The nation’s private-sector businesses – a generic term that includes not only manufacturers, distributors, retailers, and other companies but also non-profits, building owners, and universities – that have long been seeking Department of Homeland Security (DHS) certification of their preparedness standards should welcome a recently announced opportunity that will permit them to submit their own standards for DHS adoption – and/or find out what preparedness standards already have been adopted that they can use. A related opportunity also has been announced that will permit those same businesses to submit their comments to, and work as partners with, the Federal Emergency Management Agency (FEMA) and other DHS agencies on a proposed federal program that will, among other things: (a) establish private-sector preparedness standards; (b) publicize detailed information to and through the private sector about the standards that have been adopted and that might affect their own interests; and (c) certify the conformity of private-sector businesses and other entities to the preparedness standards adopted. The bottom line is that the nation’s private-sector entities will for the first time have an effective mechanism in place to certify that they are in compliance with the DHS-adopted private-sector preparedness standards – which are vitally important for a number of legal, insurance, and credit-rating purposes. Delays, Disasters, and Other Difficulties As the department’s principal coordinator of prevention, mitigation, response, and recovery from all domestic disasters, the Federal Emergency Management Agency (FEMA) has been well aware for some time that partnering with the private sector is essential to its own ability to carry out its important homeland-security missions. Most of the nation’s physical infrastructure and other material resources are owned and operated not by the government, but by the private sector, and are so essential to the nation’s economic well-being that their ruin would significantly disrupt the functioning of not only the nation’s businesses but also the U.S. government itself (most if not all state and local governments as well). Even so, to this day private-sector entities still do not have the standards required to measure their individual and collective preparedness to meet the numerous hazards of modern life – which means – in an age of terrorism, potential disease pandemics, and frequently violent acts of nature – that most of the country’s infrastructure and other physical resources are more at risk now than ever before in the nation’s history. The need for formal codification of private-sector standards is not new. The 9/11 Commission’s final report, issued in 2005, stated emphatically that the U.S. private sector had not been prepared to cope with the aftermath of the 9/11 terrorist attacks in 2001, and that it was not much better prepared even three years later. The Commission members included in their report a recommendation that the legislative and executive branches of government establish a common set of criteria/standards governing, promoting, and encouraging private-sector preparedness – particularly related to disaster and emergency management, and to business-continuity programs that would enhance and upgrade the nation’s overall resilience to disasters. Congress responded to that recommendation in 2007 by authorizing establishment of a DHS Private Sector Preparedness Program, and gave the department several additional tools to facilitate its interface with the private sector. Among the most important of those tools are: the SAFETY Act (Supporting Anti-Terrorism by Fostering Effective Technologies Act of 2002), which provides liability protections to sellers and purchasers of qualified anti-terrorism products; the PCII (Protected Critical Infrastructure Information) program, which protects the confidentiality of sensitive private-sector information; and the C-TPAT (Customs-Trade Partnership Against Terrorism) program, which provides a streamlined certification process to private-sector entities involved in the international supply chain. A Belated Notice With a Very Short Fuse Very late last year (on 24 December 2008), FEMA/DHS published a Federal Register notice requesting recommendations from the private sector and the public at large on a plan that had been drafted for establishment of a Voluntary Private Sector Accreditation and Certification Preparedness Program (PS-Prep). The department also announced that two public meetings would be scheduled at which private-sector stakeholders could discuss their concerns and recommendations with the federal government’s own PS-Prep principals. The FEMA/DHS plan, as described in the notice, also would establish: (1) a public-private partnership to develop (and eventually adopt) a common set of criteria/standards needed to build and upgrade private-sector preparedness; and (2) an accreditation/certification program designed to ensure compliance and conformity with the DHS-approved standards. Seeking certification would be completely voluntary – but would be encouraged by DHS after the standards had been adopted and were made available to the private sector. The expectation was, and is, that private-sector entities – including consensus standards-development organizations and others – would develop and submit standards that DHS could adopt and include in the PS-Prep program. The original Federal Register notice gave a January 2009 deadline for comments, and the first of the two public forums planned was held last month. The specific time and place for FEMA’s second stakeholder forum has not yet been announced, but it is expected to be scheduled for sometime in late February, probably in the greater Washington, D.C., area. Meanwhile, the agency is still encouraging all interested parties to continue to submit their own recommendations on the private-sector preparedness standards that should be considered for adoption, and/or to provide comments on the already proposed PS-Prep program, especially regarding the types of standards that DHS should adopt initially and over time. Comments can be submitted to FEMA-POLICY@dhs.gov, referring to Docket FEMA-2008-0017 (such comments will be made public). The December Federal Register notice outlined a FEMA/DHS plan of Adoption, Accreditation, and Certification of private-sector preparedness standards, and listed the following steps that will be essential parts of the process:
- Consider, select, and adopt a wide variety of preparedness standards;
- Encourage creation of those standards;
- Make the preparedness standards adopted by DHS more widely available;
- Develop a method for third parties to be accredited by the ANSI-ASQ National Accreditation Board (ANAB) to certify private-sector compliance/conformity with the standards adopted; and
- Encourage private-sector entities to use such certification.
In cases where certification is not affordable, DHS said it is considering allowing small businesses to self-declare their conformity with the DHS-adopted preparedness standards through use of a self-assessment tool (still to be developed); FEMA/DHS is also soliciting stakeholder comments on the proposed self-assessment tool. The agency already has received comments suggesting that certifications show a business’s degree of conformity, thereby indicating that incremental steps toward total conformity might be accepted later. This is another topic on which additional comments have been solicited by FEMA/DHS. Recommendation Process Open to All DHS is not limiting its review-and-adoption process to the standards developed and/or recommended by standards development organizations, officials said, but will also be open to reviewing and adopting appropriate private-sector preparedness standards developed and submitted by industry groups, non-profit organizations, and other entities. In that context, it is important to note that the PS-Prep Program’s needs will mirror the standards needsentified by DHS – in other words, there is no guarantee that all of the standards submitted for consideration will be adopted. The Federal Register’s December announcement listed nine major subject areas, eight minor subject areas, and important sub-elements of all of these areas for businesses to consider when submitting their own private-sector preparedness standards for review. DHS said it plans to monitor the effectiveness of the program on an ongoing basis, review the accreditation and certification programs annually to ensure their effectiveness, and also routinely review the operations and management of accredited third-party certification bodies.
For additional information about PS-Prep, contact: Donald Grant, Incident Management Systems Director, National Preparedness Directorate, FEMA, 500 C Street N.W., Washington, D.C. 20472; or phone 202-646-8243; or email Donald.Grant@dhs.gov.
Diana Hopkins is the creator of the consulting firm “Solutions for Standards” (www.solutionsforstandards.com). She is a 12-year veteran of AOAC INTERNATIONAL and former senior director of AOAC Standards Development. Most of her work since the 2001 terrorist attacks has focused on standards development in the fields of homeland security and emergency management. In addition to being an advocate of ethics and quality in standards development, Hopkins is also a certified first responder and a recognized expert in technical administration, governance, and process development and improvement.