Emergency Control Rooms are part of critical infrastructure ecosystems, and their operational continuity must be guaranteed 24/7, 365 days a year. Any unavailability of these facilities can put people’s lives and assets at risk, as demonstrated by the outage affecting the Madrid 112 Emergency Control Room in May 2025. In a highly digitalized technological context, risks to operational continuity can be broadly grouped into three main categories:
Technological domain. Hardware, software and connectivity components may be vulnerable and compromise the Control Room’s operations for several reasons, including the presence of single points of failure, exposure to cyberattacks, and inadequate capacity sizing of resources.
Organizational and procedural domain. Emergency Control Rooms must be designed to cope with exceptional events, particularly extreme scenarios such as natural or social incidents that render the facility unusable. The lack of adequate Disaster Recovery resources and procedures represents one of the most significant organizational risks.
Operational domain. These risks are mainly related to staff shortages, insufficient training, and the inability to cope with high levels of emotional or cognitive stress.
Legal and regulatory aspects deserve separate consideration. While they are not risk factors, it is important to highlight that cybersecurity regulations require a significant compliance effort from Emergency Control Rooms. Failure to comply may result in operational limitations or corrective actions that can indirectly affect operational continuity.
To minimize technological risk, action is required in two key areas: capacity planning and cybersecurity.
Resource sizing. The primary objective is to eliminate all potential single points of failure. This implies, for example, introducing redundancy for all critical resources, such as on-premises servers, storage databases, network devices, and similar components.
Cloud adoption. Although still not widely implemented, migrating Emergency Control Rooms to the cloud should be considered, as it inherently addresses availability and scalability challenges. For Italian Emergency Control Rooms, the National Strategic Cloud (PSN, Polo Strategico Nazionale) represents a key reference framework for planning such a migration.
Security by Design. Security measures must be integrated during the design phase of the Control Room rather than added retrospectively. This includes, for instance, designing a segmented network architecture (as recommended by EENA, European Emergency Number Association) and implementing role-based access to information. In this context, Common Criteria serve as a benchmark for assessing and validating the achieved security level.
For both capacity planning and cybersecurity, the adoption of advanced monitoring tools is strongly recommended. These tools serve a dual purpose: ensuring balanced resource utilization and detecting anomalous network traffic behaviors that may indicate cyber threats.
Increasing organizational and operational efficiency
Organizational and operational aspects require constant oversight and the implementation of measures aimed at managing crises and restoring normal operations:
Fallback and backup control rooms. This involves setting up a secondary (“fallback”) control room capable of replacing or supporting the primary one in case of unavailability or overload. Such an approach requires specific hardware and software configurations that allow dynamic call switching. Operational continuity also means being able to manage peak loads or large-scale emergencies. For example, during the collapse of the Morandi Bridge in Genoa, excess calls were dynamically rerouted to the backup control room in Milan.
Staff training. Operational continuity is closely linked to the ability of control room operators to manage crisis situations effectively. This translates into dedicated training programs covering topics such as mental health crisis call handling, traumatic stress management, compassion fatigue, and the recognition of intense emotional reactions.
Disaster Recovery Plan. This entails deploying structures and resources to restore operations if the control room becomes unusable. Key elements include an alternative physical site equipped with IT and telecommunications systems, a data backup strategy, staff availability (both on-duty and additional personnel), and a formal activation procedure (disaster declaration, site switch, and activation of the alternative facility). Periodic testing is essential to ensure the effectiveness of the documented procedures.
The Computer AidedDispatch (CAD) platform plays a central role in ensuring operational continuity, as it enables the implementation of the techniques mentioned above, such as fallback operations, integration with monitoring platforms, and structured workflows that reduce errors and operator workload. Emergency Control Rooms must therefore select their CAD platform based on these requirements. Today’s technologies make it possible to evolve toward more resilient architectures. However, these opportunities must be leveraged within a comprehensive strategy that combines technological choices with a qualitative leap in process organization. This is a demanding task that requires significant investment, but it represents the only viable path to guaranteeing citizens a reliable, always-available emergency service capable of responding effectively to requests for help at any time.