Don Schmidt is CEO of risk consulting company Preparedness LLC and a 20-year member and chair of the technical committee that writes the National Fire Protection Association (NFPA) 1600 standard. He also is the editor of the handbook Implementing NFPA 1600 National Preparedness Standards, which was published in 2007. NFPA 1600 was updated this year, and the U.S. Department of Homeland Security adopted it as a voluntary consensus standard for preparedness.
In this Q&A, Schmidt reflects on the evolution of standards in emergency management and business continuity.
NFPA’s Standards Council created the Technical Committee on Disaster Management (since renamed Technical Committee on Emergency Management and Business Continuity) in 1991. Development of the standard was consistent with NFPA’s mission to reduce the worldwide burden of fire and other hazards. NFPA 1600 is also a logical complement to the more than 300 NFPA standards that address hazard prevention, risk mitigation and life safety.
NFPA 1600 is the most mature of the emergency management and business continuity standards having been first adopted more than 10 years before any of the others. Our committee members represent a wide cross section of public and private organizations, and that’s important because it brings together many perspectives. We have worked hard to solicit public input, and the standard has benefited from hundreds of public proposals and comments. NFPA’s development process is also transparent and balanced to ensure that no interest group can exert undue influence. I also believe that NFPA 1600 best integrates emergency management with business continuity/continuity of operations.
Organizations that seek to conform to a voluntary standard demonstrate their commitment to protecting life, property, operations, the environment and their organization as a whole. Non-public organizations that have implemented a program that conforms to NFPA 1600 would be more attractive for insurance underwriters to insure, investors seeking a return on their investment, and customers depending upon an uninterrupted supply of products or services. Public-sector entities with conforming programs should be better able to protect the citizens in their jurisdictions, the economic base and services that their communities depend on, and the environment.
The subject matter that we define as emergency management and business continuity/continuity of operations is very broad and deep. Standards bring together the collective expertise of numerous subject-matter experts and become valuable tools as they are used, refined with the input from users, and over time become widely accepted criteria. The criteria are used by certification programs including EMAP for public-sector programs and PS-Prep for private-sector programs. Professionalism is achieved by demonstrating conformity to established standards and their criteria.
The committee has tried to write a standard that can be used by all entities: large and small; public, not for profit and private; locally and globally. The NFPA 1600 technical committee has always kept the limited resources of the small “entity” or jurisdiction in mind. We have tried to avoid writing overly prescriptive text, and many program requirements are based on the entity’s performance objectives. We’ve also included language such as using cost-benefit analysis and operational experience to determine the degree a program element is implemented. Emergency managers with limited resources can use NFPA 1600 to evaluate their program, identify gaps and prioritize actions for further development.
Protection of revenue, profits, growth, brand and image are important drivers in private-sector business continuity planning. Decisions about how much to invest in the program are often determined by the potential for economic loss. Regulatory compliance is also an important consideration in the private sector, which is faced with safety and health, environmental protection, information security and other regulations. Some sectors such as financial services are heavily regulated and frequently audited. The approach of public-sector emergency management is dictated by the responsibility for ensuring the safety of a large population within a large geographic area. Although public-sector emergency managers are concerned about protecting the economic base in their communities, much of the infrastructure and property is owned by the private sector. This challenge highlights the need for public-sector emergency managers to communicate frequently and coordinate often with the private sector. If the public sector and private sector both use a common standard such as NFPA 1600, the hope is they will be on the same page.
NFPA 1600 has changed significantly over six editions. The first edition (1995) was heavily focused on emergency management. Today it is a fully integrated, “all-hazards,” emergency management and business continuity standard. We’ve also maintained our discipline and kept the standard to less than seven pages long (explanatory annexes not included).
We expanded the traditional four phases of emergency management to include prevention — an addition that was controversial at the time. We have strived to define a total program approach by emphasizing leadership, commitment and financial management needed to develop, implement and maintain the program. Since understanding hazards and impacts is so essential, risk assessment and impacts analysis are emphasized. I’m pleased with the requirements for resource assessment, planning and logistics management, which are critical to executing any program. A section on employee assistance and support was added to the 2010 edition.
NFPA 1600 also defines requirements for warnings, notifications and communications, and provides important requirements for crisis communications and public information.
NFPA 1600 is updated every three years in accordance with NFPA’s standards development schedule. The continued reorganization of the standard to align with a program development process was another goal of the 2013 edition, and an additional chapter was added to help with the reorganization. The planning and design process in Chapter 5 was rewritten, and I think the requirements for strategies, plans and capabilities are much clearer.
We’ve added some new, albeit very concise, requirements for family preparedness. At the same time we revised and reduced the records management requirements that were incorporated into the 2010 edition.
Annex A, which is explanatory text to support the requirements in the chapters of the standard, was rewritten. For those who want to use a management system standard, they now have that option by adopting Annex F.
Social media has great potential for emergency managers while at the same time posing a great challenge. Pick a major event over the past year and you can see the power of social media. While social media provides a quick means to communicate with many audiences, it also can be problematic if incorrect or misleading information goes viral. I think standards can address the use of social media, but the text may appear in the explanatory sections. Standards can’t be overly prescriptive and single out any one means of communication. If they did, standards would be much longer and more challenging to conform to.
It’s hard for me to believe that we’ve published six editions of NFPA 1600. I’ve seen a continued evolution of the standard as we’ve learned from major incidents and the development of the professions of emergency management and business continuity. Program standards like NFPA 1600 will continue to slowly evolve. I believe there is a need to complement NFPA 1600 with standards for its program elements. An example is NFPA’s new project to develop a standard on mass evacuation planning. Other examples include ASTM’s standards on emergency operations centers and resource management. There is also room to develop standards for specific occupancies.
The importance of emergency management and business continuity has increased dramatically over the past 10 to 15 years, and I see that continuing. Highly efficient businesses are more vulnerable than ever, and the potential impacts are greater. Experts tell us that we will see more frequent and severe natural disasters and the specter of terrorism looms. I sincerely hope that emergency managers and business continuity professionals and the public and private sectors will continue to collaborate.