When building a business continuity or emergency management program – or the foundation of that program in a business continuity or emergency management plan – there is a lot of research that needs to be performed before much work can even begin. Some of the most critical research is the identification of the standards and requirements which apply to your program/plan. Note a significant difference in terminology between requirement and standard. Requirements are generally items that are in passed into law or included in regulation. Standards are typically developed by standards organizations or accrediting bodies and are generally looked upon as best practices within an industry. Standards are also more likely to be regularly updated whereas requirements (laws) are generally updated on a less often basis.
Where should you look for requirements and standards which apply to you? Much of it is based upon what industry you are in and where you are located.
Start locally. Research local laws and codes which may have requirements for certain industries. Local emergency management planning codes that I’ve seen include industries that use or produce specific chemicals, healthcare facilities, day care programs, and the hospitality industry (hotels and resorts), to name a few. These codes may require certain planning or notification elements which you must address. You should search the codes/laws of your city/town/village as well as your county. The clerks or emergency management officials for those jurisdictions should be of great help to you. States usually also have specific planning requirements found in state law and/or regulation which cover requirements for local jurisdictions as well as many of the industries mentioned previously. Contact your state emergency management agency as well as the state agency that regulates your industry for the best information.
Local and state laws comprise most of the requirements you will find – however certain industries may have federal laws or regulations which must be followed – many of these come from the EPA. Nationally, however, you are more likely to find standards. FEMA’s standard for emergency planning (which largely applies to jurisdictions but can certainly be used by other organizations) is found in Comprehensive Preparedness Guide (CPG) 101 – Developing and Maintaining Emergency Operations Plans. While there is no up front legal requirement to follow CPG 101 from FEMA, it may be a requirement of grant funding – yet another requirement you must explore and address. Certain industries seeking ISO (International Standards Organization) accreditation may need to follow various ISO standards on emergency management and safety. Overall, if your industry has a professional association or accrediting body, they are an excellent resource for you.
But isn’t there some standard that applies broadly to everyone? Yes – that is NFPA 1600. The National Fire Protection Association (NFPA) creates standards which apply to many industries and are often legally adopted as code by jurisdictions. The NFPA itself does not create law or regulation but they drive many of the standards we see across the nation in many applications including chemical production and handling, engineering, electrical, plumbing, building and development codes, fire codes and others. NFPA documents are developed through a consensus standards development process approved by the American National Standards Institute (ANSI). NFPA 1600 is the Standard on Disaster/Emergency Management and Business Continuity Programs. Typically access to NFPA documents requires membership or a fee per document (their material is copyrighted), however NFPA 1600 is seen as so critical and broad-reaching that the NFPA offers access to the document free of charge.
NFPA 1600 is comprehensive yet open enough for individual application. You won’t see from NFPA 1600 any detailed guidance in how to write a plan, but you will see the steps of a planning process and key benchmarks they recommend be addressed in a plan. In addition to planning, the standard also addresses program management, training and exercises, and program improvement. Intended to be used as a tool, the standard also includes program evaluation checklists and references other best practices in emergency management and business continuity including DRII (Disaster Recovery Institute International) and United Nations programs. An annex within the standard even addresses family preparedness programs intended for employees.
While the standards you must follow are dependent upon your location and industry, NFPA 1600 can be applicable to all organizations and should be referenced in the building and maintenance of your emergency management and business continuity plan. For those of you dependent upon access to information on your mobile devices, they even have a free NFPA 1600 mobile app (I reference it often!).
Adherence to requirements and standards helps ensure that your program meets or exceeds all expectations and best practices. Even if you are not legally obligated to do so, following standards, such as NFPA 1600, provides you with a comprehensive program which will help you better prepare for, respond to, and recover from disaster.
If you need help navigating your emergency management requirements or standards, contact Emergency Preparedness Solutions. Visit our website at www.epsllc.biz.
© 2014 Timothy Riecker
2 thoughts on “Business Continuity and Emergency Management Standards and Requirements”