|
By Donald L. Schmidt
NFPA 1600, Standard on Disaster/Emergency Management
and Business Continuity Programs, has gained considerable attention
since first published as a standard in 2000. Since then the 9/11 Commission
has endorsed it as The National Preparedness Standard. More recently,
Congress emphasized the importance of private sector preparedness and
NFPA 1600 within The National Intelligence Reform Act of 2004-signed by
President Bush in December 2004.
Within Section 7305, Private Sector Preparedness, Congress
asks the Secretary of Homeland Security "to promote, where appropriate,
the adoption of voluntary national preparedness standards such as the
private sector preparedness standard developed by the American National
Standards Institute and based on the National Fire Protection Association
1600 Standard on Disaster/Emergency Management and Business Continuity
Programs."
The National Fire Protection Association Technical Committee
on Emergency Management and Business Continuity, which is responsible
for NFPA 1600, is busily working on the 2007 edition of the standard.
Before the printing presses produced the 2004 Edition, the Task Group
on Future Development began exploring developing issues. The task group
reviewed the recommendations of ANSI's Homeland Security Standards Panel,
as well as the National Response Plan, the National Incident Management
System, and all of the Homeland Security Presidential Decision Directives.
The technical committee is also following the activities of the Emergency
Management Accreditation Program - a long-time user of NFPA 1600, ASTM's
E54 committee on health care preparedness, Australia-New Zealand risk
management and security standards, the Canadian Standards Association's
Emergency Preparedness Standard as well as the work of other organizations
in the United States and Canada. At the very least, documents from these
organization become excellent references within the annexes of NFPA 1600.
In many cases interaction with these committees has identified common
issues with, inconsistencies within, and or possible changes to, NFPA
1600.
The task group's report was presented to the full technical
committee in the Fall of 2004, and continuing discussion is scheduled
at the late Winter 2005 and Summer 2005 meetings. NFPA 1600 will continue
to evolve in its next edition to address issues that have arisen since
the committee finalized the last edition and to reflect activities in
both the public and private sectors.
A strong message heard from ANSI's Homeland Security Standards
Panel was the need to emphasize NFPA 1600 is a voluntary standard. The
document as written incorporates mandatory language (e.g., "shall" not
"should"), but unless the standard is legally adopted by a political jurisdiction
or its use is mandated by an entity for that entity, NFPA 1600 is not
enforceable. Plaintiff counsel can use the courts, however, to address
a grievance, and NFPA 1600 can be presented as the standard of performance
that a defendant's actions can be judged against. ANSI's HSSP has recommended
incorporation of a foreword that emphasizes the voluntary nature of the
standard. A task group has drafted a suggested foreword that will likely
appear in the next edition.
The release of the National Incident Management System last
year has resulted in many suggestions and some proposals to include concepts
and terminology from NIMS and the Incident Command System. In the past,
NFPA 1600 has defined "incident management system" and requires that a
system be used. However, the standard does not require use of ICS by name.
Use of NFPA 1600, like many NFPA standards, extends well beyond the borders
of the United States, and the technical committee has resisted mandating
the use of United States practices.
The practices of emergency management and business continuity
continue to evolve and gain in importance. Both disciplines are well-established,
but the committee has recognized that too often planning for each is done
in separate silos. A recommendation supported by the committee recognizes
the need for emergency management and business continuity professionals
to cooperate and coordinate their activities to ensure effective planning.
Specific language is pending.
NFPA 1600 is not a prescriptive standard. It does not provide
detailed requirements for each of the 15 program elements. Nor does it
specify a program development process, although more than one has been
presented to the technical committee. Each entity can address the requirements
and program elements of NFPA 1600 in any manner, so long as each is properly
addressed and meets the needs of the entity. One proposal assigned to
another task group is the revision of NFPA 1600 to meet the requirements
of a performance-based standard. This includes the development of goals,
objectives, assumptions, and compliance options. However, a task group
has reported considerable study and deliberation is required - more than
can be afforded prior to the upcoming deadline for drafting of the committee's
proposal.
One concept that has arisen particularly from the public
sector is the inclusion of prevention and deterrence along with the four
phases of emergency management specified in Section 5.1 - mitigation,
preparedness, response, and recovery. Many articulate that prevention
and deterrence are part of mitigation, hence no change is required. However,
given the interest in deterrence and prevention of future terrorist attacks,
this suggestion will continue to be evaluated.
Many proposals call for additional or revised definitions
particularly relating to "homeland security." The technical committee
has resisted revising the document to become "homeland security" centric.
Rather the strength of the document is its focus on a program to address
all hazards.
The title of the NFPA 1600 may also change, if a task group
proposal survives the proposal and comment processes. Removal of the word
"disaster" has been proposed because "disaster" is a relative term. Emergency
management and business continuity have clearly emerged over the past
decade as more meaningful terms.
Many questions have been raised about industry-specific
compliance with NFPA 1600. Currently, annexes provide guidance on selected
sections, and references guide readers to publicly available documents
or other resources that may assist them in complying with NFPA 1600. Health
care is one industry where discussions are underway to address how to
use NFPA 1600 to address emergency management and business continuity.
Currently, NFPA 99, Standard on Health Care, includes a chapter
on health care emergency preparedness. Members of the NFPA 1600 technical
committee and members of the NFPA 99, Chapter 12 technical committee have
begun preliminary discussions on how to address this important need. While
no solution has emerged at this time, options include writing a new standard
in the NFPA 1600 series or expanding NFPA 1600 to address health care.
Similarly, the unique and often complex challenges of other industries
need to be addressed. Development of new standards would require the approval
of NFPA's Standards Council and possible formation of a technical correlating
committee to ensure documents are properly coordinated.
NFPA 1600 will continue to evolve in the coming months as
the technical committee reviews all public proposals, prepares its own
committee proposal, and then deliberates on public comments. This process,
which will conclude when the next edition is balloted in late 2006, likely
will see more - but probably not revolutionary - changes in the final
document.
The NFPA standards making process is open and consensus
based. All interested parties are urged to submit their suggestions for
revisions or additions to NFPA 1600. Proposals and comments must be submitted
on prescribed forms to NFPA by published deadlines. Visit www.nfpa.org
and click on "Codes & Standards" at the top of the screen. Interested
parties can also follow the progress of the technical committee's activities
via the Report on Proposals and Report on Comments documents published
by NFPA.
About the Author
Donald L. Schmidt, ARM, is senior vice president
and managing consultant within the Risk Consulting Practice of Marsh USA
Inc. He has been a member of the Technical Committee on Emergency Management
and Business Continuity since 1994.
The author may be reached by telephone
at (617) 421-0341 or by email at donald.l.schmidt@marsh.com.
|
