Cal OES requires the capability to deploy and track emergency services resources throughout the State effectively. Cal OES maintains a field-deployable workforce of 950 staff members. An additional 19,000 other potentially field-deployable personnel throughout California are working at other State agencies, local governments, and non-governmental organizations. Since 2017, this statewide workforce has responded to 26 major emergency response and recovery operations representing more than $10 billion in public assistance recovery program disaster costs. 

The State has no effective way to manage resource (workforce and equipment) availability and resource sharing, automated deployment execution, and daily accountability management. 

Current Environment: Cal OES lacks a comprehensive system to track personnel credentialing, deployment, and accountability of deployed personnel. There is no reliable system available to senior leadership to assist in a statewide response, activations of the Statewide Operations Center, or for Fire and Rescue Special Operations who evaluate strike team and equipment readiness for deployments. 

Although Cal OES is in the process of a localized pilot of a commercially available system, it does not currently offer the full functionality required to address resource availability, rostering, qualifications and credentialing, resource sharing, deployment processing, field operations monitoring, interactive messaging, and reporting for statewide resources.

Proposed Environment:

Credentialing, Deployment, & Tracking project shall incorporate the following:

• To verify credentials /qualifications of users through Emergency Management Disciplines & course materials
• Assign digital Position Task Books (PTBs) to users
• Assign users to one (1) or multiple Incident Management/Support Teams
• Track personnel and resources that are deployed and demobilized
• Near real-time data and comprehensive reporting capabilities
• Interface with existing OES internal, federal, state, local systems
• Administrative tools to grant user specific rights and roles

A system with these core capabilities will ensure qualified personnel are deployed appropriately (State Operations Center / Emergency Operation Centers, Incident Management staff to an incident) and identify training opportunities and gaps against assigned Position Task Books, will increase visibility of deployments and availability of resources (mobilization and demobilization of resources), and to share critical information to our federal, state, and local partners during emergencies.

Interfaces

• Interface with specific Cal OES systems such as but not limited to California Specialized Training Institute (CSTI) Learning Management System, Salesforce, NG SCOUT
• Interface with the credentialing systems of credential source organizations such as, but not limited to: 
  • FIRESCOPE California Incident Command Certification System (CICCS)
  • FEMA Deployment Tracking System (DTS)
  • National Wildfire Coordinating Group (NWCG) Interagency Resource Ordering Capability (IROC)

User Profiles

• Establish permissions-based User/Resource profiles for Cal OES personnel and users/resources from Federal, State, Regional and Operational Area agencies, Local, Tribal and non-governmental agencies
• Maintain credential and training history records for each user/resource 
• Maintain deployment history for each user/resource
• Provide the ability to create multiple types of Team (e.g. incident support teams, incident management teams, strike teams) profiles from established user/resource profiles

Credentialing

• Maintain a library of credentials and their requirements, such as, but not limited to Position Task Books (PTBs), Incident Qualification Card (Red Card), Specialist Certificate Program, etc.
• Maintain credential and training requirements by user for multiple State and Federal credentialing programs, including but not limited to:
  • National Qualification System (NQS) / National Incident Management System (NIMS)
  • California Incident Command Certification System (CICCS)
• Custom positions for specific incident or steady state related use cases 
• Identify credential and training deficiencies of users/resources performing in specific positions or deployment roles
• Automate credential related notifications such as renewal dates and training completion
• Track user/resource credentialing progress and completion 
• Automate credential/training approval process
• Create and track training requests, including funding sources and related payments

Deployment

• Establish profile for each incident, including incident deployment role requirements 
• Provide the ability to query resources meeting the requirements of the incident by position or team type 
• Provide the ability to query resource availability 
• Provide the ability to assign (deploy) a qualified resource to an incident
• Provide the ability to assign (deploy) a Team to an incident (e.g., Incident Management Team, Incident Support Team, Strike Team, Urban Search and Rescue Team)
• Provide resources with the ability to check in/ check out of an incident/event to establish availability
• Query resources based on multiple criteria, including but not limited to credentials, training, deployment experience
• Generate notifications, including when a resource becomes available 
• Provide the ability to deactivate incidents and resources
• Track all types of resources across multiple incidents
• Automate resource identification and deployment request via incident defined criteria

Note: Resources includes equipment

Accountability

• Provide the ability for users to “check in” at least daily to ensure accountability and safety of deployed staff
• Provide the ability to send messages or notifications to deployed personnel and confirm receipt or confirm safety or receipt of message

Other

• Data Migration and exchange from multiple sources
• On-demand reports
• Ability to create custom reports on demand
• Provide the ability to upload, export and store documents in multiple formats, including .pdf, .doc, .xls, .ppt., and .csv.

CONSTRAINTS:

A cloud solution is preferred, and relevant Cal OES technologies include Microsoft 365, Azure AD, ESRI, Salesforce, MuleSoft, Tableau, DocuSign, GovDelivery, SendGrid. MFA is being enabled and multiple SSO implementations have been deployed.

Identity Management System

• Security Markup Language (SAML) 2.0
• Multi-factor authentication or 2-factor with biometrics
• Multiple application environments – Dev, Test, Prod
• Identity verification and access management capabilities with multiple identity providers such as Azure, AD, Active Directory, OKTA
• Role & Permission based authorities

Application Security

• Use of encryption protocols such as SSL, TLS, or secure FTP.
• Data control of specific Agencies or Entities using application
• Automatic Audit / Logs of application transactions
• Error messages notifications

System Capabilities

• Operating Systems
  • Microsoft Windows
  • Apple i0S
  • Android
  • Mac 0S
• Devices
  • Desktop Computers
  • Laptop Computers
  • Mobile Tablets
  • Apple IPads
  • Microsoft Surface Tablets
  • Smartphones

Scalability

Application should be able to scale up-to: 

• 50,000 registered users
• 10,000 active users (having used the system within the prior 12 months)
• 1,000 registered organizations
• 1,000 active incidents
• 3,000 concurrent users in incident collaborative workspaces

Backup and Recovery

• Recovery Point Objective within 1-hour
• Recovery Time Objective within 1-hour
• Data retention - indefinitely
• Must provide cloud storage that is sustainable and scalable with records archived
• System must support remote recovery
• Incremental and full backup capabilities

Must be able to archive and unarchive data

Federal Risk and Authorization Management Program (FedRAMP) Version 2.0 

FedRAMP is a government-wide program that provides a standardized approach to security assessments, authorization, and continuous monitoring for cloud products and services.  FedRAMP controls are based on NIST SP 800-53.  FedRAMP authorized providers are available at The Federal Risk And Management Program Dashboard (fedramp.gov)

• Cloud Service Offerings must be FedRAMP compliant, it is anticipated that FedRAMP High will be required

Additional Security References: 

• SP 800-163 Rev. 1 (Vetting the Security of Mobile Applications)

Privacy

California Privacy Policy and Privacy notice on collection requirements, (Government Code Section 11015.5 and 11019.9, and Civil Code Section 1798.17, when personal information is involved. 

Accessibility 

California Government Code section 7405 directs that: “state government entities, in developing, procuring, maintaining, or using electronic or IT, either indirectly or through the use of state funds by other entities, shall comply with the accessibility requirements of Section 508 of the Rehabilitation Act of 1973, as amended (29 U.S.C. Sec. 794d), and regulations implementing that act as set forth in Part 1194 of Title 36 of the Code of Federal Regulations.” 

Government Code section 7405, in requiring compliance with Section 508, mandates that electronic and information technology (EIT) are accessible to individuals with disabilities, specifically: 

State Agencies/state entities must develop, procure, maintain, or use EIT, that employees with disabilities have access to and use of information and data that is comparable to the access and use by employees who are not individuals with disabilities, unless an undue burden would be imposed on the Agency/state entity. 

Individuals with disabilities, who are members of the public seeking information or services from an Agency/state entity, have access to and use of information and data that is comparable to that provided to the public who are not individuals with disabilities, unless an undue burden would be imposed on the Agency/state entity.