NFPA 1600:The 2007 Edition

Editor’s Note: It has been three years since the National Fire Protection Association (NFPA) amended its NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs. The standard is a benchmark for EM and BC in both the United States and abroad. This year, the association has an updated 2007 edition.

Why should you care? Although the latest version of the standard doesn’t fundamentally alter the purpose of the standard, it does contain changes which may affect your own adherence to it. We asked the Chair of NFPA’s Technical Committee on Emergency Management and Business Continuity, Donald L. Schmidt, to fill us in on the latest changes and what they mean for EM and BC professionals.

The NFPA recently released the 2007 edition of NFPA 1600 “Standard on Disaster/Emergency Management and Business Continuity Programs.” In writing the update, the NFPA technical committee, which is comprised of representatives from the public and private sectors with members primarily from the United States and Canada, considered more than 250 proposals and comments, including their own. The 2007 edition is not revolutionary; rather it has continued to evolve since the first edition of the standard was published in 2000. The standard was first published as a recommended practice in 1995.

The most significant addition to the 2007 edition is a new section: 5.4 “Incident Prevention.” This directs the “entity” – whether private company or public organization – to develop a strategy to prevent an incident that threatens people, property and the environment. Organizations should develop the strategy based on information obtained from their risk assessments (outlined in section 5.3) and keep it current using the techniques of information collection and intelligence.

The technical committee added this section to emphasize the importance of incident prevention. Previous versions of the standard addressed prevention in section 5.4, “Mitigation.” This new addition also includes the concepts of intelligence, information gathering and deterrence for security-related threats. The committee also added another subsection, 5.4.3, requiring “a system to monitor the identified hazards and adjust the level of preventative measures to be commensurate with the risk.”

The next most significant change concerns section 5.8, “Planning.” This section, formerly 5.7, adds a requirement for a planning process. That planning process must develop “plans for the strategy, prevention, mitigation, emergency operations/response, business continuity and recovery.” The new edition also includes prevention as part of the planning process, and the committee added a corresponding section to address the requirement for the prevention plan.

We also added section 5.8.1.2 to specify that organizations conduct this planning process on a regularly scheduled basis or when the situation has changed to put the accuracy of the existing plan into question. In addition, a new section, 5.8.1.3, requires “where applicable, the entity shall include key stakeholders in the planning process.” Other additions to this section require plans to address resource management and logistics, incident management and management of communications.

The technical committee made many other changes to the 2007 edition. Program administration now requires that roles and responsibilities are included as part of the executive policy. Hopefully, if the roles and responsibilities of the program coordinator and advisory committee are clearly articulated by senior management, it will enhance the committee’s ability to develop and keep the program current. The new edition also includes records management practices as part of program administration (4.1 (6)).

Recognizing that industry codes of practices are not required by statute, the standard no longer requires compliance with industry codes of practice (NFPA 1600-2004: 5.2.1). However, the standard does direct the organization to implement a strategy for addressing revisions to industry codes of practice (5.2.2).

Risk assessment is one of the fundamental elements of NFPA 1600, and many of the later elements in the standard build off the results of the risk assessment. The title of this element has been shortened to “Risk Assessment,” and we have expanded the grouping of hazards to include technological hazards. In addition, the organization is now required to monitor those hazards (5.3.1), recognizing that hazards – and our knowledge of them – change over time. The impact analysis now must also address regional, national and international considerations (5.3.3 (10)), recognizing that large-scale events can have widespread implications.

The committee also expanded the section on resource management to include logistics, and we relocated section 5.62 of the 2004 edition to this section. Recognizing the increasing value of partnerships, the standard now requires organizations to address the need for partnership arrangements as part of the program. We added a new section (5.6.4) to define resource management tasks including processes for describing, inventorying, activating, requesting, dispatching, tracking and deactivating or recalling resources.

Section 5.9 now requires coordination of operations with stakeholders, and a new section, 5.9.5, requires that “emergency operations/response shall be guided by an incident action plan or management by objectives.” In addition, section 5.15.4 requires “procedures to advise the public, through authorized agencies, of threats to people, property, and the environment.”

The technical committee is already developing plans and organizing task groups to develop the 2010 edition of NFPA 1600. We ask that interested parties submit their proposals to the technical committee following prescribed procedures and approved forms available from NFPA’s website.

The electronic (PDF) edition of NFPA 1600 is available for free download from NFPA’s website at http://www.nfpa.org/assets/files/PDF/CodesStandards/1600-2007.pdf.

If you’re interested in learning more about NFPA 1600, look for the upcoming release of “Implementing NFPA 1600” this summer. A number of technical committee members and other professionals in the fields of EM and BC wrote “Implementing NFPA 1600,” and the editor is the new chair of the technical committee. For more information, visit http://www.nfpa.org/catalog/.