H.R. 1 contains important business-continuity stipulations
H.R. 1, the “Implementing Recommendations of the 9/11 Commission Act of 2007” which President Bush has signed into law has an important section on private sector preparedness
Few may have noticed that H.R. 1, the “Implementing Recommendations of the 9/11 Commission Act of 2007” which President Bush has signed into law (now it is Public Law No. 110-53), contains important business continuity stipulations. Included within the twenty-three titles of the act is a section on private sector preparedness which will result in the development of a “Voluntary private sector preparedness accreditation and certification program,” and which may pave the way for the development of new guidance on business continuity and disaster recovery or the formal acceptance of existing standards, such as NFPA 1600 (which is specifically mentioned in the law as being an example of an existing business continuity and disaster recovery voluntary guidance document). The act states that within 210 days after the date of enactment the following must have taken place:
A designated officer must
* Begin supporting the development and updating, as necessary, of voluntary preparedness standards through appropriate organizations that coordinate or facilitate the development and use of voluntary consensus standards and voluntary consensus standards development organizations
* In consultation with representatives of appropriate organizations that coordinate or facilitate the development and use of voluntary consensus standards, appropriate voluntary consensus standards development organizations, each private sector advisory council created under section 102(f)(4) [of the Act], appropriate representatives of State and local governments, including emergency management officials, and appropriate private sector advisory groups, such as sector coordinating councils and information sharing and analysis centers:
(i) Develop and promote a program to certify the preparedness of private sector entities that voluntarily choose to seek certification under the program, and
(ii) Implement the program under this subsection through any entity with which the designated officer enters into an agreement under paragraph (3)(A), which shall accredit third parties to carry out the certification process under this section
The act also states that:
“Consistent with their responsibilities and authorities under law … the Administrator and the Assistant Secretary for Infrastructure Protection, in consultation with the private sector, may develop guidance or recommendations and identify best practices to assist or foster action by the private sector in”:
(1) Identifying potential hazards and assessing risks and impacts
(2) Mitigating the impact of a wide variety of hazards, including weapons of mass destruction
3) Managing necessary emergency preparedness and response resources;
4) Developing mutual aid agreements
(5) Developing and maintaining emergency preparedness and response plans, and associated operational procedures
6) Developing and conducting training and exercises to support and evaluate emergency preparedness and response plans and operational procedures
(7) Developing and conducting training programs for security guards to implement emergency preparedness and response plans and operations procedures
(8) Developing procedures to respond to requests for information from the media or the public
