[an error occurred while processing this directive]

An Update on NFPA 1600,
Standard on Disaster/Emergency Management and Business Continuity Programs

By Donald L. Schmidt

NFPA 1600, Standard on Disaster/Emergency Management and Business Continuity Programs, has gained considerable attention since first published as a standard in 2000. Since then the 9/11 Commission has endorsed it as The National Preparedness Standard. More recently, Congress emphasized the importance of private sector preparedness and NFPA 1600 within The National Intelligence Reform Act of 2004-signed by President Bush in December 2004.

Within Section 7305, Private Sector Preparedness, Congress asks the Secretary of Homeland Security "to promote, where appropriate, the adoption of voluntary national preparedness standards such as the private sector preparedness standard developed by the American National Standards Institute and based on the National Fire Protection Association 1600 Standard on Disaster/Emergency Management and Business Continuity Programs."

The National Fire Protection Association Technical Committee on Emergency Management and Business Continuity, which is responsible for NFPA 1600, is busily working on the 2007 edition of the standard. Before the printing presses produced the 2004 Edition, the Task Group on Future Development began exploring developing issues. The task group reviewed the recommendations of ANSI's Homeland Security Standards Panel, as well as the National Response Plan, the National Incident Management System, and all of the Homeland Security Presidential Decision Directives. The technical committee is also following the activities of the Emergency Management Accreditation Program - a long-time user of NFPA 1600, ASTM's E54 committee on health care preparedness, Australia-New Zealand risk management and security standards, the Canadian Standards Association's Emergency Preparedness Standard as well as the work of other organizations in the United States and Canada. At the very least, documents from these organization become excellent references within the annexes of NFPA 1600. In many cases interaction with these committees has identified common issues with, inconsistencies within, and or possible changes to, NFPA 1600.

The task group's report was presented to the full technical committee in the Fall of 2004, and continuing discussion is scheduled at the late Winter 2005 and Summer 2005 meetings. NFPA 1600 will continue to evolve in its next edition to address issues that have arisen since the committee finalized the last edition and to reflect activities in both the public and private sectors.

A strong message heard from ANSI's Homeland Security Standards Panel was the need to emphasize NFPA 1600 is a voluntary standard. The document as written incorporates mandatory language (e.g., "shall" not "should"), but unless the standard is legally adopted by a political jurisdiction or its use is mandated by an entity for that entity, NFPA 1600 is not enforceable. Plaintiff counsel can use the courts, however, to address a grievance, and NFPA 1600 can be presented as the standard of performance that a defendant's actions can be judged against. ANSI's HSSP has recommended incorporation of a foreword that emphasizes the voluntary nature of the standard. A task group has drafted a suggested foreword that will likely appear in the next edition.

The release of the National Incident Management System last year has resulted in many suggestions and some proposals to include concepts and terminology from NIMS and the Incident Command System. In the past, NFPA 1600 has defined "incident management system" and requires that a system be used. However, the standard does not require use of ICS by name. Use of NFPA 1600, like many NFPA standards, extends well beyond the borders of the United States, and the technical committee has resisted mandating the use of United States practices.

The practices of emergency management and business continuity continue to evolve and gain in importance. Both disciplines are well-established, but the committee has recognized that too often planning for each is done in separate silos. A recommendation supported by the committee recognizes the need for emergency management and business continuity professionals to cooperate and coordinate their activities to ensure effective planning. Specific language is pending.

NFPA 1600 is not a prescriptive standard. It does not provide detailed requirements for each of the 15 program elements. Nor does it specify a program development process, although more than one has been presented to the technical committee. Each entity can address the requirements and program elements of NFPA 1600 in any manner, so long as each is properly addressed and meets the needs of the entity. One proposal assigned to another task group is the revision of NFPA 1600 to meet the requirements of a performance-based standard. This includes the development of goals, objectives, assumptions, and compliance options. However, a task group has reported considerable study and deliberation is required - more than can be afforded prior to the upcoming deadline for drafting of the committee's proposal.

One concept that has arisen particularly from the public sector is the inclusion of prevention and deterrence along with the four phases of emergency management specified in Section 5.1 - mitigation, preparedness, response, and recovery. Many articulate that prevention and deterrence are part of mitigation, hence no change is required. However, given the interest in deterrence and prevention of future terrorist attacks, this suggestion will continue to be evaluated.

Many proposals call for additional or revised definitions particularly relating to "homeland security." The technical committee has resisted revising the document to become "homeland security" centric. Rather the strength of the document is its focus on a program to address all hazards.

The title of the NFPA 1600 may also change, if a task group proposal survives the proposal and comment processes. Removal of the word "disaster" has been proposed because "disaster" is a relative term. Emergency management and business continuity have clearly emerged over the past decade as more meaningful terms.

Many questions have been raised about industry-specific compliance with NFPA 1600. Currently, annexes provide guidance on selected sections, and references guide readers to publicly available documents or other resources that may assist them in complying with NFPA 1600. Health care is one industry where discussions are underway to address how to use NFPA 1600 to address emergency management and business continuity. Currently, NFPA 99, Standard on Health Care, includes a chapter on health care emergency preparedness. Members of the NFPA 1600 technical committee and members of the NFPA 99, Chapter 12 technical committee have begun preliminary discussions on how to address this important need. While no solution has emerged at this time, options include writing a new standard in the NFPA 1600 series or expanding NFPA 1600 to address health care. Similarly, the unique and often complex challenges of other industries need to be addressed. Development of new standards would require the approval of NFPA's Standards Council and possible formation of a technical correlating committee to ensure documents are properly coordinated.

NFPA 1600 will continue to evolve in the coming months as the technical committee reviews all public proposals, prepares its own committee proposal, and then deliberates on public comments. This process, which will conclude when the next edition is balloted in late 2006, likely will see more - but probably not revolutionary - changes in the final document.

The NFPA standards making process is open and consensus based. All interested parties are urged to submit their suggestions for revisions or additions to NFPA 1600. Proposals and comments must be submitted on prescribed forms to NFPA by published deadlines. Visit www.nfpa.org and click on "Codes & Standards" at the top of the screen. Interested parties can also follow the progress of the technical committee's activities via the Report on Proposals and Report on Comments documents published by NFPA.

About the Author
Donald L. Schmidt, ARM, is senior vice president and managing consultant within the Risk Consulting Practice of Marsh USA Inc. He has been a member of the Technical Committee on Emergency Management and Business Continuity since 1994.

The author may be reached by telephone at (617) 421-0341 or by email at donald.l.schmidt@marsh.com.

[an error occurred while processing this directive]