Preparedness Toolkit (PrepToolkit) Terms of Use and Rules of Behavior

Updated 09/29/2021

The following rules of behavior apply to all PrepToolkit users. These rules of behavior are adapted from information technology (IT) security policy and procedures within the Department of Homeland Security (DHS) Management Directive 4300.1 (Information Technology Systems Security), DHS Sensitive Systems Policy Directive 4300A, and the DHS 4300A Sensitive Systems Handbook.

PrepToolkit is hosted by DHS Federal Emergency Management Agency (FEMA) National Preparedness Directorate (NPD) contractor support. Unauthorized use of this system is prohibited. US Government computer systems may be monitored for all lawful purposes, including to ensure that their use is authorized, for management of the system, to facilitate protection against unauthorized access, and to verify security procedures, survivability, and operational security. Monitoring includes active attacks by authorized US Government entities to test or verify the security of this system.

Use of this computer system, authorized or unauthorized, constitutes consent to monitoring of this system. Unauthorized use may subject you to criminal prosecution. Evidence of unauthorized use collected during monitoring may be used for administrative, criminal, or other adverse action. Use of this system constitutes consent to monitoring for these purposes. Use of this system implies understanding of these terms and conditions.


FEMA reserves the right, at its sole discretion, to modify or replace these terms, in whole or in part. Your continued use of or access to the FEMA PrepToolkit following posting of any changes to these terms, constitutes acceptance of those modified terms. FEMA may, in the future, offer new services and/or features within PrepToolkit. Such new features and/or services shall be subject to these terms and conditions.

Disclaimer of Warranties

FEMA PrepToolkit services, features, and data are provided “as is” and on an “as-available” basis. FEMA hereby disclaims all warranties of any kind, express or implied, including without limitation the warranties of merchantability, fitness for a particular purpose, and non-infringement. FEMA makes no warranty that it’s services, feature, or data will be error free or that access thereto will be continuous or uninterrupted.

System Access

By using this system, you acknowledge and agree to the following:

I will use this system only for the purposes for which it is intended. I understand that I am given access to PrepToolkit only to perform my specific role within the system. If I am granted an elevated role (privileged account), I understand that I am only to use that account to perform functions that require elevated roles. I will not use an elevated account to log in and perform general user functions. I will not attempt to access components of the system I am not authorized to access. I will comply with all user access credential requirements as specified in user documentation, which includes:

  • Use of Personal Identity Verification (PIV) login by all FEMA employees
  • Use of username and password, meeting all password requirements of PrepToolkit, for all other user accounts.

I agree to protect access credentials from disclosure. I will not provide my access credentials to anyone, including system administrators. I will promptly change an access credential whenever the compromise of that credential is known or suspected. I will not attempt to bypass access control measures.

Data Protection

PrepToolkit is an unclassified system that stores preparedness data. PrepToolkit is covered under the DHS/FEMA//PIA-016 Application and Registration Records for Training and Exercise Programs (ARRTEP) Privacy Impact Assessment (PIA) and the DHS/FEMA-011 Training and Exercise Programs System of Records Notice (SORN). The system only collects limited personally identifiable information (PII) from individuals during the registration process. This information is used to provide access to the preparedness activities hosted through PrepToolkit. PrepToolkit is not authorized to host Sensitive Personally Identifiable Information (SPII) or classified information. SPII is defined as any information, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. Examples include Social Security number, Alien Registration Number, driver’s license or state identification number, passport number, and biometric identifiers (e.g., fingerprint, iris scan, voice print). SPII also includes information that if linked with a person's name or other unique identifier (e.g., address, phone number) could result in harm, embarrassment, inconvenience, or unfairness to the individual if lost, compromised, or disclosed without authorization. Examples of this information that is harmful if linked with other identifiers include date of birth, criminal or immigration history, medical information, mother’s maiden name, account passwords, etc.

As a PrepToolkit user, you agree to:

  • Not post SPII to PrepToolkit in any form. This includes uploading of documents that contain SPII.
  • Not post classified information in any form to include uploading of documents that contain classified information.
  • Adequately mark any unclassified but sensitive information such as For Official Use Only (FOUO) documents prior to uploading.
  • Protect exercise and/or other preparedness data stored in PrepToolkit from disclosure to un-authorized persons or groups.
  • Safeguard any information removed from PrepToolkit in compliance with DHS 4300A guidelines.

Exercise Email

PrepToolkit provides the capability to support simulated email for the purposes of exercise conduct. The system marks all automated exercise emails with appropriate headers to indicate “Exercise, Exercise, Exercise” and to separate exercise and training information from real-world communications. Therefore, such email capabilities are not authorized for use in conducting official business. Emails are only to be used to transmit exercise play information.

By using the system, you acknowledge and agree to the following:

I understand that my use of a PrepToolkit e-mail account is for purposes of exercise conduct only, and I agree to use it in only this manner. I understand that my e-mail use may be monitored, and I consent to this monitoring. I will not use PrepToolkit simulated email accounts for official communication nor place real-world information in emails for this account.

National Resource Hub

The National Resource Hub (NRH) within PrepToolkit includes the following component tools: Resource Typing Library Tool, Resource Inventory System, and OneResponder. The data uploaded to an NRH tool is owned solely by the organization that collected them: no members of other organizations can view, modify, share, or delete non-public data unless granted permission.

Participating organizations and personnel who maintain vetted and verified accounts in PrepToolkit, , will be granted view-only access to data for all organizations who voluntarily elect to use a National Resource Hub system. This includes the participating organization’s name and location as well as their number and type of qualified resources and personnel. This data is still owned by the collecting organization, and FEMA does not actively modify or delete the original data unless requested by the originating organization. In certain limited cases related to system monitoring for inappropriate and/or misclassified data FEMA may make changes but will notify the originator accordingly. The National Resource Hub shares certain non-personally identifiable information with FEMA and its authorized programs on an as needed basis to support preparedness programs.

For the Resource Inventory System, when the organization (or authority having jurisdiction) and resource owner indicates that a resource is able to be requested and deployed outside the home agency, they are consenting and granting permission to make limited information about the resource viewable to other users of a National Resource Hub system within PrepToolkit. Limited information about this resource will be made available, such as:

  • Home Organization (or Authority Having Jurisdiction)
  • Resource or Position Name (Type or Title)
  • NIMS Typing Definition or Position Alignment
  • Resource or Position Category
  • Resource or Position Kind
  • Home Organization Location (Address and FEMA Region)
  • Home Organization Point of Contact (typically 24/7 Deployment POC Email and Phone)
  • Position Qualification Status (Trainee or Qualified)
  • Resource or Position Availability Status
  • Last Update Time Stamp

The National Resource Hub systems are not intended for collection or storage of Sensitive Personally Identifiable Information (SPII). Please do not input such information into this system. Examples of SPII include non-publicly available information (e.g., unlisted phone numbers, social security numbers, and any other information that is considered sensitive or personal). Please reference the DHS Handbook for Safeguarding Sensitive Personally Identifiable Information for further guidance on types of SPII. Only non-personally identifiable information is made viewable or shared with any other user or organization, including FEMA.


By using the system, you acknowledge and agree to the following:

If notified of a virus or malware contamination, I will immediately cease operations and report the incident to I will promptly report IT security incidents. I understand that I have no expectation of privacy while using the PrepToolkit system. I understand that I will be held accountable for my actions while accessing and using PrepToolkit.

Service Termination

If you do not wish to abide by these terms, you must refrain from use of the services.