Our mission is to safeguard people, protect property, minimize business interruption, and protect reputations.

Our vision is to thoroughly understand each client’s business and become a long-term trusted adviser.

https://preparednessllc.com
info@preparednessllc.com

781.784.0672

Showing posts with label Auditing. Show all posts
Showing posts with label Auditing. Show all posts

Wednesday, February 12, 2025

NFPA 1600/NFPA 1660 and ISO 22301 Compared

 

NFPA 1600 / NFPA 1660 & ISO 22301
A Comparison

NFPA 1600 “Standard on Continuity, Emergency, and Crisis Management,” 2019 edition and ISO 22301 “Business continuity management systems — Requirements,” 2019 edition are the leading standards for programs or management systems for preparedness and resilience.

Brief History and Usage of NFPA 1600 and ISO 22301

NFPA 1600 is an American National Standards Institute (ANSI) accredited national standard. Its first edition was published in 1995, and 2019 is the 8th edition. It was endorsed as the USA’s “National Preparedness Standard” in PL 110 53 in 2007. NFPA 1600 was also the basis for the Emergency Management Accreditation Program’s EMAP Standard. NFPA 1660, “Standard for Emergency, Continuity, and Crisis Management: Preparedness, Response, and Recovery,” 2024 edition is a compilation of NFPA 1600 with NFPA 1616, “Standard on Mass Evacuation, Sheltering, and Re-entry Programs,” 2020 edition and NFPA 1620, “Standard for Pre-Incident Planning,” 2020 edition. Chapters 4-10 of 1600 and 1660 are essentially the same. NFPA 1600 has not been withdrawn, and all editions of NFPA 1600 are still available.

ISO 22301, 2019 edition is the second edition and cancels and replaces the first edition published in 2012. British Standard BS 25999 was the basis for the first edition.

Both standards are used extensively around the world. NFPA 1600 is predominant in the Western Hemisphere and was used as the basis of standards in Canada (Z1600) and several countries in South America. Parts of NFPA 1600 have also been incorporated into or used as the basis for emergency planning regulations in the USA. NFPA 1600 is used extensively in the Middle East and countries in East Asia. ISO 22301 is predominant in Europe and used extensively in the United States.

What are the main differences between the two standards?

ISO 22301 is one of many ISO “management systems standards.” The underlying requirements for the management system are more extensive than the program management requirements in NFPA 1600. ISO 22301 and all ISO management system standards align with the “Plan, Do, Check, Act” cycle. NFPA 1600 is written following a program management, planning, implementation, execution, training/education, exercises/tests, and maintenance/improvement process.


Tools to assist with the evaluation of programs and management systems
Preparedness, LLC has compiled two self-assessment checklists--one based on NFPA 1600/1660 and the other based on ISO 22301--that provide hundreds of questions aligned with the two leading international standards. Click to download in Adobe PDF format.

ISO 22301 Business Continuity Management System self-assessment checklist


NFPA 1600 Emergency Management & Business Continuity Program self-assessment checklist



Saturday, July 25, 2009

NFPA and DRI International Partner to Offer Preparedness Program Auditor Training

Boston, MA / New York, NY; July 22, 2009 – The National Fire Protection Association (NFPA) and the Disaster Recovery Institute International (DRI) have joined forces to create an education and certification program that will qualify participants to audit disaster/emergency management and business continuity programs against existing standards and regulations. Certifications available are: Certified Business Continuity Auditor (CBCA) or Certified Business Continuity Lead Auditor (CBCLA).

NFPA, the authority on fire and life safety, and DRI, the leading certification and education body in business continuity planning, today announced a new interactive certification program that provides training, tools and hands-on experience. Through the program, participants will be able to apply the key components of disaster/emergency management and business continuity, the relevant standards, laws and regulations, the process of risk assessment, vulnerability analysis, loss prevention, risk mitigation, and develop, implement, test and maintain their plans and procedures.

“Professionals dealing with the growing need for disaster management and business continuity planning have been clamoring for a turnkey solution to help them measure the level of their organization’s preparedness against appropriate standards and regulations, and this certification program answer that call, “ said NFPA’s Bob Vondrasek, vice president for technical projects “This unique interactive program uses tools that allow novice and experienced corporate planners, internal and external auditors, and those interested in self-assessing their programs, or their clients’ programs, to perform an audit to better measure their state of preparedness.”

Course materials delve into existing legal and regulatory requirements by industry and country, as well as emerging requirements including: NFPA 1600, DRI International’s professional practices, financial services, insurance, healthcare, utilities, public sector guidelines and many others are explored. In addition, careful attention is given to the processes by which disaster/emergency management and business continuity programs are initiated with an eye toward corporate governance, policy, and procedures.

“Education is the key to success for professionals working in environments where they are expected to be well versed in the ever growing set of regulatory requirements, and laws and standards,” said DRI International Executive Director Al Berman. “This certification gives participants the opportunity to demonstrate their knowledge, experience to help entities assess their preparedness programs, which is something that is increasingly needed.”

At the end of the course, a qualifying examination is conducted and individuals who have passed will be eligible to apply for certification as a Certified Business Continuity Auditor (CBCA) or Certified Business Continuity Lead Auditor (CBCLA). The certification level (CBCA or CBCLA) will be granted based upon the amount of demonstrated audit experience of the applicant. Those seeking the CBCLA designation will be required to provide references to verify that they have at least five years of active audit experience. The certification will be granted by DRI International, the largest business continuity certification organization in the world. DRI International has certified over 12,000 applicants in over 90countries in its 20 year history.

National Fire Protection Association

DRI International