The Role of Standards in Emergency Management

Don Schmidt is CEO of risk consulting company Preparedness LLC and a 20-year member and chair of the technical committee that writes the National Fire Protection Association (NFPA) 1600 standard. He also is the editor of the handbook Implementing NFPA 1600 National Preparedness Standards, which was published in 2007. NFPA 1600 was updated this year, and the U.S. Department of Homeland Security adopted it as a voluntary consensus standard for preparedness.

In this Q&A, Schmidt reflects on the evolution of standards in emergency management and business continuity.

Question: What is the background on the creation of the NFPA 1600 standard? How did it become established?

NFPA’s Standards Council created the Technical Committee on Disaster Management (since renamed Technical Committee on Emergency Management and Business Continuity) in 1991. Development of the standard was consistent with NFPA’s mission to reduce the worldwide burden of fire and other hazards. NFPA 1600 is also a logical complement to the more than 300 NFPA standards that address hazard prevention, risk mitigation and life safety.

Other standards exist for emergency management and business continuity programs. How do you see NFPA 1600 fitting into the mix of existing standards?

NFPA 1600 is the most mature of the emergency management and business continuity standards having been first adopted more than 10 years before any of the others. Our committee members represent a wide cross section of public and private organizations, and that’s important because it brings together many perspectives. We have worked hard to solicit public input, and the standard has benefited from hundreds of public proposals and comments. NFPA’s development process is also transparent and balanced to ensure that no interest group can exert undue influence. I also believe that NFPA 1600 best integrates emergency management with business continuity/continuity of operations.

What are the advantages of an established standard to an organization?

Organizations that seek to conform to a voluntary standard demonstrate their commitment to protecting life, property, operations, the environment and their organization as a whole. Non-public organizations that have implemented a program that conforms to NFPA 1600 would be more attractive for insurance underwriters to insure, investors seeking a return on their investment, and customers depending upon an uninterrupted supply of products or services. Public-sector entities with conforming programs should be better able to protect the citizens in their jurisdictions, the economic base and services that their communities depend on, and the environment.

What role do standards play in helping to establish a professional approach to emergency management and business continuity?

The subject matter that we define as emergency management and business continuity/continuity of operations is very broad and deep. Standards bring together the collective expertise of numerous subject-matter experts and become valuable tools as they are used, refined with the input from users, and over time become widely accepted criteria. The criteria are used by certification programs including EMAP for public-sector programs and PS-Prep for private-sector programs. Professionalism is achieved by demonstrating conformity to established standards and their criteria.

Many emergency managers see following a standard like NFPA 1600 as being out of reach for their program because they are either a one-person shop or perhaps only part time. How do you respond to that type of thinking?

The committee has tried to write a standard that can be used by all entities: large and small; public, not for profit and private; locally and globally. The NFPA 1600 technical committee has always kept the limited resources of the small “entity” or jurisdiction in mind. We have tried to avoid writing overly prescriptive text, and many program requirements are based on the entity’s performance objectives. We’ve also included language such as using cost-benefit analysis and operational experience to determine the degree a program element is implemented. Emergency managers with limited resources can use NFPA 1600 to evaluate their program, identify gaps and prioritize actions for further development.

What differences do you see between government's approach to emergency management and the typical business continuity program in a private-sector business?

Protection of revenue, profits, growth, brand and image are important drivers in private-sector business continuity planning. Decisions about how much to invest in the program are often determined by the potential for economic loss. Regulatory compliance is also an important consideration in the private sector, which is faced with safety and health, environmental protection, information security and other regulations. Some sectors such as financial services are heavily regulated and frequently audited. The approach of public-sector emergency management is dictated by the responsibility for ensuring the safety of a large population within a large geographic area. Although public-sector emergency managers are concerned about protecting the economic base in their communities, much of the infrastructure and property is owned by the private sector. This challenge highlights the need for public-sector emergency managers to communicate frequently and coordinate often with the private sector. If the public sector and private sector both use a common standard such as NFPA 1600, the hope is they will be on the same page.

How has NFPA changed over the years from when it was first established 18 years ago?

NFPA 1600 has changed significantly over six editions. The first edition (1995) was heavily focused on emergency management. Today it is a fully integrated, “all-hazards,” emergency management and business continuity standard. We’ve also maintained our discipline and kept the standard to less than seven pages long (explanatory annexes not included).

We expanded the traditional four phases of emergency management to include prevention — an addition that was controversial at the time. We have strived to define a total program approach by emphasizing leadership, commitment and financial management needed to develop, implement and maintain the program. Since understanding hazards and impacts is so essential, risk assessment and impacts analysis are emphasized. I’m pleased with the requirements for resource assessment, planning and logistics management, which are critical to executing any program. A section on employee assistance and support was added to the 2010 edition.

NFPA 1600 also defines requirements for warnings, notifications and communications, and provides important requirements for crisis communications and public information.

There is a new 2013 edition of NFPA 1600 out. What were the most significant changes that called for a new edition to be established?

NFPA 1600 is updated every three years in accordance with NFPA’s standards development schedule. The continued reorganization of the standard to align with a program development process was another goal of the 2013 edition, and an additional chapter was added to help with the reorganization. The planning and design process in Chapter 5 was rewritten, and I think the requirements for strategies, plans and capabilities are much clearer.

We’ve added some new, albeit very concise, requirements for family preparedness. At the same time we revised and reduced the records management requirements that were incorporated into the 2010 edition.

Annex A, which is explanatory text to support the requirements in the chapters of the standard, was rewritten. For those who want to use a management system standard, they now have that option by adopting Annex F.

What role, if any, do you see social media playing in emergency management and in standards?

Social media has great potential for emergency managers while at the same time posing a great challenge. Pick a major event over the past year and you can see the power of social media. While social media provides a quick means to communicate with many audiences, it also can be problematic if incorrect or misleading information goes viral. I think standards can address the use of social media, but the text may appear in the explanatory sections. Standards can’t be overly prescriptive and single out any one means of communication. If they did, standards would be much longer and more challenging to conform to.

How do you see standards changing long term as the professions of emergency management and business continuity become more established?

It’s hard for me to believe that we’ve published six editions of NFPA 1600. I’ve seen a continued evolution of the standard as we’ve learned from major incidents and the development of the professions of emergency management and business continuity. Program standards like NFPA 1600 will continue to slowly evolve. I believe there is a need to complement NFPA 1600 with standards for its program elements. An example is NFPA’s new project to develop a standard on mass evacuation planning. Other examples include ASTM’s standards on emergency operations centers and resource management. There is also room to develop standards for specific occupancies.

Is there anything you would like to add about our profession and the people who make it up?

The importance of emergency management and business continuity has increased dramatically over the past 10 to 15 years, and I see that continuing. Highly efficient businesses are more vulnerable than ever, and the potential impacts are greater. Experts tell us that we will see more frequent and severe natural disasters and the specter of terrorism looms. I sincerely hope that emergency managers and business continuity professionals and the public and private sectors will continue to collaborate.