Article

Will Private Sector Preparedness plan spur business continuity action?

Linda Tucci, Executive Editor
American businesses should soon have a better understanding of what the government expects of them in the event of man-made or natural disasters.

Two and a half years after Congress directed the Department of Homeland Security (DHS) to develop a voluntary program to promote private sector preparedness,

    Requires Free Membership to View

the federal agency is close to designating a comprehensive set of standards by which American businesses can assess their preparedness for disasters and be officially certified as having an adequate plan.

More on PS-Prep, business continuity
Private Sector Preparedness Program provides business continuity options

Business continuity standards, certification get legal push

Proving the value of a business continuity plan (before disaster hits)
In early March, the DHS's Federal Emergency Management Agency (FEMA) is expected to officially designate three alternative business continuity standards that will be recognized by its Private Sector Preparedness Accreditation and Certification Program (PS-Prep), a joint program between DHS and the private sector designed to measure, certify and ultimately enhance business resilience.

"The genesis of this program is that Congress wanted to know if we were better prepared than we were in 2001 and better than we were in Hurricane Katrina to sustain a major catastrophe, and the answer is, 'We do not know,'" said Donald Byrne, managing director of consulting firm North River Solutions Inc., and a business continuity professional. "Part of the goal is to use this program to gauge where we are improving and where we need to invest more."

The three standards, proposed by FEMA in October and open for public feedback until mid-January, are:

According to DHS Secretary Janet Napolitano, the frameworks were among 25 standards considered and were chosen based on "their scalability, balance of interest and relevance to the PS-Prep program."

The DHS has also contracted with the ANSI National Accreditation Board (ANAB) to develop the accreditation rules that will allow certification bodies to go out and conduct the audits. But Byrne, who serves on the ANAB's committee of experts, said that even as PS-Prep moves forward, many issues remain up in the air, including:

  • How to handle certifications for small businesses.
  • How to credit businesses that have already passed more rigorous business continuity standards.
  • How to determine what, if any incentives, should be offered to encourage businesses to become certified.

Indeed, questions about these issues -- and recommendations -- came up often in the 41 pages of letters submitted to FEMA during the public comment period. Michael Cummings, director of loss prevention services at Milwaukee-based Aurora Health Care, praised the agency's decision to approve more than one standard for PS-Prep and urged that other guidelines and best practices be sanctioned.

"This is not an area where one size fits all," Cummings stated. "The ultimate goal of the PS-Prep Program should be to incentivize and assist business organizations to find solutions and approaches that work for them and not create bureaucracy and arbitrary certification programs as a barrier to accomplishing preparedness."

The question of incentives versus costs was also raised by J.D. Densmore, manager of the emergency command center at home improvement chain Lowe's Cos. Densmore said he supports standardization of business continuity across the retail industry as "an excellent goal," but he was concerned that adhering to any one standard would result in a "significant cost to any retailer" and that these costs would either erode the retailer margins or be passed on to consumers as higher cost of goods.

Businesses in general have a vested self-interest to be prepared for disaster, he said. "The business case to participate in the voluntary program needs to be compelling enough to overcome the cost, or it will not be adopted," he warned.

In the end, there is no reason for people to do this except market pressure, and that is ultimately going to be the driving force behind this.
Donald Byrne
Managing DirectorNorth River Solutions Inc.
The preparedness program, although voluntary, should improve awareness about business continuity, an area that gets short shrift in American companies. "Most people's knowledge of preparedness amounts to the fire drill when they were in high school," said Byrne. His clients often have little in place to deal with major emergencies, such as a violent employee or noxious fumes, "let alone keeping their business running and sustainable after a disruption."

Paul Kirvan, a business continuity expert based in New Jersey who has written about PS-Prep options for SearchCompliance.com, said that giving companies a choice of three standards eligible for certification is probably better than having only one.

But deciding on a standard will require thoughtful analysis from businesses to find the right fit, and the cost can be considerable. Kirvan said that when he learned the program would be voluntary, his initial reaction was that it was doomed to fail.

Kirvan said he doubts people will participate in a certification program unless they're required to or have a substantial business incentive to volunteer. "But I think what will happen over time is certain large businesses, Fortune 100 or Fortune 500 organizations are going to decide it is probably the right thing to do and good from a competitive standpoint," he added. "So, I think it will be competitive forces in the marketplace that will get organizations on the bandwagon for this." Kirvan also said he expects that the government program will come up with a streamlined way for getting certified.

Byrne agreed. "I am hoping the government understands that its real role in a voluntary standard like this is education," he said.

However, this step may be the first phase in setting standards that could be used to officially indemnify companies against liability for damages after a disaster, Byrne said. That aspect will likely be sorted out by the courts citing the voluntary best practices in cases, rather than written into PS-Prep.

In the meantime, adopting these standards may be useful as a means for companies to assure their suppliers and customers that they are reliable in case of emergency. "In the end, there is no reason for people to do this except market pressure, and that is ultimately going to be the driving force behind this," Byrne said.

Let us know what you think about the story; email Linda Tucci, Senior News Writer.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: