On November 17, 2009, a group of contributing editors of www.continuitycompliance.org had a chance to sit in on the 1st scheduled Outreach Meeting of the PS-Prep Program. We would like to share our observations with our business continuity and compliance community.
On the panel for the meeting were senior employees of both FEMA and the DHS. Don Grant, Director of Incident Management Systems, Integration Division, FEMA kicked off the session with a brief presentation on what PS-Prep is, its requirements and challenges, and a brief history of the program. The floor was then opened for questions — which the panel sought to keep aligned with and focused on the seven (7) questions as documented in the recent Federal Register notice (Section VII of Federal Register Notice Dated 10-09-09).
In attendance were approximately 50 people from the Chicago area. Those individuals were representative of Private Companies and Financial Institutions, as well as “Not-for-Profit” firms, utilities and consultants. The Association of Continuity Planners – Northern Illinois had a number of officers and members present in the room.
As the afternoon progressed, a few central themes emerged:
1. Additional training and educational programs need to be developed and provided for the Standards themselves plus information regarding the entire PS-Prep Program as a whole, and finally, if a company decides to pursue certification — then, an explanation of that certification process is required.
2. Where certification is chosen by a small business, a question of economic burden and resource capability was discussed and left as an ongoing concern for the Program.
3. A discussion about incorporating a Maturity Model into the certification process was also presented. However, this suggestion was not largely supported by the audience in general. Specifically, Dan Dec, from Fusion Risk Management, Inc., presented the position that a Maturity Model is an excellent tool for an organization to use internally to map out an organizational approach to creating a Business Continuity Plan – i.e. to understand where corporate funds and research should be allocated to further that program along effectively and efficiently. However, Mr. Dec did not feel that the Maturity Model should necessarily be used in the certification process. And, the reason for that opinion was that depending upon how the Maturity Model was structured, it was possible that achievement of the highest level of maturity could become cost prohibitive for any but the largest companies. This was a concern because in that situation it would give the largest companies an advantage in the supply chain over their smaller competitors.
The final theme to emerge was that DHS and FEMA want to encourage everyone to formally comment in the Federal Register on their thoughts regarding the PS-Prep Program. Specifically, DHS and FEMA are looking for answers to the seven (7) questions referenced above. The comment period has been extended to January 15, 2010. The notice regarding that extension can be found by clicking here.
We at ContinuityCompliance.org support the request by DHS and FEMA to provide those comments, and, we also encourage attendance at any of the remaining scheduled Outreach Meetings.