Continuity Insights Webinar: "The Experts Debate Business Continuity Standards"

Want to know what's really going on when it comes to business continuity standards? Attend this free panel discussion for a behind-the-scenes, straight-from-the-experts look at business continuity standards development. The session will answer questions about ASIS proposed standard, NFPA 1600, DRI International's position on standards development, and ANAB's role in the standards process. This panel discussion will feature Dr. Marc Siegel, ASIS, Don Schmidt, Preparedness LLC, and Al Berman, DRI International.

Emergency Management Forum Hosts Discussion on NFPA 1600 2010 Edition

Updated, 27 February. The Emergency Management Forum hosted a one hour presentation and interactive discussion on February 25, 2009. The topic was the current status of the 2010 edition of the National Fire Protection Association's standard NFPA 1600. Highlights of the proposed changes were presented by Donald L. Schmidt, chair of the NFPA's Technical Committee on Emergency Management and Business Continuity. A recording of the forum (large Windows Media audio file), the presentation slides (Adobe PDF), links to related information, and a transcript can be accessed from the Emergency Management Forum's website.

NFPA 1600 2010 Edition Available for Public Comment

Development of the 2010 edition of NFPA 1600, "Standard on Disaster/Emergency Management and Business Continuity Programs" is well underway with an expected publication date of April 2010. NFPA's Technical Committee on Emergency Management and Business Continuity, which I chair, completed work on the initial draft of the 2010 edition at its August meeting. This draft, also known as the committee's "Report on Proposals," has been posted to the National Fire Protection Association's website.

Posting of this draft opens the period for submission of public comments. The comment period closes on March 6, 2009. Following the close of comments, the technical committee is scheduled to meet in St. Louis March 17 - 19 to review and act on all public comments. The document produced from that meeting will also be posted by NFPA late in August.

NFPA and the technical committee encourage all users to submit comments on the latest draft of NFPA 1600. In the past the technical committee has received hundreds of public proposals and comments, input which the committee has used to make the document better. I encourage everyone to review the latest draft and favor us with your comments.

You can submit comments on the ROP draft electronically using the NFPA's online submittal process, via email (proposals_comments@nfpa.org) outlining your comment on the NFPA's form, or via the U.S. Post Service also using NFPA's form.

In accordance with NFPA's regulations, the technical committee must act on every public comment. We can accept or reject. We can also accept in part, accept in principle, or accept in part in principle. It sounds complicated, but the process ensures that your voice will be heard.

I am developing a new page on the Preparedness, LLC website titled "NFPA 1600" to provide detailed information on NFPA 1600. Although a work in progress, I hope it will be helpful to those organizations evaluating or developing their preparedness program.

"DHS designates NFPA codes and standards development process as “Qualified Anti-Terrorism Technology”

October 21, 2008 – On September 17, 2008, the U.S. Department of Homeland Security (DHS) designated the National Fire Protection Association (NFPA) codes and standards development process as a “Qualified Anti-Terrorism Technology” (QATT) under the Support Anti-terrorism by Fostering Effective Technologies Act of 2002 (SAFETY Act). NFPA is the first standards development organization to receive this designation. Under provisions of the SAFETY Act, NFPA’s codes and standards development process was also certified as an “Approved Product for Homeland Security.”

According to DHS, the SAFETY Act encourages the development and deployment of new and innovative anti-terrorism products and services by providing liability protections. Designation as a QATT and certification as an approved product for homeland security under the SAFETY Act provides legal protections for the NFPA codes and standards development process as applied to anti-terrorism.

“NFPA is pleased to have its codes and standards development process recognized as an effective anti-terrorism technology which reflects the openness, balance and fairness NFPA strives to achieve in its voluntary codes and standards development process,” said NFPA President James M. Shannon.

Federal protections under the DHS Designation and Certification are retroactive and recognize NFPA’s technology’s “first date of sale” as September 11, 2001.

Shannon added, “The commitment and involvement of NFPA in anti-terrorism standards predates the events of 9/11. NFPA has long been committed to making its codes and standards development process available for the creation and continual improvement of standards used to protect first responders and the public in terrorist events. We believe we have a world-class system which attracts numerous experts from diverse fields to develop codes and standards that mitigate the effects of terrorism on people and property.”

All NFPA safety codes and standards are developed through a process accredited by the American National Standards Institute (ANSI). The more than 250 technical committees responsible for developing and updating all 300 codes and standards include approximately 4,000 volunteers, representing enforcing authorities, installers and maintainers, labor, research and testing laboratories, insurers, special experts, consumers and other users."

Voluntary Private Sector Preparedness Accreditation & Certification Program

Title IX of Public Law 110-53 (“Implementing Recommendations of the 9/11 Commission Act of 2007”) requires the U.S. Department of Homeland Security (DHS) to develop a voluntary private sector preparedness accreditation and certification program. DHS was charged with tasks to establish the program including:

• Designate one or more organizations to act as an accrediting body
• Designate one or more standards for assessing private sector preparedness
• Provide information and promote the business case for voluntary compliance with preparedness standards

Since the law was passed in August 2007, DHS has designated FEMA Administrator Paulison to administer the program and chair the Private Sector Preparedness Council. The council includes leadership from the Science & Technology Directorate, Office of Infrastructure Protection, and the Private Sector Office.

DHS has signed an agreement with the ANSI-ASQ National Accreditation Board (ANAB) to develop and oversee the certification process, manage the accreditation, and accredit qualified third parties to carry out the certification in accordance with the accepted procedures of the program.

ANAB has organized its “Committee of Experts” to advise ANAB on the qualifications of the “Certifying Bodies” that will accredit qualified third parties. Don Schmidt, CEO of Preparedness, LLC and Chair of the NFPA 1600 Technical Committee, is a member of the ANAB Committee of Experts along with representatives from other standards developers and private sector industry representatives.

DHS has not yet formally designated any standards for assessing private sector preparedness under this law, although DHS’ Science & Technology Directorate has adopted NFPA 1600. At the October ANSI Homeland Security Standards Panel plenary meeting in Washington, officials stated they are not picking a “winner” and that all reasonable standards will be included. DHS, however, has privately informed ANAB to begin work using NFPA 1600.

DHS has also published an initial draft of their “target criteria,” which will be used to select standards for assessing private sector preparedness. The “target criteria” for selecting standards includes:

• A scope and/or policy statement.
• Identification and conformity with applicable legal, statutory, regulatory and other requirements.
• Objectives and strategies.
• Hazard and threat identification, risk assessment, vulnerability analysis, and impact analysis.
• Incident management, strategy, tactics, operational plans and procedures.
• Communications and warning.
• Training.
• Resources management and/or logistics.
• Assessments, audits and/or evaluation of programs.
• Program revision and process improvement including corrective actions.

These “target criteria” align almost exactly to the elements within NFPA 1600. Accordingly, we will discuss each of these criteria within upcoming newsletters.

Although this program is voluntary, businesses are watching closely. Whether they choose to seek certification or not, business leaders are evaluating their preparedness program. In the end, that’s what it’s all about—protecting employees, property, business operations, the environment, and the business entity itself.

Canadian Standards Association unveils new emergency management and business continuity standard

Toronto, October 8, 2008, Canadian Standards Association - "More than 40 per cent of Canadians say the company where they work does not have an emergency plan in place according to a recent study[1]. Canadian Standards Association (CSA), a leading developer of standards and codes, today officially announced a new emergency management and business continuity programs standard, CSA Z1600, which is designed for private and public organizations of all sizes to use if disaster strikes. This new standard is based on the National Fire Protection Association (NFPA) 1600 Disaster/Emergency Management and Business Continuity Programs standard."

As chair of the NFPA 1600 technical committee, I am excited and pleased to see the release of CSA's Z1600 standard. I know that members of the CSA technical committee have worked very hard to produce this standard for Canada. Congratulations to all of them on their accomplishment.

Z1600 is an adaptation of NFPA 1600, which in its 4th edition, is the most widely used emergency management and business continuity standard in the United States. NFPA 1600 is also used in many countries around the globe. The CSA technical committee's work is impressive, and the NFPA 1600 technical committee has taken a liking to the ordering of Z1600. In fact, at the NFPA 1600 "Report on Proposals" meeting in August, the NFPA 1600 technical committee voted to reorder the elements within NFPA 1600 similar to the new ordering of Z1600. The CSA committee builds on the work of the NFPA technical committee, and the NFPA technical committee returns the favor. This is truly a relationship that is productive for both the United States and Canada and a model of how standards organizations can work together to produce quality standards for both private and public sectors.

I will be providing some updates on NFPA 1600 in the coming months as NFPA publishes the official "Report on Proposals" draft of the 2010 edition of NFPA 1600. The ROP draft will incorporate many changes to 2007 edition. I will also provide a link, so that readers can download the ROP draft and provide their comments for the technical committee's action. If you want more information on NFPA 1600 and the handbook written by technical committee members including yours truly, please check out this link.

1 Leger Marketing conducted an online survey among 1,088 working Canadians aged 18+ on their opinions of major disasters in their community. The margin of error for a sample of this size is +/- 3.0%, 19 times out of 20.

Protecting the Education Infrastructure

As reported in the Emergency Management and Response Information Sharing and Analysis Center (EMR-ISAC) INFOGRAM 37-08, September 25, 2008: "Much effort has been expended to protect the nation’s critical infrastructures, including those of the Emergency Services Sector (ESS). However, Department of Education officials concede that educational institutions are not specifically identified as among America’s critical infrastructure sectors or key resources, which potentially makes soft targets of schools, colleges, and universities. Experts say learning facilities are vulnerable to terrorism, because of the high consequence of an attack against children. The Emergency Management and Response—Information Sharing and Analysis Center (EMR-ISAC) gleaned from various case studies that the threat to schools may not be detected or prevented by physical security measures alone. Therefore, the EMR-ISAC suggests that ESS leaders can offer encouragement and assistance to educational centers as they conduct emergency planning and develop crisis action plans. For example, it is important that a school’s emergency plans are effectively integrated with the emergency response plans of the community in which the teaching establishment resides. Case studies further indicate that municipal authorities and their ESS leaders consider the following activities to improve the overall security of the local education infrastructure:

• Deliver “all-hazards” awareness training for school administrators, staff, and students.
• Train school administrators and staff regarding emergency actions.
• Review and validate all school emergency response, crisis management, and communications plans.
• Conduct drills and exercises to test and refine emergency response and crisis management plans.
• Provide primary and secondary interoperable communications systems for each school.
• Implement and test plans to maintain reliable contact with schools and school buses.
• Arrange for a “closed-campus” environment with a single point of access for all personnel.
• Increase police presence on school grounds by ensuring frequent visits as part of patrol routes.

There are national standards, including NFPA 1600, that address the essential elements of emergency management program. In addition, a new school preparedness standard is being developed in conjunction with the U.S. Department of Education. I am principal author of that new standard, and I will provide updated information on the standard when it can be released to the public.

If you are interesting in learning more about school emergency preparedness, check out the resource links at http://www.preparednessllc.com/resources/resources.html.

References & Resources: Links to Helpful Information

I recently updated the "Resources" within the Preparedness, LLC website. It includes more than five printable pages of references and resources for risk assessment, prevention and mitigation, emergency planning, business continuity, training, and more. There are links for laws and regulations, codes and standards, government agencies, nonprofit/professional organizations, and more. There are also many links to excellent, peer reviewed technical documents that open in HTML or PDF format from their hosted websites. It will always be a work in progress, but I will do my best to keep it updated. If you have suggestions for additons to the page, please let me know.

Work Begins on European Disaster Preparedness Standard

The list of disaster preparedness standards is growing longer:

"The Brussels Management Centre of CEN, the European Committee for Standardization, is the site of two meetings today that will lead to creation of a new standard for protecting the populace against natural disasters and terrorist acts. CEN, which develops voluntary standards, was asked by the European Community to address this issue, and it formed CEN BT/WG 161, "Protection and Security of the Citizen," to accomplish the task."

In the United States we have NFPA 1600, and in Canada Z1600 (the Canadian standard based on NFPA 1600). ISO published ISO PAS (Publicly Available Specification) 22399 "Societal Security" late last year, and now this new project originates in Europe.