Features

by John Nicholson

This was one of several statements of support that the National Commission on Terrorist Attacks upon the United States, also known as the 9/11 Commission, offered when recommending NFPA 1600, Disaster/Emergency Management and Business Continuity Programs, as the national standard for private-sector preparedness. (Download a free copy of NFPA 1600, PDF, 864 KB.)

Following the attacks of September 11, 2001, there was a great deal of discussion of how businesses could plan for a resumption of business after  any disaster. Fortunately, NFPA had the foresight to consider such questions years before the attacks, developing NFPA 1600 through our consensus process. Recognizing its value to a post-September 11 business world, commission members wrote in their report, "We were encouraged by Secretary Tom Ridge's praise of the standard, and urge the Department of Homeland Security to promote its adoption."

Ridge told the commission on May 19, 2004, "We are also building a foundation on which the private sector can take important steps to improve their readiness. The ANSI/NFPA 1600—a set of voluntary standards developed by the American National Standards Institute and the National Fire Protection Association—empower the private sector to examine their own readiness and take part in the shared responsibility of homeland security.

"These standards encourage mutual respect, cooperation, and open communication—essential elements of our national approach to readiness. Voluntary standards like these—and the process used to develop them—help make us smarter about how to perform our duties better, and give us direction and guidance in the areas we need them most. They are just one tool—but an important one—in our effort to make our country more secure."

Compliance with standard
The commission further encouraged the insurance and credit-rating industries to look closely at potential clients' compliance with NFPA 1600 in assessing their insurability and creditworthiness.

"We believe that compliance with the standard should define the standard of care owed by a company to its employees and the public for legal purposes. Private-sector preparedness is not a luxury; it is a cost of doing business in the post-9/11 world. It is ignored at a tremendous potential cost in lives, money, and national security."

This statement bolstered the Department of Homeland Security's mandate to work with the private sector, as well as the government, to ensure preparedness. This is entirely appropriate, for the private sector controls 85 percent of the nation's critical infrastructure. Unless a terrorist's target is a military or other secure government facility, the target will almost certainly be private and the "first" first responders will almost certainly be civilians. Homeland security and national preparedness therefore often begins with the private sector.

Endorsement recommended
According to the report, "Preparedness in the private sector and public sector for rescue, restart, and recovery of operations should include

1. a plan for evacuation,
2. adequate communications capabilities, and
3. a plan for continuity of operations.

"As we examined the emergency response to 9/11, witness after witness told us that despite 9/11, the private sector remains largely unprepared for a terrorist attack. We were also advised that the lack of a private-sector preparedness standard was a principal contributing factor to this lack of preparedness.

"We (9-11 Commission) responded by asking the American National Standards Institute (ANSI) to develop a consensus on a ‘National Standard for Preparedness' for the private sector. ANSI convened safety, security, and business continuity experts from a wide range of industries and associations, as well as from federal, state, and local government stakeholders, to consider the need for standards for private sector emergency preparedness and business continuity."

The result of these sessions was ANSI's recommendation that the 9/11 Commission endorse NFPA 1600, which establishes a common set of criteria and terminology for preparedness, disaster management, emergency management, and business continuity programs.

Total approach
Developed with input from such public and private-sector organizations as the Federal Emergency Management Agency, the National Emergency Management Association, and the International Association of Emergency Managers, NFPA 1600 is the only existing process-based national or international standard that identifies key functional areas and an overall strategy for disaster preparedness and business continuity for both private and public-sector organizations.

It takes a "total program approach" to disaster and emergency management and business continuity by providing common elements, techniques, and processes that can serve as a general strategic-level guide in the development of an overall program. Given the vast difference among various types of industries and organizations, more detailed plans and operational-level policies and procedures are best developed on a company-by-company basis.

Since it was only elevated to full national standard status in 2000, NFPA 1600 is still not as widely known as it will be. Nonetheless, the standard, available for downloading from NFPA´s Web site, is a significant resource for private-sector preparedness, worthy of greater communication and use. In addition, a two-day seminar on NFPA 1600 will be offered at the Fall Education Conference in Miami, Florida, on November 12 and November 13.

John Nicholson is the managing editor of the NFPA Journal.