Published in pamphlet, handbook, and eBook editions by the National Fire Protection Association, NFPA 1600’s full title is “Standard on Disaster/Emergency Management and Business Continuity/Continuity of Operations Programs, 2016 Edition.”
Anyone working in or having overall responsibilities for an emergency management standard in their organization should be familiar with NFPA 1600. It is a comprehensive, yet flexible standard to model any emergency management program from planning to execution. It is one of the key standards used in business continuity, crisis / emergency management, and continuity of operations.
NFPA 1600 is the tool of choice for public and private agencies, both in the US and abroad. The United States Department of Homeland Security adopted the standard “as a voluntary consensus standard for emergency preparedness.” Likewise, the 9/11 Commission report recognized NFPA 1600 as “our National Preparedness Standard.”
Organization of the NFPA 1600
NFPA 1600 in its PDF version is an 80-page document with nine chapters and eleven annexes (A trough K). The chapters are brief. They include requirements and structure, but not implementing directions.
In case the user feels the lack of explanation or detail in the chapters limits the usefulness of the plan, the annexes add depth and detail–Annex A, for example–and make NFPA 1600 a “living document.” Likewise, users can print Annexes B and use them as check lists for ongoing self-evaluation.
A chapter-by-annex overview of NFPA 1600
Chapter 1- Administration
The Scope paragraph notes that NFPA 1600 establishes a “common set of criteria” for :
- all-hazards disaster
- emergency management and business continuity
- continuity of operations
Paragraph 1.3 notes that the standard applies to “public, private, and nonprofit and nongovernmental entities.
Chapter 2- Referenced Publications
This chapter reserves space for future referencing of additional NFPA publications, which “shall be considered part of the requirements of this document.”
Chapter 3- Definitions
This chapter provides 30 specific definitions of terms used throughout the document. For example, it defines the term Business Impact Analysis (BIA) as a “management level analysis that identifies quantifies, and qualifies the impacts resulting from interruption’s or disruptions of an entity’s resources…”
Any terms not defined in this annex are defined “using their ordinarily accepted meanings within the context in which they are used.”
Chapter 4- Program Management
This chapter requires the commitment of the organization’s leadership and managers through:
- committing to all phases of the program–development, implementation, and maintenance
- providing the resources to support the program
- ensuring program review and continuing evaluation to maintain program effectiveness
- supporting needed corrective measures to correct deficiencies in the program
This chapter also requires the appointment of a program coordinator and program committee responsible for carrying out the above.
Program administration requirements also include:
- a documented program on policy, scope, goals, etc.
- acknowledgment, articulation and ensuring compliance with applicable laws and regulations
- finance and administration procedures and records management
Paragraph 4.7 specifically requires a records management program with a view towards identifying, backing up validating and protecting records, as well as implementing a record review process and coordinating records access.
Chapter 5- Planning
This chapter outlines the planning and design process in five areas:
1. a definition of the organization’s vision, mission, and goals
2. a risk assessment and business impact analysis (BIA)
3. a resource needs assessment for:
- emergency operations/response
- crisis communications
- developing a business continuity standard
- actionable recovery plans
4. crisis management to address those events that could severely impact:
- the organization’s operations
- the brand’s reputation
- the market share
- its ability to do business
- impact on relationships with key stakeholders
5. inclusion of key stakeholders both inside and outside the organization in the planning process
Chapter 5 provides a list of hazards the organization needs to evaluate (geological, weather, disease, accident, sabotage, and technological) and examples of each. This chapter also describes the elements of a business impact analysis (BIA) and the analysis of the areas should identify and address.
Chapter 6- Implementation
Chapter 6 requires an emergency operations and response plan to define specific responsibilities and state what actions need to be taken and measures to stabilize the situation. Continuity and recovery plans to restore vital operations need to be included.
This chapter discusses measures an organization needs to take in developing strategies to:
- prevent a life-threatening or other serious incident
- mitigate or control the consequences of an incident
- provide for crisis communications and public information
- establish operational procedures to control access, identify and account for key personnel, and mobilize necessary resources
Chapter 7- Training and Education
This chapter prescribes “competency-based training…that supports all employees who have a role in the program.” The training must focus on program awareness with the goal to “enhance the knowledge, skills, and abilities required to implement, support, and maintain the program.”
The training program also must include a public education program to let the public sector know of any potential impacts to include preparedness information, or the information needed to develop a preparedness plan.
Chapter 8- Exercises and Tests
Periodic exercises and tests of the plan promote continuous improvement. Chapter 8 requires a “standardized methodology to practice procedures.” The design of the exercises and program tests include evaluation, measurement, and identification of deficiencies with the goal of improving group and individual performance.
In sum, the exercises “shall evaluate program plans, procedures, training, and capabilities” and evaluation results shall be stated as either pass or fail. The tests “shall be conducted on the frequency needed to establish and maintain required capabilities.”
Chapter 9- Program Maintenance and Improvement
This chapter prescribes a process to evaluate the organization’s adherence to NFPA 1600 “through evaluation of the implementation of changes resulting from preventive and corrective actions.” The program must be re-evaluated on a regular schedule, and when changes in the organization’s operational environment impact the program.
The annexes to NFPA 1600 are not part of the program requirements, but, as stated previously, they provide excellent background information and other tools for users.
Annex A- Explanatory Material
This Annex contains footnote-like summary information keyed to the individual chapter paragraphs. This annex, while somewhat lengthy, provides valuable insights and additional information for users.
Annex B- Self-Assessment for Conformity with NFPA 1600, 2016 Edition
This is a user-friendly checklist. Table B.1 lists verbatim program elements from Chapters 4 through 9 along with columns to record conformance or nonconformance.
Annex C- Small Business Preparedness Guide
Based on the assumption that small businesses or organizations need to concentrate or increasing preparedness, this annex highlights and simplifies key aspects of NFPA 1600. Its simplified “yes/no” check list has elements of Chapters 4, 5, 6, 8 and 9. The focus is on protecting small business assets, continuing to provide the product, as well as meeting contractual and legal commitments in case of a catastrophe.
Annex D- Plan-Do-Check-Act (PDCA) cycle)
Beginning with the 2010 edition, the NFPA 1600 standard has been organized in the so-called PDCA–Plan, Do, Check, Act–format. This annex provides a graphic representation of the process where each chapter fits its respective place:
- Plan: Chapters 4 and 5
- Do: Chapter 6
- Check: Chapters 7 and 8
- Act: Chapter 9
Annex E- Crosswalk Between NFPA 1600 and DRII, CSZ Z1600, and Federal Continuity Directive I
This annex is a cross reference to the requirements of NFPA 1600 and the following:
* the DRII (Disaster Recovery Institute International) Professional Practices for Business Continuity Practitioners
*CSA Z1600, Emergency Management and Business Continuity Programs
This Annex is intended only for use as a “high-level comparison” of the component sections of each standard listed in the two-column comparison charts.
Annex F- NFPA 1600, 2016 Edition, as an MSS
MSS is an abbreviation for “Management System Standard.” Annex F, at the discretion of the user, is intended to replace Chapters 1 through 9. Organizations intending to use this annex commit to using NCFA 1600 as a management standard within the meaning of applicable ISO/IEC Directives and standards.
Chapters in Annex F correspond and are cross-referenced in brackets to their counterpart in the NFPA 1600 counterpart.
Annex G- Maturity Models
Annex G discusses advanced steps and management models for internal assessment. It provides guidance for developing “a documented method to conduct an assessment that tracks the programs continuous improvement and progress.”
Annex H- APELL
APELL (Awareness and Preparedness for Emergencies at the Local Level) is an integrated approach to disaster response. The program was developed under the auspices of the United Nations and is a “multi-stakeholder dialog tool” for disaster preparedness coordination and communications on a global level.
Annex I- Family Preparedness
This annex provides a PDCA model for employers to “identify, document, communicate, measure, educate, and train employees on how to prepare themselves and their families in the event of an emergency.”
Annex J- Access and Functional Needs
This annex addresses the need for emergency planning to include people with disabilities and other access needs.
Annex K- Informational References
This is a list of documents (or portions thereof) referenced in the previous annexes.
The NFPA 1600 standard is one of the cornerstone standards for emergency management, business continuity, and continuity of operations – it’s used by thousands of organizations around the world, even today. It is well worth examining as the basis for your own crisis management, business continuity, or emergency management program.
Can we help you?
Bryghtpath has extensive experience in designing, implementing, and maintaining business continuity, crisis management, and emergency management programs using NFPA 1600 and other standards. Let our experts help you build, implement, and manage your program!
Contact us to learn more about how we can help via our contact form – or give us a call at +1.612.235.6435.