The Future of NFPA 1600

NFPA 1600: Standard on Continuity, Emergency, and Crisis Management is a standard I often reference. The contents of the standard, applicable to all organizations including government, non-profit, and private sector; compliments other standards and doctrine well, and is regularly updated to integrate new practices. The latest editions have gained even more value with what can be collectively referred to as implementation notes, which really help support putting the standard into action. The NFPA has also been releasing ‘Handbook’ editions of their standards, with even more professional commentary to support implementation. There is news, though… NFPA 1600 is going away – but don’t worry!

Last year, the NFPA announced the Emergency Response and Responder Safety Document Consolidation Plan. This is part of a larger movement within the NFPA to pull together a variety of similar codes and standards. NFPA 1600 will be combined into a new consolidated standard, NFPA 1660. NFPA 1660 will consist of the present NFPA 1600, NFPA 1616 (Standard on Mass Evacuation, Sheltering, and Re-Entry Programs), and NFPA 1620 (Standard for Pre-Incident Planning). The respective scopes of each of these documents are very complimentary and it absolutely makes sense for them to be in a combined edition. I appreciate that the combined editions will better allow readers to connect the dots of the continuity of activity.

The new NFPA 1660: Standard on Community Risk Assessment, Pre-Incident Planning, Mass Evacuation, Sheltering, and Re-entry Programs is in a public input period for the first draft through November 13, 2020; with a second draft scheduled for release in 2021; and a final draft by the end of 2022. So, don’t worry, NFPA 1600, or the other two standards it is being combined with, are not yet ‘obsolete’, but these standards on their own will no longer be updated.

For many years, NFPA 1600 has been available free digitally. I’m hoping the new combined standard will also be available for free as it will be an even more valuable resource and reference for a very broad range of emergency management and business continuity professionals, as well as students of these professions. I certainly expect the new NFPA 1660 to include new or modified standards as the result of lessons learned from the Coronavirus pandemic.

Is there anything you would like to see in the new standard?

©2020 Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC®

Changing The Lexicon on Terrorism Preparedness, Response, and Recovery

A couple months ago I posted about NFPA 3000: Standard for Active Shooter/Hostile Event Response Program.  Soon after posting, I ended up purchasing a copy of the standard and, combined with other readings and discussions, am fully bought into not only this standard but a change in our lexicon for this type of incident.

NFPA3000

First off, in regard to NFPA 3000, it’s not rocket science.  There is nothing in this standard that is earth shattering or itself wholly changing to what we do or how we do it.  But that’s not the intent of NFPA standards.  NFPA technical committees compile standards based upon best practices in the field. The standards they create are just that – standards.  They are a benchmark for reference as we apply the principles contained therein.  NFPA 3000 provides solid guidance that everyone in EM/HS should be paying attention to.

What NFPA 3000 has helped me realize is that our focus has been wrong for a while.  Terrorism isn’t necessarily the thing we need to be preparing for.  Why?

First, let’s look at what is generally referenced definition of terrorism in the United States.  This comes from Title 22 Chapter 38 US Code § 2656f.  It states that terrorism is “premeditated, politically motivated violence perpetrated against noncombatant targets by subnational groups or clandestine agents’.  Note that the definition focuses on motive more than action or consequence.  While motive is very important in prevention/intelligence and prosecution, it is far less important to most preparedness, response, and recovery activities.

The term ‘active shooter’ has been used quite a bit, yet it’s not a good description of what communities and responders can face when we consider that perpetrators could use means and methods instead of or in addition to firearms.  We’ve seen a wide variety of these instances that involve knives, vehicles, improvised explosives, and more.

This is why I prefer the term ‘active shooter/hostile event response’ or ASHER.  While the term has been around for a bit (a quick internet search shows references going back to at least 2013), NFPA 3000 has essentially canonized it in our lexicon.  The definition provided in NFPA 3000 is focused on the incident, rather than the motivation, and is comprehensive of any means or methods which could be used.  That definition is – Active Shooter/Hostile Event Response (ASHER): An incident where one or more individuals are or have been active engaged in harming, killing, or attempting to kill people in a populated area by means such as firearms, explosives, toxic substances, vehicles, edged weapons, fire, or a combination thereof.

When it comes to preparedness, response, and recovery ASHER is the focus we need to have.  Motivations generally make little difference in how we should respond.  We should always be looking for secondary devices or other attackers – these are not features unique to terrorist attacks.  As we do with any crime scene, we should always be mindful of evidence that can lead us to the motives and potential co-conspirators of an attacker.  That’s important for investigation, prosecution, and the prevention of further attacks.  Does the term ‘terrorism’ still have a place?  Of course it does.  In our legal system, that’s an important definition.  Philosophically, we can argue that all attacks are acts of terror, but because of the legal definition that exists of terrorism, we can’t – at least in the US.

I encourage everyone to start making the move to changing the lexicon to ASHER where appropriate.  It makes sense and gives us the proper perspective.

© 2018 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC ™

A New NFPA Standard for Active Shooter/Hostile Event Response

The National Fire Protection Association (NFPA) has recently published a new standard for Active Shooter/Hostile Event Response (ASHER) programs.  NFPA 3000 is consistent with other standards we’ve seen published by the organization.  They don’t dictate means or methods, leaving those as local decisions and open for changes as we learn and evolve from incidents and exercises.  What they do provide, however, is a valuable roadmap to help ensure that communities address specific considerations within their programs.  It’s important to recognize that, similar to NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity/Continuity of Operations Programs, you aren’t getting a pre-made plan, rather you are getting guidance on developing a comprehensive program.  With that, NFPA 3000 provides information on conducting a community risk assessment, developing a plan, coordinating with the whole community, managing resources and the incident, preparing facilities, training, and competencies for first responders.

NFPA standards are developed by outstanding technical committees with representation from a variety of disciplines and agencies across the nation.  In the development of their standards, they try to consider all perspectives as they create a foundation of best practices.  While the NFPA’s original focus was fire protection, they have evolved into a great resource for all of public safety.

I urge everyone to take a look at this new standard and examine how you can integrate this guidance into your program.  The standard is available to view for free from the NFPA website, but is otherwise only available by purchase.  Also available on their website is a fact sheet and information on training for the new standard.

© 2018 – Timothy Riecker, CEDP

Emergency Preparedness Solutions, LLC

A New NFPA 1600

Several weeks ago (I forgot to post it!) the National Fire Protection Association (NFPA) released the 2016 update of their 1600 standard, and with a slightly different name: Standard on Disaster/Emergency Management and Business Continuity/Continuity of Operations Programs.  More on the name change in a bit.

For those not familiar with NFPA 1600, if you are in the emergency management field, you should be familiar with it.  While not legally binding (unless specifically referenced by a law or regulation), NFPA 1600 is an excellent standard for modeling an emergency management program.  Like any good standard, it provides guidance on what components you should have, but doesn’t tell you how to do it. NFPA 1600 is also very complimentary to the Emergency Management Accreditation Program (EMAP), with no conflicts between these standards – mostly because EMAP foundationally references much of NFPA 1600.  NFPA 1600 can be found here.  The NFPA provides a free download of the standard (it is heavily copyrighted, so exercise prudence in how you handle it) or you can pay to obtain paper copies.

On to the changes in this update.  As mentioned, the title has been altered a bit by adding ‘Continuity of Operations’.  While it doesn’t say so, I’m guessing that some government-types may have approached NFPA 1600 a bit skeptically thinking that it was really intended for the private sector.  The thing is, business continuity is a specific function within emergency management, but largely follows many of the same processes, just with a particular focus.

Within the standard, the early section titled ‘The Origin and Development of NFPA 1600’ summarizes the evolution of the standard, and provides some information on the changes to the 2016 update.  They mention that “The purpose of the standard has been changed to reflect the Committee’s decision to emphasize that the standard provides fundamental criteria for preparedness and that the program addresses prevention, mitigation, response, continuity, and recovery.  In other words, “preparedness” is no longer just an element of the program – it is the program.” That perspective on preparedness is a great continued evolution of the concept within emergency management.  While the standard in emergency management used to be the emergency management cycle with preparedness as one phase, that is thankfully beginning to go away (although it’s still seen out there way too much for my taste).

old em cycle

The Old Emergency Management Cycle – DON’T USE THIS ANYMORE!

The truth is preparedness permeates everything we do – all phases (or mission areas) of emergency management.  That’s why there are five mission areas identified in the National Preparedness Goal (Protection, Prevention, Response, Mitigation, and Recovery).  Where is preparedness?  It’s the root of the document (literally… it’s in the name of the document).  Preparedness is addressed for each mission area.  We must prepare to protect, prepare to prevent, prepare to respond, prepare to mitigate, and prepare to recover.

As usual, I digress…

Back to NFPA 1600.  This 2016 update includes language within “crisis management planning to include issues that threaten the reputation of and the strategic and intangible elements of the entity as a result of an event or series of events…”.  Smart move.  These elements of crisis management are something we see in both the public and private sector and certainly should be addressed.

Since business continuity does remain a focus element of the standard, they have continued to enhance those aspects.  As such, they have included information on supply chain risk and information security within the document.  When considering business continuity, we can’t just look at our own operations.  The vulnerabilities of other organizations can certainly impact us, so examining supply chain vulnerabilities is wise.  As for information security, we have seen plenty of internal and external cybersecurity issues to justify that.  Although a bit late, I’m glad the NFPA is keeping up with technology and current trends and hazards.  They have also rewritten much of the business impact analysis section (within Chapter 5) to address continuity planning and recovery planning, with a specific differentiation between the two.

Lastly, they have added Annex C, a small business preparedness guide (good move NFPA!), and have added material on addressing the needs of persons with access and functional needs, as well as adding some information on the role of social media in crisis communications plans.

These are all positive changes for the NFPA 1600 standard.  I encourage everyone who is part of an emergency management program to take a look at it and see what it has to offer.  It’s good guidance and will probably provide some good ideas for helping you grow and maintain an impactful program.

For those interested, I have a couple of past articles on standards in emergency management:

Standards in Emergency Management Programs

Business Continuity and Emergency Management Standards and Requirements

 

© 2016 – Timothy Riecker

Emergency Preparedness Solutions, LLCWe are your Partner in Preparedness!

Business Continuity and Emergency Management Standards and Requirements

When building a business continuity or emergency management program – or the foundation of that program in a business continuity or emergency management plan – there is a lot of research that needs to be performed before much work can even begin.  Some of the most critical research is the identification of the standards and requirements which apply to your program/plan.  Note a significant difference in terminology between requirement and standard.  Requirements are generally items that are in passed into law or included in regulation.  Standards are typically developed by standards organizations or accrediting bodies and are generally looked upon as best practices within an industry.  Standards are also more likely to be regularly updated whereas requirements (laws) are generally updated on a less often basis.

Where should you look for requirements and standards which apply to you?  Much of it is based upon what industry you are in and where you are located.

Start locally.  Research local laws and codes which may have requirements for certain industries.  Local emergency management planning codes that I’ve seen include industries that use or produce specific chemicals, healthcare facilities, day care programs, and the hospitality industry (hotels and resorts), to name a few.  These codes may require certain planning or notification elements which you must address.  You should search the codes/laws of your city/town/village as well as your county.  The clerks or emergency management officials for those jurisdictions should be of great help to you.  States usually also have specific planning requirements found in state law and/or regulation which cover requirements for local jurisdictions as well as many of the industries mentioned previously.  Contact your state emergency management agency as well as the state agency that regulates your industry for the best information.

Local and state laws comprise most of the requirements you will find – however certain industries may have federal laws or regulations which must be followed – many of these come from the EPA.  Nationally, however, you are more likely to find standards.  FEMA’s standard for emergency planning (which largely applies to jurisdictions but can certainly be used by other organizations) is found in Comprehensive Preparedness Guide (CPG) 101 – Developing and Maintaining Emergency Operations Plans.  While there is no up front legal requirement to follow CPG 101 from FEMA, it may be a requirement of grant funding – yet another requirement you must explore and address.  Certain industries seeking ISO (International Standards Organization) accreditation may need to follow various ISO standards on emergency management and safety.  Overall, if your industry has a professional association or accrediting body, they are an excellent resource for you.

But isn’t there some standard that applies broadly to everyone?  Yes – that is NFPA 1600.  The National Fire Protection Association (NFPA) creates standards which apply to many industries and are often legally adopted as code by jurisdictions.  The NFPA itself does not create law or regulation but they drive many of the standards we see across the nation in many applications including chemical production and handling, engineering, electrical, plumbing, building and development codes, fire codes and others.  NFPA documents are developed through a consensus standards development process approved by the American National Standards Institute (ANSI).  NFPA 1600 is the Standard on Disaster/Emergency Management and Business Continuity Programs.  Typically access to NFPA documents requires membership or a fee per document (their material is copyrighted), however NFPA 1600 is seen as so critical and broad-reaching that the NFPA offers access to the document free of charge.

NFPA 1600 is comprehensive yet open enough for individual application.  You won’t see from NFPA 1600 any detailed guidance in how to write a plan, but you will see the steps of a planning process and key benchmarks they recommend be addressed in a plan.  In addition to planning, the standard also addresses program management, training and exercises, and program improvement.  Intended to be used as a tool, the standard also includes program evaluation checklists and references other best practices in emergency management and business continuity including DRII (Disaster Recovery Institute International) and United Nations programs.  An annex within the standard even addresses family preparedness programs intended for employees.

While the standards you must follow are dependent upon your location and industry, NFPA 1600 can be applicable to all organizations and should be referenced in the building and maintenance of your emergency management and business continuity plan.  For those of you dependent upon access to information on your mobile devices, they even have a free NFPA 1600 mobile app (I reference it often!).

Adherence to requirements and standards helps ensure that your program meets or exceeds all expectations and best practices.  Even if you are not legally obligated to do so, following standards, such as NFPA 1600, provides you with a comprehensive program which will help you better prepare for, respond to, and recover from disaster.

If you need help navigating your emergency management requirements or standards, contact Emergency Preparedness Solutions.  Visit our website at www.epsllc.biz.

© 2014 Timothy Riecker