By Josh Nolan, Product Manager, WebEOC/GIS
Have you ever completed a project just to have a stakeholder turn around with a ‘brilliant’ idea? Most of time it starts off something like, “You know, it would be great if we could do <insert brilliant idea here>.” Being the polite and accommodating person you are, you nod your head and say, ‘Sure!’.
Honestly, this is a pretty easy trap to fall in – and a lot of us do it, although you are really doing a disservice here. In hindsight, you should have thought about it a little more and given your honest feedback, which just might be ‘No’. Often, ‘no’ is a pretty tough word to deliver, especially to those above you in the hierarchy.
Let’s say that your manager comes to you (WebEOC Administrator) with a request from the GIS team; for instance, ‘the GIS team would like to make all of the data in WebEOC bidirectional with the GIS system.’
Right off the bat this sounds like a pretty big request, right? This most certainly is a big request. Before we think too much about the effort, let’s think about if this even a good idea.
What could the GIS team possibly gain from this?
After pondering this for a while, the only reason is they want to be able to modify the data and have it go back into WebEOC. That doesn’t sound too bad at first, as some people are more comfortable in a different system. Being the good administrator that you are, you remember that you have some rather complex workflows and processes set up in WebEOC. Is it really a good idea to let someone modify data outside of these controlled workflows? Can they really implement the same controls in another system? How much effort would that take? These are all great questions – and the exact question that should be posed.
But once you dive into it, you find yourself exposing your entire operation to a huge risk that could cripple you during an activation. What if you had someone from the wrong department approve or reject someone’s request for resources outside of the correct chain of command? Worst case, there might be loss of life. Best case, you might end up with too many supplies being sent somewhere.
It is always best to start off with a ‘least permission’ approach. What are the minimum permissions I can grant you to do your job? This sounds like you might want to micro-manage, but really it is to protect everyone. We are all human and prone to human errors.
While it isn’t a good idea to expose all of your data, there are some data sets where it makes sense and can really elevate your efficiency. For example, you might need to crowd-source data from your jurisdiction using your GIS system and want that to feed back into WebEOC. Another example is collecting damage assessments. You might do a quick assessment in the field and then have that survey feed back into WebEOC so people back in the EOC can follow up on it to completion.
Be sure to ask the hard questions, think things through and follow a ‘least permission’ approach.
