Focuses on disaster recovery planning, training, and testing of federal IT systems.
Disaster Recovery in the Private Sector
October 19, 2009 at 11:48 am #83255
DHS press release
Release Date: October 15, 2009
For Immediate Release
Department of Homeland Security (DHS) Secretary Janet Napolitano today announced new proposed standards for a 9/11 Commission-recommended program for the private sector to improve preparedness for disasters and emergencies.
"Preparedness is a shared responsibility and everyone—including businesses, universities and non-profit organizations—has a role to play," said Secretary Napolitano. "Ensuring our private sector partners have the information and training they need to respond to disasters will strengthen our efforts to build a culture of preparedness nationwide."
DHS published a notice in the Federal Register today seeking public comment on three new standards identified for adoption under the Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep). PS-Prep is a partnership between DHS and the private sector that enables private entities—including businesses, non-profit organizations and universities—to receive emergency preparedness certification from a DHS accreditation system created in coordination with the private sector.
The notice proposes new PS-Prep standards to enhance operational resilience, business continuity management, and disaster and emergency management among participating private sector partners.
The proposed standards, developed by the National Fire Protection Association, the British Standards Institution and the ASIS International, were selected based on their scalability, balance of interest and relevance to PS-Prep from a group of 25 standards proposed for consideration following the publication of a Federal Register notice in December 2008 announcing the program.
In addition to the standards in the notice posted today, DHS is establishing classifications and methods of certifications that recognize the unique needs and characteristics of small businesses.
Individuals wishing to submit comments on the proposed standards, recommend additional standards for consideration or comment on other programmatic aspects of PS-Prep may obtain a comment form and instructions for submission online at http://www.regulations.gov, in Docket ID: FEMA-2008-0017. DHS requests comments by Nov. 15, though it will accept submissions at any time thereafter.
For more information, visit http://www.fema.gov/privatesectorpreparedness/.
October 19, 2009 at 11:52 am #83257
News Story from Nextgov.com
DHS proposes standards for private sector disaster preparation
By Jill R. Aitoro 10/15/2009
The Homeland Security Department proposed standards on Thursday to guide companies and utilities in preparing for disasters or emergencies, but some groups criticized the model as a one-size-fits-all approach that will not work and charged the federal government had overstepped its bounds by dictating how businesses should manage their affairs.
DHS today proposed three standards that private organizations should follow to certify that they have developed a management plan to respond to disasters and emergencies, including how they plan to continue operations. The standards, which are part of the Voluntary Private Sector Preparedness Accreditation and Certification Program, or PS Prep, outline the roles and responsibilities companies should follow during a disaster, requirements for training employees, how to communicate, information technology requirements and other areas. PS-Prep was mandated under the 2007 9/11 Commission Recommendations Act.
But the guidance met sharp criticism from the private sector. "This allegedly voluntary program assumes one size fits all," said Bob Dix, vice president of government affairs and critical infrastructure protection at Juniper Networks. "It doesn't. The way we manage risk in our respective business environments is different and across industry sectors is different. This is a cure chasing a problem, and the assumption that government knows better how to ensure continuity of operations and disaster response than the businesses themselves is ludicrous."
DHS published a notice in the Federal Register about the proposed standards, which the American Society for Industrial Security, the British Standards Institution and the National Fire Protection Association established and use.
The first standard encourages organizations to establish a policy and objective to manage risks and deploy risk management controls. The second standard specifies requirements for creating and operating a process that ensures operations are maintained during an emergency situation. The third standard provides criteria to develop and assess programs for response to and recovery from emergencies.
DHS requested comment on the standards by Nov. 15.
"This program can help us get to the bottom of the following question that has gone too long unanswered: How much should I invest and where should I invest to meet my responsibilities to my shareholders, my local community and my country?" said Bob Stephan, managing director of government affairs strategy and management firm Dutko Worldwide and former assistant secretary for infrastructure protection at DHS. "In the absence of such a program, determining preparedness baselines, performance achieved and gaps is an open-ended undertaking."
DHS spokesperson Sara Kuban said the threat of the H1N1 flu virus is an example of why established standards for emergency preparedness are necessary. She said no organization is required to comply with the standards.
Jim Lewis, director of the technology and public policy program at the Center for Strategic and International Studies, doesn't expect the standards to affect businesses and other organizations significantly. "Why do we as a country care? Critical infrastructure companies are one thing, but all companies in the U.S. are another," he said. "It's another check-the-box exercise that most will ignore."
Dix worries about the long-term effect of the standards, which he said could result in acquisition reform that would require industry to meet federal specifications to do business with federal agencies. "I believe government intends to use this certification and accreditation process as an acquisition requirement," he said. "So we have a flawed process to start with," which could potentially drive purchasing decisions in the federal government.
"Congress handed this to DHS, and told them to do this," said Ann Beauchesne, vice president of the U.S. Chamber of Commerce's national security and emergency preparedness department. "Everyone I have spoken to insists this is a voluntary program. They have no desire to make this a regulation."
Dutko Worldwide's Stephan argued the program could help, not hurt, industry's business opportunities with federal agencies. "Many argue that this represents a first step in a future regulatory process," he said. "In fact, voluntary adherence to a set of standards officially recognized by DHS could offer potential liability relief [for industry], help target industry resource investments and initiatives, and -- if Congress is supportive -- drive other positive incentives such as tax relief."
© 2009 BY NATIONAL JOURNAL GROUP, INC
You must be logged in to reply to this topic.