–continuity central–

US Department of Homeland Security Secretary Janet Napolitano has announced that three business continuity standards have been proposed for adoption by PS-Prep.

PS-Prep is the 9/11 Commission-recommended program aimed at helping the private sector to improve preparedness for disasters and emergencies. Under the program private entities — including businesses, non-profit organizations and universities — will be able to receive emergency preparedness certification from a DHS accreditation system created in coordination with the private sector.

“Preparedness is a shared responsibility and everyone—including businesses, universities and non-profit organizations—has a role to play,” said Secretary Napolitano. “Ensuring our private sector partners have the information and training they need to respond to disasters will strengthen our efforts to build a culture of preparedness nationwide.”

DHS has published a notice in the Federal Register seeking public comment on the three standards which were selected based on their scalability, balance of interest and relevance to PS-Prep from a group of 25 standards proposed for consideration following the publication of a Federal Register notice in December 2008 announcing the program.

The proposed standards are NFPA 1600, developed by the National Fire Protection Association, the British Standards’ BS 25999 and the ANSI/ASIS SPC.1-2009 American National Standard.

Individuals wishing to submit comments on the proposed standards, recommend additional standards for consideration or comment on other programmatic aspects of PS-Prep may obtain a comment form and instructions for submission online at www.regulations.gov, in Docket ID: FEMA-2008-0017. DHS requests comments by Nov. 15, though it will accept submissions at any time thereafter.

For more information, visit http://www.fema.gov/privatesectorpreparedness/

Both ASIS and BSI published press releases highlighting the proposed PS-Prep adoption. These are published below, verbatim:

Department of Homeland Security Notifies Public of Intent to Adopt ASIS International Organizational Resilience ANSI Standard

ASIS International announces that the Department of Homeland Security has selected the ANSI/ASIS Organizational Resilience American National Standard as one of three sets of standards to be adopted as a national preparedness standard for private-sector entities as part of the DHS PS-Prep program.

DHS is calling for a 30-day public comment period. Individuals wishing to submit comments may obtain a comment form and instructions for submission online at www.regulations.gov, in Docket ID: FEMA-2008-0017.

PS-Prep seeks to raise the level of private-sector preparedness through DHS adoption and promotion of preparedness standards and provides a mechanism for a private sector entity to receive certification that it is in conformity with one or more of the adopted standards. The ANSI/ASIS SPC.1-2009 American National Standard titled “Organizational Resilience: Security, Preparedness, and Continuity Management Systems–Requirements with Guidance for Use” provides a holistic approach for organizations to cost-effectively improve their resilience performance and increase preparedness.

The Standard takes an enterprise-wide view of risk management, enabling an organization to develop a comprehensive strategy to prevent when possible, prepare for, mitigate, respond to and recover from a disruptive incident. It is the only ANSI Standard under consideration for the PS-Prep program that is 100 percent compatible with existing ISO management system standards, enabling a cost-saving integrated application with other internationally recognized ISO management system standards. The ANSI/ASIS Organizational Resilience Standard can be used by any organization wishing to enhance its resilience and preparedness.

“The importance of resilience management cannot be overstated,” says ASIS President Michael R. Cummings, CPP. “Organizations need to be able to adapt to an ever-changing environment. The ANSI/ASIS Organizational Resilience Standard provides organizations with a flexible tool they can use to tailor their preparedness needs to meet their business needs.”

“ASIS International is proud that DHS intends to adopt its American National Standard for Organization Resilience to help businesses effectively address potential disruptions,” Cummings adds. “Regardless of a business’ decision to participate in the PS-Prep certification process, it can use the ANSI/ASIS Organizational Resilience Standard to better manage its risks.”

This generic Standard is applicable to all sizes and types of organizations, from public to private, small to multinational, in manufacturing, service, storage or transportation, that want to:
* Establish, implement, maintain and improve an organizational resilience management system.
* Demonstrate resiliency and continuity for supply chain and contractual agreements.
* Assure conformance with stated organizational resilience management policy.
* Demonstrate and document conformance to the ANSI/ASIS Organizational Resilience Standard.
* Make a self-determination and self-declaration of conformance with the ANSI/ASIS Organizational Resilience Standard.
* Seek certification/registration of its organizational resilience management system by an accredited third-party certification body.
* Leverage an existing investment in other ISO management system standards (e.g. ISO 9001, ISO 14001, ISO 27001) to improve security, preparedness and continuity performance.

“The selection of the ANSI/ASIS Organizational Resilience Standard for adoption for use in the PS-Prep program offers organizations a business-friendly, globally tested and proven method based on the ISO management system standard model, to improve their preparedness performance,” says Mark Geraci, CPP, chairman of the ASIS Commission on Standards and Guidelines.

As a complement to this effort, ASIS is offering a three-day class on Implementation and Auditing to the ANSI/ASIS Organizational Resilience Standard. Attendees will learn to implement the ASIS standard, identify necessary steps to establish and maintain an organizational resilience management system, understand the conduct of risk assessments and impact analysis to support decision making for resilience, and establish an effective internal auditing program to evaluate and improve performance. For more information on this class, go to www.asisonline.org.

The ANSI/ASIS Organizational Resilience Standard may be downloaded, free of charge, on the ASIS International Web site at www.asisonline.org.

ASIS Standards and Guidelines are developed through a consensus standards-development process to advance security and resilience practices. This process brings together volunteers and/or seeks out the views of people who have an interest in the topic covered. For more information, visit Standards and Guidelines on the ASIS Web site or email standards@asisonline.org.

DHS Announces Intent to Adopt BSI’s Preparedness Standard

BS 25999 is a business continuity management standard developed by BSI and is used by businesses globally. The Department of Homeland Security (DHS) has announced its intent to adopt BS 25999 (which comes in two parts) on a trial basis as one of three standards for use in the Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep). PS-Prep is directed by Title IX of the Implementing the Recommendations of the 9/11 Commission Act of 2007.

PS-Prep sets out to enhance nationwide resilience by improving private sector preparedness to establish a common set of criteria for private sector preparedness, including disaster management, emergency management and business continuity programs. Certification to BS 25999 US Edition will be used to confirm compliance with the voluntary preparedness scheme.

Todd VanderVen, President of BSI Americas, said: “We are delighted to support the PS-Prep with the provision of BS 25999 US Edition. The standard has been used successfully by private businesses around the world assisting organizations of all types and size determine and invest in critical areas of the organization, protect reputation and enhance stakeholder confidence. It will now play a key role for private sector organizations in the USA wishing to demonstrate compliance with the voluntary preparedness scheme.”

Every year thousands of businesses face the risk of a disruption to their business operations, ranging from the effects of everyday disruption such as power failure, to adverse weather conditions to full scale terrorist attacks. Business interruptions can create a chain of ‘knock-on’ effects stretching as far as damaging national and international infrastructure. The need for good guidance in this field has never been stronger.

BS 25999 US Edition sets out the requirements for establishing and maintaining an effective BCM system, effectively enabling an organization to anticipate and prepare for disruption. This might mean being able to rapidly recruit temporary staff or moving premises at very short notice: risks are different for every organization but BS 25999 US Edition helps the organization to determine what they are and make the necessary arrangements. Independent certification to this standard enables an organization to demonstrate to customers, stakeholders and legislators its proactive approach to achieving best practice in the area of BCM.

BS 25999 US Edition is initially available to private businesses in the US for a one month period. At the end of this, all public comments on the standard will be examined and the DHS will evaluate the standard for permanent use in the program.

Selection of the BSI Standard does not imply DHS endorsement of BSI or any of its products or services other than the particular standard to be used for limited purposes.

For more information on BS 25999 US Edition, visit the BSI website.

Read more here