Evolution of Emergency Management and Private Sector Preparedness

Evolution of Emergency Management and Private Sector Preparedness Accredited Standards ~ Key Steps in Their Broader Adoption and Use Mr. Ashley P. Moore Senior Preparedness Policy Advisor Standards & Technology Branch Incident Management Systems Integration Division National Preparedness Directorate Federal Emergency Management Agency 1

Emergency Management and Private Sector Preparedness Standards • Emergency Management – NFPA 1600 (2007) Standard on Disaster Emergency Management and Business Continuity Programs • Evolving: EMAP-Emergency Management Accreditation Program (ANSI PINS) • Emergency Management and Private Sector Preparedness – NFPA 1600 (2007) Standard on Disaster Emergency Management and Business Continuity Programs – ASIS SPC. 1 -2009 Organizational Resilience: Security, Preparedness and Continuity Management Systems Requirements with Guidance for Use – BSI 25999 Business Continuity Management • Evolving: ISO 223 Societal Security 2

Federal Role, Authority & Guidance • The Office of Management and Budget (OMB) issued Circular A-119 • Circular A-119 “Federal Participation the Development and Use of Voluntary Consensus Standards and in Conformity Assessment Activities” (February 1998) • Guidance on Participation in the Development and Use of Non-Government Standards – Dated: December 2007 – Version 1. 0 • The Circular reiterates the Act’s requirements for the use of voluntary standards and provides guidance to promote consistent application of the Act across federal agencies and departments. • In addition to being the law, it is the best interest of the Department of Homeland Security (DHS) to participate the development of nongovernment standards (NGSs) and to adopt and use them to the extent feasible, practical, and economical. 3

Federal Representation to SDO’s • Emergency Management Private Sector • Public & Private Sector Preparedness Partnership – Emergency Management with EM Accreditation Program– NFPA 1600 EMAP (ANSI Accredited – BSI – 25999 SDO) – ASTM – EM & IM Cross Sector – Establishes a Standard and Interdependencies – ASIS – BCM Duty of Care for State and with Critical – ISO Local Emergency Infrastructure • ISO/PAS Management Program and 22399 Planning Assessment Community • ISO 223 • First Responder Standards Resiliency 4

The Case for Preparedness 5

9/11 Commission Recommendation 6

Intelligence Reform and Terrorism Prevention Act of 2004 7

Hurricane Katrina, and Rita 2005 Small Businesses • • • Small businesses are a major part of any economy, accounting in the U. S. for approximately 75 percent of all net new jobs. Small businesses are also the most vulnerable to a disaster. In fact, Hurricane Katrina touched more than 80, 000 small businesses across the Gulf Coast region in 2005. Some experts believe that 60 percent of those businesses are not coming back. Small businesses in the upper Texas Gulf Coast region were also hit very hard by Ike. There is a great need for financial assistance for these businesses. Experts generally agree that without financing and assistance, these businesses may not return, which could cause great economic upheaval since many of the communities affected by the storm rely on small businesses for much of their revenue. Of particular concern is that many small businesses sustained more than 50 percent damage, and may be required to rebuild elevated structures or pay increased rent to cover the costs incurred by the property owner to rebuild in compliance with current codes. Such endeavors are extremely costly and may be out of reach for small businesses that have already lost significant revenue from downtime and lost inventory. 8

Implementing the 9/11 Commission Recommendations Act (2007) Public Law 110 -53 Title IX: Private Sector Preparedness 9

Hurricane IKE 2008 2005 • Small locally owned businesses were hit particularly hard by Ike. • The majority of experts interviewed by the U. S. Department of Commerce’s Economic Development Administration (EDA) stated that there is a great need for financing to get these businesses back up and running. • There were concerns that if immediate steps are not taken to provide assistance to these businesses, they may never come back. • This could cause great economic upheaval because many of the affected communities rely on small businesses for much of their revenue and the businesses 10 are essential to their local economies. 2008 22 34 Counties 3 Years Later The map above indicates the counties of Texas that suffered the effects of two major hurricanes within three years. The counties marked in red experienced actual physical damage from the storms. Those in orange did not, but because of the interdependence of the economy, they still deal with significant indirect economic effects from the disruption in neighboring counties.

Private Sector Preparedness, Risk Management, & BC Standards Individual Risk Business Risk Identify Analyze Reduce Transfer • Preparedness • Loss Avoidance • Risk Transfer - Insurance • Owner • Corporate Management • Executive Board • Operator/Manager • Employee • Faith Based Business and Community Risk • NGO’s • Communities-Urban/Community Development • Businesses Build and Enhance Community Resilience 11

The Challenge What next? Integrated supply chains Natures Catastrophic Events Complexity Outsourcing Off shoring Local production Contagious Disease Outbreaks e. g. Pandemic flu War against terror IT Security & Failure Fire Sever Storms/Flooding Over time 12

Business Continuity Buffer Zone Distinctly Focused on BC Preparedness and Planning Unforeseen Hazards 13

Blast Effects: Perception vs. Reality 14

Private Sector Business Preparedness & Continuity: The Planning Buffer Zone No Sense of Community and Resiliency 15

Private Sector Business Preparedness & Continuity: The Planning Buffer Zone and Cross-Sector Interdependencies: Risk Analysis Factors Demographic Factors Built Environment Network Grids Topographic Demographic Factors Vulnerability Considerations Critical Infrastructure, Roads, Streets, Hwys, Seaports Population: Death and Injury Other surrounding Infrastructure Technological Infrastructure Environmental Terrain Damage to Infrastructure Current Data on Magnitude And Intensity Private Sector–“Your Business” 16 Hazard Identification, Risk Assessment, and Impact Analysis Addressing Risk Assessment, Impact Analysis as the Center of Gravity” Hazard Identification, Risk Assessment, and Impact Analysis

EM & BC Preparedness Regulated vs. Non Regulated BC CFR & OHSA Public Safety NFPA 101 Life Safety Code Information Human Capital Information People & Handling Regulations Organizational Management PCI DSS Data Security Compliance Classification Technology Facilities CFR/OSHA Public Safety State/Local FFIEC Compliance Structure & Safety Codes Risk 17

Legal Risk Mgmt & EM/BC ANSI Standards Program and Planning Frameworks EM and BC Framework Program • Program Administration • Program Coordinator • Advisory Committee • Program Evaluation Planning • Laws and Authorities • Risk Assessment • Incident Prevention • Mitigation • Resource Management and Logistics • Mutual Aid/Assistance • Planning • Incident Management • Communications and Warning • Operational Procedures • Facilities • Training • Exercises, Evaluations, and Corrective Actions • Crisis Communication and Public Information • Finance and Administration Examples Consequences: Natural & Un. Natural Legal Risk: Management & Mitigation Health and Safety, Violence in the Workplace, Harassment YOU GET SUED! Fines, Damages, Legal Fees, Jail, Cancellation of Operating Rights, Supply Chain Disruption, Reputation, Ceasing Business Due Diligence, Standards, Policies, Employee Contracts Regulatory Compliance & Privacy SOX Environmental, Health & Safety, Privacy: Data & ID Theft YOU GET SUED!, Fines, Damages, Legal Fees, Jail, Cancellation of Operating Rights, Reputation, Ceasing Business Regulatory Awareness & Compliance, Due Diligence, Standards, Policies Breach of Contract Employment Contracts, Non-Competition/Non. Solicit YOU GET SUED!, Damages, Legal Fees, Supply Chain Disruption, Reputation Review & Re. Draft Contracts + Special Terms & Conditions Negligence Workplace Violence; World Trade Centre 1993 YOU GET SUED!, Damages, Legal Fees, Supply Chain Disruption, Reputation Due Diligence, Standards, Policies & Contracts Data & Identification Theft YOU GET SUED!, Damages, Legal Fees, Supply Chain Disruption, Reputation Due Diligence, Standards, Policies Legal Risks &Threats Employee Health and Safety Security & Infrastructure 18

Standards Evolution 19

U. S. EM/BC Standards Evolution NFPA 1600: 1995 • • • • Policy Disaster Management Coordinator Disaster Management Committee Legislation and Industry Code of Practice Hazard Identification and Risk Assessment Mitigation Organizational Roles and Responsibilities Resources Response Recovery The Plan Approval and Coordination Training and Evaluation The NFPA Standards Council established the Disaster Management Committee in January 1991. The Committee was given the responsibility to develop documents relating to preparedness for, response to, and recovery from disasters resulting from natural, human, or technological events. The first document that the committee focused on was NFPA 1600, Recommended Practice for Disaster Management. NFPA 1600 was presented to the NFPA membership at the 1995 Annual Meeting in Denver, Colorado. NFPA 1600: 2010 • • • • • • • Leadership and Commitment Program Coordinator Program Committee Program Administration Performance Objectives Laws and Authorities Finance and Administration Records Management Planning and Design Risk Assessment Incident Prevention Mitigation Planning Process Common Plan Requirements Resource Management Mutual Aid/Assistance Communications and Warning Operational Procedures Emergency Response Business Continuity and Recovery Crisis Communications, Public Information, and Education Incident Management Emergency Operations Centers (EOCs) Training and Education Testing and Exercises Program Improvement Program Review Corrective Action 20

NFPA 1600— 2010 21

ANSI and EMAP • June 2008 EMAP Becomes a Standards Development Organization • Feb 2009 EMAP Submits an ANSI Project Initiation Notification Statement (PINS) to develop an ANSI Accredited Voluntary Consensus Base Emergency Management Standard • Timeframe: Published by Jan-Mar 2010 22

E NF MA PA P & (2 16 01 0 0) 0 E NF MA P P (2 A 16 & 01 0 0) 0 E NF MA PA P & (2 16 01 0 0) 0 Collaborative Disaster/Emergency Management E NF MA PA P & (2 16 01 0 0) 0 Comprehensive Common Sense Approach to Business/Community Preparedness and Resilience 23

Questions "The superior man, when resting in safety, does not forget that danger may come. When in a state of security he does not forget the possibility of ruin. When all is orderly, he does not forget that disorder may come. Thus his person is not endangered, and his States and all their clans are preserved. ". . . Confucius (551 BC - 479 BC) 24