SF Prepared

SF Prepared is the Controller's Office Emergency Preparedness program. We serve as the City and County of San Francisco's Finance & Administration leaders in the event of a large scale emergency or disaster.

What is the focus of SF Prepared?

Finance and Administration

The Controller's Office is the lead agency for the City's Finance and Administration function. This function is responsible for financial management in support of emergency response operations and initiating cost recovery.


Preparedness is the phase prior to an emergency or disaster - in which we plan, train, exercise, and continuously evaluate and improve our readiness to Respond to and Recover from future incidents.

Trainings & Exercises

Trainings and exercises are key components of Preparedness. City finance and administrative professionals are encouraged to complete the SF Prepared Finance and Administration Academy.


Continuity of Operations

Continuity of Operations

Continuity of Operations (COOP) is the process of maintaining an agency's essential operations when interrupted by a disaster. COOP planning should include policies and procedures for maintaining the organizational functions, personnel, systems, and records which are essential to meeting an agency's mission. Resources include:

Finance & Administration

Finance & Administration

The Controller's Office is the lead agency for the City's Finance and Administration function. This function is responsible for financial management in support of emergency response operations and initiating cost recovery. This may include:

  • Executing pre-established emergency financial policies and procedures
  • Accounting for personnel and non-personnel costs
  • Expediting purchasing and contracting, in support of life safety and property protection
  • Documenting and processing workers' compensation and injury claims
  • Estimating actual and projected expenditures to provide for public safety, property protection, environmental health, and removal of disaster-induced debris
  • Assessing physical damage to public property, estimating aggregate damage to private property, and quickly preparing and reporting loss estimates
  • Maximizing and expediting recovery of losses

Cybersecurity Preparedness Checklist

Cybersecurity Preparedness Checklist

Based on the NIST Cybersecurity Framework, here are several important steps to enhance Cybersecurity:

Step 1: Prioritize and Scope. The organization identifies its business/mission objectives and high-level organizational priorities. With this information, the organization makes strategic decisions regarding cybersecurity implementations and determines the scope of systems and assets that support the selected business line or process. The Framework can be adapted to support the different business lines or processes within an organization, which may have different business needs and associated risk tolerance. Risk tolerances may be reflected in a target Implementation Tier.

Step 2: Orient. Once the scope of the cybersecurity program has been determined for the business line or process, the organization identifies related systems and assets, regulatory requirements, and overall risk approach. The organization then consults sources to identify threats and vulnerabilities applicable to those systems and assets.

Step 3: Create a Current Profile. The organization develops a Current Profile by indicating which Category and Subcategory outcomes from the Framework Core are currently being achieved. If an outcome is partially achieved, noting this fact will help support subsequent steps by providing baseline information.

Step 4: Conduct a Risk Assessment. This assessment could be guided by the organization's overall risk management process or previous risk assessment activities. The organization analyzes the operational environment in order to discern the likelihood of a cybersecurity event and the impact that the event could have on the organization. It is important that organizations identify emerging risks and use cyber threat information from internal and external sources to gain a better understanding of the likelihood and impact of cybersecurity events.

Step 5: Create a Target Profile. The organization creates a Target Profile that focuses on the assessment of the Framework Categories and Subcategories describing the organization's desired cybersecurity outcomes. Organizations also may develop their own additional categories.

Step 6: Determine, Analyze, and Prioritize Gaps. The organization compares the Current Profile and the Target Profile to determine gaps. Next, it creates a prioritized action plan to address gaps - reflecting mission drivers, costs and benefits, and risks - to achieve the outcomes in the Target Profile. The organization then determines resources, including funding and workforce, necessary to address the gaps. Using Profiles in this manner encourages the organization to make informed decisions about cybersecurity activities, supports risk management, and enables the organization to perform cost-effective, targeted improvements.

Step 7: Implement an Action Plan. The organization determines which actions to take to address the gaps, if any, identified in the previous step and then adjusts its current cybersecurity practices in order to achieve the Target Profile. For further guidance, the Framework identifies example Informative References regarding the Categories and Subcategories, but organizations should determine which standards, guidelines, and practices, including those that are sector specific, work best for their needs.

Authorized Agent

Authorized Agent

The Executive Director of Emergency Management, Controller, and Deputy Controller are the City’s Authorized Agents for Federal and State Disaster Assistance funding. 

Public entities in California should consider designating an Authorized Agent for Federal and State disaster assistance funding before a disaster occurs, using Cal OES Form 130.



Cybersecurity is the prevention of damage to, unauthorized use of, exploitation of, and - if needed - the restoration of electronic information and communications systems, and the information they contain, in order to strengthen the confidentiality, integrity and availability of these systems. Cyberattacks are malicious attempts to access or damage such systems and information. Cyberattacks may result in costly downtime to vital operations and services and pose significant security, safety, and reputational risk.


The Controller's Office Cyber Audits Team assists City departments in enhancing capabilities to prevent, detect, and respond to cyberattacks. The team monitors compliance with Cybersecurity policies set by the City's Committee on Information Technology (COIT), which include:

Emergency Pocket Guide

Emergency Pocket Guide

An employee emergency pocket guide is a useful way to help ensure key information is available to employees in the event of a disaster. This includes:

  • Disaster Service Worker responsibilities
  • Workplace preparedness information
  • Tips for preparing a go bag
  • What to do if there is a disaster, including check-in procedures and important contact information

You can download a copy of our Emergency Pocket Guide in PDF, customizable in Adobe InDesign© (click here for text files).

The Controller's Office's objective is to sustain the City's financial operations in a disaster. Three focal areas essential to meeting this goal are: Continuity of Operations, Emergency Management, and Cybersecurity planning.



Financial Policies & Procedures

Financial Policies & Procedures

The following memorandum provides applicable financial policies and procedures in response to declared emergencies and other potentially cost recoverable incidents within the City's jurisdiction.

For applicable payroll and personnel policies, refer to:

The Response phase occurs when an active hazard or threat requires immediate actions to save lives, protect property, and the environment. Depending on the scale of an incident, City resources may be supplemented by help from other local governments, State and Federal partners, and the community.


Finance and Administration Sections

A DOC Finance and Administration Section consists of the positions illustrated below. SF Prepared position-specific job resources are provided below - including checklists, job aids, and forms

Emergency Operations Center (EOC)

The City's EOC monitors situational information, coordinates Citywide resources to support DOCs and field operations, and coordinates and disseminates public information. There are four primary sections: Operations, Planning, Logistics and Finance and Administration. 

Finance & Administration Section

In accordance with California's Standardized Emergency Management System (SEMS), and consistent with the National Incident Management System (NIMS), there are five functions that a local government must be able to activate during a disaster or major emergency: Management, Operations, Planning, Logistics, and Finance and Administration. Local governments in California must use SEMS in response to multi-jurisdictional or multi-agency incidents, in order to be eligible for State reimbursement of response-related personnel costs.

Employee Preparedness

All State and local government employees in California are designated as Disaster Service Workers, under State law. Personal preparedness at home can help employees meet their work responsibilities in an emergency. Learn how to Get Connected, Gather Supplies, and Make a Plan at SF72.org.


 The Controller's Office is the lead agency for the City's Finance and Administration function. This function is responsible for financial management in support of emergency response operations and initiating cost recovery.