BY DONALD L. SCHMIDT
Over the past six years, the United States has experienced severe acts of terrorism and natural disasters costing tens of billions of dollars and thousands of lives, and we still face the specter of pandemic flu. All present a huge challenge to risk managers and emphasize the need for solid disaster-emergency programs.
Many risk managers believe the focus of emergency management and business continuity is response and recovery. The addition of “prevention” as a core element of the U.S. Department of Homeland Security’s new disaster-emergency standards emphasizes the need to prevent or reduce injuries to people, damage to property, interruption of operations and contamination of the environment.
Recent legislative action highlights the significance of the National Fire Protection Association 1600 standard, which has been used extensively in the public sector for many years. The Homeland Security department, in fact, has been directed to use NFPA 1600 to promote private sector preparedness.
The 2007 edition of NFPA 1600—“Standard on Disaster/Emergency Management and Business Continuity Programs,” the fourth edition of the standard—has been approved by Homeland Security, recommended by the 9/11 Commission and recognized in the National Intelligence Reform Act of 2004.
NFPA 1600 establishes a common set of criteria to develop, implement and maintain a program for prevention, mitigation, preparation, response and recovery from emergencies.
The standard is not a “how-to” guide with prescriptive requirements but rather provides a framework and establishes the relationship between an integrated emergency management and business continuity program.
GETTING STARTED
The first step is to evaluate any current program including prevention and mitigation, emergency response, business continuity, crisis management, and crisis communications policies and procedures.
Laws and regulations including Occupational Safety and Health Administration standards, fire prevention codes, Homeland Security regulations and industry-specific regulations need to be reviewed, identifying those that apply to the organization. Next, goals and objectives for the program need to be formalized in a policy signed by senior management and distributed throughout the organization.
An advisory committee with representatives from throughout the organization should be established. A program coordinator vested with authority and necessary resources to develop the program needs to be appointed.
• Risk Assessment
Natural and man-made hazards that can injure people, damage property, interrupt business operations, contaminate the environment, or hurt a brand, image or reputation need to be identified.
The vulnerability of facilities, systems, equipment and people from the maximum foreseeable magnitude of identified hazards needs to be assessed, determining possible impacts.