Full Description
Preface
This is the third edition of CSA Z1600, Emergency and continuity management program. It supersedes the previous editions published in 2014, and in 2008 under the title, Emergency management and business continuity programs. This Standard is applicable, in whole or in part, regardless of an organization's size or purpose. This edition continues to provide requirements for a continual improvement process to develop, implement, evaluate, maintain, and improve an emergency and continuity management program that addresses the components of prevention and mitigation, preparedness, response, and recovery. As well, this revised edition introduces new terms and updates evolving definitions. Canadian public and private sector stakeholders have an interest in ensuring that emergency and continuity management programs evolve to be consistent and have the potential to be international in scope and application. This Standard, initially adapted from the 2007 edition of NFPA 1600, Standard on Disaster/Emergency Management and Business Continuity Programs, remains consistent with the Government of Canada's, An Emergency Management Framework for Canada. This Standard grew out of the strong commitment of both CSA Group and the NFPA to work collaboratively to promote awareness, knowledge, and application of Standards and industry best practices in the community and the workplace. This edition also reflects Canada's ongoing participation in the International Organization for Standardization (ISO), such as standards developed under ISO/TC292 - Security and resilience. The original 2008 edition of this Standard recognized an evolution between emergency and business continuity management program objectives and concepts. The 2014 edition reflected the change to an all-hazard approach versus the earlier scenario-specific approach. The 2016 edition underscores the importance of risk-based decision-making to guide priority setting in all aspects of emergency and continuity program management. As well, this latest edition introduces the concept of change management as a key tool in continuing to move organizations towards the objective of resilience, a broader concept that considers - in addition to the traditional aspects of people, property and the environment - the human, social, economic, cultural, and political aspects of society. A number of clauses were rewritten to reflect advancement in industry, alignment with other standards, and more depth in content. Some of the Annex clauses were also improved to assist with understanding of how to apply this Standard, and the conformity assessment tool in Annex B remains as a way to self-assess whether an organization complies with the requirements of the Standard. This new edition also includes, in Annex C, a cross reference comparison of the main clause headings of CSA Z1600-17 with two internationally recognized standards and the professional practices/practice guidelines of two international certification bodies as per below: a) NFPA 1600-2016; b) ISO 22301:2012; c) DRII Professional Practices for Business Continuity Practitioners, 2016; and d) BCI Good Practice Guidelines, 2013.
Scope, purpose, and application
1.1 Scope This Standard establishes criteria for an emergency and continuity management program. 1.2 Purpose 1.2.1 General This Standard provides the requirements to develop, implement, evaluate, maintain, and continually improve an emergency and continuity management program for prevention and mitigation, preparedness, response, and recovery. 1.2.2 Continual improvement process The elements of a continual improvement process included in this Standard are a) program management; b) planning; c) implementation;
d) program evaluation; and e) management review. 1.3 Application This Standard applies to all organizations. 1.4 Terminology In this Standard, "shall" is used to express a requirement, i.e., a provision that the user is obliged to satisfy in order to comply with the standard; "should" is used to express a recommendation or that which is advised but not required; and "may" is used to express an option or that which is permissible within the limits of the standard. Notes accompanying clauses do not include requirements or alternative requirements; the purpose of a note accompanying a clause is to separate from the text explanatory or informative material. Notes to tables and figures are considered part of the table or figure and may be written as requirements. Annexes are designated normative (mandatory) or informative (nonmandatory) to define their application.