
Backup voice	☐	☐	☐	☐	☐
Backup data	☐	☐	☐	☐	☐
Alerts and warnings	☐	☐	☐	☐	☐

Shape101

Day-to-Day Situations: Situations within the general normal structure for an organization, including routine operations.

Out-of-the-Ordinary Situations: Situations that may stretch and/or overwhelm the abilities of an organization.

Capacity: Upper bound on the rate at which information can be reliably transmitted over a communications channel.

Usage — the following questions address the usage of your organization’s emergency communications capabilities.

Select the responses that best characterize how often your organization uses or deploys the following: (For each row, select one response)

	Never	As needed	Semi-annually	Quarterly	Monthly	Daily
Interoperability solutions – voice	☐	☐	☐	☐	☐	☐
Interoperability solutions – data	☐	☐	☐	☐	☐	☐
Communications Unit Leader (COML)	☐	☐	☐	☐	☐	☐
Communications Unit Technician (COMT)	☐	☐	☐	☐	☐	☐
IT Service Unit Leader (ITSL)	☐	☐	☐	☐	☐	☐
Incident Tactical Dispatcher (INTD)	☐	☐	☐	☐	☐	☐
Auxiliary Communications (AUXCOMM) Operator (e.g., Amateur Radio Operator, Auxiliary Communications Operator)	☐	☐	☐	☐	☐	☐
Incident Communications Manager (INCM)	☐	☐	☐	☐	☐	☐

Are your organization’s end users proficient in using emergency communications capabilities to achieve: (For each row, select one response per column)

	For “day-to-day” situations?	For “out-of-the-ordinary” situations?
Operability	o Yes o No	o Yes o No
Interoperability	o Yes o No	o Yes o No
Continuity	o Yes o No	o Yes o No

Shape103

Auxiliary Communications (AUXCOMM): Backup emergency radio communications provided by volunteers who support public safety and emergency response professionals and their agencies.

End User: Individuals receiving or transmitting information.

Operability: Ability to provide and maintain reliable communications functionality throughout the area of responsibility.

Interoperability: Ability of emergency response providers and relevant government officials to communicate across jurisdictions, disciplines, and levels of government as needed and as authorized.

Continuity: Ability to provide and maintain acceptable levels of communications during disruptions in operations.

Day-to-Day Situations: Situations within the general normal structure for an organization, including routine operations

Out-of-the-Ordinary Situations: Situations that may stretch and/or overwhelm the abilities of an organization.

Shape104

Equipment — the following questions address the technology systems your organization uses.

Select the responses that characterize the technology systems your organization uses, regardless of whether the systems are owned, shared, or subscription-based: (Select all that apply)

Land Mobile Radio (LMR) system
4G/Long-Term Evolution (LTE) system
5G system
Satellite system
High Frequency (HF) Radio (Auxiliary Communications [AUXCOMM]/SHAred RESources [SHARES]/FEMA National Radio System [FNARS])
Paging system
WiFi
Legacy cellular system (2nd Generation/3rd Generation)
Wireline/landline (e.g., fiber, copper, cable, optical)
Microwave backhaul
911 telephony (e.g., basic, enhanced, Next Generation 911 [NG911])
Ad-hoc networks (e.g., wireless mesh network, MANET, personal area networks, wide-area networks)

If your organization uses a Land Mobile Radio (LMR) system, regardless of whether the system is owned, shared, or subscription-based, answer Questions 40a1-9 based on the LMR system your organization uses most often for interoperability.
If not, skip to Question 40b1 on page 39.

40a1) The primary LMR system used by my organization is: (Select all that apply)

Used for voice
Used for video
Used for data
Used for voice interoperability
Used for data interoperability

40a2) The primary LMR system used by my organization supports: (Select all that apply):

Day-to-day situations with intervention
Day-to-day situations without intervention
Out-of-the-ordinary situations with intervention
Out-of-the-ordinary situations without intervention

Shape108

Primary: The system your organization uses most often for interoperability.

Intervention: The system requires assistance beyond first responder operating procedures (e.g., must get patch through dispatcher/telecommunicator, must be authorized by a third party).

Day-to-Day Situations: Situations within the general normal structure for an organization, including routine operations

Out-of-the-Ordinary Situations: Situations that may stretch and/or overwhelm the abilities of an organization.

Equipment — the following questions address the technology systems your organization uses.

If your organization uses a Land Mobile Radio (LMR) system, regardless of whether the system is owned, shared, or subscription-based, answer Questions 40a3-9 based on the LMR system your organization uses most often for interoperability.
Otherwise, skip to Question 40b1 on page 39.

Shape110 40a3) The primary LMR system used by my organization is: (Select one response)

Independently owned and operated (e.g., single jurisdiction system) and used exclusively by our organization
Part of a communications system that serves multiple public safety and/or public service organizations in our jurisdiction
Part of a multi-jurisdictional shared system
Part of a statewide shared system
A commercial, subscription-based service

If your organization’s primary LMR system is “a commercial, subscription-based service,” skip to Question 40a6 on the next page.
Otherwise, answer Questions 40a4-5.

Shape112 40a4) The primary LMR system used by my organization is: (Select one response)

0 – 1 year old
2 – 5 years old
6 – 10 years old
Over 10 years old
Don't know

40a5) The primary LMR system used by my organization is planned to be replaced or significantly upgraded: (Select one response)

Within 1 year
Within 5 years
Within 6 – 10 years
In more than 10 years
Don't know

Shape113

Primary: The system your organization uses most often for interoperability.

Equipment — the following questions address the technology systems your organization uses.

Shape114 40a6) Select the response that best characterizes the network architecture of your organization’s primary LMR system: (Select one response)

Conventional (not trunked)
Trunked
Both

If your organization’s primary LMR system network architecture is “conventional (not trunked),” skip to Question 40a8.
Otherwise, answer Question 40a7.

40a7) Does your organization’s primary LMR system comply with Project 25 (P25) standards (i.e., a P25-compliant system)? (Select one response)

Yes, Phase 1 (frequency division multiple access [FDMA] only) system
Yes, Phase 2 (time division multiple access [TDMA] only) system
Yes, both Phase 1 and 2 (FDMA and TDMA)
No
Don’t know

40a8) Is the primary LMR system used by your organization interoperable with the long-term evolution (LTE) system used by your organization? (Select one response)

Yes
No
My organization does not use LTE

Shape116

If your organization uses an interoperable LTE/LMR system, regardless of whether the system is owned, shared, or subscription-based, answer Question 40a9.
If not, skip to Question 40b1 on page 39.

40a9) My organization’s LTE/LMR system interoperability is enabled by: (Select one response)

P25 standards-based Inter-RF Subsystem Interface (ISSI)/Console Subsystem Interface (CSSI)
Applications-based solution
Proprietary interworking function
Interworking Function (IWF)
Don’t know

Equipment — the following questions address the technology systems your organization uses.

Shape118 40a10) Select the responses that best characterize the current state of your organization’s LMR encryption capabilities: (Select all that apply)

Proprietary/non-standard
Proprietary/non-standard transitioning to advanced encryption standard (AES)
Data encryption standard (DES) (including all derivatives)
DES transitioning to AES
AES
AES actively expanding the number of encrypted talkgroups and/or channels
Link layer encryption (LLE) (applies to trunked systems only)
Over-the-air rekeying (OTAR)
Procuring multikey subscriber devices
None
Don’t know

40a11) Select the response that best characterize your organization’s timeline for LMR encryption transition to AES only capabilities: (Select one response)

No plans to transition to AES
Planning initiated, no specific timeline for implementation
Within 1 year
Within 5 years
Within 6 – 10 years
In more than 10 years
Don't know

Shape119 Shape120

Proprietary Encryption/Non-Standard: Encryption algorithms that are not publicly known and/or not accredited by the National Institute of Standards and Technology Standard Institute (NIST) or other technical Standards Development Organizations

Data Encryption Standard (DES): A deprecated encryption algorithm that was originally developed in 1971 and accepted as the approved Federal Encryption Standard in 1976. NIST withdrew its approval DES in 2005.

Advanced Encryption Standard (AES): The current Federal Standard for encryption as promulgated by NIST. AES is a built-in feature of P25 standards compliant LMR equipment and is considered the de facto standard for encryption.

Link Layer Authentication: P25 that offers additional protection against unauthorized system access. The link layer authentication standard defines a challenge and response protocol, incorporating a 129-bit AES authentication key, that allows the radio system infrastructure and/or subscriber radio to authenticate itself before service is granted.

Over-the-Air-Rekeying (OTAR): OTAR remotely (i.e., over-the-air) updates encryption keys and other key materials and dramatically simplifies the process of rekeying subscriber radios in the field. It removes requirements to physically touch each radio to load keys with a key-loader. Notwithstanding, OTAR still has a degree of administrative overhead to locate and follow-up on subscriber radios that were not successfully rekeyed.

Multikey Subscriber Device: LMR mobile and portable subscriber radios that support more than a single encryption key. Multikey devices are necessary for OTAR operations.

Equipment — the following questions address the technology systems your organization uses.

If your organization uses a 4G/Long-Term Evolution (LTE) system, regardless of whether the system is owned, shared, or subscription-based, answer Questions 40b1-2.
Otherwise, skip to Question 40c1.

Shape122 40b1) The 4G/LTE system used by my organization is: (Select all that apply)

Used for voice
Used for video
Used for data
Used for voice interoperability
Used for data interoperability

40b2) The 4G/LTE system used by my organization is: (Select one response)

Independently owned and operated (e.g., single jurisdiction system) and used exclusively by our organization
Part of a communications system that serves multiple public safety and/or public service organizations in our jurisdiction
Part of a multi-jurisdictional shared system
Part of a statewide shared system
A commercial, subscription-based service

If your organization uses a 5G system, regardless of whether the system is owned, shared, or subscription-based, answer Questions 40c1-2.
Otherwise, skip to Question 40d1 on the next page.

Shape124 40c1) The 5G system used by my organization is: (Select all that apply)

Used for voice
Used for video
Used for data
Used for voice interoperability
Used for data interoperability

40c2) The 5G system used by my organization is: (Select one response)

Independently owned and operated (e.g., single jurisdiction system) and used exclusively by our organization
Part of a communications system that serves multiple public safety and/or public service organizations in our jurisdiction
Part of a multi-jurisdictional shared system
Part of a statewide shared system
A commercial, subscription-based service

Equipment — the following questions address the technology systems your organization uses.

If your organization uses a high frequency (HF) radio system, regardless of whether the system is owned, shared, or subscription-based, answer Questions 40d1-2.
Otherwise, skip to Question 40e1 below.

Shape126 40d1) The HF radio system used by my organization is: (Select one response)

0-1 year old
2 – 5 years old
6 – 10 years old
Over 10 years old
Don't know

Shape127 40d2) The HF radio system used by my organization is planned to be replaced or significantly upgraded: (Select one response)

Within 1 year
Within 5 years
Within 6 – 10 years
In more than 10 years
Don't know

If your organization uses a 911 telephony system, regardless of whether the system is owned, shared, or subscription-based, answer Questions 40e1-4.
Otherwise, skip to Question 41 on page 42.

40e1) The 911 system used by my organization is: (Select one response)

0-1 year
2 – 5 years
6 – 10 years
Over 10 years old
Don't know

Equipment — the following questions address the technology systems your organization uses.

If your organization uses a 911 telephony system, regardless of whether the system is owned, shared, or subscription-based, answer Questions 40e2-4.
Otherwise, skip to Question 41 on the next page.

Shape129

Shape130 40e2) The 911 system used by my organization is planned to be replaced or significantly upgraded: (Select one response)

Within 1 year
Within 5 years
Within 6 – 10 years
In more than 10 years
Don't know

40e3) The 911 system used by my organization accepts: (Select all that apply)

Voice
Texts
Video
Other data

40e4) Select the responses that best characterize the current state of your organization’s 911 architecture: (Select all that apply)

Basic
Transitioning to Enhanced 911 (E911)
E911
Transitioning to Next Generation 911 (NG911)
NG911: Emergency Services IP Network (ESInet) ready to receive 911 calls from the originating service providers via a Legacy Network Gateway
NG911: ESInet ready to receive 911 calls in SIP (Session Initiation Protocol) format
NG911: ESInet ready to receive 911 calls in NG911 format

Shape132

Basic 911: Allows callers to reach the universal emergency telephone number; relies on caller and call taker communications with one another to identify the telephone and location from which caller is dialing.

Enhanced 911 (E911): Allows automatic number and location indications of caller delivered to call taker; enables call taker to send help even when caller is unable to communicate.

Next Generation 911 (NG911): NG911 is an internet protocol (IP)-based 911 system that will replace the existing analog 911 infrastructure. NG911 allows 911 callers, through mobile and digital devices, to communicate with 911 call centers, also known as Emergency Communications Centers or Public Safety Answering Points (PSAPs). This includes the ability to share richer data such as videos, images, and texts. It also enhances the ability of 911 call centers to better communicate with each other and improves 911 system resiliency.

Emergency Services IP Network (ESInet): A managed internet protocol (IP) network that is used for emergency services communications, and which can be shared by public safety agencies.

Session Initiation Protocol (SIP): An application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. These sessions include Internet telephone calls, multimedia distribution, and multimedia conferences.

Equipment — the following questions address the capabilities your organization uses.

Select the responses that indicate the capabilities your organization currently uses, regardless of whether the capability is owned, shared, or subscription-based: (Select all that apply)

Datacasting (i.e., broadcast TV-based alerts and warnings)
Internet of Things devices (e.g., smart clothing, smartphones, smart watches)
Unmanned aerial systems (e.g., drones)
Mission critical push-to-talk applications
Cloud computing
Artificial intelligence
Nationwide Public Safety Broadband Network (NPSBN)/FirstNet
Other broadband service provider
Citizens Broadband Radio Service (CBRS)
Third-party texting/chat applications
None of the above

Equipment — the following question addresses the CISA cybersecurity resources your organization uses.

Shape135

Select the responses that best describes your organization’s use of public alerts, warnings, and notifications (AWN) systems: (For each row, select all that apply)

	My organization originates messages using this system	My organization responds to messages on this system originated by another organization	My organization neither originates nor responds to messages using this system
Integrated Public Alerts & Warning System (IPAWS)	o	o	o
Emergency Alert System (EAS)	o	o	o
National Oceanic and Atmospheric Administration (NOAA) National Weather Service (NWS)	o	o	o
Regional, state, local, tribal, and/or territorial alert, warning, and notification systems (e.g., reverse 911 systems, outdoor sirens, digital signs, short message service/mass email)	o	o	o
Sensor-based alert systems (e.g., gunshot detection, flooding, earthquake, hurricane, volcano)	o	o	o

Shape136

Last Questions

My organization experienced the following emergency communications impacts as a result of the COVID-19 pandemic: (Select all that apply)

Expanded/implemented remote work and telework options
Expanded or opened backup facilities
Established communications redundancy with neighboring jurisdictions
Created non-emergency lines or hotlines to help divert COVID-19 related calls from 911 services
Implemented operational changes based on federal, state, and/or local guidance
Drafted new policies and procedures related to pandemic planning and response
Updated existing policies and procedures related to pandemic planning and response
Diverted funds to cover pandemic-related expenses (e.g., personal protective equipment, cleaning supplies)
Adjusted budgets due to decreased funding from state and local revenues
Delayed systems/network construction, maintenance, and/or upgrade projects
Established/maintained communications capabilities for alternate care sites
Increased cybersecurity posture and promoted cyber hygiene practices
Ceased operations temporarily
Experienced staffing below established minimum levels
None of the above

Between 2018 and present, what was your organization’s level of improvement in strengthening emergency communications: (For each row, select one response per column)

	For “day-to-day” situations?				For “out-of-the-ordinary” situations?
	Regressed	None	Some	Significant	Regressed	None	Some	Significant
Operability	o	o	o	o	o	o	o	o
Interoperability	o	o	o	o	o	o	o	o
Continuity	o	o	o	o	o	o	o	o

Shape138 Shape139

Operability: Ability to provide and maintain reliable communications functionality throughout the area of responsibility.

Interoperability: Ability of emergency response providers and relevant government officials to communicate across jurisdictions, disciplines, and levels of government as needed and as authorized.

Continuity: Ability to provide and maintain acceptable levels of communications during disruptions in operations.

Day-to-Day Situations: Situations within the general normal structure for an organization, including routine operations.

Out-of-the-Ordinary Situations: Situations that may stretch and/or overwhelm the abilities of an organization.

Shape10

LOCAL QUESTIONNAIRE DRAFT – NOT FOR DISTRIBUTION

69 | Page

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Modified	0000-00-00
File Created	2023-07-30