Comment Period Open for Title IX Voluntary Private Sector Preparedness Accreditation and Certification Program

The Department of Homeland Security has posted a Federal Register notice seeking public comments about the Voluntary Private Sector Preparedness Accreditation and Certification Program. The program is mandated by the Implementing Recommendations of the 9/11 Commission Act of 2007 to establish a common set of criteria for private sector preparedness, including disaster management, emergency management, and business continuity programs. The goal of this voluntary program is to enhance nationwide resilience in an all hazards environment by improving private sector preparedness.

DHS has posted the Federal Register notice at http://www.regulations.gov/. (Identify Docket ID FEMA-2008-0017.) Comments may be submitted to http://www.regulations.gov or FEMA-POLICY@dhs.gov.

For more information on the program, check out the "Resources" page of the Preparedness, LLC website. It includes links to Public Law 110-53, the ANAB Accreditation Program, NFPA 1600 (the standard recommended by the 9/11 Commission and under consideration for this program), and presentations on what it all means.

I will be testifying on behalf of the National Fire Protection Association at the January 13 hearing in Washington, DC. I will provide updates on the program as information becomes available.

NFPA 1600 2010 Edition Available for Public Comment

Development of the 2010 edition of NFPA 1600, "Standard on Disaster/Emergency Management and Business Continuity Programs" is well underway with an expected publication date of April 2010. NFPA's Technical Committee on Emergency Management and Business Continuity, which I chair, completed work on the initial draft of the 2010 edition at its August meeting. This draft, also known as the committee's "Report on Proposals," has been posted to the National Fire Protection Association's website.

Posting of this draft opens the period for submission of public comments. The comment period closes on March 6, 2009. Following the close of comments, the technical committee is scheduled to meet in St. Louis March 17 - 19 to review and act on all public comments. The document produced from that meeting will also be posted by NFPA late in August.

NFPA and the technical committee encourage all users to submit comments on the latest draft of NFPA 1600. In the past the technical committee has received hundreds of public proposals and comments, input which the committee has used to make the document better. I encourage everyone to review the latest draft and favor us with your comments.

You can submit comments on the ROP draft electronically using the NFPA's online submittal process, via email (proposals_comments@nfpa.org) outlining your comment on the NFPA's form, or via the U.S. Post Service also using NFPA's form.

In accordance with NFPA's regulations, the technical committee must act on every public comment. We can accept or reject. We can also accept in part, accept in principle, or accept in part in principle. It sounds complicated, but the process ensures that your voice will be heard.

I am developing a new page on the Preparedness, LLC website titled "NFPA 1600" to provide detailed information on NFPA 1600. Although a work in progress, I hope it will be helpful to those organizations evaluating or developing their preparedness program.

DHS Announces Revised National Incident Management System

Following a recognized incident management system is a key to effectively managing the response to and recovery from an emergency or disaster. The National Incident Management System (NIMS) was developed after President Bush issued Homeland Security Presidential Directive/HSPD-5 in February 2003. This press release annouces the latest edition of "NIMS." NIMS is used within the public sector, and private sector organizations should be familiar with NIMS and how to work in cooperation with public sector agencies that may respond to their sites or who they may support during an incident. Links to information on NIMS, the Incident Command System (ICS), and available training can be found on the "Resources" page of the Preparedness, LLC website.

"The U.S. Department of Homeland Security's (DHS) Federal Emergency Management Agency (FEMA) today released a revised National Incident Management System (NIMS)-the national standard for incident management. NIMS establishes standardized incident management processes, protocols, and procedures that all federal, state, tribal and local responders will use to coordinate and conduct response actions.

NIMS expands on the original version released in March 2004 by clarifying existing NIMS concepts, better incorporating preparedness and planning and improving the overall readability of the document. The revised document also differentiates between the purposes of NIMS and the National Response Framework (NRF) by identifying how NIMS provides the action template for the management of incidents, while the NRF provides the policy structure and mechanisms for national-level policy for incident management.

"The National Incident Management System has been the single most significant improvement in incident management since the Department of Homeland Security was formed in 2003," FEMA Administrator David Paulison said. "It has enhanced interoperability among emergency responders at all levels of government and is the product of a collaborative effort involving hundreds of emergency personnel from across the nation. We incorporated lessons learned from Hurricane Katrina, clarified incident command system concepts, increased emphasis on planning and mutual aid, expanded the intelligence/investigation function, and better aligned the NIMS document with the National Response Framework," said Paulison.

With the oversight of FEMA, the newly released NIMS followed an extensive revision involving over 100 partners from all levels of government, private sector, nongovernmental organizations (NGO), and subject matter experts representing a broad spectrum of emergency management and incident response disciplines. Throughout three official nationwide comment periods, FEMA reviewed nearly 6,000 comments from more than 280 individuals and organizations, including extensive review and recommendations made by the National Advisory Council (NAC).

The basic tenets of NIMS remain the same. There have been several improvements to the revised NIMS document which will aid in readability and usefulness of preparing, preventing, and responding to incidents. For example, the revised document places greater emphasis on the role of preparedness and has reorganized its components to mirror the progression of an incident. Recognizing the importance of private sector partners and NGOs in incident response, FEMA has ensured that those entities have been more fully integrated throughout NIMS. The new document is consistent with the NRF, and together they provide a single, comprehensive approach to incident management."

Improvised Explosive Device Awareness - Course of Actions

Every facility emergency operations plan should include procedures for bomb threats and receipt of suspicous packages. When I reviewed the following article, I thought it was timely advice worth passing along. The following advice is reprinted from the Emergency Management and Response Information Sharing and Analysis Center (EMR-ISAC) CIP Bulletin 11-08, December 22, 2008. If you would like to obtain additional resources for bomb threats and suspicious packages, please check out the "Bomb Threats & Suspicious Packages" links on the "Resources" page of the Preparedness, LLC website.

Overview

Improvised Explosive Devices (IEDs) can be arranged in a number of configurations, the only limitation to their design and functionality is the bomber’s imagination. The first action for awareness is identification of the suspect IED. Unattended or suspicious packages or containers could potentially contain an explosive device and should be reported to security personnel immediately. Likewise, individuals behaving suspiciously or vehicles that seem out of place could also represent an explosive threat and should be reported immediately to security personnel.

Preliminary Actions

Authorities, first responders, and citizens should take the following actions to strengthen the existing security posture in the event of a bomb threat:

• Most bomb threats are received by phone. Remain calm and try to obtain information necessary for responders. (Be sure a bomb threat checklist like the one available from ATF is posted at all phones that can receive incoming calls--especially whoever answers the main incoming line.)
• Preserve any evidence if the threat is received in a note or letter, and do not handle it.
• Conduct a cursory search of the venue/facility for items or packages that may be out of place.
• Use CCTV capabilities to monitor activities inside the facility, and along the periphery of the building, after notification of a threat.
• Follow evacuation procedures keeping clear of the location of any suspected device and assemble at a safe location distant from or protected frm the location of the suspected device.
• Check to be sure the pre-designated evacuation route and assembly area is clear of any potential threats, such as a secondary device. A secondary location should be identified in advance, in the event the first site is compromised.
• Be vigilant for characteristics of a suspect suicide bomber (e.g., wearing bulky clothing or coat, or attire uncharacteristic for the season; exhibiting nervousness or a distant look; sweating profusely, etc.)

Immediate Actions

Follow these steps when a suspect IED is encountered:

• Once out of the immediate area of the suspect IED, call 911 immediately;
• Employees should be trained not touch or disturb suspect items in any way;
• Immediately evacuate the surrounding area, for small packages (e.g. pipe bomb, briefcases etc.) a minimum of 300 ft is recommended;
• Prior to evacuation, check the designated evacuation assembly site, to ensure additional IEDs have not been placed to target those evacuating the venue.
• Do not use cellular phones or two-way radios in the immediate area of the device, since this action may cause the device to detonate.
• Remain vigilant for any additional suspicious activity.
• Identify interdependencies in the immediate area that could compound the effects of a detonation (e.g. gas lines, electric grids etc.), and consider increasing evacuation distances.

Follow On Actions

The following actions are vital, since the possibility for an additional incident cannot be eliminated:

• Conduct immediate review of any video or pictures captured by CCTV system.
• Attempt to gain information from those evacuated regarding what they may have witnessed.
• Immediately record any details from witnesses for law enforcement needs.
• Determine if evacuees took any videos or photos prior to the attack, and attempt to obtain that documentation for evidentiary purposes for the authorities.
• Look for anyone monitoring the response and notify responding law enforcement authorities of these actions.. (e.g. videoing the site, conducting time checks, taking notes, monitoring radio traffic with a scanner etc.)

Preparing for Arctic Freeze & Winter Storms

Before the heavy snow warnings are broadcast and the frigid blasts of arctic weather arrive, it’s important to prepare your facility and your employees. Preparations now can save costly damage to equipment and facilities and maintain important fire and life safety systems.

Loss Data

A study by property insurer FM Global[1] for the period 1984 through 1995 revealed over 3500 freeze-related insurance claims. Of these incidents, 42% were due to sprinkler leakage, which accounted for 17% of the gross dollar loss estimate. Process equipment breakdown due to freezing accounted for 10% of the incidents but 26% of the gross dollars.

FM Global’s analysis revealed a pattern of freezing over the Christmas holidays when planned reductions in production, shutdowns, and vacations occur. Idle facilities contributed to reduced space heating, reduced or no heat in production equipment, and few or no people to monitor temperature and respond to freeze conditions.

Winter Preparations

Walk the entire roof and check to ensure roof drains, gutters, and downspouts are clear. Clean any accumulations of leaves or other debris that could be swept into and clog drains. Check all roof mounted equipment to ensure air conditioners, fan housings, antennas, signs, and other equipment is properly anchored and access panels are secure. Check to ensure roof flashing is intact and roof vents are tight. Plan for access to the roof in case the roof hatch is inaccessible.

Evaluate the structural strength of sections of roofs likely to accumulate heavy snow drifts and water. Excessive snow drifts increase the weight applied to the structure and can cause collapse. These areas include intersections of low and high roofs; valleys between two peaked roofs; intersection of roof and roof mounted equipment. Look for bent, deflected, twisted roof members/decks that might indicate susceptibility to overload.

Prepare all sprinkler systems, heating systems, process equipment, emergency generator, and snow removal equipment or service. Check that sufficient heat will be available in buildings protected by wet pipe sprinkler systems. Drain condensate from the low points of all dry pipe sprinkler systems and ensure that heating equipment in valve closets are working properly. Check fire pump house and suction/gravity tank heaters as well. Use approved heat trace on exposed pipes that cannot be drained.

Preparations before the Arctic Freeze or Winter Storm

• Determine personnel and resource needs to protect the facility and handle storm cleanup.
• Review emergency plans for loss of heat, electricity, and protection system impairments. Assign responsibilities and review alerting and communications procedures.
• Test emergency generators under a full load at least annually. Maintain generator fuel tanks ¾ full. Arrange for fuel delivery before a storm approaches.

When an Arctic Freeze or Winter Storm is Forecast

• Monitor National Weather Service and local news media advisories.
• Have security guards check for low temperatures, open doors, cracked windows, or other openings that can allow the cold to enter.
• Check fire protection and life safety systems periodically.
• Monitor temperatures in areas with water pipes to detect low temperatures—especially those not normally occupied.
• Check exterior windows to ensure they are intact and water tight and doors align with frames.
• Prepare to activate your emergency management and business continuity plan and alert staff to respond if called.
• Keep driveways clear for emergency vehicle access. Coordinate with your contractor or Public Works as needed.
• Clear the exterior of exit doors to allow for emergency egress.
• Shovel areas around sprinkler valves and fire hydrants to allow emergency access. Inspect roof drains and remove any debris.
• Clear roof drains of ice dams to allow melting snow to drain.
• Clear exterior down spouts of snow or ice buildup at outlets.
• Stay alert for the beginning of ponding-deflection cycles. As snow compresses, it absorbs rainwater and the increased weight on the roof will create depressions where water will accumulate and not drain. Often this condition worsens and leads to roof collapse.
• Remove dangerous snow loads if deemed safe. Priority areas include changes in roof elevation, moderate or low-sloped peaked single gable or curved roofs where winds cause drifting, valleys formed by multiple-gable or multiple peaked roofs, and roofs with multiple projections.
• Remove snow from standing seam metal roofs in strips starting at the peak to the eaves alternating side to side to assure the roof load is maintained in balance.
• Maintain awareness of surface water flooding caused by poor street drainage. Direct surface water away from the building.

If Heat is Lost and Pipes Freeze

• Use only approved space heaters to provide temporary heating. Check with the local fire department to determine what is approved for your area. Kerosene and propane heaters should only be used if permitted and in supervised areas where adequate ventilation and fire protection is available.
• Do not use torches to thaw frozen pipes.
• Follow insurer and fire department required impairment precautions if sprinkler systems freeze.

This eNewsletter has been published by Preparedness, LLC and is available on our website. You can subscribe to future eNewsletters from the website.

[1] FM Global Property Loss Prevention Data Sheet 9-18/17-18, January 2007

WORLD AT RISK: The Report of the Commission on the Prevention of WMD Proliferation and Terrorism

After the terrorist attacks of September 11, 2001 I was asked to coauthor a book to provide guidance to the private sector on the subject of terrorism and how to protect employees, facilities, and operations. The book, "Business at Risk How to Assess, Mitigate, and Respond to Terrorist Threats," is still current today and it provides a wealth of information. That's why this report immediately captivated my interest.

Frankly, with the economic climate, businesses are looking to survive financially and are largely unable to focus on the threat of terrorism. I argue that managing the potential impacts of natural, man-made, and technological hazards—including terrorism—needs to be integral to the planning of every business. Sound emergency management, business continuity, and crisis management programs are an essential part of that planning.

If something significant happens, how prepared will businesses be?

WORLD AT RISK: The Report of the Commission on the Prevention of WMD Proliferation and Terrorism

"The Commission believes that unless the world community acts decisively and with great urgency, it is more likely than not that a weapon of mass destruction will be used in a terrorist attack somewhere in the world by the end of 2013.

The Commission further believes that terrorists are more likely to be able to obtain and use a biological weapon than a nuclear weapon. The Commission believes that the U.S. government needs to move more aggressively to limit the proliferation of biological weapons and reduce the prospect of a bioterror attack.

The Role of the Citizen

A well informed and mobilized citizenry has long been one of our nation’s greatest resources. The next administration therefore should, within six months, work with state and local governments to develop a checklist of actions that need to be taken to improve efforts at all levels of government to prevent WMD proliferation and terrorism. Citizens should hold their governments accountable for completing this checklist.

Insufficient effort has been made to engage the public in the prevention of WMD terrorism, even though public tips have provided clues necessary to disrupt terrorist plots against the homeland. We need to give our citizens guidance on what to expect from their government at all levels and on how to be engaged in the prevention of WMD terrorism.

RECOMMENDATION 13: The next administration must work to openly and honestly engage the American citizen, encouraging a participatory approach to meeting the challenges of the new century."

Impact of Earthquakes on the Central USA

I just reviewed the following research paper on the potential impact of earthquakes in the Central United States. When we think of earthquakes, we think about the West Coast and California in particular. The fact is that all of the West Coast is susceptible as well as the New Madrid Region of the Central United States where a series of catastrophic quakes occurred in the early 1800's. There are other areas of the U.S.A. that could suffer moderate earthquake damage as well.

The follow abstract of a research study was recently published by the Mid-America Earthquake Center at the University of Illinois. The report is the outcome of one of the largest and most comprehensive earthquake consequence assessment projects fundedby the Federal Emergency Management Agency (FEMA). The report contains earthquake impact assessments for the 8 central US (CUSEC) states, and lists damage and other consequences to the built environment as well as social and economic impacts. The earthquake scenarios used represent the New Madrid, the Wabash Valley and the East Tennesseeseismic zones. The analysis employs new and more reliable hazard and inventory data that has not been used before.The project is managed by the US Army Corps of Engineers' Construction Engineering Research Laboratory, and the work was undertaken in partnership with the Institute for Crisis, Disaster and RiskManagement at the George Washington University, with contributions forthe 8 State Geological Surveys, IEM, FEMA, US Geological Survey and CUSEC.

"The region of potential impact due to earthquake activity in the New Madrid Seismic Zone (NMSZ) is comprised of eight states: Alabama, Arkansas, Illinois, Indiana, Kentucky, Mississippi, Missouri and Tennessee. Moreover, the Wabash Valley Seismic Zone (WVSZ) in southern Illinois and southeast Indiana and the East Tennessee Seismic Zone in eastern Tennessee and northeastern Alabama constitute significant risk of moderate-to-severe earthquakes throughout the central region of the USA.

The hazard employed in this investigation includes ground shaking for three seismic zones and various events within those zones. The NMSZ consists of three fault segments: the northeast segment, the reelfoot thrust or central segment, and the southwest segment. Each segment comprises a deterministic, magnitude 7.7 (Mw7.7) earthquake caused by a rupture over the entire length of the segment. The employed magnitude was provided by US Geological Survey (USGS). The NMSZ represents the first of three hazard events utilized in this report. Two deterministic events are also included, namely a magnitude Mw7.1 in the Wabash Valley Seismic Zone (WVSZ) and a magnitude Mw5.9 in the East Tennessee Seismic Zone (ETSZ) earthquakes.

• The results indicate that the State of Tennessee incurs the highest level of damage and social impacts. Over 250,000 buildings are moderately or more severely damaged, over 260,000 people are displaced and well over 60,000 casualties (injuries and fatalities) are expected. Total direct economic losses surpass $56 billion.
• The State of Missouri also incurs substantial damage and loss, though estimates are less than those in Tennessee. Well over 80,000 buildings are damaged leaving more than 120,000 people displaced and causing over 15,000 casualties. Total direct economic losses in Missouri reach nearly $40 billion.
• Kentucky and Illinois also incur significant losses with total direct economic losses reaching approximately $45 and $35 billion, respectively.
• The State of Arkansas incurs nearly $19 billion in direct economic loss while the State of Mississippi incurs $9.5 billion in direct economic losses.
• States such as Indiana and Alabama experience limited damage and loss from NMSZ events with approximately $1.5 and $1.0 billion, respectively.

Noting that experience confirms that the indirect economic loss due to business interpretation and loss of market share, amongst other features, is at least as high if not much higher than the direct economic losses, the total economic impact of a series of NMSZ earthquakes is likely to constitute by far the highest economic loss due to a natural disaster in the USA.

The results are designed to provide emergency managers and agencies with information required to establish response plans based on likely impacts of plausible earthquakes in the central USA."

As you conduct your risk assessment to build your risk mitigation, emergency management, and business continuity program, you might want to take a look at this important research report. Take a look at some of the resource links on the Preparedness, LLC website to help you assess earthquake risk and build your program to respond to and recover from and earthquake event.

Office of the Director of National Intelligence Releases Global Trends Projections

I tend to be optimistic, but my profession tells me to continually evaluate risks so we can prevent, mitigate, and prepare to respond and recover if something bad happens. Well, the following report from the ODNI speaks to global trends and not the good trends we like to see. Food for thought as we look ahead to the future challenges.

"By 2025, the accelerating pace of globalization and the emergence of new powers will produce a world order vastly different from the system in place for most of the post-World War II era, according to a projection by the federal government's top intelligence analysts.

The projection, prepared by the National Intelligence Council of the Office of the Director of National Intelligence, was made public by the ODNI today.

The ODNI report, “Global Trends 2025: A Transformed World” projects a still-preeminent U.S. joined by fast developing powers, notably India and China, atop a multipolar international system. The world of the near future will be subject to an increased likelihood of conflict over scarce resources, including food and water, and will be haunted by the persistence of rogue states and terrorist groups with greater access to nuclear weapons, the report says. Widening gaps in birth rates and wealth-to-poverty ratios, and the uneven impact of climate change, could further exacerbate tensions, “Global Trends 2025” concludes.

The report extrapolates from current and projected trends. It is not a prediction, and the authors stress that “bad outcomes are not inevitable.”

“International leadership and cooperation will be necessary to solve the global challenges and to understand the complexities surrounding them,” the report concludes.

“By laying out some of the alternative possibilities we hope to help policymakers steer us toward more positive solutions.” Other projections in “Global Trends 2025”: include:

• Russia's emergence as a world power is clouded by lagging investment in its energy sector and the persistence of crime and government corruption.
• Muslim states outside the Arab core – Turkey, Indonesia, even a post-clerical Iran – could take on expanded roles in the new international order.
• A government in Eastern or Central Europe could be effectively taken over and run by organized crime. In parts of Africa and South Asia, some states might wither away as governments fail to provide security and other basic needs.
• A worldwide shift to a new technology that replaces oil will be under way or accomplished by 2025.
• Multiple financial centers will serve as 'shock absorbers' in the world financial system. The U.S. dollar's role will shrink to 'first among equals' in a basket of key world currencies.
• The likelihood that nuclear weapons will be used will increase with expanded access to technology and a widening range of options for limited strikes.
• The impact of climate change will be uneven, with some Northern economies, notably Russia and Canada, profiting from longer growing seasons and improved access to resource reserves.

The Global Trends series examines geopolitical trends and analyzes their likely outcomes, in an attempt to prompt public discussion of possible responses. The projections have covered five-year intervals, beginning with Global Trends 2010 issued in November 1997."

http://www.dni.gov/nic/NIC_2025_project.html

U.S. Department of Homeland Security Standards Adoption

Ten years ago, the National Technology Transfer and Advancement Act (NTTAA), Public Law 104-113, was signed into law, and implemented using Office of Management and Budget (OMB) Circular A-119, “Federal Participation in the Development and Use of Voluntary Consensus Standards and in Conformity Assessment Activities.” NTTAA requires all federal agencies and departments to use technical standards, unless their use is impractical or inconsistent with law. NTTAA is the basis for Department of Homeland Security (DHS) adoption of Non-Government Standards (NGS).

The Emergency Management and Response—Information Sharing and Analysis Center (EMR-ISAC) examined DHS standards adoption and its meaning for the nation’s Emergency Services Sector (ESS). The standards adoption and maintenance program is managed by the DHS Test & Evaluation and Standards Division of the Science and Technology Directorate.

DHS has so far adopted at least 35 responder-relevant standards that pertain to personal protective gear, radiation and nuclear detection equipment, incident management, and biometrics, developed by organizations such as the National Fire Protection Association (NFPA), Institute of Electrical and Electronics Engineers (IEEE), and the National Institute of Occupational Safety and Health (NIOSH). Adopted most recently were NFPA 472, “Standard for Competence of Responders to Hazardous Materials/Weapons of Mass Destruction Incidents,” and NFPA 473, “Standard for Competencies of EMS Personnel Responding to Hazardous Materials/Weapons of Mass Destruction Incidents,” that set minimum requirements for responders to incidents that involve hazardous materials and weapons of mass destruction (WMD).

When DHS formally adopts an NGS, it is designated a “DHS National Standard.” Its use is not mandatory, but strongly encouraged. Once adopted, DHS National Standards boost limited federal resources by increasing DHS access to subject matter experts, thus enabling resources that would be devoted to internal standards development to be applied to other critical areas. For responder personnel and other homeland security professionals, DHS National Standards offer best practices that support national initiatives (e.g., the National Incident Management System (NIMS) and the National Preparedness Goal) that enable implementing a preparedness and response system that includes a common language and standard operating procedures. By identifying minimum performance and describing best practices, DHS National Standards bolster interoperability of products and practices, as well as interchangeability, durability, flexibility, portability, dependability, survivability, sustainability, scalability, and maintainability of homeland security products and services. For additional information about ESS-related DHS National Standards, visit http://www.dhs.gov/xfrstresp/standards/editorial_0420.shtm.

"DHS designates NFPA codes and standards development process as “Qualified Anti-Terrorism Technology”

October 21, 2008 – On September 17, 2008, the U.S. Department of Homeland Security (DHS) designated the National Fire Protection Association (NFPA) codes and standards development process as a “Qualified Anti-Terrorism Technology” (QATT) under the Support Anti-terrorism by Fostering Effective Technologies Act of 2002 (SAFETY Act). NFPA is the first standards development organization to receive this designation. Under provisions of the SAFETY Act, NFPA’s codes and standards development process was also certified as an “Approved Product for Homeland Security.”

According to DHS, the SAFETY Act encourages the development and deployment of new and innovative anti-terrorism products and services by providing liability protections. Designation as a QATT and certification as an approved product for homeland security under the SAFETY Act provides legal protections for the NFPA codes and standards development process as applied to anti-terrorism.

“NFPA is pleased to have its codes and standards development process recognized as an effective anti-terrorism technology which reflects the openness, balance and fairness NFPA strives to achieve in its voluntary codes and standards development process,” said NFPA President James M. Shannon.

Federal protections under the DHS Designation and Certification are retroactive and recognize NFPA’s technology’s “first date of sale” as September 11, 2001.

Shannon added, “The commitment and involvement of NFPA in anti-terrorism standards predates the events of 9/11. NFPA has long been committed to making its codes and standards development process available for the creation and continual improvement of standards used to protect first responders and the public in terrorist events. We believe we have a world-class system which attracts numerous experts from diverse fields to develop codes and standards that mitigate the effects of terrorism on people and property.”

All NFPA safety codes and standards are developed through a process accredited by the American National Standards Institute (ANSI). The more than 250 technical committees responsible for developing and updating all 300 codes and standards include approximately 4,000 volunteers, representing enforcing authorities, installers and maintainers, labor, research and testing laboratories, insurers, special experts, consumers and other users."

Title IX of Public Law 110-53: Updated Resource Links and Presentations

I have updated the Resources page within the Preparedness, LLC website to include links to the text of Public Law 110-53,"Implementing Recommendations of the 9/11 Commission Act of 2007," the text of Title IX of the law, DHS/FEMA resources, and a link to ANAB. ANAB is the organization that will develop program guidelines for the "certifying bodies" that will actually evaluate and accredit the private sector preparedness programs.

In addition, you can view PDF copies of presentations to the Securities Industry and Financial Markets Association and the NorthEast Disaster Recovery Information X-Change, which provide background on Title IX of PL 110-53 and NFPA 1600, which is one of the standards that may be used as criteria for evaluation of private sector preparedness programs.

Voluntary Private Sector Preparedness Accreditation & Certification Program

Title IX of Public Law 110-53 (“Implementing Recommendations of the 9/11 Commission Act of 2007”) requires the U.S. Department of Homeland Security (DHS) to develop a voluntary private sector preparedness accreditation and certification program. DHS was charged with tasks to establish the program including:

• Designate one or more organizations to act as an accrediting body
• Designate one or more standards for assessing private sector preparedness
• Provide information and promote the business case for voluntary compliance with preparedness standards

Since the law was passed in August 2007, DHS has designated FEMA Administrator Paulison to administer the program and chair the Private Sector Preparedness Council. The council includes leadership from the Science & Technology Directorate, Office of Infrastructure Protection, and the Private Sector Office.

DHS has signed an agreement with the ANSI-ASQ National Accreditation Board (ANAB) to develop and oversee the certification process, manage the accreditation, and accredit qualified third parties to carry out the certification in accordance with the accepted procedures of the program.

ANAB has organized its “Committee of Experts” to advise ANAB on the qualifications of the “Certifying Bodies” that will accredit qualified third parties. Don Schmidt, CEO of Preparedness, LLC and Chair of the NFPA 1600 Technical Committee, is a member of the ANAB Committee of Experts along with representatives from other standards developers and private sector industry representatives.

DHS has not yet formally designated any standards for assessing private sector preparedness under this law, although DHS’ Science & Technology Directorate has adopted NFPA 1600. At the October ANSI Homeland Security Standards Panel plenary meeting in Washington, officials stated they are not picking a “winner” and that all reasonable standards will be included. DHS, however, has privately informed ANAB to begin work using NFPA 1600.

DHS has also published an initial draft of their “target criteria,” which will be used to select standards for assessing private sector preparedness. The “target criteria” for selecting standards includes:

• A scope and/or policy statement.
• Identification and conformity with applicable legal, statutory, regulatory and other requirements.
• Objectives and strategies.
• Hazard and threat identification, risk assessment, vulnerability analysis, and impact analysis.
• Incident management, strategy, tactics, operational plans and procedures.
• Communications and warning.
• Training.
• Resources management and/or logistics.
• Assessments, audits and/or evaluation of programs.
• Program revision and process improvement including corrective actions.

These “target criteria” align almost exactly to the elements within NFPA 1600. Accordingly, we will discuss each of these criteria within upcoming newsletters.

Although this program is voluntary, businesses are watching closely. Whether they choose to seek certification or not, business leaders are evaluating their preparedness program. In the end, that’s what it’s all about—protecting employees, property, business operations, the environment, and the business entity itself.

Canadian Standards Association unveils new emergency management and business continuity standard

Toronto, October 8, 2008, Canadian Standards Association - "More than 40 per cent of Canadians say the company where they work does not have an emergency plan in place according to a recent study[1]. Canadian Standards Association (CSA), a leading developer of standards and codes, today officially announced a new emergency management and business continuity programs standard, CSA Z1600, which is designed for private and public organizations of all sizes to use if disaster strikes. This new standard is based on the National Fire Protection Association (NFPA) 1600 Disaster/Emergency Management and Business Continuity Programs standard."

As chair of the NFPA 1600 technical committee, I am excited and pleased to see the release of CSA's Z1600 standard. I know that members of the CSA technical committee have worked very hard to produce this standard for Canada. Congratulations to all of them on their accomplishment.

Z1600 is an adaptation of NFPA 1600, which in its 4th edition, is the most widely used emergency management and business continuity standard in the United States. NFPA 1600 is also used in many countries around the globe. The CSA technical committee's work is impressive, and the NFPA 1600 technical committee has taken a liking to the ordering of Z1600. In fact, at the NFPA 1600 "Report on Proposals" meeting in August, the NFPA 1600 technical committee voted to reorder the elements within NFPA 1600 similar to the new ordering of Z1600. The CSA committee builds on the work of the NFPA technical committee, and the NFPA technical committee returns the favor. This is truly a relationship that is productive for both the United States and Canada and a model of how standards organizations can work together to produce quality standards for both private and public sectors.

I will be providing some updates on NFPA 1600 in the coming months as NFPA publishes the official "Report on Proposals" draft of the 2010 edition of NFPA 1600. The ROP draft will incorporate many changes to 2007 edition. I will also provide a link, so that readers can download the ROP draft and provide their comments for the technical committee's action. If you want more information on NFPA 1600 and the handbook written by technical committee members including yours truly, please check out this link.

1 Leger Marketing conducted an online survey among 1,088 working Canadians aged 18+ on their opinions of major disasters in their community. The margin of error for a sample of this size is +/- 3.0%, 19 times out of 20.

Fire Prevention Week, October 5-11

October 5-11 is Fire Prevention Week, an annual campaign focused on fire safety and promoted by the National Fire Protection Association. Did you know that fire departments responded to nearly 400,000 home fires in 2006? That's why this year's theme is titled "Prevent Home Fires." I strongly encourage you to educate your family about fire safety. Practice EDITH (exit drills in the home.) Make sure everyone knows to get out and stay out if there is a fire in the home. Make sure everyone knows where to meet, so everyone can be accounted for. Conduct a fire inspection in your home to identify hazards--before they can ignite a fire. Make sure your smoke detectors are working properly and that extinguisher, too. As a long time member of NFPA, I can attest to the conviction, expertise, and professionalism of the NFPA staff. I urge you to take their advice to heart. For more helpful information and educational tools, check out the following on the NFPA Fire Prevention Week website:

• Read our blog
• New survey looks at heating costs, fire risk
• Send a Sparky® e-card to friends
• Interactive learning stations for your open house.
• The Great American Fire Drill
• Online safety quiz.
• Free Scholastic materials
• View three new Dan Doofus FPW videos
• Home inspection checklist

"Reproduced from NFPA's Fire Prevention Week Web site, www.firepreventionweek.org. ©2008 NFPA."

Protecting the Education Infrastructure

As reported in the Emergency Management and Response Information Sharing and Analysis Center (EMR-ISAC) INFOGRAM 37-08, September 25, 2008: "Much effort has been expended to protect the nation’s critical infrastructures, including those of the Emergency Services Sector (ESS). However, Department of Education officials concede that educational institutions are not specifically identified as among America’s critical infrastructure sectors or key resources, which potentially makes soft targets of schools, colleges, and universities. Experts say learning facilities are vulnerable to terrorism, because of the high consequence of an attack against children. The Emergency Management and Response—Information Sharing and Analysis Center (EMR-ISAC) gleaned from various case studies that the threat to schools may not be detected or prevented by physical security measures alone. Therefore, the EMR-ISAC suggests that ESS leaders can offer encouragement and assistance to educational centers as they conduct emergency planning and develop crisis action plans. For example, it is important that a school’s emergency plans are effectively integrated with the emergency response plans of the community in which the teaching establishment resides. Case studies further indicate that municipal authorities and their ESS leaders consider the following activities to improve the overall security of the local education infrastructure:

• Deliver “all-hazards” awareness training for school administrators, staff, and students.
• Train school administrators and staff regarding emergency actions.
• Review and validate all school emergency response, crisis management, and communications plans.
• Conduct drills and exercises to test and refine emergency response and crisis management plans.
• Provide primary and secondary interoperable communications systems for each school.
• Implement and test plans to maintain reliable contact with schools and school buses.
• Arrange for a “closed-campus” environment with a single point of access for all personnel.
• Increase police presence on school grounds by ensuring frequent visits as part of patrol routes.

There are national standards, including NFPA 1600, that address the essential elements of emergency management program. In addition, a new school preparedness standard is being developed in conjunction with the U.S. Department of Education. I am principal author of that new standard, and I will provide updated information on the standard when it can be released to the public.

If you are interesting in learning more about school emergency preparedness, check out the resource links at http://www.preparednessllc.com/resources/resources.html.

October is National Cyber Security Awareness Month

For the fifth year, the U.S. Department of Homeland Security’s National Cyber Security Division (NCSD) is spearheading National Cyber Security Awareness Month, a comprehensive outreach campaign to empower all Americans and businesses to take steps to secure their part of cyberspace. During the month of October, events will take place across the country to raise awareness of the growing need to protect the Nation’s critical infrastructures and key resources from cyber threats and vulnerabilities.The NCSD is partnering with the National Cyber Security Alliance and the Multi-State Information Sharing and Analysis Center, along with other government agencies and the private sector. The month's activities include press and media events, educational workshops, state cyber exercises, and lectures hosted by public and private partners, proclamations by state governors, and other stakeholder outreach activities. Here are 10 actions you can take to improve cyber security in your organization:

1. Use strong passwords at work and at home. Update your password frequently and encourage others to do the same.
2. Make sure that your anti-virus software and firewalls are up-to-date. New threats are discovered everyday and keeping your software and firewalls updated is one of the easiest ways to protect yourself from an attack. Set your computer to automatically update for you.
3. Hold an event at your facility designed to increase cyber security education and awareness. Download EDUCAUSE’s cyber resource kit online at http://www.educause.edu/7479.
4. Reach out to people that you know – your children, co-workers, friends – about good online safety and security habits, including protecting their personal information and their reputation. For more information and tips go to http://www.staysafeonline.org/ and http://www.us-cert.gov/.
5. Print cyber security posters from http://www.onguardonline.gov%20/ and post them in workrooms, hallways, bathrooms and other employee gathering places. Print and post cyber security tips near your computer at home and at work. Review them with your colleagues, employees and family members.
6. Create a separate section for cyber security tips on your organization’s web site. Download online buttons and banners about phishing, identity theft, file-sharing, and other cyber security topics at http://www.msisac.org/ or http://www.onguardonline.gov/ and place on your organization’s home page.
7. Use regular communications – newsletters, email alerts, websites, etc. – as an opportunity to promote your commitment to cyber security. Some newsletter topics to consider include: updating software processes; protecting personal identifiable information; and securing your wireless network.
8. Subscribe to the National Cyber Alert System from the US Computer Emergency Readiness Team at http://www.blogger.com/www.us-cert.gov. Through the Alert System, you can receive timely information about current cyber security problems to protect home and office computers. This information includes weekly bulletins with summaries of new vulnerabilities, patch information when available, and tips on common security topics, such as privacy, email spam, and wireless protection.
9. Back up important files. If you have important files stored on your computer, back them up to removal media, to a server, and best yet to an online backup service. Secure your backup media to prevent unauthorized access and store the media in a location where it will not be damaged from a hazard that affects your computer (what if your place of business was destroyed by fire?)
10. Ask IT security specialists at your workplace to report any potential cyber incident, threat, or attack to the United States Computer Emergency Readiness Team (USCERT) at 1-888-282-0870 or US-CERT.gov.

These links along with dozens of others that related to risk assessment, hazard prevention, risk mitigation, emergency response, and business contininuity have been added to the growing "Resources" page of the Preparedness, LLC website.

Parents May Not Heed Evacuation Orders

An interesting survey was published by the National Center for Disaster Preparedness at Columbia University's Mailman School of Public Health. The 2008 American Preparedness Project: Why Parents May Not Heed Evacuation Orders & What Emergency Planners, Families and Schools Need to Know

"2008 survey data illustrate that in the event of an order to evacuate parents say they are overwhelmingly likely to disregard existing community emergency plans and instead attempt to pick up their children directly from school or day care instead of evacuating separately. Were this to occur in the immediate aftermath of a sudden disaster, chaos would ensue and public safety would be jeopardized."

The studies authors made several important recommendations for schools:

• All schools should have "well thought out" emergency plans coordinated with local emergency officials.
• Parents need to be aware of school emergency plans and what they should do.

I have worked with numerous school systems over the past 10 years, and here are some specific recommendations:

• Schools should conduct a detailed risk assessment to identify hazards that could injure students, teachers, staff, and others as well as damage property or interrupt school activities. The risk assessment should lead to the develop of strategies to prevent hazards or mitigate hazards that can't be prevented. The strategy should be endorsed by the superintendent, school committee, and others who need to provide funding.
• Schools should have plans at the Superintendent or district level to manage the overall incident including communications with the community.
• Schools should have organized emergency response teams and procedures to respond effectively to the different types of emergencies that may occur. Types of emergencies include the ones we all think of (e.g., fire, medical, act of violence, etc.) Plans should also address regional or community-wide emergencies (e.g., earthquake, act of terrorism, etc.) that are not as probable, but would put the school in the position of having to fend for itself for the initial minutes or hours.
• Plans must include detailed procedures for evacuation, shelter-in-place, lockdown, and student/family reunification. These plans must be coordinated with public agencies including fire, law enforcement, and emergency medical services.
• All members of school emergency response teams must be trained so they understand and can fulfill their responsibilities as defined in the plan.
• Drills (evacuation, shelter-in-place, and lockdown) and exercises (tabletop, functional, and full-scale) should be conducted to familiarize everyone with emergency procedures and identify any gaps in plans, procedures, resources, or the capability of those who have to carry out the plans.
• Every teacher should be trained in basic emergency procedures and every classroom should be equipped with a concise list of emergency procedures.
• Parents need to be informed through outreach by administrators, PTO, websites, flyers sent home, and by their own sons and daughters who actively get them involved.

A national standard on school emergency preparedness is being written under the auspices of ASTM International, one of the national standards developers. I am one of the members of the committee writing the standard and we expect to present our preliminary draft to the U.S. Department of Education in November.

If you would like more information on Preparedness, LLC's services to public schools, click here.

If you would like to see an example of a school emergency preparedness website, click here.

References & Resources: Links to Helpful Information

I recently updated the "Resources" within the Preparedness, LLC website. It includes more than five printable pages of references and resources for risk assessment, prevention and mitigation, emergency planning, business continuity, training, and more. There are links for laws and regulations, codes and standards, government agencies, nonprofit/professional organizations, and more. There are also many links to excellent, peer reviewed technical documents that open in HTML or PDF format from their hosted websites. It will always be a work in progress, but I will do my best to keep it updated. If you have suggestions for additons to the page, please let me know.

Copycat White Powder Mailings

From the Emergency Management and Response Information Sharing and Analysis Center, INFOGRAM 35-08 September 11, 2008:

“Various State Fusion Centers and news sources recently reported about the rash of copy cat mailings throughout the nation containing white powder. The letters and packages have been sent to well known political figures and local government offices as well as to the homes and work sites of individuals not involved in public life. Upon reviewing these reports, the Emergency EMR-ISAC learned that to date none of the mailings were determined to be dangerous by responding hazardous materials teams."

Do you remember what happened in October 2001 when Senator Daschle, Tom Brokaw, an innocent grandmother in Fairfield County Connecticut, and others received anthrax laden mail? Thankfully these cases have been hoaxes, but are you prepared if someone reports receiving a suspicious envelope or package. CDC and GSA have some good information to help with planning. The guidance needs to be integrated into an emergency management program that includes people organized and trained to respond.

7th Anniversary of September 11, Remembering Lars, Harry, Sal, and so many others

Today is September 11, 2008. It’s been seven years since that fateful day.

On September 11, 2001 I lost many good friends and colleagues. We all lost many fine citizens who just went to work that day. We also lost many of New York’s Bravest (FDNY), New York’s Finest (NYPD and PAPD), soldiers in the Pentagon, and those on the doomed aircraft. It’s a day none of us will ever forget.

On September 10, 2001 I was in Midtown Manhattan speaking at a seminar on emergency response and business continuity. The seminar was to be held in the World Trade Center on September 11, but it had to be moved to the Harvard Club and rescheduled because of the number of people who registered. Thank you to all who registered.

On the morning of September 11, 2001, I was speaking on the same subject, but this time it was in Boston’s Back Bay—at the Bull & Finch Pub of Cheers fame. Around 8:46 AM, I was asking the audience to picture themselves on the upper floor of a high rise building when the fire alarm sounds and they see smoke in the corridor. That was the situation faced by one of my clients when a multiple alarm fire in the Prudential Center ignited below them. That was back in January 1986. My client and everyone else in the Prudential Center evacuated safely—due to the heroic efforts of the Boston Fire Department—there were no automatic fire sprinklers at that time [there are now.]

On September 11, 2001 my friends, colleagues, and many fine Americans were not able evacuate safely. Their evacuation paths were cutoff…

I still see their faces when I pass people on the street. I can picture their faces in my mind and hear their voices in my head. I miss you guys—Lars, Harry, Sal, and too many others.

In the aftermath of 9/11, I had the opportunity to meet with staff of the 9/11 Commission—on the eve of the second anniversary of the attacks. I got to look at Ground Zero and remember everyone who was lost. In our discussion with the 9/11 Commission staff, we talked about preparedness. Emily Walker, the lead staffer from the Commission, relayed her painful discussions with family members of those who were lost that fateful day. She knew something more needed to be done. To condense months into a sentence, the 9/11 Commission embraced a recommendation for enhancing private sector preparedness. That recommendation has been echoed in multiple Federal laws and most recently in Title IX of Public Law 110-53. Let’s be better prepared. We owe it to Lars, Harry, Sal, and so many others.

Work Begins on European Disaster Preparedness Standard

The list of disaster preparedness standards is growing longer:

"The Brussels Management Centre of CEN, the European Committee for Standardization, is the site of two meetings today that will lead to creation of a new standard for protecting the populace against natural disasters and terrorist acts. CEN, which develops voluntary standards, was asked by the European Community to address this issue, and it formed CEN BT/WG 161, "Protection and Security of the Citizen," to accomplish the task."

In the United States we have NFPA 1600, and in Canada Z1600 (the Canadian standard based on NFPA 1600). ISO published ISO PAS (Publicly Available Specification) 22399 "Societal Security" late last year, and now this new project originates in Europe.

September is National Preparedness Month

September is National Preparedness Month, and I provide some information from the Ready Business Fact Sheet. A national survey of businesses with 2-999 employees conducted by The Ad Council in December 2007 found:

• 38 percent said their company has an emergency plan in place in the event of a disaster
• 59 percent assessed their own business as “very” or “somewhat” prepared in the event of a disaster
• 55 percent of businesses surveyed said that they had taken either significant or small steps to improve emergency preparedness in the past year
• The surveyed businesses said that the most important threats for them to address are fires followed by cyber attacks and then hurricanes, winter storms, tornadoes and terrorist attacks.

It's good to see that work is being done even in these days of a challenging economy, but every workplace needs to have a basic emergency plan in place. The Occupational Safety and Health Administration (OSHA) requires emergency action plans for companies with 10 or more employees. Fire and life safety codes also require emergency plans.

It's good to see that businesses are focusing on natural hazards. With tropical storm Fay, Hurricane Gustav, and possibly Hurricane Ike, the dangers of tropical cyclones are clearly evident. With the 7th anniversary of 9/11 approaching, it's good to see that people haven't forgotten that terrorism is still a threat. The reality is, however, that there are dozens and dozens of hazards that can impact businesses today. We'll take a look at hazards—natural, human-caused, and technological—and risk assessment in the coming days and week.