Protecting life, property and business

By James Shannon

Earlier this year the National Fire Protection Association (NFPA) released the 2010 edition of NFPA 1600, Disaster/Emergency Preparedness and Business Continuity Programs. NFPA 1600 has received a great deal of attention in the post-9/11 era.

“Private-sector preparedness is not a luxury; it is a cost of doing business in the post-9/11 world.”
-James Shannon

First published in 1995, and currently in its fifth edition, NFPA’s preparedness standard is a high-level program-design document that defines the core elements of both emergency management and business continuity: protecting life, property, business operations and the environment. It is intended for use by both public and private sector entities. The document is available from NFPA as well as the American National Standards Institute (ANSI). Because of its national importance, NFPA has, since 2004, been offering the current edition of NFPA 1600 as a free PDF download from its website (www.nfpa.org). To date over 120,000 PDFs have been downloaded worldwide.

The approach taken in NFPA 1600 has been to provide high-level fundamental criteria for the development, implementation, assessment and improvement of emergency management and business continuity programs. It was recognized in the development of the early editions of NFPA 1600 that a comprehensive document addressing the unique hazards, processes and resources of a wide spectrum of industries would be extremely complex and would never be complete. As a result, the NFPA technical committee, composed of over 30 experts responsible for writing the standard, chose to write a more general document that would not be in conflict with industry best practices or regulations and yet was flexible enough to accommodate different kinds of entities of differing sizes.

Homeland security interest
In 2003, NFPA 1600 was presented to professional staff of the US 9/11 Commission, a blue ribbon panel of experts charged with reviewing the events that led up to 9/11 and the broad subject of domestic security. Subsequently, NFPA 1600 was endorsed as the US National Preparedness Standard by the Commission in The 9/11 Commission Report published in the July of 2004. This Report provided the first framework for homeland security in the US

The 9/11 Commission’s endorsement of NFPA 1600 was reiterated in US Public Law (PL) 108-458 Intelligence Reform and Terrorism Prevention Act of 2004, signed into law by President Bush in December 2004. More recently, in the August 2007 PL110-53, Implementing Recommendations of the 9/11 Commission Act of 2007, NFPA 1600 was again named as a standard for private sector preparedness under a new US Department of Homeland Security (DHS) initiative for voluntary certification of private sector preparedness programs named “PS-PREP.”

NFPA 1600 remains unique among preparedness standards, as it has a strong life safety component. The 9/11 Commission said this about NFPA 1600: “We believe that compliance with the standard should define the standard of care owed by a company to its employees and the public for legal purposes. Private-sector preparedness is not a luxury; it is a cost of doing business in the post-9/11 world. It is ignored at a tremendous potential cost in lives, money and national security.”

New edition

The 2010 edition of NFPA 1600 incorporates lessons learned from Hurricane Katrina as a result of workshops sponsored by DHS and ANSI that captured the experiences of response and recovery organizations and private businesses during and after the devastating Gulf Coast hurricane in 2005. The standard was reorganized and expanded in the areas of program management; risk assessment; and business impact analysis, implementation and recovery. The document is still succinct; the basic requirements are contained within six pages of text.

The standard provides the fundamental criteria to develop, implement, assess and maintain an all-hazards disaster/emergency management and business continuity program for prevention, mitigation, preparedness, response, continuity and recovery. ‘All hazards’ includes events caused by nature, humans (both intentional and accidental) and technology. The standard is intended for use by public, private, not-for-profit and non-governmental organizations (NGOs) on a local, regional, national and global basis.

The heart of the 2010 edition is in Chapters 4 through 8. Chapter 4 addresses program management, which has been expanded to emphasize the importance of leadership and commitment. Chapters 5 through 8 cover the program development process and are consistent with the ‘plan, do, check, act’ continuous improvement process. Chapter 5 covers planning, including risk assessment, business impact analysis, prevention and mitigation. Chapter 6 addresses implementation, including resource management, mutual aid/partnership agreements, crisis communications, emergency response, business continuity, recovery and incident management. Chapter 7 addresses testing and exercises. Chapter 8 covers program improvement, including periodic review and corrective action based on changing operations and lessons learned from exercises and actual incidents.

The 2010 edition of NFPA 1600 has been endorsed by the Disaster Recovery Institute International (DRII), the Association of Contingency Planners (ACP), and the International Association of Emergency Managers (IAEM). In addition, it has been officially designated as a Qualified Anti-Terrorism Technology (QATT) and certified as an Approved Product for Homeland Security by DHS. It carries the DHS ‘SAFETY Act Certified’ seal.

To assist practitioners, NFPA publishes a textbook entitled Implementing NFPA 1600, which addresses in more detail the preparedness requirements for various types and sizes of entities. NFPA also offers two training programs on NFPA 1600.

Government and business needs

Business continuity alone is insufficient. Governments and businesses need to manage emergencies to protect their employees and the public while also protecting and preserving their enterprises. Ultimately, disasters are about people – saving lives, preventing injuries and providing the basics of life for communities as they go through recovery.

Large companies, states and large cities have implemented emergency management and business continuity/continuity of operations plans. Many of these plans are consistent with NFPA 1600. Addressing preparedness for smaller businesses is a challenge. Resources may be scarcer, and needs may not seem so obvious. A review of supply chains in the aftermath of regional disasters such as Hurricane Katrina in 2005 makes it clear that all levels of the supply chain need to be prepared. The failures of small and medium-sized businesses, which supply larger businesses, can cause widespread disruption. As a result, there is increasing scrutiny of the resiliency of the supply chain, and larger firms are frequently auditing the preparedness programs of their suppliers.

Public sector entities depend on the private sector for products and services. The public sector in turn often provides services such as police, fire protection, emergency medical services and utilities to the private sector. The continuity of the operation of these public entities is important. State and local governments are putting plans in place for support from businesses whose activities are vital to the safety and recovery of their jurisdictions in a disaster.

Government entities cannot stockpile enough critical resources for large, locally devastating disasters such as floods, hurricanes or earthquakes. Business relationships need to be established in advance of disasters for critical supplies including food, water, clothing and shelter. Government entities are seeking agreements with retailers and wholesalers that have large quantities of pre-positioned and geographically distributed supplies. The principles in NFPA 1600 apply to evaluating preparedness of these supply chains.

International use

NFPA 1600 has received wide acceptance over the years in the US, where it is used by industry, commercial property owners, insurers and state and local governments. In October 2008, the Canadian Standards Association (CSA) announced the release of the first edition of CSA Z1600, a Canadian national preparedness standard based on NFPA 1600 and licensed by NFPA for use in Canada. Besides becoming the most widely used preparedness standard in North America, NFPA 1600 has gained significant attention in Latin America and Asia. It is the national preparedness standard in Argentina and is translated and distributed by other standards bodies in Chile, China, Colombia, Ecuador, South Korea, Thailand and Trinidad and Tobago. It is also being used by insurance companies in Europe.

Biography

James M. Shannon is President of the National Fire Protection Association.