It's been said that we live in a world of TLA's (Three Letter Acronyms) and X-TLA's (eXtended Three Letter Acronyms). How true is that? It doesn't seem to matter the field, we all live with them. The ones mentioned in the title to this blog post are important, though, if you plan to have your business prepared for a worst case scenario. The have to do with BCP (Business Continuity Planning) and the establishment of a BCMS (Business Continuity Management System).
Let's start with the Private Sector Preparedness Program (PS-Prep). PS-PREP (also known as Public Law 110-53: Title IX) constitutes a credible, practical, standards-based approach to certification of a business continuity and emergency management program for private sector organizations. It is managed by the Department of Homeland Security, administered by the American National Standards Institute’s American Society for Quality (ASQ), and accredited by the American National Accreditation Board (ANAB), and came as a recommendation from findings of the 9/11 Commission. Organizations can be certified to PS-PREP by an ANAB accredited certifying body.
Under PS-PREP, the organization has the ability to individually select and implement a set of reasonable and appropriate requirements and controls from any one (or a combination) of three different business continuity and emergency management standards. These include:
The National Fire Protection Association’s NFPA-1600- Standard on Disaster/Emergency Management and Business Continuity Programs dated 2007
The American National Standard ASIS SPC.1-2009 Organizational Resilience: Security, Preparedness, and Continuity Management Systems- Requirements with Guidance for Use
The British Standard Institute’s BS-25999-2:2007 Business Continuity Management- Part 2: Specification.
All of these standards recommend a Plan / Do / Check / Act (PDCA) approach to establishing a BCMS with the enterprise. Since there are very few disasters or crises that you can see coming (hurricanes and floods pretty much round out the set), having a well-practiced, often-exercised plan is imperative for most every business. Basing the plan on proven guidelines make good sense.
Presidential Preparedness Directive 8 (PPD-8) is the newest element of the National Preparedness Directive. Specifically, it identifies six components to improve national preparedness for a wide range of threats and hazards, such as acts of terrorism, cyber attacks, pandemics and catastrophic natural disasters. The system description explains how as a nation we will build on current efforts, many of which are already established in the law and have been in use for many years. These six components include:
Identifying and assessing risks;
Estimating capability requirements;
Building or sustaining capabilities;
Developing and implementing plans to deliver those capabilities;
Validating and monitoring progress made towards achieving the National Preparedness Goal; and
Reviewing and updating efforts to promote continuous improvement.
Most of this can be accomplished through adherence to the standards and programs mentioned under PS-Prep.
The Federal Emergency Management Agency (FEMA) is chartered with managing these programs. A pretty good idea, assuming that getting more entities on board could result in lowered risk and therefore lowered impact to the nation's resources.
So - how are YOU doing? Does your company have a BCP? Is it compliant with one or more of the BCP Standards? Do you exercise it regularly? Has it been audited by an external resource?
Let me know if you need help answering any of these questions.
Ed.minyard@responseforce1.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment