3. NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs.
This adoption may be partly political – by placating a range of stakeholders. Nevertheless, there is merit in each Standard – and “cherry picking” the best practices by adopting a “crosswalk” methodology (where you compare like with like and integrate a high leverage position) is worth considering.
All three standards share a “quality process” based approach aligned with the diagram below (from ASIS SPC.1-2009)
The explanatory material in each Standard is particularly useful.
These resources and links to their free versions are below:
1. The ANSI/ASIS SPC.1-2009 Standard, titled “Organizational Resilience: Security, Preparedness and Continuity Management Systems—Requirements with Guidance
for Use,” (66 pages) provides a holistic approach to cost-effectively improve any organization’s resilience and preparedness performance.
It is available from
2. The British Standards Institution’s BS 25999-2:2007 “Business continuity management. Specification” specifies requirements for establishing, implementing, operating, monitoring, reviewing, exercising, maintaining and improving a documented Business Continuity Management System (BCMS) within the context of managing an organization’s overall business risks.
Resources are available from
3. The US National Fire Protection Association (NFPA) “NFPA 1600” Standard on Disaster/Emergency Management and Business Continuity Programs (2007) (57 pages) has been widely accepted by North American-based organizations.
NFPA 1600 sets out to ‘provide disaster and emergency management and business continuity programs, the criteria to assess current programs or to develop, implement, and maintain aspects for prevention, mitigation, preparation, response, and recovery from emergencies.’
It is available fromhttp://www.nfpa.org/assets/files/PDF/CodesStandards/1600-2007.pdf