NFPA 1600 - Standard On Disaster/Emergency Management And Business Continuity Programs

The operational challenges facing businesses, service and educational institutions and organizations, as well as the communities within which they operate worldwide, will be defined in large part by the terrorism threats and increasing natural and man-made disasters facing us. Continuing globalization and expansion of the global economy in our businesses, as well as the life-safety issues facing everyone at times of disaster, demand contingency plans that are practical, realistic, thorough and current, in order to solve problems and reduce risks to both the public and private sectors worldwide. Therefore, it is imperative that the National Standard on Preparedness (also known as NFPA 1600) be fully endorsed by international, national, state, provincial, local government, as well as the private sector.

After a great deal of due diligence and hard work, the NFPA Technical Committee on Emergency Management and Business Continuity, comprised of representatives from both the public and private sector, including the Department of Homeland Security (DHS)/Federal Emergency Management Agency (FEMA), the National Emergency Management Association (NEMA), the International Association of Emergency Managers (IAEM) insurance and contingency planning organizations worldwide, have reviewed and updated NFPA 1600, as evidenced by the information contained in this article.

The 2004 edition was prepared by the Technical Committee on Disaster Management and acted on by the National Fire Protection Association (NFPA) at its November Association Technical Meeting held November 15-19, 2003, in Reno. NV. Furthermore, the present edition of NFPA 1600 was approved as an American National Standard on January 16, 2004 by the American National Standards Institute.

This standard has been endorsed by the American National Standards Institute (ANSI), DHS/FEMA, NEMA, and IAEM. The standard provides a common set of criteria for disaster/emergency management and business continuity programs that can be used throughout the development, implementation, assessment and maintenance cycle

The development of NFPA 1600 began in January, 1991 when the NFPA Standards Council established the Disaster Management Committee. The committee, which consists of members from both the public and private sectors who specialize in the field of disaster recovery, emergency management, and business continuity planning was then given the responsibility to develop documents relating to preparedness for, response to, and recovery from disasters resulting from natural, human or technological events. This committee, meeting several times a year, and whose members donate their time and expenses (as do all of NFPA's voluntary non-staff committee members) first focused on the development of the NFPA 1600, Recommended Practice for Disaster Management. After much work and numerous discussions representing various viewpoints, NFPA 1600 was presented to the NFPA membership at the 1995 Annual Meeting in Denver, Colorado, and that effort produced the 1995 edition of NFPA 1600.

In its revision of the document from a recommended practice to a standard for the 2000 edition, the committee also more fully addressed the long-term business interruption and the additional affects of increasing natural, human and technological disasters. A significant change was the shift of emphasis from planning to a program perspective that would, for example, correspond with the EMAP process. In 1998 the Technical Committee change the scope of the document substantially from a "planning" perspective to a "program" perspective and a program management section was added. It was a significant change in that it embraced the entire cycle of emergency management, not just four phases. The Technical Committee expanded the process from preparedness, response, recovery and mitigation to focus on functions such as strategic planning, budgeting, corrective action and other management responsibilities in the emergency planning arena. At the same meeting in 1998, the public and private sector representatives defined what an "emergency/disaster management and business continuity program" was for the first time. In addition, ANSI-HSSP (Homeland Security Standards Panel) validated this "program view" in order to help new comers and experienced planners to the field understand the scope of the program.

The 2000 edition was expanded to address business continuity planning issues both before and after a disaster. These additional guidelines in NFPA 1600 aid in the mitigation of losses, the continuing of time-sensitive business and service functions and processes, while also protecting life and property.

What's new in the 2004 edition?

• 2004 edition contains updated terminology and has been reformatted to follow the 2003 NFPA Manual of Style; however, the basic features of the standard remain unchanged.
• Annex A was expanded to include additional explanatory information the Technical Committee was needed to explain some of the intent of including the material in the main body of the standard.
• Annex A contains a table (FEMA's CAR/NFPA 1600/BCI & DRII Professional Practices) as a way to integrate the business continuity thinking and planning with that of the emergency management community.
• Annex B (Disaster/Emergency Management and Related Organizations) and Annex C (Additional Resources) have been significantly expanded to provide the planners, implementers and students a list of governmental agencies and organizations that are in the "business" of emergency management and business continuity. The inclusion of Canadian organizations on these listings is a sign of international focus of NFPA and the Technical Committee. (In the past two years the number of Canadian members has increased from one to three).
• Annex D (Disaster/Emergency Management Accreditation and Certification Programs) is new, providing a representative listing of the programs that accredit and/or certify people and organizations.
• Annex E (Informational Resources) is new, providing listing of NFPA standards and codes that are most commonly referenced in business continuity and emergency management programs.

Specific Program Elements addressed in NFPA 1600 include the following:

• Laws and Authorities
  The applicable legislation, regulations and industry codes of practice an entity needs to consider when developing a disaster/emergency management program.
• Hazard Identification, Risk Assessment, and Impact Analysis
  The identification of hazards (e.g., natural, human, and technological), the likelihood of their occurrence, the organization's vulnerability to these hazards, and the detrimental impact(s) of the hazard(s) on the organization.
• Hazard Mitigation
  Activities taken to eliminate or reduce the degree of risk to life and property from hazards, either prior to or following a disaster or emergency.
• Resource Management
  The means within the organization to reduce or eliminate the hazards identified in the program administration phase.
• Mutual Aid
  The need for and the establishment of mutual aid agreements.
• Planning
  The processes of developing advance arrangements and procedures which will enable an organization to respond to a disaster and resume critical business or service functions within a predetermined period of time, minimize the amount of loss, and repair, restore or replace the stricken facilities as soon as possible.

Strategic Plan - A plan outlining decisions regarding resource allocation, priorities, and action steps necessary to reach the goals of the disaster recovery, emergency management or business continuity plan.

Emergency Operations/Response Plan - A plan outlining the response an organization will have to a disaster or emergency. This may include procedures or criteria for opening an Emergency Operations Center, the deployment of assets to meet critical needs and the description and assurance of a coordinated response to emergency situations.

Mitigation Plan - The strategy and action steps to eliminate hazards or mitigate their effect if they cannot be eliminated.

Business Impact Analysis - The process of determining the impact on an organization should a potential loss (hopefully identified by the risk analysis) actually occur. The BIA should qualify and quantify, where possible, the loss impact from a business interruption, operational, and financial standpoint.

Recovery / Business Continuity Plan - The documentation of the strategies, procedures, resources, organizational structure, and information database utilized by an organization to recover from, resume, manage and continue operations in the event of a substantial disruptive incident.

• Direction, Control and Coordination
  The ability to manage, control, and coordinate the response and recovery operations.
• Communications and Warning
  The communication systems and procedures are to be established and regularly tested to support the program including the ability to notify officials, emergency personnel employees and other personnel of an actual or pending emergency.
• Operations and Procedure
  The implementation of all operational procedures, including response, damage assessment and recovery operations.
• Logistics and Facilities
  Identifies methods and responsibilities for providing facilities, services, personnel and materials for the incident.
• Training
  The implementation of a training / educational program to facilitate and provide understanding and support of the program
• Exercises, Evaluations & Corrective Actions
  The evaluation of the program through periodic reviews, testing, post-incident reports, performance evaluations and exercises
• Crisis Communication, Public Education and Information
  Procedures to disseminate information, including requests for pre-disaster, disaster and post disaster information. Also, the establishment of procedures for addressing media inquiries, as well as providing information to them.
• Finance and Administration
  Responsible for developing financial and administrative procedures to support the program before, during and after an emergency or a disaster.

NFPA 1600 is considered an excellent benchmark for planners in both the public and private sectors. This Standard provides numerous methodologies for defining and identifying risk and vulnerabilities within a community or business / service organization, as well as thorough planning guidelines which address: stabilizing the restoration of the physical infrastructure of the community or business organization; protecting the health and life safety of personnel housed in those communities or businesses; and crisis communications procedures and management structure for both short-term recovery and ongoing long-term continuity of operations within that community or business/service organization.

In addition, NFPA 1600 identifies methodologies for exercising those plans and provides a listing of numerous resource organizations within and for the fields of disaster recovery, emergency management and business continuity planning. (See Annex B & C).

As with other standards, NFPA 1600 will join the family of voluntary codes and standards (approximately 300) which are available for adoption by federal, state and local entities as well as the private sector. NFPA will continuously monitor the adoption and usage of the standard and its Technical Committee on Emergency Management and Business Continuity will revisit its contents and usage regularly over the next several months to determine if an interim change to reflect the recommendations that have come forth from the ANSI-HSSP is necessary.

We encourage you to review the 2004 edition of NFPA 1600 and utilize the valuable pre-loss and post-loss mitigation, recovery and continuity planning information housed therein. For your free, downloadable copy of NFPA 1600, please visit the NFPA website at www.nfpa.org or for any additional questions contact Staff Liaison Martha Curtis at 617-984-7467.

This article may not be reprinted, reproduced, or distributed in part, or in total, or altered in any way, in any medium, without the express written consent of the author. Please contact Pat Moore at pmooretex@aol.com or Martha Curtis at mcurtis@nfpa.org for more information. Copyright NFPA