Don Schmidt is CEO of risk consulting company Preparedness LLC and a 20-year member and chair of the technical committee that writes the National Fire Protection Association (NFPA) 1600 standard. He also is the editor of the handbook Implementing NFPA 1600 National Preparedness Standards, which was published in 2007. NFPA 1600 was updated this year, and the U.S. Department of Homeland Security adopted it as a voluntary consensus standard for preparedness.
In this Q&A, Schmidt reflects on the evolution of standards in emergency management and business continuity.
Question: What is the background on the creation of the NFPA 1600 standard? How did it become established?
NFPA’s Standards Council created the Technical Committee on Disaster Management (since renamed Technical Committee on Emergency Management and Business Continuity) in 1991. Development of the standard was consistent with NFPA’s mission to reduce the worldwide burden of fire and other hazards. NFPA 1600 is also a logical complement to the more than 300 NFPA standards that address hazard prevention, risk mitigation and life safety.
Other standards exist for emergency management and business continuity programs. How do you see NFPA 1600 fitting into the mix of existing standards?
NFPA 1600 is the most mature of the emergency management and business continuity standards having been first adopted more than 10 years before any of the others. Our committee members represent a wide cross section of public and private organizations, and that’s important because it brings together many perspectives. We have worked hard to solicit public input, and the standard has benefited from hundreds of public proposals and comments. NFPA’s development process is also transparent and balanced to ensure that no interest group can exert undue influence. I also believe that NFPA 1600 best integrates emergency management with business continuity/continuity of operations.
What are the advantages of an established standard to an organization?
Organizations that seek to conform to a voluntary standard demonstrate their commitment to protecting life, property, operations, the environment and their organization as a whole. Non-public organizations that have implemented a program that conforms to NFPA 1600 would be more attractive for insurance underwriters to insure, investors seeking a return on their investment, and customers depending upon an uninterrupted supply of products or services. Public-sector entities with conforming programs should be better able to protect the citizens in their jurisdictions, the economic base and services that their communities depend on, and the environment.
What role do standards play in helping to establish a professional approach to emergency management and business continuity?
The subject matter that we define as emergency management and business continuity/continuity of operations is very broad and deep. Standards bring together the collective expertise of numerous subject-matter experts and become valuable tools as they are used, refined with the input from users, and over time become widely accepted criteria. The criteria are used by certification programs including EMAP for public-sector programs and PS-Prep for private-sector programs. Professionalism is achieved by demonstrating conformity to established standards and their criteria.
Many emergency managers see following a standard like NFPA 1600 as being out of reach for their program because they are either a one-person shop or perhaps only part time. How do you respond to that type of thinking?
The committee has tried to write a standard that can be used by all entities: large and small; public, not for profit and private; locally and globally. The NFPA 1600 technical committee has always kept the limited resources of the small “entity” or jurisdiction in mind. We have tried to avoid writing overly prescriptive text, and many program requirements are based on the entity’s performance objectives. We’ve also included language such as using cost-benefit analysis and operational experience to determine the degree a program element is implemented. Emergency managers with limited resources can use NFPA 1600 to evaluate their program, identify gaps and prioritize actions for further development.
What differences do you see between government's approach to emergency management and the typical business continuity program in a private-sector business?
Protection of revenue, profits, growth, brand and image are important drivers in private-sector business continuity planning. Decisions about how much to invest in the program are often determined by the potential for economic loss. Regulatory compliance is also an important consideration in the private sector, which is faced with safety and health, environmental protection, information security and other regulations. Some sectors such as financial services are heavily regulated and frequently audited. The approach of public-sector emergency management is dictated by the responsibility for ensuring the safety of a large population within a large geographic area. Although public-sector emergency managers are concerned about protecting the economic base in their communities, much of the infrastructure and property is owned by the private sector. This challenge highlights the need for public-sector emergency managers to communicate frequently and coordinate often with the private sector. If the public sector and private sector both use a common standard such as NFPA 1600, the hope is they will be on the same page.
How has NFPA changed over the years from when it was first established 18 years ago?
NFPA 1600 has changed significantly over six editions. The first edition (1995) was heavily focused on emergency management. Today it is a fully integrated, “all-hazards,” emergency management and business continuity standard. We’ve also maintained our discipline and kept the standard to less than seven pages long (explanatory annexes not included).