On June 15, Secretary Napolitano of the Department of Homeland Security announced final standards for the Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep). I don’t know the full details of how this certification of private sector entities is to be conducted. However, I was intrigued by the full titles of the two American standards, which are free. (The third accepted standard is by the British Standards Institution.) One is NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity Programs by the National Fire Protection Association; the other is Organizational Resilience: Security, Preparedness, and Continuity Management Systems—Requirements with Guidance for Use (ASIS SPC.1-2009) by ASIS International, approved by the American National Standards Institute, Inc.
Some key words show up in these titles: Emergency Management, Business Continuity, and Organizational Resilience. Future posts will explore the meanings of these terms.
Going back to the BP-associated oil spill disaster, one could ask whether anyone involved was applying these standards and would it have made any difference. The NFPA 1600 recommends considering potential hazards, vulnerability of the entity to those hazards, and analyzing the potential consequences of those hazards. After considering and analyzing, there must be a decision-making process about which hazards/consequences to devote resources to address. As the saying goes, only hindsight is 20:20.
Government readiness programs for small business have always be based on the government standard for business continuity. The rules that apply for small business are different. We shall see how this program unfolds, but I am not counting on it very much right now.