Slide 1:

Preparation Phase Overview

This phase ensures that before the actual event, all security measures are properly
designed, reviewed, tested, and formally approved. It builds the foundation for safe and
effective event execution.
a. Plan Development Stage
This is where the security plan is created based on risk assessments, threat analysis, and event
requirements.
• Key Activities:
• Define security objectives (e.g., crowd safety, VIP protection, emergency response).
• Identify potential threats (terrorism, criminality, natural hazards, cyberattacks).
• Develop strategies (perimeter security, credentialing, traffic control, evacuation routes).
• Assign roles and responsibilities to agencies (PNP, AFP, LGU, BFP, medical, private security,
etc.).
• Draft detailed Standard Operating Procedures (SOPs) for normal operations and
contingencies.

b. Plan Review Stage

After drafting, the plan is subjected to evaluation, refinement, and validation to ensure it is
practical and comprehensive.
• Key Activities:
• Multi-agency review sessions to check interoperability.
• Legal and policy compliance check (laws, ordinances, human rights standards).
• Risk communication—stakeholders provide feedback.
• Alignment with past lessons learned from similar events.
Conducting Exercises for Every Plan and Testing IT Readiness
Plans are not only written—they must be practiced and tested:
• Tabletop Exercises (TTX): Paper-based discussions on different scenarios.
• Drills & Simulations: Practical run-throughs (e.g., bomb threat response, evacuation drill).
• Full-Scale Exercises: Coordination between agencies in a live simulated environment.
• IT Readiness: Testing communication systems, surveillance, databases, emergency hotlines,
credentialing systems, and cybersecurity measures.
Identifying Capability/Resource Gaps and Analysis of Results
Exercises and reviews often reveal weaknesses. This stage analyzes those gaps.
• Examples of Gaps:
• Lack of medical teams or ambulances.
• Insufficient crowd barriers or CCTVs.
• Shortage of radios or failure in backup communications.
• Inadequate training in crowd control or cyber incident response.
• Analysis: Results are documented, prioritized, and recommendations are made (e.g., request
for more equipment, coordinate with private hospitals, upgrade IT systems).
Plan Approval
Once reviewed, tested, and refined, the plan undergoes formal approval by competent authority
(Event Security Committee Chair, Local Chief Executive, PNP Regional Director, or Inter-
Agency Security Task Force).
• Approval means:
• The plan is legally and operationally binding.
• Resources and budgets are formally committed.
• All agencies agree to comply and execute their assigned tasks.
• Approved plan is then disseminated to all stakeholders with controlled copies to avoid security
leaks.
Summary Flow:
1. Plan Development → Drafting strategies & SOPs.
2. Plan Review → Evaluating with stakeholders.
3. Exercises & IT Tests → Validating operational feasibility.
4. Gap Analysis → Identifying weaknesses & making adjustments.
5. Plan Approval → Formal adoption for implementation.

Slide 2: The Plan Development Stage is the foundation of the security framework for a
major event. It involves forming the right team, drafting operational procedures, and
integrating technology and contingency measures.
1. The Role of the Operations Commander (OC)
• The Operations Commander (OC) is the overall authority responsible for creating and leading
the planning process.
• Depending on the complexity, scale, and risk level of the major event (e.g., international
summit, large festival, election, sporting event), the OC decides if more members or specialized
groups are needed in the planning team.
• Examples of expanded planning team members:
• Intelligence & Threat Assessment Unit
• Traffic & Transportation Management Group
• Crowd Management & Public Order Team
• Fire & Rescue / Emergency Medical Services (EMS)
• Cybersecurity and IT Specialists
• Legal & Human Rights Advisors
• Logistics & Finance Officers
• This ensures that all aspects of event security are covered—from ground deployment to cyber
defense.
2. Development of IT Operations Plans
Modern major events require Information Technology (IT) integration for effective coordination.
• IT Operations Plans outline:
• Communication Systems: Radio frequencies, satellite phones, backup lines.
• Surveillance Systems: CCTV, drones, command center monitoring.
• Credentialing & Access Control: Digital passes, ID scanning, visitor database.
• Cybersecurity Measures: Protecting against hacking, disinformation campaigns, or disruption
of IT infrastructure.
• Data Sharing Protocols: Secure communication between agencies.
• Purpose: To ensure real-time situational awareness, rapid decision-making, and resilience in
case of technological disruptions.
3. Development of Standard Operating Procedures (SOPs)
SOPs serve as the step-by-step guide for security personnel before, during, and after the event.
• Content of SOPs:
• Security screening & entry procedures.
• Credentialing and badge system rules.
• Emergency evacuation routes and crowd dispersal procedures.
• Coordination protocols for PNP, AFP, LGU, and private security.
• Response to threats (bomb threat, active shooter, fire, natural disaster).
• SOPs ensure that everyone knows their role and follows uniform procedures, minimizing
confusion in real operations.
4. Development of Contingency Plans
Even the best plans must prepare for unexpected incidents.
• Contingency Plans outline what to do if primary plans fail or if emergencies occur.
• Examples:
• Alternative communication if radios fail.
• Backup venue in case of fire or bomb threat.
• Medical surge capacity if mass casualty incidents occur.
• Backup power supply for command centers.
• Alternate traffic routes if VIP convoy routes are blocked.
• These plans allow the event security to adapt quickly and maintain order despite disruptions.
In summary:
During Plan Development, the Operations Commander builds a flexible and specialized
planning team, creates IT Operations Plans for modern coordination, and drafts both SOPs (for
normal operations) and Contingency Plans (for emergencies). This stage ensures that the
security framework is comprehensive, technology-driven, and resilient to threats.

Side 3: The Plan Development stage is more than just drafting procedures—it requires
inter-agency collaboration, formal agreements, and strong leadership to ensure that all
security and safety components are integrated.
1. Collaboration Between Agencies & Development of MOUs
• Major events involve multiple agencies (PNP, AFP, LGU, DOH, BFP, PCG, private security,
NGOs, etc.), each with unique capabilities.
• To avoid overlaps or gaps in responsibilities, formal Memoranda of Understanding (MOU) or
Memoranda of Agreement (MOA) are drafted.
• Purpose of MOUs/MOAs:
• Clearly define roles, responsibilities, and resource commitments.
• Establish coordination protocols (e.g., joint command posts, communication channels).
• Ensure legal and administrative clarity in resource sharing.
• Build accountability among participating agencies.
• Example: An MOU between PNP and DOH may specify medical emergency response teams,
ambulance staging areas, and hospital coordination during a large festival.
2. The Role of the Security Coordinator
The Security Coordinator (SC) is a senior officer/official appointed to oversee, harmonize, and
advise on all security planning aspects.
a. Policy Oversight and Advice
• Ensures the security plan aligns with laws, government policies, and event directives.
• Provides strategic-level guidance and recommendations to the Operations Commander and
planning team.
• Maintains focus on national security considerations, diplomatic sensitivities (for VIPs or foreign
dignitaries), and human rights compliance.
•Acts as the link between policymakers and operational planners.
b. Operational Planning Guidance
• Provides direction to the planning team to ensure unity of effort across agencies.
• Guides the drafting of SOPs, IT operations plan, and contingency measures so that they are
practical and achievable.
• Ensures that intelligence assessments, logistics requirements, and communication systems
are fully integrated into the plan.
• Makes sure all participating agencies are synchronized, preventing duplication or conflict in
operations.
Summary:
In the Plan Development stage, security planning depends heavily on agency collaboration
supported by formal MOUs, ensuring every unit knows its role. The Security Coordinator
provides both policy oversight (to align with laws and government directives) and operational
planning guidance (to synchronize actions on the ground). Together, this creates a unified,
legally sound, and practical security framework.

Slide 4: Breakdown of Activities in Plan Development

When preparing for a major event security plan, several core activities must be carried
out. These activities ensure that the plan is comprehensive, coordinated, and adaptable
to risks.
b. Expand Planning Team
• As the event complexity grows (e.g., international delegations, VIPs, high crowd volume), the
Operations Commander (OC) expands the planning team.
• Additional specialists may include:
• Intelligence & Threat Assessment Group
• Cybersecurity/IT Specialists
• Medical & Emergency Services (DOH, Red Cross, hospitals)
• Traffic & Transportation Authorities (MMDA, LGU, DPWH)
• Fire/Rescue Units (BFP, volunteer brigades)
• Logistics, Finance, and Public Information Officers
• Purpose: To make sure all aspects of event safety—physical, digital, medical, and logistical—
are fully addressed.
c. Develop Standard Operating Procedures (SOPs) / Contingency Plans
• SOPs provide detailed instructions for normal operations (security checks, traffic control,
credentialing).
• Contingency Plans prepare for disruptions or emergencies.
• Example: If a VIP route is blocked, contingency traffic plans are activated
• Example: If IT systems crash, backup communications (satellite phones, handheld radios) are
used.
• Purpose: To create uniformity of actions across agencies and ensure preparedness for
unexpected incidents.
d. Develop Operations Plans
• The Operations Plan (Oplan) integrates all security functions into one document.
• Key components:
• Mission and objectives (what must be achieved).
• Task assignments (who is responsible for each role).
• Deployment scheme (manpower allocation, shifts, staging areas).
• Resource allocation (vehicles, K9 units, barriers, drones).
• Command & Control Structure (Incident Command System/Unified Command).
• Purpose: Provides the “big picture” of how the security operation will run.
e. Develop Information Technology (IT) Operations Plans
• This ensures that digital systems supporting security are ready.
• Includes:
• Surveillance networks (CCTV, drones, monitoring centers).
• Communication systems (radio networks, secure apps, hotlines).
• Credentialing and access control (digital passes, QR-coded IDs).
• Cyber defense (firewalls, anti-hacking protocols, fake news monitoring).
• Purpose: To maintain situational awareness, secure communications, and resilience against
cyber threats.
f. Develop Information Technology (IT)
• This refers to the actual establishment, upgrading, or deployment of IT systems identified in
the IT operations plan.
• Examples:
• Setting up a Joint Operations Center (JOC) with live video feeds.
• Installing new CCTV units at strategic points.
• Providing encrypted radios for commanders.
• Building redundancies (power backup, server backup).
• Purpose: To make sure technology is operational, tested, and available before the event.
g. Standard Operating Procedures (SOPs) / Contingency Plans (Finalization)
• After being drafted and reviewed, SOPs and Contingency Plans are finalized, harmonized
across agencies, and approved.
• Copies are distributed to relevant units in a controlled and confidential manner (to avoid leaks).
• Field commanders and personnel undergo briefings or drills to internalize them
• Purpose: To lock down the procedures and ensure everyone is aligned before deployment.
Summary Flow of Activities:
1. Expand Planning Team → Bring in specialists and agencies.
2. Develop SOPs/Contingency Plans (Draft) → Create procedures for normal and emergency
scenarios.
3. Develop Operations Plan → Integrate manpower, resources, and strategies into one
framework.
4. Develop IT Operations Plan → Define digital systems and cyber defense.
5. Develop IT Systems → Deploy and test actual technologies.
6. Finalize SOPs/Contingency Plans → Refine, approve, and disseminate for implementation.

Slide 5: Breakdown of Activities

b. Develop Strategy for After Activity Report (AAR)
• The After Activity Report (AAR) is a formal document prepared after the major event.
• In the planning stage, a strategy for the AAR must already be designed to ensure lessons
learned can be captured.
• Key Elements of the Strategy:
• Who collects information: Assign teams responsible for documenting incidents, feedback, and
performance.
• What data to gather: Security incidents, crowd statistics, response times, communication
efficiency, coordination issues.
• How to gather data: Debriefings, surveys, CCTV reviews, logbooks, hotwash sessions.
• When to report: Timeline for submission after the event (e.g., 5–7 days).
• Purpose: To institutionalize learning, identify gaps, and recommend improvements for future
operations.
c. Update Project Plan
• The Project Plan is a living document that evolves as the planning process progresses.
• During plan development, updates are necessary to reflect:
• New requirements (e.g., added VIP delegations, larger crowd size).
• Changes in security environment (e.g., raised threat levels, intelligence updates).
• Coordination results from inter-agency meetings.
• Resource adjustments (e.g., additional medical stations, more barriers).
• Purpose: Keeps the plan relevant, realistic, and responsive to changing conditions.
d. Estimate Budget
• A realistic budget must be projected during planning.
• Budget Estimation Includes:
• Personnel costs: Allowances, overtime, augmentation forces.
• Logistics: Barricades, metal detectors, K9 units, vehicles, fuel.
• Technology: CCTV, radios, drones, command center equipment.
• Medical & Safety: Ambulances, first aid kits, fire equipment.
• Contingencies: Reserve funds for emergencies or unforeseen requirements.
• Purpose: Ensures resources are available, prevents underfunding, and helps justify requests
for financial support from higher headquarters or partner agencies.
Summary:
• Develop AAR Strategy → Plan ahead for systematic documentation and evaluation.
• Update Project Plan → Continuously refine to reflect new realities.
• Estimate Budget → Secure resources for manpower, logistics, and contingencies.

Slide 8:
The Plan Review Stage ensures that the Operations Plan and all supporting procedures
remain viable, realistic, and responsive to evolving threats. It is not enough to write a
plan—it must be tested, practiced, and continuously improved.
1. Regular Review of Operations Plan
• The Operations Plan is a living document and must be reviewed periodically before the event.
• Purpose:
• To confirm the plan still addresses current threats (e.g., terrorism, civil disturbance,
cyberattacks).
• To check that resource availability (personnel, equipment, IT) matches the planned response.
• To ensure interoperability among agencies (PNP, AFP, BFP, LGU, DOH, private security, etc.).
2. Evaluations and Testing
The plan is validated through practical exercises and drills to expose weaknesses and refine
responses.
a. Tabletop Exercises (TTX) / System Testing
• Scenario-based discussions where leaders and planners simulate incidents on paper.
• Example: “What if a bomb threat is called in at the venue gate?” → Participants walk through
their responses.
• IT systems are tested (CCTV feeds, communication lines, data sharing) to ensure technical
readiness.
b. Standard Operating Procedures (SOPs) Validation
• Each SOP (entry screening, credentialing, evacuation, medical response, etc.) is tested.
• Example: A mock drill of crowd evacuation is conducted to see if SOPs are clear and
achievable.
• Weak or confusing SOPs are revised before the event.
c. Single and Multiple Unit Responses
• Single Unit Response: One team/unit (e.g., Explosive Ordnance Disposal or EMS) is tested in
isolation to evaluate their readiness.
• Multiple Unit Response: Inter-agency or multi-unit coordination is tested in a combined drill
(e.g., PNP + BFP + DOH responding to a mass casualty incident).
• This ensures coordination and communication protocols are working under pressure.
Summary
The Plan Review stage is about stress-testing the Operations Plan to make sure it works in
practice, not just on paper. Through regular reviews, tabletop exercises, SOP validation, and
single/multi-unit drills, planners can identify weaknesses and refine the plan to ensure it remains
viable in the face of evolving threats.

Slide 9: Plan Review: Identifying Capability Gaps through Test Exercises

The Plan Review Stage is not only about validating whether the plan works—it is also
about uncovering capability gaps that may hinder effective execution during a major
event. These gaps usually come to light during test exercises (e.g., tabletop exercises,
functional drills, and full-scale rehearsals).
When the plan is tested, a number of issues commonly surface:
1. Training Gaps
• Personnel may not be fully trained in specialized tasks (e.g., crowd control, cyber incident
response, hazardous material handling).
• Example: During an evacuation drill, some staff may be unfamiliar with emergency exit routes
or communication protocols.
• Solution: Conduct targeted refresher courses, simulations, and joint agency training to
strengthen skills.
2. Budget Deficiencies
• Exercises often reveal that some critical security measures were not funded adequately.
• Example: Lack of funds for additional CCTV coverage, K9 units, or overtime pay for personnel.
• Solution: Adjust budget allocations or request supplemental funding before the event.
3. Staffing Shortages
• Testing exposes whether the planned number of personnel is sufficient to handle peak
demands.
• Example: Not enough crowd marshals to secure all entry gates during simultaneous arrival of
guests.
• Solution: Identify force multipliers (e.g., reservists, volunteers, auxiliary units) and ensure clear
deployment plans.
4. Logistics Issues
• Weaknesses in supply chain and support services may emerge.
• Example: Delayed delivery of barricades, insufficient medical supplies, or breakdown of
transport vehicles.
• Solution: Strengthen logistics coordination and establish backup arrangements with suppliers
and partner agencies.
5. Equipment Failure
• Exercises may reveal vulnerabilities in technology or gear relied upon during operations.
• Example: Radio communication dead zones, malfunctioning scanners, or power failure
affecting surveillance systems.
• Solution: Ensure redundancy and backup systems (extra radios, generators, manual
alternatives).
Summary:
Test exercises are stress tests that expose the weaknesses of a security plan. These gaps—
whether in training, budget, staffing, logistics, or equipment—must be addressed early so that
corrective actions can be implemented before the actual event.

Slide 10: Plan Review

The Plan Review Stage ensures that the Operations Plan is realistic, tested, and validated
before it is finalized. This stage culminates in the approval of the plan by the Major Event
Security Framework (MESF) Executive Team, which has the ultimate authority over major
event security planning.
Breakdown of Activities
b. Refine Operations Plans and Standard Operating Procedures (SOPs)
• Draft Operations Plans and SOPs are reviewed, corrected, and fine-tuned based on
stakeholder feedback, lessons learned from previous events, and threat updates.
• Refinement ensures the plan is practical, coordinated, and compliant with laws, policies, and
human rights standards.
• Example: Updating crowd control SOPs after discovering during drills that evacuation routes
were too narrow.
c. Conduct Exercises as per Plans
• Exercises validate the feasibility of the Operations Plan.
• Types of exercises:
• Tabletop Exercises (TTX): Paper-based scenario discussions with decision-makers.
• Functional Drills: Testing specific units or functions (e.g., bomb threat response).
• Full-Scale Exercises: Multiple agencies rehearsing together in real time.
• Purpose: To ensure agencies know their roles and can execute under realistic conditions.
d. Test Information Technology (IT) Readiness
• IT systems are the backbone of modern major event security. Testing ensures:
• Communications work (radio networks, backup phones, encrypted apps).
• Surveillance systems operate (CCTV, drones, monitoring centers).
• Cyber defenses are active against hacking or misinformation campaigns.
• Backup power and servers are available in case of outages.
• Any IT weakness identified is fixed before the event.
e. Identify Capability and/or Resource Gaps
• Exercises and tests often reveal weaknesses in the plan. Common gaps include:
• Training: Lack of skills in specialized responses.
• Staffing: Not enough personnel to cover all areas.
• Budget: Insufficient funds for key requirements.
• Logistics: Delayed supply chain or missing support services.
• Equipment: Communication failures, insufficient vehicles, or medical kits.
• Purpose: To ensure no critical element is overlooked before the event.
f. Analyze Results
• Findings from exercises and tests are documented and assessed.
• Analysis looks at:
• What worked well?
• What failed or caused delays?
• Which agencies/resources need reinforcement?
• Recommendations are developed and incorporated into the revised Operations Plan.
g. Approve Plan
• The MESF Executive Team gives the final approval after all refinements and validations.
• Approval signifies:
• The plan is legally binding on all stakeholders.
• Resources are committed.
• Agencies are accountable for their roles.
• Once approved, the plan is formally disseminated to all participating agencies, with controlled
copies to safeguard confidentiality.
Summary:
The Plan Review phase turns a draft plan into an operationally ready, tested, and approved
framework. Through refinement, exercises, IT testing, gap identification, and results analysis,
weaknesses are addressed. Final approval by the MESF Executive Team ensures the plan is
officially recognized, fully supported, and ready for implementation.
Slide 12: What Constitutes Event Planning Cycles
Event planning is a structured process that ensures an event is well-organized, safe,
successful, and aligned with its intended purpose. It integrates operational, financial,
and promotional aspects to deliver a smooth and meaningful experience for participants.

1. Purpose, Goal, and Objectives

• Purpose: The overall reason for holding the event (e.g., community engagement, fundraising,
celebration, security awareness).
• Goal: A broad statement of what the event seeks to achieve (e.g., “to raise awareness of
public safety”).
• Objectives: Specific, measurable outcomes (e.g., “train 200 barangay volunteers in disaster
response,” “raise ₱500,000 in sponsorship”).
2. Branding, Marketing, and Promotion
• Branding: Defines the identity of the event (logo, theme, slogan, colors). It creates recognition
and appeal.
• Marketing: Strategies to reach the target audience (social media, posters, TV/radio
announcements, community outreach).
• Promotion: Specific tactics (ticket sales promos, media partnerships, influencer engagement)
that increase participation.
3. Timeline and Processes
• Timeline: A detailed schedule from planning to post-event wrap-up.
• Pre-event: securing permits, contracts, logistics.
• During event: managing program flow, safety/security operations.
• Post-event: clean-up, reporting, evaluation.
• Processes: Checklists and workflows for registration, security, catering, transportation,
emergency response, etc.
4. Sponsorship Opportunities
• Involves partnerships with businesses, government, or NGOs that provide financial, logistical,
or material support.
• Benefits for sponsors: exposure, goodwill, branding opportunities.
• Example: A local business sponsoring refreshments, in exchange for logo placement on
banners.
5. The Event Planning Team
• A team composed of representatives from relevant areas (program, logistics, security, finance,
marketing, evaluation).
• Key roles:
• Event Director/Coordinator – overall lead.
• Security Coordinator – ensures safety planning.
• Program Manager – oversees agenda and activities.
• Logistics Head – manages supplies, transport, accommodation.
• Finance Officer – budget and disbursement control.
• Marketing/Communications – promotions and media.
6. Event Program and Agenda
• Defines the flow of activities (opening, main activities, intermissions, closing).
• Ensures smooth sequencing, timing, and coordination among performers, speakers, and
participants.
• Must include contingency slots in case of delays or emergencies.
7. Budget and Logistics Planning
• Budget: Estimates for all event costs (venue, equipment, manpower, food, marketing,
security). Must include contingency funds.
• Logistics: Covers venue layout, seating, transportation, communication systems, medical and
safety arrangements, accommodations (if needed).
8. Evaluation and Feedback
• Post-event assessment to measure success and identify areas for improvement.
• Tools: surveys, interviews, After Action Reports (AAR), team debriefings.
• Looks at:
• Were objectives met?
• Were resources sufficient?
• What problems occurred and how to fix them in the future?
Summary: Event planning is a comprehensive cycle that starts with defining purpose and
objectives, followed by branding, timeline management, sponsorship, and team organization. It
continues with detailed program and budget/logistics planning, and ends with evaluation and
feedback to improve future events.