Collaborative capability building for critical infrastructure resilience: assessment and selection of good practices

Accidental and intentional disruptive events affecting Critical Infrastructure (CI) systems dramatically increase on a global scale and put pressure on governments and CI operators to further improve technical and organizational capacities for securing the continuity of service. Experts in the field call for collaborative approaches to manage CI interdependencies and mitigate domino effects, which amplify the impact of disruptions over space, time and social functions. This paper presents an integrated framework for the classification, assessment and selection of Good Practices (GPs) in the Critical Infrastructure Resilience domain—‘CRAFTER’, from the perspective of collaborative Emergency Management (EM) capability building. The GPs mainly come from local and national level actions and programs, emphasizing the importance of fostering collaborative processes among stakeholders. The study identified 53 GPs through a systematic analysis of available scientific literature and research projects in the CI domain, which were used in the development of the CRAFTER framework. The framework was refined and validated through a questionnaire administered to CI experts, as a way to integrate theory-based and practitioner-based knowledge. The GPs were then classified and assessed according to their intended application context, the activities and functionalities covered, and the EM capabilities they support. The CRAFTER framework enables the assessment and benchmarking of GPs showing their strengths and weaknesses when used to build EM capabilities. It also supports practitioners in selecting a smallest effective bundle of GPS under different institutional and operational contexts, making sure that all the EM phases and capabilities are adequately covered.


Introduction
The term Critical Infrastructure (CI) refers to assets or systems that provide essential goods and services for the health, safety, security, economy and well-being of a society (European Commission 2008). They are deemed as critical since their "incapacity or destruction would have a debilitating impact on the defense and economic security" (President's Commission on Critical Infrastructure Protection 1997). Some examples of CI systems are communications, energy supply, IT and networks, food and water supply, healthcare, transport and financial services or the public administration operations (Wróbel 2019).
Due to their multiple vulnerabilities and (inter)dependencies, CI systems are increasingly susceptible to the occurrence of unexpected disruptions and accident events, highlighting the need of enhancing organizational awareness and of improving the ability to effectively respond to unforeseen events (Adini et al. 2017). Moreover, under the influence of (inter)dependencies, an event affecting a specific CI can produce large-scale cascading disruptions, spreading ripple or domino effects throughout interconnected CI systems (Wróbel 2019). Therefore, emergencies in CI systems can generate serious consequences with difficulties in managing them.
The level of complexity in interconnected CI systems justifies the need of adopting collaborative efforts among various organizations and calls for a shift from a purely protective strategy (Moteff et al. 2002) to a more holistic resilience perspective (Pursiainen and Gattinesi 2014;Pant et al. 2014;Alsubaie et al. 2015). Critical Infrastructure Resilience (CIR) is aimed at ensuring functional continuity of critical services when a disruption occurs, not only by preventing or limiting the extent of related impacts, but also enabling a faster response and recovery to normal service conditions even when CI is severely damaged (Trucco and Petrenj 2015a). However, the effects generated on interdependent networks make some systems more resilient than others (Woods 2015). In this regard, a system can be considered resilient if it embeds "abilities to prevent disruptions, absorb disruption consequences, restore lost performance, adapt to different possible scenarios (short-term) and circumstances (long-term), and overall, prepare to achieve those goals and develop those abilities" (Kozine et al. 2018). Moreover, as stated by Hollnagel et al. (2006), resilience can be seen as a form of control since systems should have the ability to anticipate, perceive and respond to remain in control and thus to be resilient. This is also recalled in literature as the sustained adaptability characteristic of resilient systems that adapt themselves to the evolving conditions and that are also characterized by graceful extensibility due to their capacity to adapt when disruptive events occur affecting their boundaries (Woods 2015(Woods , 2018. In order to reach these abilities, resilience management guidelines are needed to support stakeholders in making strategic decisions to guarantee the continuity of operations, effectively respond and recover from failures and adaptively meet unpredictable demands. As a result, the actors involved would have a clear understanding of their responsibilities and shared knowledge about resilience management (Adini et al. 2017).
There are different contributions in literature that focus on the importance of assessing system resilience (e.g. Resilience Matrix) thus investigating the performances of a network of systems (Linkov et al. 2013;Fox-Lent et al. 2015). In addition, there are emerging fields, as Network Science that studies complex networks to enhance understanding of their characteristics and behaviour (Börner et al. 2007). It follows the Systems-Thinking approach (Arnold and Wade 2015), considering distinct elements of systems and focussing on the interconnections and interactions between those elements. When it comes to CI systems, Network Science can be utilized to explore elements of a system's resilience (Linkov and Trump 2019). For instance, it can offer insightful information, such as network vulnerability, robustness or fragility, and performance under different disruption scenarios (Ulusan and Ergun 2018).
However, in the last decade, governments, agencies and business organizations designed, implemented and tested a plethora of strategies, programs and measures to improve CIR. Most of them are related to Public-Private Collaborations (PPCs) since they are considered promising for managing CIR issues. Despite that, a clear view on the suitability and effectiveness of these practices, as well as, the conditions for a successful application, are still lacking. Furthermore, in spite of the large number of documented Good Practices (GPs)-which can be defined as methods or techniques that are applied to solve existing problems producing effective results and bringing benefits to the users-in the context of CIR, these have often proved to be insufficient to cover the wide spectrum of EM capabilities needed to cope with severe events (Clarke et al. 2015). In addition, the importance of implementing coherent and aligned practices within and between various organizations is a prerequisite for an effective management of (inter)dependencies, which emphasizes the importance of relying on a structured and robust framework for effective EM of interconnected CI systems.
In light of the previous considerations, this study wants to answer the following Research Questions (RQs): RQ1 How to characterize Good Practices (GPs) for collaborative capability building in the field of Critical Infrastructure Resilience (CIR)? RQ2 How to select GPs and identify smallest effective bundles of GPs to achieve higher resilience against CI disruptions?
We begin from the identification of the dimensions that enable the classification of CIR-related GPs. Each GP is then analysed to understand how it contributes to building core EM capabilities and, ultimately, to enhancing CIR. Indeed, even if the concept of GP for CIR is known, as well as the concept of EM capability, they are not linked to each other. Finally, smallest effective bundles of GPs are selected in order to suggest the most effective combinations of GPs under different organizational and operational contexts. More specifically, given the PPC context of reference, we refer to GPs that can be applied by various organizations (e.g. public institutions, CI operators) working in this field and not just to single decision makers. The study collectively answers the RQs by developing a comprehensive framework for the classification, assessment and selection of CIR related GPs. Results are expected to foster a better harmonized and collaborative EM model for coping with accidents and disruptions affecting interconnected CI systems.
The remainder of the paper is organized as follows. Section 2 presents the theoretical background, while Sect. 3 describes the research method. Section 4 presents the review of the selected GPs that leads to the development of an assessment framework for CIR-related GPs, detailed in Sect. 5. The results are presented and discussed in Sect. 6. Finally, the contributions, limitations and future developments of this study are summarized in the Conclusions section.

Background
In the last decade, Public-Private Collaborations (PPCs) have emerged as the most promising and effective approach to deal with CIR issues (Dunn-Cavelty and Suter 2009). PPCs are based on joint efforts of national, regional or local governments with the involvement of private sector (DHS 2009;Dunn-Cavelty and Suter 2009), given that CI systems span geographical borders and are in many cases owned by private operators (Clark et al. 2018). PPCs represent a comprehensive way for enhancing proactive risk management through an all-hazard approach, as well as for increasing the effectiveness of responsiveness and recovery by matching complementary skills, expertise and resources from public and private sectors (Trucco and Petrenj 2017). In many instances, CIR strategies are implemented through PPCs as the way for enhancing coordination, collaboration and information sharing as stated by The US Presidential Policy Directive (PPD-21) on Critical Infrastructure Security and Resilience (The White House 2013). Looking at the practical side of PPCs, they can take a variety of forms due to different focuses, sizes and governance models (Trucco and Petrenj 2017).
Nevertheless, the establishment and management of PPCs is often challenging, failing to bring results as expected. The implementation of effective CIR strategies could therefore hugely benefit from proven approaches and GPs that support the collaboration of numerous stakeholders (e.g. CI operators, first responders, civil protection), at different institutional and operational levels (Trucco et al. 2015). While approaches are methods, ways of working or strategies that may be integrated and implemented in guidelines and procedures, practices represent a solution that has been incorporated and implemented in a real environment (Adini et al. 2017). Among the GPs, Best Practices (BPs) are commercial or professional procedures that are accepted or prescribed as being correct or most effective (Oxford dictionary), thus they are the ones showing results superior to those achieved with other means (Trucco and Petrenj 2015a). Firms and organizations rely on BPs, since they have proved to be effective in addressing similar past problems. However, BPs are not static, they have to be adjusted according to the new emerging applications and adapted to the specific needs of practitioners. Consequently, BPs are continuously improved and updated versions are released as soon as the conditions in the real application field evolve. By collecting evidence about the practices used in a particular context, it is possible to identify the one that represents the BP in a given context. Given these considerations, this study focuses on the practices that are implemented in PPC for CIR and that guarantee superior performance among all the practices present. This is done evaluating the best application context of selected GPs. Indeed, it is not possible to identify just one GP for collaborative capability building for CIR. For instance, COLAB is a GP aimed at improving local resilience providing a set of guidelines to develop strategic plans (The Rockefeller Foundation 2015). Other examples are DOMINO (Centre Risque & Performance 2020) and GRRASP (EC 2020) that are tools used to locate system infrastructures and simulate domino effects.
The shift from protection to resilience of CIs has been also accompanied by a shift from an EM perspective based on procedure and plans (Penadés et al. 2017) to a resilience perspective focussed on capability building (Kozine and Andersen 2015;Lindbom et al. 2015;FEMA 2020). The adoption of this new approach is justified by the presence of a variety of threats and risks, which cannot be managed simply by analysing specific risk scenarios, but require an in-depth capability assessment (Lindbom et al. 2015). In this perspective, an organization that invests in enhancing its resilience and EM capabilities should experience a progressive shift from a reactive approach to a proactive preparedness and finally to an adaptive capacity (Gibson and Tarrant 2010). In this work we refer to a capability as "a description of an [organisation's] ability to do something" (NATO, 2018). This concept is presented through the term EM capability since we refer to the way competences and resources are transformed into capabilities (Clark et al. 2018), but also to the internal and external information flows, as other means of coordination, that affect the collective performance of organizations when emergencies occur (Piraina and Trucco 2022). Moreover, this is strictly connected to the concept of resilience in CI systems since "a capability-based approach to emergency planning and response for fostering CI resilience is required" (Piraina and Trucco 2022).
This definition implies that organizational resilience can be measured by assessing how the range of EM capabilities can bring benefits in a changing and evolving context (Gibson and Tarrant 2010). However, even if different definitions of EM capability are present in the literature (Lindbom et al. 2015), this concept is still not used on a practical level. In fact, organizations do not rely on the capability concept, but they refer to practices based on the aggregate adoption of resources, technologies and competencies. Considering the capability approach, the focus is not only on the amount of resources available, but also on the ability to properly use them (Clark et al. 2018). In particular, the attention is on the identification of those EM capabilities that are general enough to be applicable in different contexts and hazardous conditions, thus enabling an all-hazard approach (Kozine et al. 2018). Moreover, since various actors are involved in these contexts, the capabilities built within a single organization (i.e. intraorganizational) or built on the relationships between various organizations (i.e. inter-organizational) involved in the EM cycle are considered.

Research method
The study departs from the identification and analysis of the GPs currently in use for managing CI-related disruption events. The method used to collect and systematize information consists of the following four steps ( Fig. 1 SMR Project 2015;Resolute Project 2015) with the aim of collecting information about the most effective practices currently in use. Additional practices were identified by consulting scientific literature and institutional websites, where searches combined the keywords "Critical Infrastructure*", "Resilience" and "Practice*". The selection of the projects was made in order to obtain practices that contribute to CIR with a variety of methods and means, so to have an overview of the different perspectives used in this domain. However, other important projects could have been selected and integrated in the work. 2. Data analysis and cleaning The information on every single practice was analysed to select the ones that were already implemented in practice, or at least piloted, and that are reasonably transferrable to other similar contexts using the information made available by the authors. At the end of this step, 53 GPs were selected. 3. Data presentation Each GP was documented in a standardized way, using a common template, to clearly report the main objectives and features.

Categorization
Each GP was categorized against a unified classification taxonomy, which considers the activities and functionalities that the GP supports.
Starting from the collected information, we proceeded classifying the GPs to identify the main characteristics.
However, to assess the GPs and thus to map a GP's contribution to the EM capabilities, the information collected from scientific literature, project reports and institutional websites were complemented with experts' judgement, collected through an online questionnaire. The questionnaire intended to link the classified activities and functionalities of GPs to the taxonomy of EM capabilities. In particular, the experts were asked to express an informed judgement on the importance (i.e. positive contribution) that different types of activities or functionalities, covered by the selected GPs, may have in building or improving a specific EM capability. The questionnaire was administered to about 150 international experts directly by email or through professional associations and 23 anonymous answers were collected. The results of the questionnaire enabled to assess to what extent the EM capabilities are covered by the GPs. A Pareto analysis was then performed to identify the range of EM capabilities fully covered by each GP (i.e. its degree of comprehensiveness). The final ranking led to the identification of the BPs.
Finally, the assessment of GP's contribution to EM capabilities revealed that only few GPs are able to fully cover the wide spectrum of capabilities required for an effective EM. Therefore, the study proceeded with the identification of smallest effective bundles of GPs that, combined together, are able to provide an optimal coverage of the EM capabilities needed to cope with CI disruptions.

Review of the selected GPs
The 53 selected GPs (Annex 1) have the common aim of supporting organizations in the management of emergencies where CI systems are involved. However, they achieve this goal by adopting different methods, tools, technical solutions (e.g. specific IT systems) or organizational arrangements. To this end, we introduced an exhaustive set of activities and functionalities useful to specify the main features of the different GPs. A functionality can be defined as a mean, technology, method or technique through which a GP achieves a specific goal. An activity, instead, can be defined as an action, task, organizational arrangement or procedure implemented to achieve a specific aim. Table 1 shows the list of the identified features and clarifies if they are activities, functionalities or both.
The identification of these features enables an easy representation of the contribution that each GP provides in the management of CIs: it is sufficient to link a GP with the supported activities/functionalities to figure out the main goals and applications of the GP. It is important to remark that a GP can support more activities/functionalities that, combined together, allow specifying the overall contribution of the GP. Moreover, an activity/functionality can be supported in different ways (i.e. different means or tasks), therefore it could happen that a GP provides a higher coverage of an activity/functionality with respect to other GPs.
The alerting/warning functionality is related to the ability of detecting possible future dangers or problems and informing all the stakeholders involved through a specific signal (Cambridge Dictionary 2020). The GPs endowed with this functionality are technological platforms that facilitate a real-time sharing of information among actors, thus supporting the development of integrated strategies to cope with potential hazardous situations. Other GPs that enable alerting/warning functionality are GIS (Geographical Information System) platforms that monitor the area of interest through awareness systems showing the location of events, strategic places and possible dangerous situation, thus supporting risk management and emergency response.
The brainstorming, problem solving and lessons learned activity is referred to a set of tasks aimed at suggesting new ideas to find solutions to problems and at sharing knowledge or understanding gained by experience (Cambridge Dictionary 2020). This activity is supported by the GPs that include workshops, conferences or meetings to engage stakeholders, experts, and sometimes citizens with the aim of communicating existing problems, trying to effectively understand their root causes and learning about new ways to solve them. These discussions lead to the identification of challenges and barriers that hinder opportunities and enable developing a vision statement and planning next steps to achieve these opportunities considering existing and needed resources.
The communication activity/functionality refers to the process of exchanging information among entities (organizations, people and technologies). The GPs that support this activity/functionality are mainly web-based informationsharing platforms that facilitate collaboration and coordination at intra-organizational or inter-organizational levels and at different geographical scales (e.g. national or multinational). Indeed, they connect public, private and non-profit organizations, providing greater visibility of impacts and strengthening the resilience of communities. The constant collaboration among institutions leads to the development of integrated strategies for the management of CI emergencies, which take into consideration the presence of system interdependencies.
The coordination activity/functionality is related to the process of allocating and managing resources following a disaster. The GPs support this activity/functionality by providing means to strengthen and improve collaborations among actors in order to reach a common response strategy to cope with CI disruptions. This strategic alignment can help avoiding delays in the response phase and better organizing resources for rescue and recovery operations, thus providing benefits to the affected communities.
The decision support activity/functionality refers to information systems that support businesses, organizations or authorities in decision-making activities. The GPs supporting this activity/functionality include tools or systems that, based on the specific issue to be solved or the specific goal to be achieved, suggest the most suitable policies that stakeholders can implement. This activity/functionality is particularly useful for the risk and resilience assessment process, since risk or resilience scores can be accompanied by recommendations about the most effective measures to mitigate risks within the area.
The expert involvement activity is related to the involvement of experts to share lessons learned, guidelines and BPs for continuous improvement. The GPs that support this activity are mainly workshops or meetings aimed at enhancing community resilience with the support of experts that, having great knowledge in the field, can suggest effective ways to undertake the resilience-building process.
The geographical visualization functionality refers to a set of tools and techniques supporting the analysis of geospatial data through the use of interactive visualization. The GPs endowed with this functionality have the main purpose of monitoring the areas of interest through mapping tools that allow for a georeferenced visualization of resources, events, strategic places and hazardous situations. In some cases, these platforms are publicly accessible, therefore they can provide useful information both to rescuers and citizens. On the one side they show operators the quickest way to reach the affected areas, on the other side they support citizens by diverting traffic towards alternative routings, thus reducing congestions near the location of the emergency event, or by providing tailored instructions in case of danger. Moreover, these platforms can be integrated with tools that enable the public to upload contents related to emergency events. Other GPs, instead, use geographical visualization functionality to represent risk or resilience levels of an area. These tools are based on flexible cartography approaches and they allow for the analysis of the interdependencies and the simulation of the domino effects, showing the location sectors where the consequences of the system failures are synthesized. Thanks to constant monitoring of the territory, they are able to assign a risk or resilience level to the areas that could be impacted by an emergency event.
The knowledge management functionality includes the sharing of lessons learned, guidelines and BPs for continuous improvement. The GPs that support this activity/ functionality include tools that allow access to researches, knowledge and best practices, highlighting what has proved to work well in the implementation of specific policies by other partners. In this way, users can exploit these lessons learned, avoiding mistakes and guiding a more effective implementation of a resilience strategy, increasing their knowledge and expertise about CIR.
The monitoring activity is based on the collection of routine data that are used to track changes in the situation over time and to provide regular feedbacks and early indications of possible disruptions (ERM Insights 2020). The GPs that support this activity include collaborations where actors constantly share situational information among them to intervene promptly if the tracked hazard materializes.
The planning activity/functionality refers to deciding beforehand what is to be done, when is it to be done, how it is to be done and who is going to do it (Business Jargon 2020). GPs support this activity/functionality by providing ad hoc instructions, guidance notes, templates or structured steps to support CI operators and other stakeholders to cope with CI disruptions and to develop strategic resilience planning. In particular, they provide instructions on how to manage CI systems, focussing on the collection of relevant data and information, the identification of relevant stakeholders and (inter)dependencies between systems, the setting of priorities and needs for interventions, and finally, the development and implementation of a strategic plan. These GPs require a comprehensive and targeted organizational setup which includes the formation of teams, sub-teams and working groups, assigning them well-defined objectives, clear tasks and responsibilities according to experts' background. The continuous communication and engagement with stakeholders, in some cases even including the general public (e.g. citizen associations and activated citizens), provides an important contribution in developing effective plans. Some GPs are specifically aimed at embedding business continuity plans into organizations and regions, addressing different issues to secure critical resources (i.e. external goods and services) that are essential for supporting the business operations within and around an area. The main outcome of these practices is an approach that ensures CI protection, coordinated disaster preparedness and response, quick recovery from damages and supply chain cooperation.
The risk assessment activity/functionality refers to the overall process or method of hazard identification, risk analysis, risk evaluation and risk control (CCOHS 2020). The GPs that support this activity/functionality include tools and processes for the analysis of interdependencies and the risk and resilience assessment at different system levels. They are based on structured steps or templates that guide users throughout the whole process of risk or resilience assessment. In this regard, they support an assessment of how local shocks and stresses interact to impact specific assets, locations, business sectors, residents and users. This leads to a prioritization of shocks and stresses and to the identification of vulnerable physical assets. Based on the risk level assigned to the key hotspots, these GPs can provide access to policies recommendations supporting the identification of measures to mitigate risks within the area. A similar approach is followed to evaluate resilience levels of a region: starting from the identification of critical functions and interdependencies of systems, resilience assessment tools generate a quantitative overall resilience score for CIs and individual resilience scores for specific assets, finally providing guidelines to enhance those resilience levels. In some cases, the results of risk or resilience assessment are represented on a geographical map which synthesises the obtained scores.
The surge management activity includes all the tasks that are performed during the response phase of EM as a first response to a crisis or disruption. The GPs that support this activity include actions aimed at providing immediate assistance to people and environment. In order to be able to guarantee first aid, actors need to have a great visibility of the available resources of their partners and of the requirements of the affected area.
The training and exercising activity/functionality refers to exercises, training and simulations performed to improve all-hazard incident management, as well as integration and interoperability, with the aim of providing adequate preparedness for CI operators, institutions and experts to deal with all the EM phases. Simulations platforms are based on a virtual environment where users can visualize the impacts of a CI disruption, testing specific response operations or policies and considering potential disruptions to resource availability. The obtained results allow validating the impacts of implementing different policies that could potentially be included in the resilience strategy of an area. By testing different scenarios, users can identify the implications of different policy options in the resilience improvement process and they can, therefore, use simulations as a training environment to find the right path towards improving local resilience. On the other hand, exercise programs try to ensure better visibility of the available resources and needs present in the affected areas, also finding a way to guarantee first aid. The analysis of cascading impacts is made through the development of different scenarios aimed at increasing awareness about vulnerabilities and interdependencies of CIs, so that it is possible to identify potential gaps in current plans and intervene to improve them. Indeed, starting from the results obtained by exercises, stakeholders have the opportunity to discuss emergency plans and to prioritize the actions needed to update them.
To sum up, the selected GPs aim at contributing to CIR from different perspectives: • Maintaining the continuity of the essential goods and services, reducing the impacts on the communities in case of disruptions; • Managing the interconnections of CIs through the involvement of a variety of stakeholders that, thanks to their knowledge, can contribute to an effective and coordinated EM; • Monitoring the hazard exposure and intervening promptly to mitigate the impact of an emergency event; • Analysing the cascading effects that an emergency event could cause on other CI nodes, mainly through simulations.
The first two issues are addressed by almost all the selected GPs, which are developed inside large projects/ programs that involve all the interested actors to find integrated solutions for an effective management of CIs, both in ordinary situations and in case of emergencies. The selected GPs result in the establishment of PPCs that enable to have a better visibility on CI status and its most critical nodes/ components, and promote the development of coordinated strategies, thus enhancing the effectiveness of preparedness, mitigation, response and recovery actions. Concerning the last two issues, instead, it emerges that not all the GPs are able to face them. This is due to the fact that they require advanced tools to constantly monitor the CIs and to analyse the cascading impacts following a CI failure, which are included just in a small number of GPs.

CRAFTER: an assessment framework for CIR-related GPs
The aim of this study is to develop a comprehensive framework ( Fig. 2) for the classification, assessment and selection of GPs for CIR-shortly named 'CRAFTER' (CRiti-cAl inFrastrucTurE Resilience). In this perspective, we took the 53 selected GPs as a reference to identify the main features that can be used to characterize them and to recognize their most suitable application context. The identified features correspond to the dimensions that we introduced in the framework to enable an effective classification of GPs. Starting from this, we developed an approach to perform an assessment of GPs based on their contribution to the EM, so that it is possible to identify the best ones. Finally, the CRAFTER framework can be used to select optimal combinations of GPs that are able to enhance different mixes of EM capabilities to better fit with the peculiarities and needs of different operational and organizational contexts.

GPs classification
The classification of the selected GPs aims at specifying the GP's main characteristics. In particular, the several dimensions included in the framework highlight the relevant characteristics of each GP, considering the Fig. 2 The three levels of the CRAFTER framework type of support they are able to provide, the stakeholders involved in its implementation and the original context of application. First, GP Type dimension specifies the GPs according to their nature (Trucco and Petrenj, 2015b): • Tools & Technologies can be described as a piece of equipment or a software whose features are adequate to achieve a specific aim (Cambridge Dictionary 2020). These GPs achieve their specific goals through a set of means, technologies, methods and techniques and can be described as a set of functionalities. • Processes can be described as procedures or sets of actions and tasks performed by a single organization or a group of them to achieve a specific aim (Cambridge Dictionary 2020). These GPs achieve their specific goals through actions, tasks, organizational arrangements and procedures and can be described as a coherent set of activities.
Secondly, the other dimensions used for the classification are the following. The EM Phase dimension identifies the phases of the EM cycle supported by a specific GP (Trucco and Petrenj 2015b). Following the classification and the definitions provided by FEMA (2020), EM encompasses four phases: Preparedness, Mitigation, Response and Recovery. Partnership Type concerns the type of organizations involved in the collaboration (i.e. public organizations, private ones or both). To further detail the Partnership Type, the Key Partners dimension is used to specify the stakeholders involved (i.e. public institutions, CI operators, universities, local communities, public and private companies, CI and resilience experts). The Inter-Organizational Scope dimension has been introduced to understand if the GP can be autonomously implemented by a single organization or requires collaboration with other actors (i.e. intra-or inter-organizational GPs). Data Type indicates if the GP is able to provide real-time support during an emergency, by showing real-time situational information. The Extension is concerned with the largest geographical area of documented applications of the GP (i.e. city, region, country or more countries)-according to the flexibility of the GP it may be possible to start using it for a limited area just as a pilot test and then to extend it to a larger area of application. Finally, Transferability indicates if a GP can be applied only within a specific context or it can be flexibly and broadly applied in different cases (i.e. specific or broad).
The specification of GP's main characteristics allows an exhaustive profiling of the 53 GPs-it characterizes the nature of the GPs and the context of their use, thus highlighting their specificities or similarities as well as limitations in scope and the level of transferability.

GPs assessment
The GPs classification is complemented with the GPs assessment aimed at mapping the contribution of a GP to effectively manage an emergency where interdependent CI systems are involved. To this end, we introduced a set of EM capabilities to evaluate the completeness of a GP with respect to the different abilities required for an effective EM.

EM capabilities
The capabilities considered for this study (Table 2) were identified starting from the classification introduced by FEMA (2020) and presented in the researched developed by Piraina and Trucco (2022). The covered areas include the following: The objective of the specification of EM capabilities is to map the contribution of the 53 GPs in managing emergencies involving CI systems. The information collected through projects, literature and websites were still not sufficient to perform an accurate assessment of a GP's contribution to EM capabilities, since it is a task that requires a high level of expertise. To overcome this issue, the study proceeded by applying the Multi-Attribute Decision-Making approach with the aim of assessing the contribution of each GP to EM capabilities, as explained in the next paragraph.

MADM approach
Decision-making problems are usually too complex to be based on the evaluation of a single attribute that will lead to the final decision. Multi-Attribute Decision-Making (MADM) approaches represent an alternative to consider simultaneously all the pertinent factors of a problem 1 3 (Kahraman et al. 2015) for performance monitoring, benchmarking comparisons, policy analyses and decision-making in many fields (Zhou and Ang 2009). MADM methods indeed are used to assess a set of alternatives with respect to predetermined attributes, whose importance is defined by weights (Kahraman et al. 2015).
In the present study, the MADM approach used for the GPs assessment is composed by two phases (Fig. 3): 1. Link between activity/functionality i and capability x: it consists in evaluating to what extent an activity/functionality is relevant in building an EM capability and it is performed through the administration of a questionnaire to experts in the context of CIR. The outcome of this phase is represented by the weights that link activity/functionality i to capability x ( w x i ). 2. Link between activity/functionality i and GP j: it consists in characterizing a GP by evaluating the support that it provides to a specific activity/functionality and it is performed through a Delphi method among authors. The outcome of this phase is represented by the levels of coverage that link GP j to activity/functionality i ( LC ij ).
This approach, repeated for every EM capability, enables to get the contribution that a GP j provides in building a capability x. Indeed, activities/functionalities (A/F) serve as an intermediary between GPs on one side and EM capabilities on the other. Their goal is to bridge GPs (which are numerous and will further grow in number) with capabilities, solving not only the problem of the impracticality of directly assessing GPs against capabilities (which would require an enormous effort by experts), but also ensuring the scalability and sustainability of the framework application. Once A/F are mapped against capabilities by experts, the structure of the framework enable simple expansion of the analysis by adding new GPs which are then easily connected to A/F. After having provided an overview of the approach, the next paragraphs will explain in detail the two phases.
Firstly, the research proceeded with the administration of a questionnaire to CIR experts. The evaluation, comparison or benchmarking of GPs through experts' elicitation procedures (e.g. questionnaires, task forces, panels) is widespread in many sectors. This approach has been used in a variety of healthcare researches with the aim of developing Table 2 Definitions of EM capabilities included in the framework (Piraina and Trucco 2022) Capability Description Access control and identity verification It concerns "the adoption of physical, technological and cyber measures to verify the access to critical locations, systems and information" Community Resilience building "Starting from the identification, communication and planning for risks, it is the ability of organizations to empower communities to withstand and recover from short-and long-term incidents" Cybersecurity It is related to the adoption of measures to protect (or restore) "electronic communications systems, information, and services from damage, unauthorized use, and exploitation" (FEMA 2019, 2020) Environment protection services "It includes all the services aimed at protecting and restoring the surrounding environment (e.g. natural and cultural resource protection) from hazards" Human protection services "It includes all the services (e.g. mass care, emergency medical services, mass search and rescue operations) aimed at providing support to affected populations" Information sharing It is the "exchange of timely and accurate information and data among governments or other organizations to better respond to disruptive events" Interdiction and disruption It is the ability to "delay, divert, intercept, halt, apprehend, or secure threats and/or hazards" (FEMA 2019, 2020) Logistics and transportation services It is related to "the provision of logistics and transportation services in the affected areas to deliver necessary items and services, and evacuate people and animals" Operational coordination It concerns "the presence of a coordinated operational structure and process for integrating emergency responder operations" Planning It is the ability to "conduct a systematic process engaging the whole community as appropriate in the development of executable strategic, operational, and/or tactical-level approaches to meet defined objectives" (FEMA 2019, 2020) Public information and warning It is related to "the delivery of information regarding threats or hazards to the entire community, the implemented actions, and the available assistance" Risk assessment It includes "the identification, assessment, and prioritization of risks in order to implement adequate measures" Supply chain integrity and security It "refers to the strengthening of the security and resilience of the supply chain by acting on the key nodes and on the physical flows between them" Threat and Hazards identification It is "the identification of threats and hazards in a given area with the aim of understanding the needs on the ground" best practice guidelines. Experts, that in this case include nurses, psychologists, physicians, oncologists, researchers and methodologists, are asked to express their opinion through a questionnaire or within a working group to determine the current best practices concerning a specific health issue (Brown et al. 2005;Howell et al. 2014;Kapur et al. 2017;Mitchell et al. 2017;Singal et al. 2020). Even in the aerospace domain, individual experts' judgements were used to identify the good practices for the implementation of Integrated Computational Materials Engineering (Cowles et al. 2015). Finally, it is possible to find an example in CI sector: experts' opinions were collected to acquire lessons learned related to international experiences in the establishment of PPCs, with the aim of identifying the best practices able to foster and promote these partnerships (Zhang 2005). These examples show how the involvement of experts in the assessment of GPs can provide a valuable contribution to researches. In our study, the CIR Questionnaire was administered to 150 international experts with different profiles and backgrounds (e.g. first responders, operators, consultants, researchers or other practitioners active in the CIR domain).
The questionnaire was structured in the following way: • Section 1-Background information: aimed at understanding the educational background, the current function and the main areas of involvement of the respondents. In this section, questions are in an open form and their answers are mandatory. • Section 2-Capabilities vs. functionalities/activities: aimed at understanding the importance of each functionality and/or activity in supporting a specific capa-bility. In this section, the questions are mandatory and are structured using the Likert scale form, ranging from one (low importance of the activity/functionality in guaranteeing the capability) to five (high importance of the activity/functionality in guaranteeing the capability). For each capability, the questions are structured as shown in Fig. 4. • Section 3-Additional Questions: aimed at further analysing the classification framework, by increasing its consistency. In this section, questions are in an open form and answering is optional. In particular, the aim is to verify if other important capabilities could expand the list of the already-mentioned one, to investigate if additional GPs for CIR could be integrated into the study, and to collect additional suggestions or comments in order to get interesting insights for further analyses.
The answers included in the analysis are the ones received before April 28, 2021. During the considered time frame, the questionnaire received 23 responses, that were analysed to identify potential anomalies in the data. It emerged that two of the responses were incomplete (experts abandoned the questionnaire before finishing it), while one was judged inconsistent (the expert assigned the score 3 to all the questions of section 2 of the questionnaire). Ultimately, we obtained 20 complete and consistent responses, coming from 13 different countries. This is fairly enough a sufficient sample to incorporate the variance in judgement collected from professional experts in a relatively small community.
After having excluded the inconsistent data, the individual judgements provided in section 2 of the questionnaire were aggregated by calculating their geometric Fig. 3 The two phases of MADM approach for a generic capability x mean, since in our study all experts are considered of equal importance (Forman and Peniwati 1998). The geometric mean is the average value representing the central tendency of a set of numbers, calculated as the root of the product of their values (Cuemath 2021). The aggregation of experts' judgements led to the assessment of the importance of an activity or functionality in supporting a specific capability ( w x i in Fig. 3). Concerning the second phase, the specification of GP's Activities and Functionalities enables to assess the level of coverage granted by the 53 GPs to the different A/F. In order to perform this association, it is necessary to consider the GP type introduced in the GPs classification section. Indeed, the GPs classified as Processes are mapped against activities, while the GPs classified as Tools & Technologies against functionalities. A score from zero (A/F not supported) to five (A/F fully supported) was assigned by the authors through a Delphi method to each GP for all the identified A/F ( LC ij in Fig. 3). As already mentioned, an A/F can be supported in different ways (i.e. different means or tasks) and it is the reason why a GP can provide a higher coverage of an A/F with respect to other GPs. The initial information collected from websites and literature enables to compare the GPs and quantify their level of coverage related to a specific A/F. For example, regarding the communication A/F, it is possible to make the following considerations: • The highest levels of coverage (4 and 5) are attributed to the Tools that provide platforms for a real-time information sharing or to the Processes that promote information sharing among actors through the organization of meetings or conferences.

• The intermediate level of coverage (3) is attributed to
Tools that provide less advanced platforms for information sharing or to Processes where meetings and conferences are not well-structured, usually because communication is not the main scope of those GPs.
• The lowest levels of coverage (1 and 2) are attributed to the GPs that promote communication as an important pillar for the effectiveness of CI management, but do not encourage it with any specific platform or meeting. • The absence of coverage (0)  where Contribution x j = Contribution provided by GP j to capability x x = 1, 2, … , 14 ; j = 1, 2, … , 53 , w x i = Weight attributed to A/F i in guaranteeing capability x i = 1, 2, … , 13 , LC ij = Level of coverage attributed by authors to A/F i for GP j.
The maximum value in Eq. 1 was taken to discriminate the GP, i.e. to characterize it by specifying its contribution to CI management within a PPC and its role in EM capability building. In this way, it is possible to capture the contribution of the A/F that best describes the GP and that consequently have a greater impact on the EM capabilities.
The obtained results allowed to assess the degree of comprehensiveness of each GP (i.e. range of capabilities fully covered); next, as a consequence, to identify the GPs that cover the widest spectrum of EM capabilities. To this end, we performed an ABC analysis on the overall scores, where • Class A values are the ones higher than the average calculated on all the scores obtained; • Class B values are the ones higher than the average calculated on the scores that are not included in class A; • Class C values are the remaining ones. Therefore, class A represents those capabilities that are better covered by a GP.

GPs selection
The third level of the CRAFTER framework gives the possibility of identifying combinations of GPs that can exploit their synergies to fully cover all the EM capabilities, thus creating Smallest Effective Bundles (SEBs). This logic is adopted since practices are not used individually, in most cases, but are aggregated with others to produce better performances (Bello-Pintado 2015). The final result is a group of aligned practices which provides a higher contribution to the achievement of a specific goal in a particular application context (Bello-Pintado 2015). In the CIR domain, GPs are bundled to fully cover the entire spectrum of EM capabilities, selecting the smallest number of practices and ensuring interoperability among them. In light of this, the composition of the SEBs was determined by setting an objective function for minimizing the number of selected GPs and by adding the following constraints: • Each bundle has to include at least one practice classified as Process and one classified as Tool & Technology in order to fully exploit synergies among GPs. • Each bundle has to provide a class A coverage for all the EM capabilities 1 in order to ensure an optimal EM. This means that each capability has to be covered with a class A value by at least one of the GPs belonging to the bundle.
The optimization problem was run using the MS Excel™ Solver.

Classification of the most relevant CIR GPs
The 53 GPs included in the analysis were mapped against the GP's main characteristics.
In order to allow better interpretability of the classification, the notation reported in Table 3 is adopted. Table 4 shows the classification based on GP's main characteristics: for each dimension, one or more cells are coloured in grey to represent how the GP can be characterized. For example, the GP "Big Business-Small Business" is a process, it covers the preparedness, mitigation and recovery phases of EM, it involves private partners (i.e. private companies), it is an inter-organizational practice, it does not provide real-time data, it is applied in a State and it is specific.

Assessment of GPs' contribution to EM capabilities
The GPs' assessment was performed through the implementation of the two phases of the MADM approach. Firstly, the outcome of the questionnaire administered to link the A/F and the EM capabilities is represented in Table 5. Each cell contains the weight w x i that links activity/ functionality i to capability x, which was obtained computing the geometric mean of the scores attributed by experts.
Secondly, the outcome of the Delphi method among authors to link the GPs to the A/F is represented in Tables 6  and 7, showing, respectively, the classification of Tools & Technologies based on the functionalities they support, and the classification of Processes based on the activities. Each cell contains the level of coverage LC ij which links GP j to A/F i, ranging from 0 (A/F not covered) to 5 (A/F fully covered).
Combing the results of Table 5 with the scores presented in Tables 6 and 7, the 53 GPs were mapped against the EM  Table 8 shows an example of application of Eq. 1 for V-BEOC practice: each cell represents the intersection between a functionality on the row and a capability on the column, reporting the result of the product w x i * LC ij . The last row is introduced to select the maximum value for each EM capability, so that it is possible to discriminate the contribution that a specific functionality of the GP provides in building its EM capabilities.
The implementation of this procedure for all the 53 GPs selected enables to obtain the values reported in Table 9. The scores in each cell were calculated applying the formula of Eq. 1 and they represent the contribution provided by GP j to capability x. The colour gradation shows the results of the ABC analysis performed on the scores, with class A values in green, class B in yellow and class C in red.
The most interesting findings resulting from the GPs assessment are summarized in the following. As mentioned in paragraph 5.2, the BPs were identified considering the degree of comprehensiveness that is calculated as the number of capabilities fully covered by a GP (class A values in Table 9).
The GPs that provide an optimal contribution to all the EM capabilities are just five: Opportunity Assessment (Tool) Workshop (The Rockefeller Foundation 2015), Problem Framing (The Rockefeller Foundation 2015), TTF (Alberto  The two workshops Opportunity Assessment (Tool) Workshop (The Rockefeller Foundation 2015) and Problem Framing (The Rockefeller Foundation 2015) gather stakeholders to discuss existing problems affecting a city and learn about new ways to solve them. The main objective is to support institutions in the development or improvement of resilience plans. More specifically, they teach participants to identify barriers that hinder opportunities and to prioritize resilience actions with the aim of achieving those opportunities. Workshops start by analysing the current situation in order to identify issues or threats that could potentially undermine the functionality of CI systems, and try to find solutions to safeguard the security of people and the environment. Moreover, they support community resilience building by involving citizens in the discussions, thus having the opportunity to develop better-integrated solutions in line with the expectations and needs of the whole community.
Even in the case of TTFs (Alberto Ceriani 2011), the objective is to involve a variety of operators that work jointly on a specific theme in order to achieve aligned plans and procedures and, at the same time, to share knowledge among organizations. A better management of the CIs interdependencies in a synergic and collaborative approach between operators allows to enhance resilience, improving the socio-economical context. There are several possible evolutions of the programs related to TTFs in relation to the broad range of threats and hazards. However, the methodological approach usually applied has a common structure, which includes the development of vulnerability and resilience studies, the identification of best practices and innovative solutions for risk mitigation and design, and finally validation and implementation of collaborative emergency plans.
Finally, DOMINO (Centre Risque & Performance 2020) and GRRASP (EC 2020) are both tools based on a cartography approach used to locate system infrastructures and simulate domino effects; by analysing situational information of CIs, they assign a risk level to the areas that could be impacted by the emergency event and provide information about the propagation of the disservice. If used throughout an emergency event, these GPs can support coordination and      resource deployment during response and recovery phases by performing real-time simulations.
Observing Table 9, it is possible to notice that other GPs cover 13 capabilities (out of 14) and thus can still provide a great contribution to EM. These GPs are ESSMA (Resolute Project 2015), V-BEOC (National Business Emergency Operations Center 2020), Multi-State Fleet Response Initiative (All Hazards Consortium 2020), COLAB (The Rockefeller Foundation 2015) and GINOM (EIS Council 2020).
ESSMA (Resolute Project 2015) and V-BEOC (National Business Emergency Operations Center 2020) are technological solutions aimed mainly at enabling information sharing among a variety of institutions and operators. On the one side, ESSMA is an application which allows to detect interdictions and disruptions, facilitating the coordination of 1 3 response operations by integrating map visualization tools with instruments able to support resource deployment during emergencies. In particular, it provides a georeferenced visualization of strategic places, resources and potential threats or hazards. This supports a prompt identification of emergencies, giving the possibility to intervene immediately in the affected area. Since it is an application available also for the public, it is able to warn citizens and to support them in dealing with emergencies, thus contributing to the enhancement of community resilience. On top of this, it provides instructions and guidelines to the operators that have to intervene in the area, showing the routings to reach the location and suggesting evacuation procedures to be followed. On the other side, V-BEOC is a web-based platform through which public and private institutions can communicate and share real-time information about national CIs before, during and after an emergency, in order to collect inputs to support decision-making. The constant situational updates contribute to a prompt detection of interdictions and disruptions and support operators in coordinating response and recovery actions, thus providing protection and logistic services to people and the environment. Both ESSMA and V-BEOC are not able to support effectively the Risk Assessment capability; indeed, the two platforms are not endowed with any functionality for the analysis of the critical nodes of the system. Multi-State Fleet Response Initiative (All Hazards Consortium 2020), instead, is a Working Group where partners share sensitive information to improve cross-border resources and fleet movements with the support of the SISE platform (Sensitive Information Sharing Environment). Meetings and conferences organized by partners allow developing a common and integrated strategic planning to manage CI emergencies. Moreover, thanks to SISE platform that offers constant operating status updates, this GP ensures an effective deployment of resources and provides a complete situational awareness to operators and citizens. Multi-State Fleet Response Initiative is not able to support effectively the Interdiction and Disruption capability, since it does not have any instrument to monitor the area and detect the outbreak of an emergency situation.
Next, COLAB (The Rockefeller Foundation 2015) provides instructions aimed mainly at guiding the development and implementation of strategic plans, including methodologies for the identification of threats and hazards and for the assessment of the risk level of an area, with the final purpose of improving local resilience. More specifically, it fosters a collaboration among stakeholders, guiding them through the identification of current challenges and the development of common solutions to face them. It emerged that COLAB is not able to support effectively the Information Sharing capability, due to the fact that this GP does not provide any specific tool or instruction to promote communication.
Finally, GINOM (EIS Council 2020) is a modelling and simulation platform to support decision makers in many sectors. It can be used to simulate disruptions to resource availability, the consequent effects on CI operations and the subsequent feedback of limited resource production. Moreover, it is configured to support real-time exercises, bringing together a wide range of partners (e.g. researchers, infrastructure owners and operators). The main contribution provided by these exercises is to support actors in dealing with mitigation, response and recovery activities by guaranteeing better visibility on available resources and by ensuring the alignment of partners to common procedures. GINOM is not able to support effectively the Risk Assessment capability; indeed, the analysis on the system nodes is performed with the aim of showing the impact of a disruption and not to assign a risk level to the investigated component.

Selection of smallest effective bundles
By solving the optimization problem mentioned in paragraph 5.3, it was possible to identify 17 SEBs composed of two GPs. Due to the imposed constraints, each bundle consists of a Tool & Technology and a Process that, combined together, are able to cover all the EM capabilities with a score higher than 18.11 (class A values in Table 9). The selection process stopped at the 17th bundle because the following ones were composed by the aggregation of more than two GPs, and thus were not the smallest.
The information initially collected about the GPs supported us in identifying the most suitable application context of each bundle, specifying the following dimensions (Table 10): • CI sector: a bundle that can be used to manage a single CI sector enables to perform low-level analyses of smallscale scenarios; on the other hand, a bundle that considers cross-sector interdependencies is useful to identify complex cascading impacts resulting from a single CI failure (Stergiopoulos et al. 2016). • Geographical scope: since the failure of a CI has impacts on a wide geographical area, it could happen that the inoperability spreads not only at the national level but also among neighbouring countries (Borghetti et al. 2020). Therefore, this dimension defines if a bundle is able to support the management of local/national CIs or cross-border ones. • EM cycle scope: EM enables stakeholders to cope with CI disruptions, reducing the impacts of disasters and adapting to unforeseen crisis situations (Kozine and Andersen 2015). In this regard, a bundle can contribute to Risk Assessment & Planning, to Preparedness & Response, or to the entire EM cycle.
• Hazard/threat scope: emergency preparedness can focus on specific types of hazards or it can consider all types of risks (Adini et al. 2012). Thus, this dimension determines if a bundle adopts a hazard-specific or an all-hazard approach.
Classifying each bundle against the above-mentioned dimensions, it was possible to define how the resulting PPCs can contribute to enhancing the resilience of CI systems. This classification was done considering the current application of the GPs belonging to a bundle, thus without considering their possible extension. The obtained results are summarized in Table 11.
The classification matrix of the different bundles is shown in Fig. 5: the dimensions represented on the two axes are the EM cycle scope and the CI sector, while the geographical scope and the hazard scope are expressed, respectively, with a square/triangular shape and a black/white colouring. The numbers included within the shapes represent the number of the corresponding SEB. For example, considering SEB 1, Fig. 5 shows that it has a multi-sector focus, it covers the Preparedness & Response phases, and it is applied to crossborder CIs and to all-hazards.
Considering the bundles focussed on a single sector and covering Preparedness & Response, SEB 6 (ESSMA and Tactical Urban Resilience) and 17 (CRAMSS and Project Scan Workshop) are both aimed at protecting local transportation CIs from all types of hazards and evaluating local resilience-building programs. SEB 8 (SimEnv and 100 RC Systems Studio), instead, enables to identify systems interdependencies and to simulate different resource allocation options in case of damage to a transportation vehicle. Finally, SEB 7 (MATRICS and Multi-State Fleet Response Initiative) supports partners from neighbouring countries in sharing situational information to facilitate cross-border resource movements in case of emergency.
Moving to the upper right quadrant of the matrix, SEB 4 (Traffic Scotland Information Service and TTF) focuses on a single sector and covers the entire EM cycle: it enables to manage local transportation CIs by showing real-time traffic conditions that support response activities and by developing plans to protect CIs from all types of hazards.
SEB 11 (GRAASP and Public Safety Canada) focuses on a variety of CI sectors and covers Risk Assessment & Planning. In particular, it enables to assess risk and resilience levels of different national CIs and to develop a plan to manage specifically insider threats.
Concerning the bundles focussed on multi-sector analyses and covering Preparedness & Response, SEB 1 (GIS Mapping for CI Assets and Opportunity Assessment Workshop) allows visualizing cross-border CIs showing different types of threats and gathering stakeholders with the aim of prioritizing resilience-building actions. SEB 2 (V-BEOC and Resilience Garage) fosters collaboration among stakeholders in order to cope with specific threats affecting local CIs and coordinate response actions in case of emergency. Then, SEB 9 (EM Dashboard and Focus on Flows) enables to visualize local CIs, showing emergency events or threats and supports stakeholders in sharing situational information protecting the system from different types of hazards. Another bundle is SEB 10 (NWWARN and Partnership Alignment for Enhanced Security) that allows managing national CIs by promoting information sharing among stakeholders and by ensuring their alignment to the procedures in case of emergency. SEB 14 (City Resilience Dynamics and Resilience Value Realization) and 16 (GINOM and Resilience Accelerator) are both based on simulations that enable to explore the impacts of different resource allocation strategies following an emergency and to promote discussions among stakeholders to enhance the resilience of local CIs.
Finally, considering the bundles focussed on multi-sector analyses and covering the entire EM cycle, SEB 3 (Copernicus Emergency Management Service and COLAB) enables the visualization of local CIs showing different types of threats that affect the CI and to develop plans aimed at addressing existing problems of a city. SEB 5 (PRISM and Blue Cascades Exercise Series) enables partners to analyse cascading impacts by performing exercises and supporting them in the identification of risks and in the definition of strategic plans to manage cross-border CIs. SEB 12 (DOMINO Tool and CATEX), instead, aims at achieving a rapid restoration of cross-border CIs by performing a series of exercises to promote coordination among partners; in addition, it allows to identify system interdependencies and assign a risk level to the different CI assets. Then, SEB 13 (SaTool and European Resilience Management Guideline) enables partners to share information about national CIs and to support them in the development of a resilience plan considering all the threats that could affect the system. In conclusion, SEB 15 (Smart Resilience Indicators and MICC) aims at training and exercising local institutions to be prepared to manage an emergency and at offering a Hazard/threat scope Hazard specific All-hazard methodology for assessing the risks of a CI system taking into consideration a specific threat. As shown in Fig. 5, none of the bundles is focussed on a single sector covering just Risk assessment & Planning. However, SEB 4 (Traffic Scotland Information Service and TTF) could be used to fill this gap since it focuses on a single sector and takes into account the entire EM cycle, thus including risk assessment and planning activities.

Conclusions
The increasing number and intensity of interdependencies within CI systems, frequently leading to significant domino effects and cascading failures even after minor CI disruptions, justify the establishment of collaborative approaches and partnerships at regional, national or international level. Despite the high number of Good Practices (GPs) in the context of CIR, they are often insufficient to cover the wide spectrum of capabilities required for an effective EM in such complex operational environments.
This study contributes to the advancement of the CIR stateof-the-art by developing a comprehensive classification and assessment framework for a robust multidimensional comparison and selection of GPs. Besides the 53 GPs included in the paper, the CRAFTER framework can be adopted for the assessment and selection of future additional GPs.
The practical contribution of the paper is the support to collaborative capability building for CIR-the analysis leads to a better understanding of how a specific GP may support the deployment of different EM capabilities and their possible limitations in terms of practical implementation and transferability. Practitioners can use the CRAFTER framework to efficiently compare GPs and select the most suitable ones according to the context of application and the specific requirements. The classification dimensions of the GPs adopted in the framework can support practitioners in the understanding of GPs key features, so as to avoid overlaps or conflicting factors and exploit possible synergies. In this regard, the mapping against EM capabilities allows an informed selection of BPs given the range of capabilities covered. Moreover, the study led to the identification of Smallest Effective Bundles (SEBs), i.e. groups of GPs that ensure optimal coverage of EM capabilities. The classification of SEBs according to the CI sector, the EM scope, the geographical scope and the hazard/threat scope can support practitioners in selecting the most suitable SEB based on the specific application context. Even if the developed methodological approach is applied to the CIR context, there is also the possibility to adopt it in other areas in disaster risk reduction, resilience or emergency management for instance. One of the limitations of the study is the robustness of the results obtained from the online questionnaire since the number of received responses was limited due to time constraints. This weakness can be improved by involving a higher number of CI experts to ensure greater consistency of the results. Another issue that emerged during the design of the CIR questionnaire is that the two taxonomies-Activities & Functionalities and EM capabilities-are not fully orthogonal, thus this may induce some ambiguities if used only by labels. Moreover, another limitation is related to the list of GPs selected through past projects and/or programs, since others could be introduced in the analysis.
As a future development, the study can be extended by involving experts in the assessment of the SEBs. It would also be relevant to better investigate the adoption of the SEBs in different application contexts and provide more specific information about their transferability and implementation in practice. It is a program providing access to researches, knowledge and best practices, whose aim is to ensure the continuity of flows, and thus a functional region It is a portal that gathers information of cities' resilience-building process, with the aim of both sharing knowledge among members and supporting citizens in preparing for an emergency Traffic Scotland Information Service Transport Scotland (2020)  It is a program in which local businesses train and exercise with public institutions and the community to guarantee an effective implementation of procedures and plans