Z1600 Emergency and Continuity

Management Program – Blueprint for

Success

John Yamniuk, MBCP, MBCI

Chair – CSA Z1600 Technical Committee

AEMA Annual Summit

December 5th & 6th, 2017

Is your organization prepared?

Will your organization survive? How do you know?

Things Happen! Help is available!

Management

Continuity

EmergencyM

itigation

Prevention

Re

sp

on

se

Recovery

Preparedness

Disaster

Communication StakeholdersExercise

TestStandard

Legislation

Program

Leadership

Policy

Crisis

Impact Analysis

Incident

Infrastructure

Risk

Mutual Aid

Objectives

Situation Analysis

Team

CoordinationRecords

Controls

Shelter

Evacuation

DR

P

Lockdown

Drill

Wal

kthro

ugh

Planning

Strategic

IntegrationCoordinator

ImplementationTraining

Awareness

Ed

uc

atio

n

Continual Improvement

Assessment

Op

era

tio

nal P

roced

ure

s

Human caused

Natural

TechnologicalEvaluation

Audit

Review

Pro

cess

Service

Tools

Identification

Harmonized

Organization

Critical

CanadianProtection

Supply chainResources

Goals

change

maintenance

metrics

measures

Technical committee

decisions

compliance

goals

strategies

restoration

IMS

CSA Z1600

What is Z1600 about?

3

• Key areas:

– emergency management (life safety)

– continuity management (survival of the

organization)

• Applicable across all sectors

and organizations

• Auditable

Agenda

• Agenda:

– About CSA

– CSA’s work in emergency/continuity management

– Standards development process

– CSA Z-1600 content and application

– Takeaways

– Closure/Questions

4

Objectives

• Provide information related to standards development in

Canada

• Provide overview of CSA Z-1600-17 Standard revisions and

update

• Provide takeaways for usage/implementation of CSA Z-1600

5

About CSA

7

54Areas of technology

3,000Standards and

codes

7,500 Expert

committee

members

Canadian Standards Association – a division of CSA Group

CSA Group - Standards

Who we are…

CSA Standards is a private, not-for-profit organization that develops rules and guidelines to help people and business in areas such as health, safety and the environment.

What we do…Make standards come to life

to help implement

best practices

to help set rules

to help apply standards

to help understand

standards

to help certify consistent skill sets

Handbooks

Smart CD

Mobile Publications

Seminars

eLearning Courses

Customized Training

Standards and the Law

• Standards are voluntary

– unless adopted or referenced in legislation

• General duty clause may imply

compliance with standards

• Many areas of law already addressing

OHS in the workplace

• Mandatory and informative clauses in

standards

10

Standards vs. Law

Why do Organizations Adopt Standards?

• Developed by independent, third party organizations, using balanced

consensus based approaches.

• Best practice as defined by the experts in the subject area.

• Adopting and referencing standards in regulation is fiscally responsible (i.e.

less expensive, increased flexibility).

• Harmonization internationally in a global market.

• Voluntary standards are able to address risk management objectives without

adding to administrative burden to organizations.

• Competitive advantage

• Contractual/legislation/audit requirements

• Stakeholder expectations

National Standards Systems

What is a Standard?

Stipulates (minimum) requirements for the use, safety and/or performance or design of products, processes and services.

12

Standards Development Process

The Committee Players

14

1. Committee Chair

2. Project Manager/

Committee Secretary

3. Voting & Non-voting

Committee Members

4. Observers/Guests

General Interest

Producer Interest

Regulatory Authority

User Interest

Committee – Balanced Matrix

• Total membership of the Committee maintained in terms of categories, not affiliations. Typical interest categories include:

15

Committee - Definition of Consensus

“Consensus - Substantial agreement. .. more than a

simple majority, but not necessarily unanimity.”

16

Standards Development Process

REQUEST / EVALUATION /

AUTHORIZATION

ASSIGNTO

COMMITTEE

NOTICE OF

INTENT

MEETINGS / DRAFT

PUBLIC REVIEW

TC REACHES CONSENSUS

PRE-APPROVAL EDIT

TECHNICAL CONTENT APPROVAL

PROCEDURAL APPROVAL

FINAL EDIT / PUBLICATION

DISSEMINATION MAINTENANCE

New standard, revise existing/new edition, amendment,

formal interpretations, withdrawals, reaffirmations

CSA Z-1600 Standard

Driving Factors for the Z1600 Standard

• History of disasters, their impacts

and implications

• Increasing frequency

• Scale of vulnerability

• Industry need for information and

guidance around EM/BC

• Gaps in existing standards

• Ability to leverage existing

expertise

19

CSA Z1600 Standard

• 1st edition developed in conjunction with Public Safety Canada and other stakeholders

• Based on the NFPA 1600 Standard (harmonization)

• First Canadian standard to include emergency management and business continuity planning for public and private organizations of all sizes.

20

Content of Z1600-17

21

1. Scope

2. Reference Publications

3. Definitions

4. Program Management

5. Planning

6. Implementation

7. Program Evaluation

8. Management Review

Normative requirements are specified in the main body of the Standard.

These are requirements that an organization needs to meet in order to

demonstrate conformance with this Standard.

Management System Approach

Plan – Do – Check – Act

22

This standard provides the requirements to:

• develop

• implement

• evaluate

• maintain, and

• continuously improve

an emergency and continuity management program for prevention and mitigation, preparedness, response, and recovery.

Z1600 Emergency and Continuity Management

Format

• Normative requirements are specified in the main body of

the Standard.

– These are requirements that an organization needs to meet in

order to demonstrate conformance with this Standard.

• Annexes provides informative guidance material that is

intended to assist users in complying with the Standard.

– Includes both the normative requirements (in text boxes) and the

corresponding guidance information is given below the text boxes

to which it applies.

Clause 1.4 - Terminology

25

• Wording in CSA standards:

– “Shall” is used to express a requirement that must be met to conform to the

standard

– “Should” is used to express a recommendation, which is “advised, but not

required.”

– “May” is used to express an option

– “Can” is used to express a possibility or capability

– Notes with clauses are explanatory, but not requirements

– Notes with tables and figures are part of the table or figure and they are

considered requirements

– Legends to equations and figures are considered requirements

Z1600-17 - Annexes

26

▪ A (informative) – Commentary

Includes both the normative requirements (in text boxes) and the corresponding guidance information is given below the text boxes to which it applies.

▪ B (informative) - Conformity Assessment Tool

Evidence of conformity, corrective actions, task assignments, or other relevant information can be included in the comments column.

▪ C (informative) – Comparison of CSA Z1600-2017 & Other StandardsCompares CSA Z-1600 with the following:

• NFPA 1600-16• ISO 22301:2012• DRI Professional Practices – 2016• BCI Good Practice Guidelines

Scope of CSA Z1600

• Establishes a common set of criteria for Emergency and Continuity

Management Programs

• Provides the requirements to:

– Develop

– Implement

– Evaluate

– Maintain

– Evaluate, and Continuously Improve

• Emergency and continuity management program functions of:

– Prevention and Mitigation

– Preparedness

– Response

– Recovery

• Voluntary standard that applies to both public and private sector programs

– Important to have a consistent, harmonized approach

Developing a New Edition of Z1600

Document Review

• Z1600 – 08 & 14

• NFPA 1600 – 2013 & 2016

• ISO TC 223/292 – Societal Security Standards (Business Continuity Management Systems – Requirements, Terminology, Emergency Management – Incident Response)

• N-1600/Z246.2/Z731

• Standards from other countries (e.g. BSI)

• Documents from EM & BCP Organizations/Associations

• Federal/Provincial/Territorial Government Regulations and Publications

• Industry Sector Documents/Best Practices

• Survey data/Working group activity

• Engagement of Subject Matter Experts/Practitioners

28

• New definitions and terms

• Risk based decision making – guide priority setting for EM/CM

– Includes factors to consider for quantifying/qualifying risk

• Change Management – human, social, economic, cultural, political

• Changes to numerous sections – reflect progression in industry;

alignment with other standards, more in depth content

• Added new Annex and content in Annex A

Key Changes for 2017 Version

People have said:

"CSA Z1600 is a very comprehensive standard that provides both the public and private sector with a framework to create an Emergency Continuity Management Program. It also establishes the criteria to evaluate an emergency program.“

Stephen Horsman, Minister of Public Safety,

Government of New Brunswick

People have said:

“The CSA Z1600 is an invaluable tool for both planning and evaluating emergency management and business continuity programs. We work with a broad sector of companies and public sector entities that require a reference point for their planning efforts. Z1600 aligns well with the federal government Treasury Board standard and has become recognized as the foundational reference for our private sector clients. We can use specific elements of the Z1600 or the entire standard as the launch point for a new program development. As a program evaluation tool, the Z1600 has proven to be of exceptional value in creating audit or program review plans.”

Brian Miller, President

Vanguard EMC Inc.

Ottawa, Ontario

Why is CSA Z1600 important?

• A resource to help develop, implement,

evaluate, maintain, and continually improve

an Emergency and Continuity Management

Program addressing prevention and

mitigation, preparedness, response, and

recovery

• Comprehensive/integrated approach

• Reflects the convergence seen over the past

number of years of public and private sector

planning efforts

Emergency and continuity management program

Z1600-17

Why is Z1600 important?

• Designed around the management system/continuous

improvement model

• It is a benchmark/yardstick against which a program may

be evaluated if it fails to perform as expected

• It reflects the continuing evolution of emergency and

continuity management

Why is Z1600 important?

• Incorporates best practices from multiple sources

• Underscores the importance of risk based decision

making

• Includes change management – tool to move towards

increased resiliency

• Normative (clauses to indicate conformance) and

informative (guidance material) information included

• Includes conformity assessment tool

Why is Z1600 important?

• Best of all:

• It’s Canadian! Eh!!

Going forward….

• Review/update terms of reference/project charter for the Z-1600 Technical Committee

• Establish key objectives/deliverables for the Z-1600 Technical Committee

• Establish schedule for next revision of Z1600

• Engagement process in progress – stronger usage and application of Z1600

• Review and confirm membership for the Technical Committee

• Introduce supporting documentation/standards related to Z1600 –i.e. Exercise/Test Standard

Questions

Thank you

John Yamniuk, MBCP, MBCI

Chair, Z1600 Technical Committee

jyamniuk@telus.net

403-512-5738

Ron Meyers, Project Manager

CSA Group

ron.meyers@csagroup.org

416-747-2496

Thank You!