Getting on the Same Page

The 2004 version of NFPA 1600 is written to help private and public organizations coordinate closely with first responders.

Editor's note: Private and public organizations can use NFPA 1600, Standard on Disaster/Emergency Management and Business Continuity Programs, to set up effective programs for mitigation, preparation, response, and recovery from disasters and emergencies. NFPA (www.nfpa.org) has made the 2004 edition of the standard freely available on its Web site to allow for widespread use.
Marsh USA Inc. Senior Vice President & Managing Consultant Donald L. Schmidt, ARM, who is practice leader for Marsh's Emergency Response Planning and a member of the NFPA 1600 Technical Committee, discussed the 2004 edition's elements and impact in an Oct. 4, 2004, conversation with
Occupational Health & Safety's editor and associate editor. Excerpts from the conversation follow.

For whom is this standard intended?

Donald Schmidt: The document is a great document . . . more than 10 years in development and really designed for all entities, public sector and private sector. And we're hearing more and more about it in the news.

It's always been an "all hazards" approach, and that's something I think we need to emphasize, that there are many different threats or hazards or perils. Certainly, terrorism has proven to be a catastrophic threat, but there are natural disasters--as we've seen over the past couple of months--that are equally dangerous. So the whole planning needs to address all hazards, both from the immediate response, which is emergency response, as well as the continuity of critical functions, which we define as business continuity, and the recovery from the incident, which we call disaster recovery.

Does the committee believe that companies don't have this process in place or have it in place as well as they should?

Schmidt: I don't think the committee thinks that way. We recognize that there are a lot of companies that are very well prepared. What the committee recognized is that there was a need to define the overall structure for emergency management, business continuity--the important program components and elements of an effective program. And so the committee's job was to document the overall program structure, as well as the important elements. And we leave it up to the individual entity, whether that's a private-sector business or a public-sector emergency management agency, to define its own process for developing a program and complying with the various elements of the standard.

The 9-11 Commission endorsed NFPA 1600's adoption as a national preparedness standard. What's the impact of this endorsement?

Schmidt: The impact remains to be seen, but what we've seen in just the last six months has been a lot more awareness about NFPA 1600. . . . We were in a series of meetings with many different private-sector associations, private-sector businesses, and there was just a lot of discussion about what is the most appropriate standard. 1600 was identified [by the commission] as the best available standard, and we've seen a lot more discussion in the print media. We're getting more feedback from outsiders that are taking a look at the document for the first time, so we're seeing a lot of awareness.

Congress is picking up on the 9-11 commission's recommendation. The House of Representatives bill, I think it's called 4830, was introduced this summer, and it's titled the Private Sector Preparedness Act of 2004. Now I don't know whether or not that will become law, but again, it's recognizing the need for private-sector preparedness and so, again, the momentum is building for private-sector preparedness.

Did any shortcomings in the standard arise? Have you found everyone fully satisfied with what it contains?

Schmidt: I don't think everyone is fully satisfied, and that's why the NFPA codes and standards development process incorporates ample opportunity for individuals or businesses, trade associations, to review the document, submit their proposals. Those proposals will be acted upon in a very formal fashion and then there will be another round of opportunities for the public to comment on the document, so we're always trying to make the document better and we look for input.

The document is in revision and will be next released in 2007. So it will be formally adopted in late 2006, then it has to go through the formal acceptance and then printed in early 2007.

Our concern in discussing the standard today is its importance to responders. An entity's Advisory Committee is its interface with external emergency responders, according to the standard. How should an entity set up an Advisory Committee, and how can it ensure effective responder participation?

Schmidt: The Advisory Committee would be experts: people within the organization that are knowledgeable about the facility, the building, operations, hazards, personnel. Take a private-sector business. You have environmental health and safety staff, people from maybe a medical department, facilities, engineering, legal department, risk management, senior management. There can be a number of people that can comprise that Advisory Committee.

And what we recommend is that you reach out to public-sector agencies that would have responsibility to respond to that site so that those first responders can provide input. We want to make sure that plans are properly coordinated between private-sector organizations and public-sector resources.

Is there a lot of communication now from the private sector to the public? Or do you think this standard will help foster that in a way that hasn't been done before?

Schmidt: I think there is coordination in a lot of facilities out there that have a very good working relationship with law enforcement, fire, and EMS and hazmat response teams. I think that in many cases, however, there is not the community and coordination that there really needs to be.

And I think there are types of businesses that have lots of hazards on site and have fairly capable emergency response teams. They recognize the hazards, they've developed emergency organizations to respond. They're also probably regulated industries, so clearly there is a regulatory obligation to reach out to public-sector agencies.

But I think if we take a look at businesses that are not in high-hazard industries that maybe have an evacuation plan or maybe a plan for sheltering and maybe some basic procedures, maybe they haven't reached out to the public sector in the way they need to. And we as a committee in writing the document want to emphasize the importance of good communication, good coordination, of joint planning, of joint exercises, whatever can be done to ensure that everyone is going to be on the same page when an incident occurs so the response and recovery can be as good as possible.

The Communications and Warning section requires entities to "maintain a reliable capability to notify officials and alert emergency response personnel," and also to address "inter-operability of multiple responding organizations and personnel." Why is interoperability in there? How can a private-sector entity influence that?

Schmidt: If you take a look at some private-sector businesses, they are very large, maybe have hundreds if not thousands of employees. They have very sophisticated radio systems, and interoperability is important to make sure that everyone who needs to be involved in emergency response and recovery operations can communicate together.

If we take the public sector, interoperability is a much larger issue. If we look back to 9/11, police and fire [had] difficulty communicating back and forth, so that's probably a very clear example of a need for better interoperability. But it applies to both the public sector and the private sector.

If you are a company who does use a lot of radio channels, you want to make the public responders aware of what you use. But you don't have a way to enable them to communicate that they're not doing already or not willing to do themselves, do you?

Schmidt: Let's go back to another example. You have a private organization and it has its own communication capabilities--radios, telephones, and various forms of communication that it uses--and now it's working with a public-sector agency. There may be a possibility where when the public-sector agencies arrive on site, you have a member of the emergency organization that will meet with them, provide to them a radio, and that radio's on a command channel where the leaders of the private-sector organization's emergency response team are operating. So what we have done by sharing a radio, we have some interoperability between the public-sector agency and the private-sector agency. Sometimes it's just trying to find where to bridge the gaps between the private-sector organization and the public sector.

I think that sometimes people look at 1600 and say, "Boy, this is going to be burdensome and this is going to be costly to comply with the standard," when we were purposefully not being prescriptive in defining what type of communications capability or radio system or telephones or anything else. Again, there may be a number of different ways to be able to accomplish something that really doesn't cost anything extra.

Is just dialing 911 a sufficient notification capability?

Schmidt: For a private-sector organization, certainly dialing 911 to notify public emergency services is going to be maybe the first means of notification. But when we take a look at some reliability, in many businesses, all their phone lines go through a single switch, so there's no backup means--no telephone that is not through the switch. So when that switch goes down, their landline communications go down.

Have a backup plan--which could be cellular, although we've found that during emergencies, cellular communications can be overwhelmed and therefore not available. So think about having a telephone that is not through the switch and therefore having a backup means of notifying public emergency services.

Much of 1600 concerns communications. Is emergency communication one of the main things you were going for?

Schmidt: Communications are critically important. We take a look at notification of public emergency services, notification of the emergency response team, keeping in mind that people may not be on site, may be at home or outside the facility, or it may be after hours. Having the ability to notify public-sector emergency services so those services can arrive as quickly as possible, notifying members of the emergency response team so they can report to the incident site or to another location as quickly as possible, [is critical].

Also, under that same heading, we talk about warning--warning to those who are affected or potentially affected. So if you have employees in a facility and there's fire in that facility, warning the occupants to evacuate the building--to execute the evacuation plan. Or if we have an approaching tornado, we have a few, short minutes to shelter occupants of the building within designated tornado shelters. So we need to have the capability to warn occupants--or if we have a developing situation, those that may be at risk.

Again, communications, warning, and also intracommunications within the emergency response team so that members of the team have the ability to communicate among themselves to be able to assess the situation, decide what to do, and take whatever protective actions are required. Many forms of communications and warnings need to be addressed.

Please discuss the requirement in the Logistics and Facilities section to set up primary and alternate facilities capable of providing continuity, response, and recovery. Does one have to be off site?

Schmidt: It doesn't have to be terribly expensive. We take a look at emergency operation centers. The picture in your mind may be a very sophisticated kind of room with all kinds of high-tech equipment. For a smaller business, you can have as your primary operations center a designated office or conference room where you have the ability to bring people together, assess the situation, have basic communications abilities--phone line, fax, e-mail, paper--real basic tools.

You should have a secondary location, which could be a hotel room in a safe location, could be another company facility, or it could even be somebody's home. It doesn't have to be a sophisticated emergency operations center. And also today, we see virtual EOCs. We have people in different states joined together via teleconference, backed up with computer technology. The goal is to bring people together so that whatever has to be done, gets done.

Can most companies adequately assess their hazard exposure? Or do private companies need third-party experts' help in assessing the various hazards?

Schmidt: Within companies, there are experts--environmental health and safety professionals, facilities and engineering people. Companies can begin the process themselves, identify various hazards and think about various scenarios.

However, bringing in outsiders can certainly add efficiency to the process, and then where there are specific hazards with significant consequences, it might be best to bring in appropriate outsiders who can really evaluate the hazard.

The goal here is not only to develop a good response capability, but also to potentially lessen the impact of the incident if it were to occur. The companies can use the expertise within to identity the various threats and from there maybe those threats where you need specialized expertise to fully evaluate so you can develop a proper response plan.

Periodic drills and testing of the overall plan are essential elements, correct?

Schmidt: These are living documents, and businesses are changing continuously. People come and go. The facilities are expanded or renovated. The whole program needs to be reviewed periodically. People who have been properly trained in good exercises understand and identify gaps in preparedness that need to be addressed. So training really becomes important to the overall strength and development of the plan.

Would an annual drill be enough?

Schmidt: You need to train, you need to conduct exercises as frequently as needed to ensure competency in the execution of that plan. If you have a more complex plan within a facility facing a lot of hazards, it would require enhanced training and more frequent exercises.

This article appeared in the March 2005 issue of Occupational Health & Safety.

This article originally appeared in the March 2005 issue of Occupational Health & Safety.

Download Center

HTML - No Current Item Deck
  • Free Safety Management Software Demo

    IndustrySafe Safety Management Software helps organizations to improve safety by providing a comprehensive toolset of software modules to help businesses identify trouble spots; reduce claims, lost days, OSHA fines; and more.

  • Easy to Use Safety Incident App

    Record incidents on the go with IndustrySafe’s mobile app. Collect data for multiple types of incidents including including near misses, vehicle and environmental incidents, and employee and non-employee injuries; at job sites and remote locations—with or without web access.

  • Complete Online Safety Training Courses

    Deliver state-of-the art, online safety training courses to your organization with IndustrySafe Training Management Software. Generate reports to track training compliance and automatically notify learners of upcoming or overdue classes.

  • Conduct EHS Inspections and Audits

    Record and manage your organization’s inspection data with IndustrySafe’s Inspections module. IndustrySafe’s pre-built forms and checklists may be used as is, or can be customized to better suit the needs of your organization.

  • Track Key Safety Performance Indicators

    IndustrySafe’s Dashboard Module allows organizations to easily track safety KPIs and metrics. Gain increased visibility into your business’ operations and safety data.

  • Industry Safe
comments powered by Disqus