Our mission is to safeguard people, protect property, minimize business interruption, and protect reputations.

Our vision is to thoroughly understand each client’s business and become a long-term trusted adviser.

https://preparednessllc.com
info@preparednessllc.com

781.784.0672

Showing posts with label Business Continuity. Show all posts
Showing posts with label Business Continuity. Show all posts

Thursday, January 5, 2023

NFPA 1600 +1610 +1616 = NFPA 1660

NFPA 1660, Standard for Emergency, Continuity, and Crisis Management: Preparedness, Response, and Recovery, 2024 edition has been approved by the National Fire Protection Association as an American National Standard. 

NFPA 1660 Standard Cover
NFPA 1600, “Standard on Continuity, Emergency, and Crisis Management,” 2019 edition, NFPA 1616, “Standard on Mass Evacuation, Sheltering, and Re-entry Programs,” 2020 edition, and NFPA 1620, “Standard for Pre-Incident Planning” 2020 edition, have been consolidated into a new standard, NFPA 1660. The technical committees responsible for these standards worked together to complete the consolidation, and the three committees continue to exist at this time.

The National Fire Protection Association’s consolidation plan for its Emergency Response and Responder Safety standards with “similar content areas” is intended to “increase usability, reduce errors and conflicts, and ultimately produce higher quality standards.” 

NFPA 1600 2019 edition’s chapters 4 through 10 are almost without change within the new 1660 and have retained their numbering. Chapter 1, “Administration” has been expanded to encompass the broader scope, purpose, and application of the three predecessor standards. An expanded list of publications can be found in Chapter 2, and a much longer list of definitions can be found in Chapter 3. A new section 4.1 “Administration” encompasses the scope, purpose, and application from 1600-2019 requiring subsections to be renumbered 4.2 through 4.9. Otherwise, there are no significant changes to the text from chapters 4-10 of NFPA 1600-2019.

A digital version of the new NFPA 1660 is viewable on the NFPA website, and the printed and PDF versions will be available from NFPA on January 27.

____________

Donald L. Schmidt, CEO of Preparedness, LLC has been a member of the NFPA 1600 technical committee since 1994 and served as chair for the 2010, 2013, and 2016 editions. He has also been a member of the NFPA 1620 technical committee since 1995.

Download Preparedness, LLC’s program self-assessment checklist that is based on NFPA 1600 (and chapters 4-10 of NFPA 1660). It includes more than 200 questions to help you evaluate your preparedness program.

Sunday, February 5, 2017

New Preparedness, LLC Website Launched

We are pleased to announce the launch of the new Preparedness, LLC website. The mobile-friendly site still includes hundreds of links to preparedness resources (all verified or updated) as well as new and revised Preparedness Bulletins to help with the development, implementation, and evaluation of your emergency management, business continuity, and crisis management programs.

Since the organization of the website has changed, may we suggest you update your bookmarks and links to the page.

Please send us your suggestions for new links and subjects for future Preparedness Bulletins.

Monday, October 15, 2012

2013 Edition of NFPA 1600 Close to Publication

The 2013 edition of NFPA 1600, "Standard on Disaster/Emergency Management and Business Continuity Programs" is complete. NFPA did not receive any "Notices of Intent To Make A Motion" (NITMAM), which would have required action at NFPA's annual meeting. Therefore, NFPA 1600-2013 will be approved by NFPA's Standards Council on or about November 27, 2012. The 2013 edition should become available in December or January.

If you would like to preview the 2013 edition, you can review the "Report on Comments" draft that was developed at the technical committee meeting March 20-22, 2012. You can monitor the progress of the technical committee by visiting the NFPA website.

Numerous resources pertaining to NFPA 1600 “Standard on Disaster/Emergency Management and Business Continuity Programs” can be found on the “NFPA 1600” page of the Preparedness, LLC website.

Donald L. Schmidt, ARM, CBCP, CBCLA, CEM® is the chair of NFPA’s Technical Committee on Emergency Management and Business Continuity, which is responsible for NFPA 1600. Mr. Schmidt has been involved in the development of every edition of NFPA 1600. He is the editor of “Implementing NFPA 1600 National Preparedness Standard," and he is also the lead instructor for NFPA’s professional development course on NFPA 1600.

Monday, September 17, 2012

NFPA 1600 Report on Comments Published

The National Fire Protection Association (NFPA) has posted the “Report on Comments” for the 2013 edition of NFPA 1600. This report includes much of the text of the proposed document.
The official NFPA 1600 committee web page provides information on the current edition, the status of the next edition, information on the technical committee, and guidance on how to post questions. You can also view the NFPA 1600 page on the Preparedness, LLC website to obtain information.
If you would like to view and listen to a presentation by NFPA 1600, committee chair Don Schmidt, visit the Emergency Management Forum website.
NFPA 1600 is revised every three years. The technical committee encourages you to submit your thoughts regarding the next edition.

Thursday, June 30, 2011

NFPA 1600-2010 edition for iPhone

The iPhone app for the 2010 edition of NFPA 1600 “Standard on Disaster/Emergency Management and Business Continuity Programs” is now available in the iTunes App Store

Please note there is a $4.99 fee for this app.

If you want details on NFPA 1600 from the committee chair, go to the NFPA 1600 resource page on the Preparedness, LLC website.

Friday, June 24, 2011

NFPA awarded contract to update FEMA’s Ready Business web content

June 23, 2011 – The National Fire Protection Association (NFPA) has been awarded a contract by FEMA (Federal Emergency Management Agency) to update the web-based content of Ready Business, part of the Ready.gov website. This effort will bring the content of Ready Business into alignment with the current (2010) edition of NFPA 1600, Standard on Disaster/ Emergency Management and Business Continuity Programs.

The Ready Business website is designed to assist small and mid-size businesses in preparing for emergencies such as natural occurrences, technology failures, and accidental or intentional human-caused incidents. It addresses the concepts of business continuity and crisis management. The current Ready Business content was designed around the requirements of an earlier edition of NFPA 1600.

NFPA president James Shannon said: “We are pleased that FEMA has again chosen to use NFPA 1600 as the basis for the content in Ready Business. It is a unique preparedness standard as it addresses both business continuity and protection of employees – businesses’ and communities’ most valuable resource.”

NFPA 1600 has been recognized in the 9/11 Commission Report as well as the Homeland Security Act and its subsequent amendments, as a national standard for preparedness programs to protect enterprises and people. The FEMA Private Sector Preparedness Program, PS Prep, recognizes NFPA 1600 as a standard to which preparedness plans should be structured and measured. NFPA 1600 is available as a free PDF download or as a mobile app.

Friday, April 29, 2011

Update on NFPA 1600 2013 Edition

Here is an update on the 2013 edition of NFPA 1600 that I wrote for the "Meet the Experts" column in the April 27th issue of Continuity e-Guide, Disaster Resource Guide.

Work on the 2013 edition of NFPA 1600 "Standard on Disaster/Emergency Management and Business Continuity Programs" is well underway. The technical committee met in Orlando in late March to continue the research and development of what will become the sixth edition of the standard. The technical committee is also asking for public input for new content or revisions to existing text.

Technical Committee

The technical committee that writes NFPA 1600 was formed in 1991 by the National Fire Protection Association, a 115 year old non-profit organization dedicated to reducing the worldwide burden of fire and other hazards on the quality of life. It includes up to 36 principal, voting members plus alternates representing a broad spectrum of private sector companies, and federal, state, and local government. In addition to the principal and alternate committee members, the committee has formed numerous task groups comprised of non-member, subject matter experts to research and develop content for the standard. The standard is written in accordance with NFPA's ANSI accredited standards development process ensuring there is wide participation and consensus.

The committee is sensitive to the balance between writing prescriptive requirements and writing a standard that is widely applicable and not overly burdensome. Achieving this balance has resulted in just over six pages of concise requirements in chapters 1 through 8 and numerous annexes, which provide explanatory and supporting information. This approach continues with the 2013 edition.

Changes for the 2013 Edition

The technical committee has organized 14 task groups to research new content and revisions for the 2013 edition. Task groups are developing new and revised language on family preparedness, information technology, measurement, partnerships, and requirements for small “entities.” In addition, other task groups are working to expand the annexes, which provide nonmandatory guidance for users.

Recognizing that the availability of members of emergency management and business continuity teams is dependent on the preparedness of these employees, their families, and their homes, a task group on family preparedness was organized. The task group has drafted text to address the need for family preparedness (which will probably appear in the body of the standard) and additional explanatory text that will be included in the non-mandatory annexes.

Information technology is essential to every organization, so a task group of IT professionals was organized to review existing text on risk assessment, business impact analysis, recovery strategies, and the annexes to ensure that text adequately and appropriately addresses current and emerging technologies. The task group has submitted recommendations for additional text to be added to the body of the standard and additional supporting guidance in the annexes.

The 2010 edition of NFPA 1600 was reordered to follow a program development and continuous improvement process. A crosswalk between the program elements of NFPA 1600 and the ordering of a management system standard was introduced with the 2010 edition. The committee is taking this effort to the next level by rewriting Annex C to become a standalone management system standard that can be adopted by the entity in place of chapters 1 – 8.

Standards alone do not achieve preparedness. NFPA 1600 calls for the creation of a program committee of persons to develop the program and keep it current. For the 2013 edition, a task group has been researching how to define competencies for persons involved in the program. Another task group is addressing the subject of “measurement,” which is central to the need of determining whether the emergency management and business continuity program meets the needs of the entity. At this point in time it remains to be seen whether the committee will vote to accept substantial changes to the requirements of the standard in these two areas. It’s likely that supporting and explanatory text will be added to one or more annexes to assist the user of the standard.

The need for a “scalable” standard for smaller organizations was identified following the passage of Title IX of Public Law 110-53 and its language regarding small business preparedness. In response, another task group is writing a draft standard for small entities.

Continuing the evolution of the standard, the committee is looking for requirements that are unclear or incomplete, and this is always an area where users can provide input. Terminology is a challenge within the practice of emergency management and business continuity. A definitions task group continues to look at the use of terms within the standard and the need to include additional definitions—even though the committee has generally resisted defining words that are adequately defined in the dictionary. Another area of focus is the definition of planning requirements for all phases of the program. Are requirements for plans and procedures clear? If you don’t think so, let the committee know.

Public Proposals and Comments Requested

Since its first edition, the technical committee has received hundreds of proposals and comments from professionals that use the standard. The committee is soliciting your input on the 2013 edition. The 2010 edition is available for free download. You can submit your proposals and comments by downloading, completing, and return a Document Proposal Form (Microsoft Word format). Instructions for submitting the form via mail, fax, or email are included at the bottom of the form. The deadline for submissions is May 23, 2011.

The first draft of the 2013 edition will be published for public review by December 23. Once published, public comments on the draft will be accepted until March 2, 2012. Following the second round of public comments the committee will meet to finalize and vote on the draft prior to issuance by NFPA as early as November 2012.

Monday, March 28, 2011

Submit Proposals for 2013 Edition of NFPA 1600

The National Fire Protection Association is in the process of developing the 2013 edition of NFPA 1600 “Standard on Disaster/Emergency Management and Business Continuity Programs.” Originally published in 1995, development of the 2013 edition (its 6th edition) is well underway.

We encourage our readers to review the 2010 edition of NFPA 1600 and submit suggested revisions to NFPA. You can submit your suggested additions or revisions online via NFPA’s Online Submission System (see links below), or you can download and complete a Document Proposal Form (Microsoft Word format). Instructions for submitting the form via mail, fax, or email are included at the bottom of the form.

The deadline for submissions is May 23, 2011.

The NFPA 1600 technical committee will meet over the summer to review all submissions and issue a first draft of the 2013 edition. Committee action on your suggestions will be published for public review. Following publication of the first draft, there will be a second opportunity to submit commits before the 2013 edition is published around the end of 2012.

Links

Questions

If you have questions, please contact Mr. Orlando Hernandez, NFPA’s staff liaison to the NFPA 1600 technical committee. He can be reached at (617) 984-7482 or ohernandez@nfpa.org.

Tuesday, January 19, 2010

NFPA 1600-2010 Edition Released

The 2010 edition of NFPA 1600 “Standard on Disaster/Emergency Management and Business Continuity Programs” has been published by the National Fire Protection Association. Download the 2010 and 2007 editions from the NFPA website.

The 2010 edition has undergone significant revisions as a result of the record number of public proposals and comments and committee activity. Changes include:

  • The standard has been reordered following a program development process. Chapter 4: Program Management, Chapter 5: Planning, Chapter 6: Implementation, Chapter 7: Testing & Exercises, and Chapter 8: Program Improvement.
  • Many new definitions have been added
  • Program management has been expanded to address Leadership and Commitment, Performance Objectives, and Records Management.
  • Planning now includes a separate section on Business Impact Analysis.
  • Chapter 6, Implementation, has been expanded to include a new section on Employee Assistance and Support. Existing sections of this chapter have been expanded.
  • New Chapter 7, Testing & Exercises, expands significantly on the requirements for exercises.
  • New Chapter 8, Program Improvement, expands on the requirements for program reviews and corrective action.
  • The annexes now include a self-assessment checklist and a crosswalk to management system guidelines.

Additional information on the latest edition of NFPA 1600 can be found in our eNewsletter. Also, check out the "NFPA 1600" page on the Preparedness, LLC website. Resources to help with the development of your emergency management and business continuity program can be found on the “Resources” page.

Wednesday, October 28, 2009

DHS announces intent to adopt NFPA 1600 standard for the Voluntary Private Sector Preparedness Accreditation and Certification Program

"October 28, 2009 – NFPA 1600, Standard on Disaster/Emergency Management and Business Continuity Programs has been designated for adoption under the Department of Homeland Security’s (DHS) Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep).

DHS/Federal Emergency Management Agency (FEMA) has published a request for comments in the Federal Register seeking public input on NFPA 1600 and two other standards that it intends to use as the criteria for certification of private sector preparedness programs as mandated by Congress in legislation that implemented the 9/11 Commission’s recommendations. The agency considered 25 standards and selected three based on scalability, balance of interest, and relevance to the PS-Prep program. NFPA encourages all interested parties to provide input to DHS/FEMA concerning the selection of standards for the PS Prep Program and to support the use of NFPA 1600 for this national program.

NFPA has made NFPA 1600 available for free viewing and PDF downloads. Since making it publicly available in 2005, there have been over 120,000 PDF downloads. It is also available as a free iPhone application.

Please submit your comments to FEMA by November 16, 2009. An electronic comment form and instructions are available at http://www.regulations.gov/ in Docket ID: FEMA-2008-0017-0100. Additional information on the PS-Prep program is available from FEMA.

Following the terrorist attacks of September 11, 2001, NFPA 1600 was endorsed in the 9/11 Commission’s report. The 9/11 Commission’s recommendation on private sector preparedness and NFPA 1600 was reiterated in Public Law 108-458 in 2004 and most recently in Title IX of Public Law 110-53. Title IX calls for the voluntary certification of private sector preparedness programs. In addition to the endorsement of the 9/11 Commission, NFPA 1600 has been adopted by the U.S. Department of Homeland Security under the category of Incident Management System Standards along with 26 other NFPA standards.

Development of NFPA 1600 began in 1991, and the first edition was promulgated in 1995. New editions have been published in 2000, 2004, and 2007. The 2010 edition has just been completed. Throughout its history, NFPA 1600 has been developed by subject matter experts from both the private and public sectors. Private sector input has come from a broad range of industries including those that control our nation’s critical infrastructure.

NFPA 1600 addresses emergency management, business continuity, crisis communications, and recovery in a holistic framework that includes organization, management, risk assessment, prevention, mitigation, resource management, response, continuity, and recovery. NFPA 1600 is aligned with the Disaster Recovery Institute’s 10 Professional Practices for Business Continuity. The standard recognizes and provides the flexibility entities need when developing individual preparedness programs and does not preclude the use of corporate or industry best practices.

The Canadian Standard Association’s Z1600 standard correlates with NFPA 1600 and was developed under license from NFPA to be used as the national preparedness standard in Canada. Besides becoming the most widely used preparedness standard in North America, NFPA 1600 has gained significant attention in Latin American and Asia. Most recently NFPA 1600 has been adopted as the national preparedness standard in Argentina. It is translated and used by national standards bodies in Chile, China, Colombia, Ecuador, Korea, Thailand, Tobago, and Trinidad. It is also being used by European insurance companies.

NFPA has been a worldwide leader in providing fire, electrical, building, and life safety to the public since 1896. The mission of the international nonprofit organization is to reduce the worldwide burden of fire and other hazards on the quality of life by providing and advocating consensus codes and standards, research, training, and education."

Links to Title IX of Public Law 110-53, NFPA 1600, the designated standards, and resources for development of your emergency management and business continuity program can be found on the Preparedness, LLC website.

Friday, October 16, 2009

Proposed Standards for Voluntary Private Sector Preparedness Certification Program Announced

WASHINGTON—Department of Homeland Security (DHS) Secretary Janet Napolitano today announced new proposed standards for a 9/11 Commission-recommended program for the private sector to improve preparedness for disasters and emergencies.

“Preparedness is a shared responsibility and everyone—including businesses, universities and non-profit organizations—has a role to play,” said Secretary Napolitano. “Ensuring our private sector partners have the information and training they need to respond to disasters will strengthen our efforts to build a culture of preparedness nationwide.”

DHS published a notice in the Federal Register today seeking public comment on three new standards identified for adoption under the Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep). PS-Prep is a partnership between DHS and the private sector that enables private entities—including businesses, non-profit organizations and universities—to receive emergency preparedness certification from a DHS accreditation system created in coordination with the private sector.

The notice proposes new PS-Prep standards to enhance operational resilience, business continuity management, and disaster and emergency management among participating private sector partners.

The notice proposes new PS-Prep standards to enhance operational resilience, business continuity management, and disaster and emergency management among participating private sector partners.

The notice proposes new PS-Prep standards to enhance operational resilience, business continuity management, and disaster and emergency management among participating private sector partners.

The proposed standards, developed by the National Fire Protection Association, the British Standards Institution and the ASIS International, were selected based on their scalability, balance of interest and relevance to PS-Prep from a group of 25 standards proposed for consideration following the publication of a Federal Register notice in December 2008 announcing the program.

In addition to the standards in the notice posted today, DHS is establishing classifications and methods of certifications that recognize the unique needs and characteristics of small businesses.

Individuals wishing to submit comments on the proposed standards, recommend additional standards for consideration or comment on other programmatic aspects of PS-Prep may obtain a comment form and instructions for submission online at www.regulations.gov, in Docket ID: FEMA-2008-0017. DHS requests comments by Nov. 15, though it will accept submissions at any time thereafter.

For more information, visit http://www.fema.gov/privatesectorpreparedness/.

As chair of NFPA’s Technical Committee on Emergency Management and Business Continuity, which is responsible for NFPA 1600, I have been involved in the PS-PREP program since the legislation was been written by Senator’s Lieberman’s staff. I have posted links to all of the related documents and organizations to the "Standards" and "Public Law 110-53" section of “Resources” page of the Preparedness, LLC website. In addition, I have posted a self-evaluation checklist on NFPA 1600 to the website.

After the 30 day comment period is over, DHS will finalize the list of standards. ANAB now has to finalize the accreditation rule and begin the process of certifying third parties to evaluate private sector programs. Only then can the certifying bodies begin evaluating any programs.

Thursday, October 1, 2009

BrightTALK's Business Continuity & Disaster Recovery Summit

Checkout BrightTALK’s Business Continuity & Disaster Recovery Summit on October 6. This summit will feature leading experts exploring strategies and tactics to build a strong business continuity and recovery plan within an enterprise, the right technology choices for business recovery and best practices and tips to develop a strategy and architecture to meet 24/7 availability and recovery requirements.

I will be presenting at 3:00 PM Eastern Time on the subject of “Enterprise Preparedness Using Our National Preparedness Standard.” I will be discussing the essential elements of an enterprise preparedness program and provide information on NFPA 1600’s current edition and the upcoming 2010 edition.

Click here for a link to the full program or to my webinar session.

Saturday, July 25, 2009

NFPA and DRI International Partner to Offer Preparedness Program Auditor Training

Boston, MA / New York, NY; July 22, 2009 – The National Fire Protection Association (NFPA) and the Disaster Recovery Institute International (DRI) have joined forces to create an education and certification program that will qualify participants to audit disaster/emergency management and business continuity programs against existing standards and regulations. Certifications available are: Certified Business Continuity Auditor (CBCA) or Certified Business Continuity Lead Auditor (CBCLA).

NFPA, the authority on fire and life safety, and DRI, the leading certification and education body in business continuity planning, today announced a new interactive certification program that provides training, tools and hands-on experience. Through the program, participants will be able to apply the key components of disaster/emergency management and business continuity, the relevant standards, laws and regulations, the process of risk assessment, vulnerability analysis, loss prevention, risk mitigation, and develop, implement, test and maintain their plans and procedures.

“Professionals dealing with the growing need for disaster management and business continuity planning have been clamoring for a turnkey solution to help them measure the level of their organization’s preparedness against appropriate standards and regulations, and this certification program answer that call, “ said NFPA’s Bob Vondrasek, vice president for technical projects “This unique interactive program uses tools that allow novice and experienced corporate planners, internal and external auditors, and those interested in self-assessing their programs, or their clients’ programs, to perform an audit to better measure their state of preparedness.”

Course materials delve into existing legal and regulatory requirements by industry and country, as well as emerging requirements including: NFPA 1600, DRI International’s professional practices, financial services, insurance, healthcare, utilities, public sector guidelines and many others are explored. In addition, careful attention is given to the processes by which disaster/emergency management and business continuity programs are initiated with an eye toward corporate governance, policy, and procedures.

“Education is the key to success for professionals working in environments where they are expected to be well versed in the ever growing set of regulatory requirements, and laws and standards,” said DRI International Executive Director Al Berman. “This certification gives participants the opportunity to demonstrate their knowledge, experience to help entities assess their preparedness programs, which is something that is increasingly needed.”

At the end of the course, a qualifying examination is conducted and individuals who have passed will be eligible to apply for certification as a Certified Business Continuity Auditor (CBCA) or Certified Business Continuity Lead Auditor (CBCLA). The certification level (CBCA or CBCLA) will be granted based upon the amount of demonstrated audit experience of the applicant. Those seeking the CBCLA designation will be required to provide references to verify that they have at least five years of active audit experience. The certification will be granted by DRI International, the largest business continuity certification organization in the world. DRI International has certified over 12,000 applicants in over 90countries in its 20 year history.

National Fire Protection Association

DRI International

Thursday, July 23, 2009

Thunderstorms, Lightning & Tornadoes - eNewsletter

Summer is thunderstorm season, and thunderstorms bring lightning, heavy rainfall, hail, and tornadoes. Resulting fatalities, property damage, and losses from business interruption are significant. Natural hazards can’t be prevented, but emergency management can protect life, mitigation can reduce property damage, and business continuity planning can speed recovery and reduce operational impacts.

What is the potential impact on your business from a lightning strike or surge? What would you do if a tornado warning were issued?

Review this eNewsletter to learn more about the hazards of thunderstorms, lightning, and tornadoes. Identify mitigation opportunities and considerations for your emergency management and business continuity program.

http://www.preparednessllc.com/enewsletter/enewsletter_home.html

Thursday, May 28, 2009

Hurricane Preparedness

Hurricane season begins on June 1 and forecasters predict an “average” or “near normal” season. Fewer hurricanes, however, do not necessarily mean a lesser threat of disaster. Records for the most intense U.S. hurricane (1935 Florida Keys hurricane) and the second costliest, Andrew in 1992, occurred in years which had much below-average hurricane activity.

A recent survey of business leaders also indicates businesses may not be as prepared as they should be. Interviews of 100 U.S. and Canadian financial executives from large U.S. and Canadian corporations for the FM Global commissioned 2008 Natural Disaster Business Risk Study found that 48 percent are not well-prepared for a hurricane.

2009 Hurricane Season Forecast

National Oceanic and Atmospheric Administration (NOAA) forecasters predict a near-normal Atlantic hurricane season is most likely this year. Forecasters say there is a 70 percent chance of having nine to 14 named storms, of which four to seven could become hurricanes, including one to three major hurricanes (Category 3, 4 or 5).

In their April 7 forecast Professor William Gray and Philip Klotzbach at Colorado State University foresee average activity for the 2009 Atlantic hurricane season. “We anticipate an average probability of United States major hurricane landfall.”

The Colorado State University scientists are forecasting:

  • 12 named storms
  • 6 hurricanes
  • 2 intense hurricanes (category 3, 4, or 5)
  • 54% probability of at least one major (category 3-4-5) hurricane making landfall in the United States

Professor Mark Saunders and Dr. Adam Lea from the Aon Benfield Hazard Research Centre at the University College London predict an active hurricane season with a “high likelihood that activity will be in the top one-third of years historically.”

Hurricane Hazards

Hurricane hazards include damaging wind, hurricane-spawned tornadoes, flooding from heavy rainfall, and coastal flooding from storm surge. Cascading impacts result from damage to critical infrastructure including electrical power, telecommunications, and transportation. Hurricane Katrina proved that these cascading impacts include widespread supply chain disruption.

Wind

High winds from a tropical storm or hurricane can damage buildings in many ways, and roofs are particularly vulnerable. Perimeter flashing can be loosened or removed. Failure of perimeter flashing allows wind to lift a portion of the roof covering and insulation. The covering may peel back, and roof deck panels may be dislodged.

Heating, ventilation, and air conditioning systems (HVAC) and equipment, antennas and satellite dishes, stacks, vent pipes, sky lights, and other fixtures and equipment on top of the roof may be damaged by the wind or by windblown “missiles”—objects or debris carried by the wind.

High winds and windblown debris also break windows and window assemblies, open poorly secured doors, and blow wall cladding in or out. When high winds are able to penetrate a building envelope, they increase internal building pressures that can result in structural damage to walls and roofs. Openings in walls or the roof allow rain to enter causing water damage to building contents.

Flooding

High winds may not be the most significant hazard from tropical cyclones. Heavy rainfall associated with a slow moving or stalled tropical system can cause regional flooding. A large portion of the damage in four of the twenty costliest tropical cyclones (1851-2006) resulted from inland floods caused by torrential rain. Tropical Storm Allison (2001) produced rainfall amounts of over 30 inches in portions of Louisiana and southeast Texas. The Houston tunnel system, depicted in Figure 2, was inundated with water.

Storm Surge

Storm surge is water that is pushed toward the shore by the force of the winds swirling around the storm. The advancing surge of water combines with the normal tides to create a hurricane storm tide.

The storm surge can increase the mean water level to heights impacting roads, buildings, and other critical infrastructure. In addition, wind driven waves are superimposed on the storm tide. This rise in water level can cause severe flooding in coastal areas, particularly when the storm tide coincides with the normal high tides.

In 2008 Hurricane Ike made landfall in Texas as a Category 2 hurricane. Although only a Category 2 hurricane (on a scale of 1 to 5), hurricane force winds extended as much as 125 mi from the center, and this large storm created a peak storm surge of 15-20 ft. By contrast, Hurricane Charley, which had Category 4 storm force winds extending only 25 mi from the center, had only a 6–7 ft. storm surge.

Because much of the United States' densely populated Atlantic and Gulf Coast coastlines lie less than 10 feet above mean sea level, the danger from storm surge is tremendous.

Tornadoes

Tornadoes are often produced by and embedded in hurricanes causing pockets of heavy damage. They are most likely to occur in the right-front quadrant of the hurricane, however, they are often found embedded in rainbands well away from the center of the hurricane.

Tornadoes can develop at any time of the day or night during landfall. Tornado production can occur for days after landfall when the tropical cyclone remnants maintain an identifiable low pressure circulation.

Studies have shown that more than half of the landfalling hurricanes produce at least one tornado; Hurricane Buelah (1967) spawned 141 according to one study.

Hazard Mitigation

Hazard mitigation can substantially reduce the damage caused by hurricanes. Property insurer FM Global compared the loss history of its policyholders that implemented its loss prevention recommendations with those with outstanding recommendations to complete. FM found that those policyholders that fully implemented its preparedness recommendations had on average 75% to 85% lower dollar losses than those policyholders that did not implement such measures [FM Global data provided to InterCEP ].

Prior to hurricane season survey the entire property and inspect all buildings to identify vulnerabilities. Begin at the roof level and inspect the flashing along the perimeter. Repair loose or damaged flashing and ensure sufficient mechanical fasteners are used.

Inspect the roof covering for evidence of ponding, blistering, alligatoring, delamination, surface erosion, or cracks that could result in tears or leaks. Verify that all access panels and doors to mechanical equipment and roof hatches have been properly secured. Confirm that all antennas, satellite dishes, and other appliances installed on the roof have been securely anchored.

Inspect all exterior walls for openings that could be penetrated by wind and evaluate methods to protect when a storm watch is issued. Consider installing glazing rated to withstand debris impact, hurricane shutters, or pre-cut plywood for protection of exterior glass that is especially vulnerable. Check all exterior doors—especially loose fitting, large overhead doors. Make exterior doors weather tight and equip them with secure latches.

Inspect exterior storage, tanks, equipment, signs, and vehicle storage and verify they are properly anchored to withstand expected wind forces. Identify what can be moved inside a building or removed from the site, if a storm watch is issued.

Focus on critical building areas, equipment, and utilities including data centers and process systems. Evaluate means to protect against damage from water entry in the event of structural damage or flooding.

Hurricane Preparedness & Response Team

Organize a hurricane preparedness and response team and appoint a person in charge. Assign responsibilities to each department head and ask each department to prepare a plan for preparing their department.

Department heads should become part of the team that directs hurricane preparedness activities when a hurricane watch is issued. They should meet periodically to manage preparedness efforts until the watch is rescinded or upgraded to a warning. This team also manages recovery after the storm.

Appoint staff for safety, crisis communications, liaison with external service providers and other company facilities. Assign responsibility for planning, logistics, and finance/administration in accordance with the Incident Command System.

Resources

There are many resources needed for hurricane preparedness. First, identify the complement of staff, including contract employees, needed to prepare your facility in the available time between a hurricane watch and hurricane warning.

Procure materials and equipment to prepare the facility including storm shutters, plywood, sandbags, and the power tools, equipment, and supplies to install them. A supply of tarpaulins and plastic sheeting can be used to cover valuable furnishings or equipment and provide temporary protection after a storm. Service pumps and emergency generators to ensure they are in good condition, and calculate the required quantity of fuel for each.

Procure weather monitoring equipment and ensure reliable access to broadcast and internet weather reports including forecasts from the National Hurricane Center. On-site weather monitoring equipment enable you to monitor local wind conditions and rainfall.

Evaluate communications capabilities assuming that landline telecommunications will be interrupted. Test communications equipment including two-way radios and satellite telephones. Evaluate how communications equipment could be used if roof mounted antennas are damaged.

Stockpile supplies for cleanup and repairs. Don’t forget food and water for employees restoring the facility.

Arrange in advance for procurement of equipment, supplies, and contractors from firms located well outside the immediate area for cleanup, repair, and restoration of buildings, equipment and stock. Establish mutual aid agreements with other company facilities outside the storm’s potential impact area.

Hurricane Preparedness Plan

Write a hurricane preparedness plan that includes multiple phases:

  • Before hurricane season
  • Tropical Storm or Hurricane Watch
  • Tropical Storm or Hurricane Warning
  • During the Storm (only if personnel must and are authorized to remain on-site during a storm)
  • After the Storm

Watch and warning phases can be expanded to include additional actions when a major hurricane has been forecast and to address a facility’s vulnerabilities to hurricane hazards.

Before Hurricane Season

Preparedness prior to hurricane season begins with conducting or reviewing the facility’s hurricane risk assessment, which is the basis for the hurricane plan.

Contact public officials to obtain the latest information on wind fields, storm surge, and flooding, which should be incorporated into your plan. If available, obtain official credentials for managers that will enable them to re-enter your facility after a storm but before the area is opened to the general public.

Walk the entire site and facility top to bottom to evaluate vulnerabilities and hazard mitigation. Complete hazard mitigation activities as soon as possible.

Review property insurance coverage including flood coverage, which may require a special endorsement. Evaluate business interruption limits especially if multiple facilities may be impacted by a single storm.

Verify that all resources required for preparing the facility for a hurricane are available and in good condition. This includes all pumps, generators, communications equipment, personal protective equipment, hand and power tools, and supplies.

Conduct training of all staff, so they know their role and responsibilities as defined in the plan. Conduct a tabletop exercise to familiarize the leaders of your hurricane preparedness and response team with the plan and identify any gaps or deficiencies.

Storm or Hurricane Watch

When a hurricane watch is issued, hurricane conditions are possible within 36 hours. This section of the plan should detail all facility preparations.

Hurricane Warning

When a hurricane warning is issued, sustained winds greater than 74 mph or higher associated with a hurricane are expected in a specified coastal area in 24 hours or less. Preparations must be rushed to completion before any mandated evacuation order is issued.

After the Storm

A damage assessment protocol should be developed and assignments made to quickly assess the condition of infrastructure, buildings, utilities, furniture, equipment, and supplies. Prior to conducting the damage assessment, identify hazards such as downed electrical lines, leaking hazardous materials (e.g., liquids and gases), broken glass, and collapse hazards. Prohibit entry into unsafe areas.

Employee Family Preparedness

In addition to planning for your facility, be sure to provide preparedness information for employees to share with their families. Distribute information from Ready.gov and your local emergency management agency.

Ask all employees to develop a family disaster plan that includes a communications plan. Encourage them to prepare a family disaster kit. Make sure that you have emergency contact information for all employees, which includes the name and telephone numbers for a distant relative who can be contacted if the employee has evacuated.

Business Continuity Planning

Business continuity planning is in some ways easier with a forecasted event such as a hurricane. Data and paper records can be backed up offsite and systems can be shutdown without data loss. Relocation and or protection of raw materials, finished goods, equipment, supplies, and vital records can be accomplished before damaging winds or flood waters arrive.

However, a regional event such as a hurricane may impact a wide area that encompasses more than one company owned facility. Planning must address all facilities potentially impacted by the storm. Competition for resources including computer “hot sites” may be keen forcing some users to relocate great distances to available backup data centers or worksites.

Business continuity plans must be based on a business impact analysis that identifies the potential impacts from damage to or loss of all facilities within the path of a hurricane. Strategies must be developed to ensure the continuity of critical functions, processes, and services. Sufficient resources, outside of the area impacted by the storm, must be available even in the face of competition—even competition from government authorities. Following Hurricane Katrina in 2005, generators brought into storm damaged areas by private businesses were redirected by public officials and never reached their intended facility.

Plan for the Challenges

Hurricanes pose numerous challenges for emergency planning. Forecasting the intensity and landfall of an approaching storm is extremely difficult. Over the past 25 years “no statistically significant improvement or degradation is noted for landfall position forecasts. Time of landfall forecasts indicate significant improvement for the 19–30-hr period.” . Public officials have to be conservative and issue warnings sufficiently in advance of predicted landfall to allow residents in vulnerable areas to evacuate to safety inland. Mandatory evacuation orders may require completion of preparedness efforts earlier than expected.

Coordination with emergency management officials is essential to ensure you have the latest forecast, are aware of the timing for issuance of mandatory evacuation orders, and understand the time needed to safely evacuate on crowded roads.

The availability of resources to prepare a facility becomes limited when a hurricane watch is issued as businesses and citizens compete for materials and labor. Employees have to prepare their own homes and ensure the safety of family members.

A hurricane plan that accurately identifies the resources and time needed to prepare a facility has the greatest chance of success. Procuring necessary resources before hurricane season and arranging in advance for labor to assist with hurricane preparations is essential. Providing resources to protect the homes of managers will allow them to focus their attention on preparing your facility.

Build a project management plan that defines major tasks and the resources and time needed for completion. Use the timeline to calculate when preparations must begin, so they are completed before a mandatory evacuation order is issued.

Planning Resources

Numerous links to online planning resources can be found at the Preparedness, LLC website.

Thursday, April 30, 2009

Pandemic Preparedness

The World Health Organization has raised the current phase of pandemic alert to 5. “Phase 5 is characterized by human-to-human spread of the virus into at least two countries in one WHO region. While most countries will not be affected at this stage, the declaration of Phase 5 is a strong signal that a pandemic is imminent and that the time to finalize the organization, communication, and implementation of the planned mitigation measures is short.”

The number of infections and severity of illness of this influenza outbreak is hard to estimate at this time. Therefore, it is prudent to review and update pandemic preparedness plans written years ago. This eNewsletter provides guidance on steps that your organization can take to review, update, develop, and exercise a pandemic preparedness plan.

Program Management

Assemble members of your pandemic preparedness team, and review official reports of the swine flu outbreak, guidance from public health authorities with jurisdiction over your facilities, and the status of existing policies, plans, and procedures. Your pandemic team should be lead by senior management to provide direction and support. The heads of operations, legal, communications, human resources, medical, facilities, supply chain, security, environmental health and safety, emergency management, and business continuity or their representatives should participate.

If pandemic preparedness roles and responsibilities have not been defined within your plan, define them now.

Prevention & Mitigation Measures

Now is the time to promote proper personal hygiene by posting and distributing “cover your cough” and hand washing educational literature available from public health authorities. Consider providing hand sanitizers, setting up hand sanitation stations for visitors and or distributing literatures to arriving guests.

Evaluate methods for “social distancing” that may be needed to separate workers and make them more comfortable in the work environment.

Company Policies & Procedures

Review company policies and procedures including travel, sick leave, family leave, and telecommuting.

Prepare to revise travel policies if governmental authorities issue travel advisories. Recognize that employees may resist assignments requiring travel to areas perceived to be at greater risk.

Review sick and family leave policies. Employees that are rewarded for not using sick leave may come to work even though they are ill. Review family leave policies regarding time off to care for sick family members. Consider employees needing dependent (child and elder) care when schools or other facilities are closed.

Test the ability to support large numbers of telecommuters and verify that employees have secure connectivity to work remotely.

Pandemic Preparedness Plan

The pandemic preparedness plan should align with the U.S. and WHO pandemic alert phases. Preparedness activities should be commensurate with the current alert level. Review your planning assumptions and discuss the implications of scenarios that are more severe than the assumptions used for development of your plan.

Pandemic preparedness plans should address the following planning tasks.

  • Succession of management; transfer of authority and responsibility
  • Coordination with government officials
  • Business continuity: Identification of essential business functions and minimum resources to support them; maintenance of supply and distribution chain
  • Infection control in the workplace
  • Surveillance of employee health; forecasting employee absences
  • Sustaining essential employees; employee family care requirements
  • Risk communications

Review the succession of management, supervisory and operations staff and your organization’s governance requirements. If managers, supervisors, or key employees are sick or unavailable to work, who can assume their job duties? Review cross training and documentation needed for substitutes to assume the responsibilities of absent employees.

“the declaration of Phase 5 is a strong signal that a pandemic is imminent and that the time to finalize the organization, communication, and implementation of the planned mitigation measures is short.” WHO

Assign staff to monitor official instructions from public health and governmental authorities to ensure you have the latest and most accurate information. Subscribe to government mailing lists to receive their latest broadcasts.

Review your business continuity plan to identify critical business functions and the internal and external resources—including people—needed to support them. Evaluate critical suppliers and vendors and their ability to provide continuous service during a pandemic. Carefully scrutinize single or sole sources suppliers and identify backups, if necessary.

Monitor the health and well being of employees and their families. This will enable you to forecast absences and plan for the absences of sick employees or those who must care for sick family members or who must remain at home because of the lack of child or senior care. Review guidance documents on how to support the psychological needs of employees.

Communications during any emergency is critical, so implementation of a risk communications plan is essential. Consider all of the audiences that you need to reach including employees and their families, customers, suppliers, tenants within your buildings, and others. Provide timely, factual information and identify where recipients can obtain additional information.

Training and Exercises

Pandemic preparedness like all aspects of your emergency management and business continuity plan requires training and exercising. Conduct a plan walk-through exercise to familiarize personnel with the plan and their role and responsibilities. Conduct a tabletop exercise to identify any gaps in plans or the ability of team members to carry out the plan. Scribe action items, prioritize, and follow-through to assure that tasks are completed.

Pandemic Planning Resources

  • World Health Organization (WHO) Swine influenza page, WHO phase of pandemic alert
  • PandemicFlu.gov, U.S. Department of Health & Human Services
  • Business Pandemic Influenza Planning Checklist, PandemicFlu.gov
  • HHS Pandemic Influenza Plan Supplement 11 Workforce Support: Psychosocial Considerations and Information Needs
  • Pandemic Influenza Preparedness, Response, and Recovery Guide for Critical Infrastructure and Key Resources, U. S. Department of Homeland Security
  • Guidance on Preparing Workplaces for an Influenza Pandemic, OSHA 3327
  • Influenza Pandemic: Continuity Planning Guide for Canadian Business, Canadian Manufacturers & Exporters
All of these resources can be accessed here.

Thursday, March 5, 2009

Business Case for Preparedness

National standards, such as NFPA 1600, provide the criteria for developing, implementing, and evaluating an emergency management and business continuity program—a preparedness program. One of the most important elements—the foundation of the program—is management support. Without management commitment, direction, and support, the program is apt to collapse over time because the foundation cannot support the structure.

Management will ask “what is the business case for preparedness?” as they assess how much must to invest in the program. The answer to the question is a blend of good governance, effective risk management, and building resiliency into the organization to ensure the organization can grow and compete over time.

There are many reasons for investing in preparedness:

  • Regulatory compliance
  • Legal liability
  • Insurance program requirements
  • Rating agency criteria
  • Customer requirements
  • Competitive advantage
  • Business “resilience”

There are many regulations that require preparedness. Occupational Safety and Health Administration (OSHA) standards require emergency action plans and fire prevention plans. Standards for medical treatment, firefighting, rescue, and hazardous materials response may apply depending upon facility location, hazards on-site, and other factors.

Besides OSHA standards, there are many other regulatory requirements that dictate elements of the preparedness program. These include:

  • Building codes
  • Fire prevention codes
  • Life safety codes
  • Americans with Disabilities Act and Executive Order #13347
  • Environmental regulations
  • Information security and privacy regulations
  • Industry-specific business continuity requirements
  • Homeland security requirements

Beyond regulations, there are many industry “best” practices that should influence or may be the basis for parts of your program.

When an incident results in casualties, third party losses, or customer impact, litigation often follows. The legal perspective continues to be written, but it takes into account foreseeability of hazards, the magnitude of potential impacts, and the standard of care exercised by those who could have prevented or mitigated the incident. The evolving “standard of care” is continually redefined by civil litigation and the national standards that the courts have used to render judgments.

If you’re looking for incentives to make the case for preparedness, insurance cost savings may be one. Well protected businesses with large insurable values are often able to qualify for the competitive rates and favorable policy terms of “highly protected risk” insurance underwriters. Smaller facilities that are rated on a grading schedule may also benefit from enhanced protection.

Standard & Poors announced in 2008 that their rating surveys would look at the ability of a company to recover following an emergency. It remains to see whether this will be meaningful as the 9/11 Commission had intended when it endorsed a national standard for preparedness.

The quest for maximum efficiency has eliminated redundancy and excess capacity. Single suppliers are commonplace as businesses attempt to minimize costs and streamline the supply chain. Unfortunately, these efforts have increased the potential for business interruption. Large and medium sized businesses recognize the vulnerability of their supply chains and the need for their suppliers to implement business continuity plans. Preparedness is now a customer requirement and subject to audit.

Business leaders are motivated by their vision for growth and development of their organization’s potential. They must also be concerned about the expectations of stakeholders. Business “resilience” is an increasingly common term used to describe the ability of an organization to continue to meet its customers’ needs even in the face of interruptions or disruptions. The Council on Competitiveness reported[1] “Leading organizations do not manage specific scenarios, rather they create the agility and flexibility to cope with turbulent situations. The investments and contingency plans these leading companies make to manage a spectrum of risk create a capability to respond to high-impact disasters as well.”

Making the Business Case for Preparedness

There are many factors that should be considered when selling management on the need for preparedness. Connect the need for preparedness with your organization’s mission and vision and management’s goals and objectives.

If a company has experienced a significant event in the recent past, that experience often influences management thinking. If a major incident occurred in the past and the current management team is unaware of it, then a carefully crafted review of the impacts of the incident may help them to understand why preparedness is so important.

If your organization has not experienced a major incident, but one has occurred within a peer in your industry, a review of that incident may resonate with your management. Research “lessons learned” to find case studies.

How much should be invested?

How much to invest in the preparedness program is difficult to define. At the very least, minimum regulatory and customer requirements must be met. If you want to be “best in class,” your program must be dynamic and integrated into day to day operations and management decision making.

A careful assessment of the broad spectrum of risks, vulnerabilities, and impacts; prevention and mitigation strategies; and the scope and implementation of your emergency response and business continuity program will provide you the information needed to decide.

[1] The Resilient Economy: Integrating Competitiveness and Security, Council on Competitiveness, 2007

Monday, February 23, 2009

Emergency Management Forum Hosts Discussion on NFPA 1600 2010 Edition

Updated, 27 February. The Emergency Management Forum hosted a one hour presentation and interactive discussion on February 25, 2009. The topic was the current status of the 2010 edition of the National Fire Protection Association's standard NFPA 1600. Highlights of the proposed changes were presented by Donald L. Schmidt, chair of the NFPA's Technical Committee on Emergency Management and Business Continuity. A recording of the forum (large Windows Media audio file), the presentation slides (Adobe PDF), links to related information, and a transcript can be accessed from the Emergency Management Forum's website.

Friday, February 13, 2009

FEMA CGC 1 "Continuity Guidance for Non-Federal Entities"

The Federal Emergency Agency has just published "Continity Guidance Circular 1" (CGC 1) with subtitle "Continuity Guidance for Non-Federal Entities ." "The Department of Homeland Security, Federal Emergency Management Agency, in coordination with non-federal partners, developed this guidance document to provide direction for the development of continuity plans and programs for non-federal entities. " "In this guidance document, the elements of a viable continuity capability are identified and discussed. The provisions of this guidance document are applicable for State, local, territorial and tribal governments and the private sector. " The document provides good information, and it's worth a look. Just prepare yourself for the government terminology and view of the world of business continuity.

Wednesday, December 3, 2008

WORLD AT RISK: The Report of the Commission on the Prevention of WMD Proliferation and Terrorism

After the terrorist attacks of September 11, 2001 I was asked to coauthor a book to provide guidance to the private sector on the subject of terrorism and how to protect employees, facilities, and operations. The book, "Business at Risk How to Assess, Mitigate, and Respond to Terrorist Threats," is still current today and it provides a wealth of information. That's why this report immediately captivated my interest.

Frankly, with the economic climate, businesses are looking to survive financially and are largely unable to focus on the threat of terrorism. I argue that managing the potential impacts of natural, man-made, and technological hazards—including terrorism—needs to be integral to the planning of every business. Sound emergency management, business continuity, and crisis management programs are an essential part of that planning.

If something significant happens, how prepared will businesses be?

WORLD AT RISK: The Report of the Commission on the Prevention of WMD Proliferation and Terrorism

"The Commission believes that unless the world community acts decisively and with great urgency, it is more likely than not that a weapon of mass destruction will be used in a terrorist attack somewhere in the world by the end of 2013.

The Commission further believes that terrorists are more likely to be able to obtain and use a biological weapon than a nuclear weapon. The Commission believes that the U.S. government needs to move more aggressively to limit the proliferation of biological weapons and reduce the prospect of a bioterror attack.

The Role of the Citizen

A well informed and mobilized citizenry has long been one of our nation’s greatest resources. The next administration therefore should, within six months, work with state and local governments to develop a checklist of actions that need to be taken to improve efforts at all levels of government to prevent WMD proliferation and terrorism. Citizens should hold their governments accountable for completing this checklist.

Insufficient effort has been made to engage the public in the prevention of WMD terrorism, even though public tips have provided clues necessary to disrupt terrorist plots against the homeland. We need to give our citizens guidance on what to expect from their government at all levels and on how to be engaged in the prevention of WMD terrorism.

RECOMMENDATION 13: The next administration must work to openly and honestly engage the American citizen, encouraging a participatory approach to meeting the challenges of the new century."