Ron Meyers CSA Z1600 Project Manager Z1600 Emergency and Continuity Management Program – Blueprint for Success Ron Meyers CSA Z1600 Project Manager Thank you for the opportunity to speak with you re the Z1600 standard – including highlights of the current revision, scheduled for release in 2016.
Agenda About CSA CSA’s work in emergency management Standards development process CSA Z-1600 content and application Current revision to CSA Z1600 Closure
Objectives Provide information related to standards development in Canada Provide overview of CSA Z-1600-16 Standard An Emergency Management Framework for Canada 2nd Edition – includes the four interdependent components of prevention & mitigation, preparedness, response and recovery. This document focusses on the EM side – I am going to suggest that the CM component needs to also be included. CSA Z1600 provides a tool for organizations or individuals to use to develop and or assess their EM/CM programs to determine if all components are in place and to what level. PSC National Strategy and 2014-2017 Action Plan for CI and increasing resilience lists only two components of the Framework – prevention and preparedness – why not the others? Security is also a key focus – what about the strategy, planning, design, build, and maintenance of the various CI? CSA Z1600 is a tool that can be used for this purpose – it is a multi-purpose tool (including auditability) for practitioners and academics in the EM and CM industry in public and private sectors.
About CSA
CSA Group - Standards Canadian Standards Association – a division of CSA Group 54 Areas of technology 3,000 Standards and codes 7,500 Expert committee members
Who we are… CSA Standards is a private, not-for-profit organization that develops rules and guidelines to help people and business in areas such as health, safety and the environment. CSA Standards is an independent, not-for-profit membership-based association serving business, industry, government and consumers. We are not part of government. We work in Canada and around the world to develop standards that address the needs of people and business, such as … Enhancing public health and safety Advancing the quality of life Helping to preserve the environment And facilitating trade. Let’s take a closer look at what we do … Key Messages: CSA is an independent not-for-profit organization. We develop standards that address the needs of people and business. Sidebar: We derive revenue from three sources – memberships, sale of products & services, funding.
What we do… Make standards come to life to help certify consistent skill sets to help implement best practices to help set rules Seminars eLearning Courses Customized Training Handbooks Smart CD Mobile Publications to help understand standards to help apply standards [talk briefly to each jigsaw piece as you build the complete puzzle] We develop standards and codes that contain rules and guidelines. But, we also want to ensure that our standards are being used … So, we offer numerous products and services to help people understand and apply our standards … We call these our standards-based solutions That’s a quick overview … let’s take a closer look at each … Key messages: We develop standards and guidelines that help set rules. We want to ensure or standards are being used. We offer numerous products and services to help people understand and apply standards.
Standards and the Law Standards vs. Law Standards are voluntary unless adopted or referenced in legislation General duty clause may imply compliance with standards Many areas of law already addressing OHS in the workplace Mandatory and informative clauses in standards Standards and the Law CSA Z-1600 is a voluntary standard – New Brunswick has purchased the standard for each municipality in the province and has official endorsement from the Minister of Public Safety; they are referencing the standard in their overall program design (announced on 2015-10-13). British Columbia has referenced CSA Z1600 as part of their BCEMS. Always give reminder that standards are not law. Re general duty clause – e.g. if it is industry practice, makes good sense, or precedent has been set in court or adjudication. Concern expressed from some stakeholders during Public Review that the PHS standard could be referenced in legislation or that regulators could attempt to enforce it – great care taken to specify voluntary intent Mandatory clauses included with intent that these requirements must be in place to make a measurable difference – recall the statistics – this is a serious issue and needs to be addressed with clear focus
Why do Organizations Adopt Standards? Developed by independent, third party organizations, using balanced consensus based approaches. Best practice as defined by the experts in the subject area. Adopting and referencing standards in regulation is fiscally responsible (i.e. less expensive, increased flexibility). Harmonization internationally in a global market. Voluntary standards are able to address risk management objectives without adding to administrative burden to organizations. Competitive advantage Contractual/legislation/audit requirements Stakeholder expectations
National Standards Systems What is a Standard? Stipulates (minimum) requirements for the use, safety and/or performance or design of products, processes and services.
Standards Development Process
Key elements of the CSA Consensus Process National approach Multi-stakeholder participation – volunteer experts develop the standard – CSA staff facilitate the process Consensus-based decision-making - no one interest can dominate Open/Transparency – public notice and public review Training for members and Chairs Responsive - ongoing review at least every 5 years Sustainable – CSA maintains the standards Harmonization – to meet stakeholder needs Recognized Accredited process – SCC audits Due Diligence/Rigour – document control, quality review
Issues, working groups formed by TCs, TSCs Committee Hierarchy Task Groups Issues, working groups formed by TCs, TSCs
Committee Participation Any individual who has technical expertise or interest, and is able to actively participate in committee activities shall be eligible for appointment. Not restricted to Canadians. Relevant stakeholder groups will be represented in the matrix. Committee size is determined so that all necessary interests are represented in a balanced fashion, yet effective functioning is possible.
The Committee Players Committee Chair Project Manager/ Committee Secretary Voting & Non-voting Committee Members Observers/Guests
Committee – Balanced Matrix Total membership of the Committee maintained in terms of categories, not affiliations. Typical interest categories include: General Interest Producer Interest Regulatory Authority User Interest
Committee - Definition of Consensus “Consensus - Substantial agreement. .. more than a simple majority, but not necessarily unanimity.”
Standards Development Process REQUEST / EVALUATION / AUTHORIZATION ASSIGN TO COMMITTEE NOTICE OF INTENT MEETINGS / DRAFT PUBLIC REVIEW TC REACHES CONSENSUS PRE-APPROVAL EDIT TECHNICAL CONTENT APPROVAL PROCEDURAL APPROVAL FINAL EDIT / PUBLICATION DISSEMINATION MAINTENANCE New standard, revise existing/new edition, amendment, formal interpretations, withdrawals, reaffirmations When developing consensus-based documents, the standards development process under which CSA Group operates is rigorous and formally documented and controlled. This process includes the following distinct stages: Preliminary Stage: On receipt of a request for the development of a standard, an evaluation is conducted and the project is submitted for authorization. Proposal Stage: Public notice of intent to proceed is published and a Technical Committee is formed - or the project is assigned to an existing Technical Committee. Preparatory Stage: A working draft is prepared and a project schedule is established. Committee Stage: The Technical Committee or Technical Subcommittee - facilitated by CSA staff - develops the draft through an iterative process that typically involves a number of committee meetings. Enquiry Stage: The draft is offered to the public for review and comment, the Technical Committee reaches consensus, CSA staff conduct a quality review and a pre-approval edit is completed. Approval Stage: The Technical Committee approves the technical content by letter ballot or recorded vote. A second level review verifies that standards development procedures were followed. Publication Stage: CSA staff conduct a final edit to verify conformity with the applicable editorial and procedural requirements and then publishes and disseminates the standard. Maintenance Stage: The standard is maintained with the objective of keeping it up to date and technically valid. This may include the publication of amendments, the interpretation of a standard or clause, and the systematic (five-year) review of all standards.
CSA Z-1600 Standard
Driving Factors for the Z1600 Standard History of disasters, their impacts and implications Increasing frequency Scale of vulnerability Industry need for information and guidance around EM/BC Gaps in existing standards Ability to leverage existing expertise These were some of the major drivers behind the need for a standard/why the standard was developed. ALL these factors drove the commitment to, and investment in, the Z1600 standard.
CSA Z1600 Standard 1st edition developed in conjunction with Public Safety Canada and other stakeholders Based on the NFPA 1600 Standard (harmonization) First Canadian standard to include emergency management and business continuity planning for public and private organizations of all sizes. NOTES: The other stakeholders included: first responders, private sector and non-governmental organizations, emergency management and business continuity specialists, and all levels of government. NFPA 1600 Working towards harmonization of the standards to ensure consistency on a North American basis NFPA used the revised framework created by the Canadian community for the next development cycle of their standard. AND BUSINESS CONTINUITY Business continuity needs are addressed at a high level in the CSA Z1600 standards and issues around continuity of operations and services will be further developed in next standard version (2011).
What is Z1600 about? Prevention to keep an emergency from occurring. Development of plans to respond to what occurs; to mitigate to the impact of what can not be prevented; to resume essential operations quickly. Exercise and test the plan. Conduct post-incident analyses. Evaluate the program. Take corrective action to address gaps or deficiencies. Continual Improvement
Why Harmonize with NFPA 1600? NFPA 1600 is a program-based standard Integrates emergency and continuity management Provides for a common language NFPA standards already widely accepted in Canada Strong Canadian representation on NFPA 1600 Harmonized approach will facilitate acceptance NFPA 1600 has become hemispheric standard
Consistent with National Guidelines An Emergency Management Framework for Canada, Second Edition An overview of the principles and general policy concepts of emergency management in a Canadian context agreed on by the federal, provincial, and territorial ministers responsible for emergency management. NFPA 1600, Standard on Disaster/Emergency Management and Business Continuity Programs, 2013 Edition The US Standard on Disaster/Emergency Management and Business Continuity Programs The Public Safety Canada National Strategy for Critical Infrastructure and the 2014-2017 Action Plan for Critical Infrastructure also include reference to standards – in the Action Plan – strategic objective 2.3 – Implement an All-Hazards Risk Management Approach, includes the following: “Promote the adoption of existing standards and determine whether additional standards are needed to improve critical infrastructure resilience.” The 2016 version of Z1600 remains consistent with the above, as well as ongoing Canadian participation in the field of EM/CM related standards under the umbrella of the International Organization for Standardization (ISO) including the former ISO/TC 223 – Societal Security now renamed ISO/TC 292 – Security and resilience. ISO 31000 (RM), 22301 (BCM), and other standards have also been used in this revision
CSA Z1600 Standard Comprehensive/integrated approach All Hazards - Risk Based Decision Making Provides the BENCHMARK to assess existing and develop new programs Reflects the convergence seen over the past number of years of public and private sector planning efforts Designed around the management system/continuous improvement model
Content of Z1600-16 Normative requirements are specified in the main body of the Standard. These are requirements that an organization needs to meet in order to demonstrate conformance with this Standard. Scope Reference Publications Definitions Program Management Planning Implementation Program Evaluation Management Review No change to the Table of Contents. The main changes to the Standard are in the Planning, Implementation and Evaluation sections. Scope Reference Publications – some key resources Definitions – new definitions added – DRP, Shelter, Shelter in Place, Lockdown, Evacuation, Change Management Program Management – Leadership and Administration, Compliance, Financial Management, Resources Planning – Planning Process, Common Plan Requirements, Risk Assessment, Impact Analysis, Strategies Implementation – Operational level prevention, mitigation, preparedness, response, business continuity, recovery Program Evaluation – evaluation, exercises and tests, audit & review, corrective action Management Review – senior management review and continual improvement
Management System Approach Plan – Do – Check – Act 1.2 This standard provides the requirements to: develop implement evaluate maintain, and continuously improve an emergency and continuity management program for prevention and mitigation, preparedness, response, and recovery. Purpose Statement revised CSA Z1600-16 This edition continues to provide requirements for a continual improvement process to develop, implement, evaluate, maintain, and improve an emergency and continuity management program that addresses the components of prevention and mitigation, preparedness, response, and recovery. This standard is consistent with “An Emergency Management Framework for Canada” This standard grew out of the strong commitment of both the CSA Group and the NFPA to work collaboratively to promote awareness, knowledge, and application of Standards and industry best practices in the community and the workplace. This edition also reflects Canada's ongoing participation in the field of emergency and continuity management-related standards under the umbrella of the International Organization for Standardization (ISO) including the former ISO/TC 223 – Societal Security now renamed ISO/TC292 – Security and resilience.
Z1600 Emergency and Continuity Management
Format Normative requirements are specified in the main body of the Standard. These are requirements that an organization needs to meet in order to demonstrate conformance with this Standard. Annexes provides informative guidance material that is intended to assist users in complying with the Standard. Includes both the normative requirements (in text boxes) and the corresponding guidance information is given below the text boxes to which it applies.
Clause 1.4 - Terminology Wording in CSA standards: “Shall” is used to express a requirement that must be met to conform to the standard “Should” is used to express a recommendation, which is “advised, but not required.” “May” is used to express an option “Can” is used to express a possibility or capability Notes with clauses are explanatory, but not requirements Notes with tables and figures are part of the table or figure and they are considered requirements Legends to equations and figures are considered requirements
Z1600-14 - Annexes A (informative) – Commentary Includes both the normative requirements (in text boxes) and the corresponding guidance information is given below the text boxes to which it applies. B (informative) - Conformity Assessment Tool Simple 5 column table for self-assessment tool. Used to indicate: Conformity, Partial conformity, or Nonconformity Evidence of conformity, corrective actions, task assignments, or other relevant information can be included in the comments column.
Scope of CSA Z1600 Establishes a common set of criteria for Emergency and Continuity Management Programs Provides the requirements to: Develop Implement Evaluate Maintain Evaluate and Continuously Improve Emergency and continuity management program functions of: Prevention and Mitigation Preparedness Response Recovery Voluntary standard that applies to both public and private sector programs Important to have a consistent, harmonized approach
Developing a New Edition of Z1600 Document Review Z1600 – 08 & 14 NFPA 1600 – 2013 ISO TC 223/292 – Societal Security Standards (Business continuity management systems – Requirements, Terminology, Emergency management – Incident response) N-1600/Z246.2/Z731 Standards from other countries (e.g. BSI) Documents from EM & BCP Organizations/Associations Federal/Provincial/Territorial Government Regulations and Publications Industry Sector Documents/Best Practices Survey data/Working group activity
Key Changes for 2016 Version New definitions and terms Risk based decision making – guide priority setting for EM/CM Change Management – human, social, economic, cultural, political Changes to numerous sections – reflect progression in industry; alignment with other standards, more in depth content Added annex materials Will use the example of protest re Shelter, SIP, Lockdown, etc. to illustrate need to add to standard – also discussion re DRP New definitions – shelter in place, shelter, lockdown, evacuation, Change management, Disaster Recovery Planning Change management - this latest addition introduces the concept of change management as a key tool in continuing to move organizations towards the objective of resilience; a broader concept that considers - in addition to the traditional aspects of people, property and the environment - the human, social, economic, cultural and political aspects of society. There were a number of sections completely rewritten to reflect progression in the industry, alignment with other standards and more depth in content, such as Risk Assessment, Impact Analysis, Incident Management System, Communications, Exercises and Tests, and Senior Management review. Some of the Annex sections were also enhanced to assist with understanding how to apply the standard. Annex material added to assist with understanding how to apply the standard
CSA Z1600 Public Review http://publicreview.csa.ca/Home/Details/1974 Public review is now open – closing date is 2016-06-15 All CSA Public Review drafts are reviewed on-line The draft revision cannot be downloaded from the site All comments from the public must be posted on-line using the link below: http://publicreview.csa.ca/Home/Details/1974
Why is Z1600 important? It is a resource to help develop, implement and continually improve the quality of an Emergency and Continuity Management Program It is a yardstick against which a program may be evaluated if it fails to perform as expected It reflects the continuing evolution of emergency and continuity management over the past several years Disasters are never simple occurrences, nor are they brought about by a single most-visible agent. Improved understanding of ‘hidden’ components – including the making of vulnerability and resilience - and how their interplay contributes to these complex events would enable a better design and implementation of the various tasks of emergency management.” CSA Z1600 is a tool that can be used for this purpose – it is a multi-purpose tool (including auditability) for practitioners and academics in the EM and CM industry in public and private sectors.
Ron Meyers, Project Manager Thank you Ron Meyers, Project Manager CSA Group ron.meyers@csagroup.org 416-747-2496