EM Forum Presentation — March 28, 2012

NFPA 1600® and PS-Prep™ Update

Donald L. Schmidt, ARM, CBCP, CBCLA, CEM
Chair, NFPA Technical Committee
on Emergency Management and Business Continuity
Chief Executive Officer, Preparedness LLC

Amy Sebring
EIIP Moderator

This transcript contains references to slides which can be downloaded from http://www.emforum.org/vforum/NFPA/1600update2012.pdf
A video recording of the live session is available at http://www.emforum.org/pub/eiip/lm120328.wmv
An audio podcast is available at http://www.emforum.org/pub/eiip/lm120328.mp3

[Welcome / Introduction]

Amy Sebring: Good morning/afternoon everyone and welcome back to EMForum.org. We are very glad you could join us. I am Amy Sebring and will serve as your Moderator today.

For quite some time now we have been devoting Forum programs to NFPA 1600 standard as it has evolved over the years. We also did a previous program on the private sector preparedness program known as PS-Prep a couple of years ago. You can access these from our archives, but today it’s time for another update. We will begin with an overview presentation, and then proceed to your questions and comments.

[Slide 1]

Now it is my pleasure to introduce today’s guest: Donald Schmidt serves as Chair of NFPA's Technical Committee on Emergency Management and Business Continuity, responsible for NFPA 1600. He also served as editor of the NFPA publication Implementing NFPA 1600, National Preparedness Standard, and is a member of the Committee of Experts advising the ANSI-ASQ National Accreditation Board (ANAB) on requirements for voluntary certification of private sector programs under PS-Prep™. Don is also CEO of the consulting firm, Preparedness LLC and is a professional development instructor for NFPA and the Disaster Recovery Institute. Please see today’s Background Page for further biographic detail and links to related resources.

Welcome back Don, and thank you very much for joining us today. I now turn the floor over to you to start us off please.


Donald Schmidt: Thank you, Amy and good day to everyone. It is good to be back on Emergency Management Forum. To look back—it has been about three years since we talked about the 2010 edition of NFPA-1600. We are just finishing up on the 2013 edition so it is a great opportunity to brief you on changes you’ll see in the 2013 edition.

We’ll also talk a little bit about PS-Prep. We’ve been involved with that since back in 2003. I’m going to give you an update there as well.

[Slide 2]

To start with we’ll talk about what is a standard. There is a lot of confusion out there in terms of standards. I have a couple of introductory definitions here. One comes from ISO. You really want to highlight "consensus" which is an important word in the ISO definition for standard.

The second definition comes from the NFPA. I want to point that out because in NFPA-1600 we have chapters one through nine and those chapters are written in "shall" language. I want to point out that for the most part NFPA-1600 is a voluntary standard, but many NFPA standards are referenced and enforceable under regulations.

You might be familiar with the National Electrical Code and Safety Code and so forth. When we write a standard we are trying to write a high level document. We are very careful not to be overly prescriptive recognizing that NFPA-1600 is used worldwide. It is used by large organizations and small organizations, public and private sector, not-for-profit, NGOs and so on.

We follow NFPA’s manual of style to come up with a very usable document—one that is very concise and can be adapted by any pretty much any organization. When we see the word "shall" it is language that conforms to the NFPA’s manual of style so that if an organization chooses to adopt NFPA-1600 we are identifying the requirements that should be followed.

[Slide 3]

Take a look back at the NFPA-1600 Technical Committee and I know we have at least one other committee member on the call—and welcome Dean. The committee was organized back in 1991 and I’ll talk about the history in just a second, but I want to point out that the committee is comprised of 36 voting or principal members.

Many of the principal members have alternates. We have some non-voting members and dozens of task group members that all contribute to the writing of the document. We also benefit from hundreds of public comments and proposals that help us develop each edition of NFPA-1600. I encourage everyone on the call to provide your input into the next edition. That’s how we can make it a better document.

Also included on the slide is the web address. Go to http://www.nfpa.org/1600 and you can get additional information on NFPA-1600. Our committee hopefully represents the users out there—emergency managers, public and private sectors, business continuity professionals, loss prevention, hazard mitigation specialists, and even those that focus on crisis communications.

We try to get a balance of interests—public and private sector. You can see we have a lot of different representation in the private sector and different industries. We try to write a standard that takes into account the needs of all these different users.

[Slide 4]

I’ll give you a little history lesson on 1600. I look back and the committee was organized in 1991. We have published five editions. The 2013 edition will be the sixth edition. I mentioned my involvement with PS-Prep and really that began with a meeting on the second anniversary of 9/11 with professional staff of the 9/11 Commission and their interest was private sector preparedness.

That was one of their interests and that was the focus of that meeting. That led to initiative of the American National Standards Institute and their Homeland Security Standards Panel to evaluate which standards were out there. That process occurred and the result was a recommendation in the 9/11 Commissions report that endorsed the NFPA-1600 and called for enhanced private sector preparedness.

That was the seed that was sown back in 2004. I’ll talk a little later about PS-Prep and the evolution of PS-Prep. The 9/11 Commission recommendation was reiterated in Public Law 108-458 back in 2004 and in Public Law 110-53 was the Title IX and the requirements or specifications for what we now refer to as PS-Prep. We have a long history here and thank you to the many who have contributed to this standard over the years.

[Slide 5]

Let’s focus on the 2013 edition. We as a committee met last week in Indianapolis and some may describe it as tedious or arduous but it is a great process. We had a series of meetings over the last three years to come up with the latest edition.

I think what I’m most proud of is the continued integration of emergency management with business continuity and continuity of operations, COOP planning, crisis management, crisis communications and even elements in there in terms of prevention and mitigation.

I think the lines are blurring a little bit between emergency management, business continuity and the professionals are coming together. I believe the NFPA-1600 really embraces all those elements that really achieve preparedness and ability to respond, continuity of operations, recovery, resiliency, whatever word or words you want to describe the outcome of the program.

Going into every cycle the committee has a number of objectives. One of the objectives of the 2013 edition was enhanced usability. That is not only how we write the standard and how it is organized but also the explanatory annexes. That is really a goldmine of great information that is oftentimes overlooked.

We did a lot of work on the annexes. They have been expanded and rewritten and I’ll talk about those in a few minutes. The goal was one of usability. If you’re looking for dramatic new elements within 1600 you’re probably not going to find that. There are a lot of good nuggets, but it has been the evolution of the standard—not any revolutionary new concepts.

[Slide 6]

Many of you are familiar with and probably use ISO standards. There are a lot of great documents published by ISO. Many of you probably have heard about "plan, do, check, act" wheel or cycle, or whatever. In the 2010 edition we began the alignment of NFPA-1600 with "plan, do, check, act" and we continue that in the 2013 edition.

You’ll see on your screen that we have six blue rectangles and those are the major chapters of NFPA-1600 2013 edition. Chapters one, two and three are definitions, application, purpose and scope and so forth. If you look at the core of the NFPA-1600 2013 it is really going to be in these six chapters starting with the planning process, and the implementation, the doing, developing the program, training and education, exercises and tests, program review and program improvement.

Think of continuous improvement—the 2013 edition is better aligned with that process. Another little tidbit in terms of being Annex F—we have provided NFPA-1600 as a management system standard with enabling language so that an entity that chooses to adopt 1600 can follow Annex F written as a management system standard in place of chapters one through nine.

In our goal for usability we are also trying to strive for providing options so that the standard can be used by those who want to look at it as the traditional or as the management systems standard.

[Slide 7]

Let’s take a look at some of the chapters within the 2013 edition. Program Management is certainly a foundation of the program. We’ve had a lot of emphasis on leadership and commitment—some minor changes in 4.1 but still a strong emphasis on leadership and commitment in the program.

NFPA-1600 calls for having a Program Coordinator vested with authority by the entity to develop, implement, review, evaluate and maintain the program, and a Program Committee that is comprised of representatives from within the entity and also soliciting external representation. It hasn’t made great change in the 2013 edition in those areas.

In Program Administration, we are adding one new element in change management. Your organization changes continuously and the pace of those changes is becoming faster, so it is an important element in terms of program administration.

In Finance Administration—we took a look at that. I think some of the feedback from the 2010 edition was that some people didn’t understand that section; maybe it was more onerous than the committee intended. We went through it to rewrite finance and administration to make it more concise and specific to the program.

Keep in mind that a program in terms of development and implementation and development requires resources—money being a big part of that as well as procedures to be able to respond quickly and effectively to an incident, with the funding required for responding to an incident as well as continuity, recovery and so forth. That was emphasized in that section.

In the Records Management section we condensed it down a little bit. We focused a lot on vital records not just records required for the program—which could be anything from plan documents, training records and exercises and tests and so forth. We took a look at the importance of vital records that are very important for an organization to continue and survive—and that are hardcopy and electronic records.

Identification and protection of those records, valid backups of those records, security and access requirements—that is an area you definitely want to take a look at.

[Slide 8]

Let’s take a look at Planning in chapter five. In 5.1—the Planning and Design Process—that was rewritten to make it a lot clearer in terms of what plans the committee has deemed required for the program.

There was some confusion about strategic plans and this is really defining strategic plans and identifying high level crisis management planning that would be designed to protect the brand and image and reputation—some of the non-tangible aspects of an entity, as well as the planning process to be able to develop emergency response, business continuity, continuity of operations and recovery plans. We cleared up some confusion in the first part of chapter five.

Risk Assessment and Business Impact Analysis, I would say not unchanged, but no dramatic changes. Within the BIA section we added in some language in terms of recovery strategies that were clearly very important in terms of identifying ways to continue critical functions—private or public sector doesn’t matter.

In terms of resource management in the past we lumped it all together—resource management and logistics. But recognizing on the planning side there is a need to take a look at what resources are needed and what resources are available. It is an integral part of the planning process. Later on in terms of implementation and under incident management we address more of the classic resource management and logistics that you find under NIMS and ICS. Resource Needs Assessment is an important part of that planning process.

Performance Objectives—there was a little work there emphasizing a need for performance objectives to the program. What do you want to achieve in terms of protection of people, life, property, operations, the environment and so forth? We reference back to that later on in terms of the program reviews with language to see whether the program is achieving the performance objectives that were established as part of the planning process.

[Slide 9]

Chapter six is about Implementation. If you look at 6.1 Common Plan Requirements it is a great section to use a checklist to evaluate your program in terms of your specific plans. It is just a great tool and a lot of the fundamental requirements for plans.

Then we get into Prevention and Mitigation. Within the standard we talk about prevention and mitigation strategies. In many organizations there are loss prevention programs to prevent accidents, injuries, property damage and so forth. We recognize that there are many hazards—Mother Nature, where we cannot prevent the hazard but then there are actions that can be taken to reduce the impacts from Mother Nature. The emphasis here is on having strategies for prevention and mitigation.

We take a look at Crisis Communications and Public Information. We spent some time to try to clean up these sections to make sure we are eliminating any overlap or duplication. We make it very clear about the need for communication, taking into account changes to technologies and the ability to be able to reach out to a broad range of audiences. Think about within an entity—it could be employees as an internal audience as well as the community that surrounds a facility that may have an incident, as well as consumers, regulators, government officials—there are many different audiences.

We went through a process here to identify requirements for crisis communications. They are certainly very important and there are public information aspects to that. It is also a topic we cover in training in terms of public education specifically when the public may be at risk because of an incident that may occur. We will talk about that a little bit later in the program.

In 6.5 we talk about Warnings and Notifications—really the ability to warn people at risk or potentially at risk. Notifications, whether it is to emergency services, whether they are within a facility or public emergency services—the communications required within the various responders. We aligned this section 6.5 with 6.4 to bring together communications, both crisis communications and the communications required to execute the program.

In 6.6 there are some basic requirements for Operational Procedures in terms of emergency response and continuity, recovery and so forth. As I mentioned earlier we split apart resource management from the resource needs assessment and we placed that into Incident Management.

That is a significant change under incident management. Other parts of incident management really didn’t see dramatic changes in the 2013 edition. Likewise I think you’ll find that the requirements for emergency operations/response and business continuity and recovery—no dramatic changes in those sections.

We did take a look at Employee Assistance and Support. That was a new section that we added to the 2010 edition. That has been well received. Now we are taking a look at not just the employees but to the next step that preparedness begins at home. If we want an employee to be available to prepare a facility for a hurricane or be involved with business continuity recovery or continuity of operations we need to make sure that family is well prepared.

We had a task group to take a look at family preparedness. We added some language within chapter six related to family preparedness and there is a new annex on Family Preparedness. That is an important addition to the 2013 edition.

[Slide 10]

Training and Education is certainly very important. We need to make sure that anyone who has a defined role and has responsibilities within the plan or plans or the overall program needs to receive the appropriate training and education so they can do what they’ve been asked. We’ve added some language here in terms of Competency based curriculum.

Curriculum is what needs to be covered and who needs to be trained. The focus here is on competency. What do we need people to do? Whether it is a need to get people to be aware of the sound for a tornado, a warning to move to shelter, or if people are going to be responding to assist with medical aid or whatever their role is, to make sure that those people are competent to do what they need to do.

The other sections here in Training and Education are a continuation of what we had in the 2010 edition. The committee has resisted getting too prescriptive in terms of frequency of training. A lot of that is spelled out in regulations. We keep coming back to frequency to establish capabilities and competencies and making this very much performance based.

Most of this sections her within chapter seven has not seen dramatic changes from the 2010 edition.

[Slide 11]

Let’s take a look at chapter eight on Exercises and Tests. Notice the chapter title has changed. We are trying to point out some important differences between exercises. People on this call have probably gone through hundreds and hundreds of different exercises but we want to differentiate the exercises from testing.

There are discreet tests, pass/fail, whether it is testing equipment that is required, whether it is warning systems or communications but when you take a look at some of the graphics there and you look at a test—does something pass or fail? We take a look in continuity of operations or business continuity and IT disaster recovery planning—there are systems that need to work.

I want to emphasize the importance of testing to validate that something works. If there is a recovery strategy in terms of moving from server A to a backup server it has to be tested to see if it will work. I mentioned earlier about vital records and the adequacy and validation of those backups. That really speaks to testing.

We have expanded sections here on Exercises and Test Methodology and I think a lot of work went into the section on the Design of Exercises and Tests. You’ll see a lot of sub-sections that will get into some further elements in exercises and testing.

In terms of Frequency again it goes back to performance based—whatever is needed to be able to establish and maintain the competencies and capabilities and keeping in mind any sort of regulations that may specify the frequency of exercises and testing.

Keep in mind the goal here is one of continuous improvement. The exercises and testing will identify work that should be taken to continually improve the program and be sure it meets the needs of the entity.

[Slide 12]

Let’s take a look at chapter nine on Program Maintenance and Improvement. Really, very brief—it specifies program reviews and the key point is we define a number of triggers. These are changes, whether it is the organization funding level, regulations—lots of changes and some of those may be changes in the world that may affect the global organization. Those triggers would say that it is time to review the program and see where the program needs to change.

We also specify there needs to be a Corrective Action program to be able to take action on any deficiencies that are identified. Really the goal is 9.3 there—Continuous Improvement of the program to make sure the program meets the needs of the entity for the long term.

[Slide 13]

I mentioned earlier that one of our goals for the 2013 edition was enhanced usability. That is not only the way we write the standard, the language, eliminating any duplication and trying to clear up any confusion, but it is also providing a lot of very useful information in the Annexes. If you look at the printed copy of the 1600 it is about 48 pages. The body of the standard, chapters one through eight in the 2010 edition, is only about seven pages.

The annexes are chock full of explanations and references and addresses to be able to grab information off of the web. For the 2013 edition we had a task group that worked very hard to rewrite Annex A. That is a very lengthy annex but it provides a lot of explanatory information. To understand the committee’s thinking for a requirement within chapters one through nine, if you see an asterisk it points you to go to Annex A and read all about it in Annex A. We’ve identified development resources in Annex B and also some informational resources in Annex I.

There is a self-assessment checklist in Annex C. This is continued from the 2010 edition. In addition to that we’ve also brought in an expanded list of hazards. We brought that into Annex C as well. It is a great tool to go through your program and see how well it conforms to NFPA-1600. I mentioned earlier about aligning NFPA-1600 2010 and now even better with 2013 to "plan-do-check-act". We will show you that graphic image in Annex D.

We also have a crosswalk of NFPA-1600 to the Canadian Standards Association’s Z1600. Just to let you know we share members between our committee as well as the Z1600 committee and there is great alignment between the two standards. We also crosswalk over to the Disaster Recovery Institute’s ten Professional Practices.

We are trying to show at a high level how NFPA-1600 aligns with these other standards. Because we share members you are going to see a lot of consistency between the different documents. Annex F, thanks to Graeme S. Jannaway and otherssince we reorganized NFPA-1600 in line with ISO Guide 83 which was recently publishedto align NFPA-1600 as a management system standard with a language that the entity can adopt Annex F instead of chapters one through nine.

Some have said that NFPA-1600 is not auditable. I certainly disagree with that. But now we’ll give users a management system standard if they want to use that. You have probably heard a lot about maturity models. We put a little bit of language in Annex G speaking to Maturity Models. That will be a great undertaking to write one. It is an important subject matter and put lots of information there.

We also wanted to highlight the United Nations’ APELL program using NFPA-1600. There is a great example in Argentina and Southeast Asia—a number of great examples around the world. It really speaks to the international adoption and use of NFPA-1600. There is very strong usage here in North America but also in quite a number of countries around the world.

NFPA-1600 has been translated into seven languages the last I heard and the handbook has also been translated into Spanish. That should be available very soon. We are trying to reach out to the international audience.

[Slide 14]

Just pointing to additional information for you—NFPA-1600 continues to be available as a free PDF download from NFPA’s website. The URL is there to grab that. [www.nfpa.org/1600]

If you have a Smartphone there are 2010 editions available for Android, iPad, iPhone—I think there is a modest fee for that—the 2007 edition is still available free for smartphones. There are a number of different training courses available. If you are interested in the information, go to the NFPA website and take advantage of those resources.

[Slide 15]

Now I would like to talk a little bit about PS-Prep. I mentioned earlier in the webinar that I had met with professional staff from the 9/11 Commission back on the second anniversary of 9/11 way back in 2003, and that work resulted in a recommendation in the 9/11 Commission report.

In 2007 Public Law 110-53 was signed into law by President Bush and within Section 524 it called for this voluntary certification of private sector preparedness programs. That started a process of identifying standards that should be designated for use as criteria. NFPA-1600’s 2007 and 2010 editions were designated along with ASIS SPC.1, and BS 25999. Those are the four designated standards.

In addition to that, the law called for DHS FEMA to appoint ANAB (American National Accreditation Board) to develop the requirements for the certifying bodies. The certifying bodies are those that go out to a private sector organization to evaluate their program and determine if it meets one or more of the designated standards.

Again that is the choice of the private sector entity to select the standard they want to be audited to. If they do meet that selected standard then the certified body can issue their accreditation of their program.

You’ll see on the last bullet there that in the last two weeks DHS has announced the first organization that has achieved certification of their preparedness program—that being AT&T.

I don’t know which standard they were accredited to. I’ve been involved with many different meetings as part of ANSI’s Homeland Security’s Standards Panel over the last three or four years. I’ve been involved with ANAB and their committee of experts writing the accreditation rule that defines the requirements for certifying bodies.

There was a lot of interest after the law was signed back in 2007 and a lot of organizations that are looking to see whether they need to pursue certification of their program. A lot of businesses are taking a wait-and-see attitude. They are evaluating their program to determine if it is a business need. I think the program will ultimately be successful if the business community says yes this is important.

Now if we take a look back at some of the major supply chain failures—we can look back to Katrina in 2005, but more recently the earthquake and tsunami in Japan that affected supply chains for a lot of companies, or the significant flooding in Thailand more recently, that has impacted the global supply chain.

Now companies are now looking at preparedness, not only their internal preparedness, but that of their suppliers. Preparedness, whether it is emergency management, business continuity, continuity of operations, is becoming more and more important because companies run very lean and there is less tolerance for any interruption of supply chain or down time in their facilities.

So I think ultimately time will tell, but businesses will come to the realization that they need to be prepared and hopefully they will come back to PS-Prep and the standards that have been designated under PS-Prep as the criteria that they will use to evaluate their own preparedness and the preparedness of their supply chain.

It is time to turn it back over to Amy to moderate any of your questions. I’d love to hear your questions about the 2013 edition, the 2010, PS-Prep and whatever is on your mind.

Amy Sebring: Thank you very much Don. That was very helpful. Now, to proceed to our Q&A and audience comments.

[Audience Questions & Answers]

Scott Weinberg: Does the private sector like PS-Prep? Is there a fee?

Donald Schmidt: I am not familiar with the fees charged by the certifying bodies. My recommendation is to go to the ANAB website. They have information on PS-Prep and they maintain a list of the certifying bodies as well as those organizations that have been certified under the program.

You would be able to contact the certifying bodies and determine how much time and what the fee charge would be. I know that during some of the hearings there were a lot of questions about that. Depending on the size of your organization and the number of days it will take, some programs are fairly complex and take a fair amount of time.

I can’t quote any numbers for you but ANAB should be able to provide the information.

Amy Sebring: On the background page we have a link to the ANAB website and their PS-Prep page so it will be easy for you to find. http://www.anab.org/accreditation/preparedness.aspx

Patrick Gannon: In NFPA 1600 2013 draft Chapter 6, there is a statement: "6.6.2* Warning, notification, and communications systems shall be reliable, redundant, and interoperable." You don't state with what other systems the referenced system must interoperate. How does a conformant org determine how to apply this "standard" to determine if they are: "Conforming, Partially Conforming, or Nonconforming"?

Donald Schmidt: Great question—the subject of interoperability came up in 2000 when we were working on that edition and certainly all the work has been done in the United States in terms of interoperable communications particularly in the public sector it is a really important requirement.

Within the standard, because it is used by private/public sector, big and small organizations, we as a committee can’t get too prescriptive. We take a look at going back to what the needs are for communications and warning capabilities and so forth for an entity. Maybe it is a private sector business or a city or county or federal government. They will define their needs for communications capabilities and the technologies that are required to communicate.

The interoperability will be defined by the technical aspects of making sure all the means of communication are properly connected and work. The committee is not going to get that prescriptive. It will be up to the user to take a look at their needs and then be able to determine whether their systems and capabilities are sufficiently interoperable to facilitate required communications.

We also go back to 6.6.2 and taking a look at redundancy and reliable—real important words to make sure that if there is an important need to communicate, for warning or alerting, there has to be a means to do that and it has to be reliable and redundant to the extent necessary. Some of that may also be defined within regulations. That is always something you have to look back to—there may be technical requirements in other standards.

Lori Wieber: Although this standard may have an international audience, is there any aspect of the effort which suggests private sector adopt and train key employees in the concept of ICS (incident command system) in anticipation of working together with local, state or federal government during response and recovery?

Donald Schmidt: Great question—first off, we in the standard make reference to the incident management system using a generic term. Here in the United States it is NIMS and ICS. But for the standard user around the world we will use the term "Incident Management System".

We take a look at emergencies and disasters, we are all in it together—both the public and private sectors. The beauty of NIMS and ICS is that they have embraced both sectors to work together. That working together model is applicable around the world.

If you look at other elements of 1600 and we talk about a program committee as having representation within the organization or entity as well as soliciting external participation, it really speaks to the need for organizations in the private sector to reach out to the public sector and coordination of plans and understanding each others’ capabilities and how each organization will work together.

It will really be defined by the incident management system that is being used to manage their response, continuity and recovery activities. The committee is looking for incident management systems and looking for participation between the entity and whoever it depends on—public sector and other public sector jurisdictions but it is also strong between public and private sector.

Amy Sebring: Do you expect the 2013 edition to be out next December, is that correct?

Donald Schmidt: Sure, let me spend a minute talking about our three cycle. We are in a three year revision cycle. We have just had our last meeting in the cycle last week. We have to do the clean-up editing work then the standard will need to be balloted by the voting members of the committee so every member will get a chance to vote on all the different actions we have taken.

Assuming that the standard receives the required two-thirds vote then the document would move to the NFPA Standard Council, which is the governing body for all their codes and standards. It could be issued as early as December of this year. If there were challenges to the document it could be delayed into 2013. We expect it could be published by the end of this year.

In 2013 we will start looking at the next edition. That is why I encourage all of you as you go through the standard if you have questions please let the NFPA-1600 Technical Committee know. If you go to the NFPA website there will be a number of different tabs there where you can download the document. You can submit proposals. You can find out what the committee is up to.

The document has improved over the years because we have received a lot of public input. Even though we are finishing up the 2013 edition we are already thinking about the 2016 edition. We welcome your input.

Amy Sebring: Can you tell us more about the implementation guide?

Donald Schmidt: The handbook was published in late 2007. The authors of the handbook were members of the technical committee and a couple of other subject matter experts. The handbook is just as valuable today as it was when it was first published in 2007.

The standards have changed a little bit but the handbook really follows best practices and it still covers all the essential elements of the standard from risk assessment, business impact analysis, prevention and mitigation, great information on emergency management, emergency response planning, business continuity, IT, a great chapter on crisis communications, crisis management.

There is a lot of information. They also include a CD-ROM with a lot of different forms you can use as part of your program. I certainly recommend that.

There some other training courses by a lot of different organizations. NFPA has worked with Disaster Recovery Institute (DRI International) and we contribute to their professional practices and they contribute to NFPA-1600. There has been an auditor training program that has been out for a year and half or so.

If you are really interested in auditing your emergency management business continuity program there is a four day course available from DRI. That course will prepare you for DRI’s certification exam to become certified as a Certified Business Continuity Auditor or Certified Business Continuity Lead Auditor. If you are interested in that you can go to the DRII.org for more information.

Amy Sebring: Do you have folks from the healthcare industry on your technical committee or working groups?

Donald Schmidt: We have had a number of representatives from the healthcare industry. Also NFPA has their standard NFPA-99 on healthcare. There is communication between our committee and their committee. We have had several representatives from healthcare, representatives, committee members come and go, but we have always had strong input.

The chief representative from healthcare right now is Pete Brewster from the US Department of Veterans Affairs. The VA has done a great job in terms of their emergency management program in particular. Pete has been a very active member in the technical committee. Healthcare is clearly one of those industries if you will that we have focused on.

Amy Sebring: I was wondering how well the NFPA standards align with the JCAHO standards.

Donald Schmidt: The Joint Commission—we try to monitor their activities and hopefully they are benefiting from the work we have done in 1600. One thing I did want to point out is the ISO technical committees—I believe Dr. Dean Larson is monitoring the webinar and he deserves tremendous credit for his hard work and his many thousands of frequent flier miles traveling around the world representing the US Technical Advisory Group to the ISO Societal Security Technical Committee.

Dean along with some other members of the committee as well as some non-members have been working with the ISO Societal Security Committee in their development of a suite of standards you should all take a look at. There is some great information there. Recognizing that the ISO document is international and the US has one vote, therefore you will see a different flavor but some great information.

I think if we take all the standards that have been developed in the United States and abroad it is of benefit to review those standards. Maybe you pick something from one standard that you like and something else from another standard but those standards can help you evaluate and build your program and make sure it meet your organization’s needs.

Amy Sebring: Don, I am putting your contact information up and now I will let you wrap that part up.

[Slide 16]

Donald Schmidt: I’d love to hear from people who have questions about NFPA-1600 because that helps me and the committee understand changes we need to make to the standard. If you are confused about a section and we hear about that, I take note of that and take it back to the committee to consider changing something that is not clear or something that is missing.

The questions are helpful to help us make the standard better. If you want to submit a formal proposal or comment or input there is a way at the NFPA website to provide input. I encourage you to send me an email or give me a call if there is something I can help you with. I have been involved with emergency management for more than 30 years. I am passionate about it and the goal is to make sure everybody is better prepared because it is good for all of us.


Amy Sebring: On behalf of Avagene, who couldn’t be with us, myself, and all our participants today thank you very much Don for taking time to share this information with us. We wish you the best as you move forward with this effort.

Before you go, PLEASE take a moment to do the rating/review! Note: We are asking you to rate the relevance of the information, and this will assist us in our future programming.

We have a couple of important announcements today. First, during the month of April, we will be transitioning from Live Meeting to Webex Event Center to host our programs. The purpose is to make our programs more accessible to Mac users and we also hope it will reduce the difficulty some systems seem to have in accessing the computer audio. We will send out an announcement next month with particulars before our next program and post any additional information you may need.

We also have two new EIIP Partners to announce. We are pleased to welcome the Buddhist Tzu Chi Foundation, http://www.us.tzuchi.org/us/en/ an international organization with a disaster relief mission. They are represented by Curtis Hsing, Supervisor, Emergency Disaster Services.

Our second new partner is a public-private sector initiative, the Safeguard Iowa Partnership http://www.safeguardiowa.org/ represented by its Executive Director, Jami S. Haberl.

We are very honored to have these distinguished organizations join us. If you go to our home page and click on Our Partners you will see them listed there with links to their websites. If your organization is interested in becoming an EIIP partner please see the links near the bottom of our home page. We also include that link on our announcements when they come out.

Thanks to everyone for participating today. Have a great afternoon. We are adjourned.