CSA Z1600 Emergency Management and Business Continuity Programs. IAPA Conference April 23, 2008 Ron Meyers, Canadian Standards Association

Similar documents
ISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE

Emergency Management, Business Continuity, & Crisis Management Self-Assessment Checklist

TECHNICAL DIRECTIVE PART ONE: STANDARDIZATION AND RELATED ACTIVITIES GENERAL VOCABULARY

Emergency Management Plan

Introducing ISO 22301

Highlight of Relevant Standards and State of Development

Province - Department of Municipal and Provincial Affairs Nunatsiavut Government. Activities Responsibility Timing

First Revision No. 10-NFPA [ Global Input ] Submitter Information Verification. Committee Statement

ISO Environmental management systems Requirements with guidance for use

ISO/PC Occupational health and safety management systems Requirements with guidance for use

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices

Joint Occupational Health and Safety Committee Terms of Reference

U.S. Technical Advisory Group to ISO/Technical Committee 207 Clarification of Intent of ISO 14001

EMERGENCY MANAGEMENT EMERGENCY SUPPORT FUNCTION (ESF #5) FORMERLLY ASSESSMENT INFORMATION PLANNING

ISO Current status of development

OFFICE OF EMERGENCY MANAGEMENT

Canada's National Model Construction Codes Development System

RDA Secretary General Recruitment

Virginia Department of Environmental Quality EMS Manual

TIER II STANDARD FOR TECHNICAL COOPERATION ADMINISTRATORS INTRODUCTION

Concept of Operations. Disaster Cycle Services Program Essentials DCS WC OPS PE

Renewing the Work Plan of the FPT DMs Table

What is ISO 30300? Who, when, where, why and how to implement

Helping Organizations Manage their GHG Portfolio. Pierre Boileau Manager Canadian Standards Association

NATIONAL INCIDENT MANAGEMENT SYSTEM CAPABILITY ASSESSMENT SUPPORT TOOL (NIMCAST) SELF-ASSESSMENT INSTRUMENT 6

Occupational Curriculum:

Achieve. Performance objectives

Standards and Technology

05/14/2008 VS

REGION OF PEEL EMERGENCY PLAN

AUTORITATEA AERONAUTICĂ CIVILĂ ROMÂNĂ

Asset management Overview, principles and terminology

Canadian Centre for Occupational Health and Safety

THE COMPLETE GUIDE TO ISO14001

Audit of Departmental Security

DRAFT ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management system implementation guidance

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015

DRAFT STRATEGIC PLAN August V2.0

GOVERNMENT EMERGENCY MANAGEMENT REGULATION

AUSTRALIAN ENGINEERING COMPETENCY STANDARDS STAGE 2 - EXPERIENCED PROFESSIONAL ENGINEER IN LEADERSHIP AND MANAGEMENT

SQF 2000 Code. 6th Edition AUGUST A HACCP-Based Supplier Assurance Code for the Food Manufacturing and Distributing Industries

Humantech Environmental Management System Manual

General Guidance for Developing, Documenting, Implementing, Maintaining, and Auditing an SQF Quality System. Quality Code. SQF Quality Code, Edition 8

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Guidelines for information security management systems auditing

Update on ISO/DIS 45001:2016 Migration from OHSAS 18001:2007. May 31, 2016 Our webinar will begin at 1:00 PM

A Summary of the Government of British Columbia s Crown Agency Accountability System

GOVERNMENT OF YUKON POLICY 1.13 GENERAL ADMINISTRATION MANUAL

AS/NZS 4804:2001. Occupational health and safety management systems. General guidelines on principles, systems and supporting techniques

Professional Competence for Engagement Partners Responsible for Audits of Financial Statements (Revised)

Writing Guide for a Memorandum of Understanding (MOU)

SMS Implementation. Strategic Plan for Upgrading ISAGO SMS Provisions

9.1 Introduction Legislative requirements for JOHS Committees Composition of JOHS Committee and Safety Sub-committees...

April 2017 Latest update. ISO/DIS Understanding the new international standard for occupational health & safety

OECD GUIDANCE ON SAFETY PERFORMANCE INDICATORS

AUDIT REPORT NOVEMBER

International Standard on Auditing (Ireland) 500 Audit Evidence

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS

Scope of this SA Effective Date Objective Definitions Sufficient Appropriate Audit Evidence... 6

Bonsucro Benchmarking Protocol Version 1.0 May 2017

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON ORDINANCE NO. 1000

Template for ToR for Transaction Advisory Services

Cross-Community Engagement Group on Internet Governance (CCEG IG)

REQUEST FOR PROPOSALS EXECUTIVE SEARCH SERVICES. Issuance Date November 27, 2017

STATEWIDE MUTUAL AID AGREEMENT AN ACT. relating to resource sharing among certain political subdivisions,

9100 revision Changes presentation clause-by-clause. IAQG 9100 Team November 2016

Risk Management Strategy. Version: V3.0

Overview of the U.S. Standardization System

OPERATIONAL SUPPORT FUNCTION Emergency Level Notifications. Office of Emergency Management

UNIVERSITY OF COLORADO DEPARTMENT OF INTERNAL AUDIT 2018 AUDIT PLAN As of June 1, 2017

GUIDEBOOK CODE OF CONDUCT MANAGEMENT SYSTEMS

A Vision of an ISO Compliant Company by Bruce Hawkins, MRG, Inc.

Major Groups and Other Stakeholders High Level Political Forum Coordination Mechanism Terms of Reference

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector

Frequently Asked Questions August 2013

Plans for a Balanced Scorecard Approach to Information Security Metrics

Fraud Risk Management

Asset management Management systems Guidelines for the application of ISO 55001

WHO Prequalification of In Vitro Diagnostics Programme

Sustainable Development Verified Impact Standard

Executive Board of the United Nations Development Programme and of the United Nations Population Fund

CHARTER FEDERAL RESERVE BANK OF RICHMOND BOARD OF DIRECTORS AUDIT AND RISK COMMITTEE

Health and Safety Management Standards

SAI Performance Measurement Framework Implementation strategy

FRAMEWORK FOR POLICY DEVELOPMENT

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

Gap Analysis Checklist ISO 14001:2015 Self-assessment

3410N Assurance engagements relating to sustainability reports

Document: ISO/TC 176/SC 2/N 1147

Task Force on the Roles, Responsibilities and Duties of Auditors

Supreme Audit Institutions Performance Measurement Framework

IIS Competency Domain Model

Work plan for enhancing the management and administration of UNCTAD

Auditing Standard 16

Adjusting existing company PSM standards to CSA Z767

Public Safety GIS Position Qualifications Version 1.0

CONSTITUTION OF THE GLOBAL ALLIANCE FOR GENOMICS AND HEALTH. Adopted, 2014

Ethical leadership and corporate citizenship. Applied. Applied. Applied. Company s ethics are managed effectively.

ISO 22000:2005 SYSTEMKARAN ADVISER & INFORMATION CENTER SYSTEM KARAN ADVISER & INFORMATION CENTER FOOD SAFETY MANAGEMENT SYSTEM ISO 22000:2005

2. Resolved to establish a global network for the Resource Efficient and Cleaner Production (RECPnet); and

Transcription:

CSA Z1600 Emergency Management and Business Continuity Programs IAPA Conference April 23, 2008 Ron Meyers, Canadian Standards Association

Presentation Objectives About CSA and the National Standards System CSA s activities in Emergency Management Scope / Purpose of the new CSA Z1600 Standard Harmonization with NFPA 1600 WHY? Outline of the Z1600 Draft Project schedule Implementation strategy Questions

CANADIAN STANDARDS ASSOCIATION Independent. Not-for-profit. International recognition Leader in standards development for more than 80 years More than 2,600 published standards Serving business, industry, consumers and government 9,000 members

CSA s Purpose Enhance Public Health & Safety Advance Quality of Life Preserve the Environment Facilitate Trade Making Standards Work for People and Business

How CSA Develops Standards CSA Evaluation and Approval CSA Evaluation and Approval Public Notice of Intent to Develop Standard Public Notice of Intent to Develop Standard Technical Committee Develops Content Technical Committee Develops Content Public Review Public Review Multi-stakeholder Technical Committee Users (eg, first responders); Regulators (eg, Federal, Provincial, Municipal); Public Interest (eg, experts,ngos); Producers (eg, service providers). Technical Committee Reaches Consensus Technical Committee Reaches Consensus CSA Quality Review CSA Quality Review Technical Committee Approves Final Content Technical Committee Approves Final Content CSA Procedural Approval CSA Procedural Approval Consensus-based Technical approval of standards is achieved through a consensus-based process. CSA s directives define consensus as substantial agreement implies much more than a simple majority, but not necessarily unanimity. Publication and Dissemination Publication and Dissemination Maintenance Living Documents CSA Standards are systematically updated.

Z1600 Committee Membership Matrix Members shall represent the following categories on the basis of their predominant expertise in, knowledge of and familiarity with emergency management systems, policies and procedures. Consideration shall also be given to geographical representation across Canada: User(s) Interest Those who have and/or represent/implement interest(s) from industry First Responders Those who respond, or manage the response to emergencies Government / Regulatory Authority Bodies with policy or regulatory authority directly related to the emergency management. Service Professionals Those who are not associated with implementing, responding or setting policy

Consensus Voting Matrix All participants have equal access Minority interest groups have a voice Chair Associate Members Voting Members Users Producers General Interest Regulators Labour CSA Project Manager Public Review

Developing a new Emergency Management & Business Continuity Standard, Z1600 Funded by Public Safety Canada High Level / Comprehensive / integrated Standard All Hazards - Risk Based Approach Provides a framework that identifies and assesses the probability and severity of risks on the entity and its environments Provides the benchmark to assess existing programs Provides reference to Canadian EM/BCP organizations and informational resources Reflects the convergence seen over the past 10 years of public and private sector planning efforts Bi-National Harmonization with NFPA

Why Harmonize with NFPA 1600? NFPA 1600 is a process-based international standard that identifies an overall strategy for emergency management and business continuity for both public and private sector entities Provides for a common language Incorporates a Risk Based - All Hazards approach Integrates emergency management and business continuity NFPA standards already widely accepted in Canada Strong Canadian representation on NFPA 1600 Harmonized approach will facilitate compliance Proposed as a potential ISO standard

Gaining Recognition U.S. (NFPA 1600) Adoption as a US Homeland Security standard Support and endorsement following the 9/11 Commission inquiry EMAP utilized NFPA 1600 to audit public sector organizations Canada Support from Public Safety Canada Support from Provincial / Municipal Emergency Management Organizations Many Canadian organizations already using NFPA 1600

What does Harmonization mean? Substantially the same in Technical Content / Scope / Intent & Purpose Can vary in style / format / wording Can have Canadian deviations to reflect differences in: governmental / regulatory system & requirements Terminology & definitions used by Canadian Stakeholders Specific Canadian industry needs / requirements

Harmonization in Practice The practical implication of harmonization is that an emergency management or business continuity program developed to meet the requirements of one standard will also meet the requirements of the other standard. Therefore existing NFPA 1600-based programs should meet the CSA Z1600 standard. Currently the two standards are slightly out of step due to their approval timelines.

Using the NFPA 1600 Standard as the base for the Canadian Standard Key Objectives: Develop unique Canadian requirements where appropriate Involve relevant stakeholders from Public and Private sectors. Align with government / regulatory initiatives & policy direction Add value with additional guidance information and tools Develop and implement a strategy to promote the use and adoption of the Standard

Scope & Purpose of CSA Z1600 Establishes a common set of criteria for emergency management and business continuity programs Establishes the elements of a continuous improvement process to assess current programs or to develop, implement, and maintain a program that addresses the functions of prevention and mitigation, preparedness, response, and recovery The program may consider the functions of prevention and mitigation, preparedness, response and recovery independently or in combinations

Application The Standard will apply to both public and private sector programs. It is important to have a consistent / harmonized approach between public sector and private sector organizations. Key focus on the Private sector to provide resources and tools to assist and encourage compliance to the standard.

Contents Chapter 1: Chapter 2: Chapter 3: Chapter 4: Chapter 5: Chapter 6: Chapter 7: Chapter 8: Annex A: Annex B: Scope, Purpose and Application Referenced Publications Definitions Program Management Planning Implementation Exercises, Evaluations and Corrective Actions Management Review Explanatory Material Listing of Canadian EM/BC Organizations and resources

Emergency Management and Business Continuity CSA Z1600 8. Management Review 8.1 Periodic management review 8.2 Continuous Improvement 1. Scope 1.1 Scope 1.2 Purpose 1.5 Application 7. Exercises, Evaluations, and Corrective Actions 7.1 Periodic reviews, testing and exercises 7.2 Testing essential and interrelated elements 7.3 Post incident analysis and reports, lessons learned 7.4 Corrective action 6. Implementation 6.1 Prevention and Mitigation 6.2 Resource Management 6.3 Mutual Aid / Mutual Assistance 6.4 Emergency Response 6.5 Incident Management 6.6 Communications and Warning 6.7 Operational Procedures 6.8 Facilities 6.9 Training 6.10 Business Continuity 6.11 Recovery 2. Reference Publications 3. Definitions 4. Program Management 4.1 Leadership and Commitment 4.2 Program Coordinator 4.3 Advisory Committee 4.4 Program Administration 4.5 Laws and Authorities 4.6 Financial Management 5. Planning 5.1 Hazard Identification, Risk Assessment and Business Impact Analysis 5.2 Planning Process 5.3 Common Plan Requirements

Chapter 4 Program Management Leadership and Commitment Senior management shall provide leadership and assume overall responsibility, accountability and authority for the program (not in NFPA 1600) Program Coordinator Shall be appointed and authorized to... Develop Implement Administer Keep current the Program

Chapter 4 Program Management Advisory Committee The purpose of an Advisory Committee is to provide input or assistance to develop, implement, evaluate and improve the program. The Advisory Committee shall include the Program Coordinator and others who have the expertise, knowledge of the entity, and the capability to identify resources from all functional areas. Consideration should be given to include other stakeholders and community representation.

Chapter 4 Program Management Program Administration The entity shall have a document program that includes: A written Policy approved by the executive. Established program goals and objectives Established program plans and procedures A program budget A records management process to demonstrate conformity A review process for continuous improvement Laws and Authorities The program shall comply with applicable legislation, policies, regulatory requirements, and directives.

Chapter 4 Program Management Financial Management The entity shall develop financial and administrative procedures to support the program before, during, and after an emergency or a disaster. Procedures spelled out in the plan to ensure financial decisions expedited in accordance with authorization limits and fiscal policy Procedures shall include the following: Defined responsibilities for program finance authority Procurement procedures Accounting systems to track and document costs Management of funding from external sources

Chapter 5 Planning Hazard Identification, Risk Assessment and Business Impact Analysis Critical element to identify and monitor hazards that may have an impact on the entity. Hazards shall be evaluated for the following three areas: Natural hazards Human-caused Technological The Risk Assessment evaluates the likelihood of the hazard occurring, taking into account factors such as threat analysis, frequency, history, trends and probability.

Chapter 5 Planning Hazard Identification, Risk Assessment and Business Impact Analysis The results of the Business Impact Analysis (BIA) becomes the cornerstone in establishing the continuity and recovery processes for the entity. The BIA builds on the findings from the risk assessment by addressing what could happen should an event occur, and how it could affect the entity over time. The Standard provides additional explanatory information in the annex on conducting a BIA.

Planning Process Chapter 5 Planning The entity shall follow a planning process to develop and maintain its EM/BC program. The planning process shall result in integrated or single plan documents, or a combination thereof. Common Plan Requirements Plans shall have clearly stated objectives Plans shall identify functional roles and responsibilities Plans shall identify lines of authority Plans shall identify resource requirements Plans shall identify the process for managing communication and the flow of information, both internally and externally

Chapter 6 Implementation Prevention and Mitigation The entity shall develop and implement a strategy to reduce risk through prevention and mitigation activities. Prevention and mitigation activities frequently overlap and entities may consider these together. The Standard provides examples of both prevention strategies and mitigation strategies. The prevention and mitigation strategies shall be based on the information obtained from the hazard identification, risk assessment, and business impact analysis.

Chapter 6 Implementation Resource Management An assessment shall be conducted to identify the resource capability shortfalls and the steps necessary to overcome any shortfalls. A current inventory of internal and external resources shall be maintained. Donations of goods, services, personnel, and facilities, solicited and unsolicited, and the management thereof, shall be addressed.

Chapter 6 Implementation Mutual Aid / Mutual Assistance The term Mutual Aid / Mutual Assistance as used in the standard includes cooperative assistance agreements, service level agreements, intergovernmental compacts, or other terms commonly used for the sharing of resources. Mutual aid agreements between entities are an effective means to obtain resources and should be developed whenever possible. Incident Management The entity shall use an incident management system to direct, control, and coordinate response and recovery operations. The standard does not prescribe any one type of incident management system (e.g. ICS). There is reference to NFPA 1561 Standard on Emergency Services Incident Management System.

Chapter 6 Implementation Communications and Warning Expanded section and additional annex material to address the needs for telecommunication and other communication systems to support all elements of the program. The entity shall address interoperability of communication systems especially where multiple responding organizations are involved. Addresses emergency communication and warning systems and procedures to alert people impacted by an actual or impending emergency Public awareness and public education programs shall be implemented where the public is potentially impacted. The entity shall establish and maintain the capability to provide crisis communication during an incident. Information in the annex on establishing a Joint Information Centre to develop, coordinate and provide information on the incident to the public, media and other agencies.

Chapter 6 Implementation Operational Procedures The entity shall develop, coordinate, and implement procedures to support the program and execution of its plans. Procedures shall address: health and safety, incident stabilization, operational/business continuity, property conservation, and protection of the environment under the jurisdiction of the entity. Facilities The entity shall establish a primary and an alternate emergency operations centre (EOC) physical or virtual, capable of managing continuity, response, and recovery operations. Additional information in the annex on establishing the EOC

Chapter 6 Implementation Training Shall develop and implement a training/educational curriculum to support the program. The objective of the training shall be to create awareness and enhance the skills required to develop, implement, maintain, and execute the program. Frequency and scope of training shall be identified. Personnel shall be trained in the entity s incident management system. Training records shall be maintained.

Chapter 6 Implementation Business Continuity The entity shall develop and implement business continuity strategies to continue critical operations following an emergency The business continuity strategies shall be based on the business impact analysis (BIA) The business continuity plans shall be developed based on the business continuity strategies Additional information is provided in annex A.

Chapter 6 Implementation Recovery (not currently in NFPA 1600) The entity shall develop and implement a recovery strategy to support short-term and long-term priorities for recovery of functions, services, resources, facilities, programs, and infrastructure. The recovery strategy is based on the results of hazard identification and risk assessment, business impact analysis, program constraints, operational experience, and cost-benefit analysis. Recovery plans are developed based upon the recovery strategy.

Chapter 7 Exercises, Evaluations, and Corrective Actions The entity shall evaluate program plans, procedures, and capabilities through periodic reviews, testing and exercises. Exercises shall be designed to test individual essential elements, interrelated elements, or the entire plan(s). Additional evaluations shall be based on post - incident analysis and reports, lessons learned and performance evaluations. Procedures shall be established to take corrective action on any substantive deficiency identified.

Chapter 8 Management Review The entity shall conduct a periodic management review of the program based on the goals, objectives and evaluation of the program. Management shall assess opportunities to continuously Improve the program

Annex Material Provides additional explanation and guidance information Intent to add value with useful implementation tools / templates Provides a reference to Canadian EM/BCP organizations and informational resources Specific Canadian context added

Project Schedule Establish Technical Committee April June 2005 Organizing Meeting June 2005 Develop National Standard September 2005 May 2007 1 st TC Meeting September 19 & 20, 2005 2 nd TC Meeting December 2005 / January 2006 3 rd TC Meeting May/June 2006 4 th TC Meeting October 2006 5 th TC Meeting February 2007 6 th TC Meeting May 2007 Consensus Draft June 2007 Public Review - July September, 2007 6 th TC Meeting September 26-28, 2007 Technical / Quality Edit Letter Ballot March 2008 Publication Quality / Internal Reviews Publication June 2008

Implementation Strategy The objective of the Implementation strategy is to: Promote a broad base of public awareness of the CSA Z1600 Standard Communicate the benefits of using / adopting the standard Identify opportunities for development of associated stakeholder guidance / support materials and education and training services Identify and propose specific standards development opportunities to fill identified gaps under the new Z1600 framework standard Describe how the associated CSA Z731 Emergency Preparedness and Response standard and CSA Q850 standard will relate to the new Z1600

CSA: Expert. Agile. Engaged. Trusted. Expert on building consensus and creating standards Agile to anticipate and respond to pressing marketplace demand Engaged at the forefront of standards development & solutions in Canada Trusted and credible in the public arena

Thank you Questions?

Some current and related standards CSA Z731 Emergency Preparedness and Response CSA Q850 Risk Management Accident Investigation Privacy Health care Infection Control Protective Equipment Standards Selection, Use and Care of Respirators Riot Helmets and Faceshield protection Blunt Trauma Protective Equipment Eye and face Protectors High-Visibility Safety Apparel Protective Headwear Hearing Protection

Protection of First Responders Developing a new Standard to Protect First Responders from CBRN Events Funded by Department of National Defence - CRTI Working Jointly with the Canadian General Standards Board (CGSB) The Standard will specify requirements for protective equipment (clothing, respirators) used by First responders in CBRN events Scope expanded to include Hospital First Receivers The Standard will provide guidance on the selection, use, maintenance, capabilities of the protective equipment Address interface / interoperability issues There is strong support from Canadian First Responder Groups

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback