z1600 emergency and continuity management program ...z1600 emergency and continuity management...
TRANSCRIPT
Z1600 Emergency and Continuity
Management Program – Blueprint for
Success
John Yamniuk, MBCP, MBCI
Chair – CSA Z1600 Technical Committee
AEMA Annual Summit
December 5th & 6th, 2017
Is your organization prepared?
Will your organization survive? How do you know?
Things Happen! Help is available!
Management
Continuity
EmergencyM
itigation
Prevention
Re
sp
on
se
Recovery
Preparedness
Disaster
Communication StakeholdersExercise
TestStandard
Legislation
Program
Leadership
Policy
Crisis
Impact Analysis
Incident
Infrastructure
Risk
Mutual Aid
Objectives
Situation Analysis
Team
CoordinationRecords
Controls
Shelter
Evacuation
DR
P
Lockdown
Drill
Wal
kthro
ugh
Planning
Strategic
IntegrationCoordinator
ImplementationTraining
Awareness
Ed
uc
atio
n
Continual Improvement
Assessment
Op
era
tio
nal P
roced
ure
s
Human caused
Natural
TechnologicalEvaluation
Audit
Review
Pro
cess
Service
Tools
Identification
Harmonized
Organization
Critical
CanadianProtection
Supply chainResources
Goals
change
maintenance
metrics
measures
Technical committee
decisions
compliance
goals
strategies
restoration
IMS
CSA Z1600
What is Z1600 about?
3
• Key areas:
– emergency management (life safety)
– continuity management (survival of the
organization)
• Applicable across all sectors
and organizations
• Auditable
Agenda
• Agenda:
– About CSA
– CSA’s work in emergency/continuity management
– Standards development process
– CSA Z-1600 content and application
– Takeaways
– Closure/Questions
4
Objectives
• Provide information related to standards development in
Canada
• Provide overview of CSA Z-1600-17 Standard revisions and
update
• Provide takeaways for usage/implementation of CSA Z-1600
5
About CSA
7
54Areas of technology
3,000Standards and
codes
7,500 Expert
committee
members
Canadian Standards Association – a division of CSA Group
CSA Group - Standards
Who we are…
CSA Standards is a private, not-for-profit organization that develops rules and guidelines to help people and business in areas such as health, safety and the environment.
What we do…Make standards come to life
to help implement
best practices
to help set rules
to help apply standards
to help understand
standards
to help certify consistent skill sets
Handbooks
Smart CD
Mobile Publications
Seminars
eLearning Courses
Customized Training
Standards and the Law
• Standards are voluntary
– unless adopted or referenced in legislation
• General duty clause may imply
compliance with standards
• Many areas of law already addressing
OHS in the workplace
• Mandatory and informative clauses in
standards
10
Standards vs. Law
Why do Organizations Adopt Standards?
• Developed by independent, third party organizations, using balanced
consensus based approaches.
• Best practice as defined by the experts in the subject area.
• Adopting and referencing standards in regulation is fiscally responsible (i.e.
less expensive, increased flexibility).
• Harmonization internationally in a global market.
• Voluntary standards are able to address risk management objectives without
adding to administrative burden to organizations.
• Competitive advantage
• Contractual/legislation/audit requirements
• Stakeholder expectations
National Standards Systems
What is a Standard?
Stipulates (minimum) requirements for the use, safety and/or performance or design of products, processes and services.
12
Standards Development Process
The Committee Players
14
1. Committee Chair
2. Project Manager/
Committee Secretary
3. Voting & Non-voting
Committee Members
4. Observers/Guests
General Interest
Producer Interest
Regulatory Authority
User Interest
Committee – Balanced Matrix
• Total membership of the Committee maintained in terms of categories, not affiliations. Typical interest categories include:
15
Committee - Definition of Consensus
“Consensus - Substantial agreement. .. more than a
simple majority, but not necessarily unanimity.”
16
Standards Development Process
REQUEST / EVALUATION /
AUTHORIZATION
ASSIGNTO
COMMITTEE
NOTICE OF
INTENT
MEETINGS / DRAFT
PUBLIC REVIEW
TC REACHES CONSENSUS
PRE-APPROVAL EDIT
TECHNICAL CONTENT APPROVAL
PROCEDURAL APPROVAL
FINAL EDIT / PUBLICATION
DISSEMINATION MAINTENANCE
New standard, revise existing/new edition, amendment,
formal interpretations, withdrawals, reaffirmations
CSA Z-1600 Standard
Driving Factors for the Z1600 Standard
• History of disasters, their impacts
and implications
• Increasing frequency
• Scale of vulnerability
• Industry need for information and
guidance around EM/BC
• Gaps in existing standards
• Ability to leverage existing
expertise
19
CSA Z1600 Standard
• 1st edition developed in conjunction with Public Safety Canada and other stakeholders
• Based on the NFPA 1600 Standard (harmonization)
• First Canadian standard to include emergency management and business continuity planning for public and private organizations of all sizes.
20
Content of Z1600-17
21
1. Scope
2. Reference Publications
3. Definitions
4. Program Management
5. Planning
6. Implementation
7. Program Evaluation
8. Management Review
Normative requirements are specified in the main body of the Standard.
These are requirements that an organization needs to meet in order to
demonstrate conformance with this Standard.
Management System Approach
Plan – Do – Check – Act
22
This standard provides the requirements to:
• develop
• implement
• evaluate
• maintain, and
• continuously improve
an emergency and continuity management program for prevention and mitigation, preparedness, response, and recovery.
Z1600 Emergency and Continuity Management
Format
• Normative requirements are specified in the main body of
the Standard.
– These are requirements that an organization needs to meet in
order to demonstrate conformance with this Standard.
• Annexes provides informative guidance material that is
intended to assist users in complying with the Standard.
– Includes both the normative requirements (in text boxes) and the
corresponding guidance information is given below the text boxes
to which it applies.
Clause 1.4 - Terminology
25
• Wording in CSA standards:
– “Shall” is used to express a requirement that must be met to conform to the
standard
– “Should” is used to express a recommendation, which is “advised, but not
required.”
– “May” is used to express an option
– “Can” is used to express a possibility or capability
– Notes with clauses are explanatory, but not requirements
– Notes with tables and figures are part of the table or figure and they are
considered requirements
– Legends to equations and figures are considered requirements
Z1600-17 - Annexes
26
▪ A (informative) – Commentary
Includes both the normative requirements (in text boxes) and the corresponding guidance information is given below the text boxes to which it applies.
▪ B (informative) - Conformity Assessment Tool
Evidence of conformity, corrective actions, task assignments, or other relevant information can be included in the comments column.
▪ C (informative) – Comparison of CSA Z1600-2017 & Other StandardsCompares CSA Z-1600 with the following:
• NFPA 1600-16• ISO 22301:2012• DRI Professional Practices – 2016• BCI Good Practice Guidelines
Scope of CSA Z1600
• Establishes a common set of criteria for Emergency and Continuity
Management Programs
• Provides the requirements to:
– Develop
– Implement
– Evaluate
– Maintain
– Evaluate, and Continuously Improve
• Emergency and continuity management program functions of:
– Prevention and Mitigation
– Preparedness
– Response
– Recovery
• Voluntary standard that applies to both public and private sector programs
– Important to have a consistent, harmonized approach
Developing a New Edition of Z1600
Document Review
• Z1600 – 08 & 14
• NFPA 1600 – 2013 & 2016
• ISO TC 223/292 – Societal Security Standards (Business Continuity Management Systems – Requirements, Terminology, Emergency Management – Incident Response)
• N-1600/Z246.2/Z731
• Standards from other countries (e.g. BSI)
• Documents from EM & BCP Organizations/Associations
• Federal/Provincial/Territorial Government Regulations and Publications
• Industry Sector Documents/Best Practices
• Survey data/Working group activity
• Engagement of Subject Matter Experts/Practitioners
28
• New definitions and terms
• Risk based decision making – guide priority setting for EM/CM
– Includes factors to consider for quantifying/qualifying risk
• Change Management – human, social, economic, cultural, political
• Changes to numerous sections – reflect progression in industry;
alignment with other standards, more in depth content
• Added new Annex and content in Annex A
Key Changes for 2017 Version
People have said:
"CSA Z1600 is a very comprehensive standard that provides both the public and private sector with a framework to create an Emergency Continuity Management Program. It also establishes the criteria to evaluate an emergency program.“
Stephen Horsman, Minister of Public Safety,
Government of New Brunswick
People have said:
“The CSA Z1600 is an invaluable tool for both planning and evaluating emergency management and business continuity programs. We work with a broad sector of companies and public sector entities that require a reference point for their planning efforts. Z1600 aligns well with the federal government Treasury Board standard and has become recognized as the foundational reference for our private sector clients. We can use specific elements of the Z1600 or the entire standard as the launch point for a new program development. As a program evaluation tool, the Z1600 has proven to be of exceptional value in creating audit or program review plans.”
Brian Miller, President
Vanguard EMC Inc.
Ottawa, Ontario
Why is CSA Z1600 important?
• A resource to help develop, implement,
evaluate, maintain, and continually improve
an Emergency and Continuity Management
Program addressing prevention and
mitigation, preparedness, response, and
recovery
• Comprehensive/integrated approach
• Reflects the convergence seen over the past
number of years of public and private sector
planning efforts
Emergency and continuity management program
Z1600-17
Why is Z1600 important?
• Designed around the management system/continuous
improvement model
• It is a benchmark/yardstick against which a program may
be evaluated if it fails to perform as expected
• It reflects the continuing evolution of emergency and
continuity management
Why is Z1600 important?
• Incorporates best practices from multiple sources
• Underscores the importance of risk based decision
making
• Includes change management – tool to move towards
increased resiliency
• Normative (clauses to indicate conformance) and
informative (guidance material) information included
• Includes conformity assessment tool
Why is Z1600 important?
• Best of all:
• It’s Canadian! Eh!!
Going forward….
• Review/update terms of reference/project charter for the Z-1600 Technical Committee
• Establish key objectives/deliverables for the Z-1600 Technical Committee
• Establish schedule for next revision of Z1600
• Engagement process in progress – stronger usage and application of Z1600
• Review and confirm membership for the Technical Committee
• Introduce supporting documentation/standards related to Z1600 –i.e. Exercise/Test Standard
Questions
Thank you
John Yamniuk, MBCP, MBCI
Chair, Z1600 Technical Committee
403-512-5738
Ron Meyers, Project Manager
CSA Group
416-747-2496
Thank You!