Rich Cooper, Homeland Defense Journal
Mar 2, 2009
When the 9/11 Commission issued its Final Report and recommendations in July 2004, much of the attention focused on the findings showing a need to reform the nation’s intelligence mechanisms and the assessment of our national “failure of imagination.” Unfortunately, what were lost in this initial media coverage were the Commission’s recommendations that spoke directly to the private sector.
In the last of its recommendations, the Commission endorsed a standard for private sector preparedness (ANSI-NFPA 1600), and encouraged DHS to promote its adoption. It also called on the insurance and credit rating industries to consider a company’s compliance with the standard “in assessing its insurability and creditworthiness.”
While it may not have generated media coverage five years ago, the issue of private sector preparedness is no longer an ignored subject. The 9/11 Commission’s endorsement of the ANSI-NFPA 1600 Standard has been cited in enacted legislation several times and other organizations (ASIS International, among others) have offered other standards, guidelines and best practices to address the needs of private sector preparedness. The increasing focus on this issue has culminated in the creation of the Title IX Program which requires DHS to select a series of standards that private sector members could adhere to in order to voluntarily certify their “preparedness.”
Still in its early stages, the Title IX effort, known as the Voluntary Private Sector Accreditation and Certification Preparedness Program, or PS-Prep, has been applauded by proponents of preparedness as a new metric for enhancing business resilience. To others, the effort is seen as an unfunded mandate that opens a backdoor for burdensome regulations with which private enterprises, particularly small businesses, will be forced to comply.
From the start, the entire post-9/11 Commission focus on private sector preparedness from Congress and the Bush Administration has been stressed as completely voluntary. Companies, regardless of their size or operation, can decide whether or not they want to comply with any of the DHS-endorsed preparedness standards. Furthermore, no one from DHS or any other corner of government has proclaimed that the private sector’s compliance with preparedness standards should be a prerequisite to doing business with them or anyone else.
But is voluntary participation the right approach to building a culture of preparedness, especially for those enterprises that want to provide products, services or other support in homeland security?
When you consider the expanse of the homeland security realm, it seems that compliance with a preparedness standard should be a requirement, not just a nice feature that an organization brings to the table for consideration.
Let’s face it – when you have the right people, resources and tools, any business or organization can perform on a good day.
But what about the bad days?
Do they have a plan, do their employees know what to do; are there back-up systems in place and can they perform when it is most critical?
As we look to build a nationwide culture of preparedness, the metrics we use to measure success need to be seriously considered as we form private-public partnerships, strategies, and programs. Preparedness should also be used in evaluating who will be awarded contracts or selected for involvement with these efforts.
No swimming pool operator would allow untrained and uncertified lifeguards to keep watch over the swimmers enjoying the water. No responsible parent would want that either, especially if their children were in that pool.
Nor would we consider it responsible for a non-board certified surgeon to operate on a loved one, or a non-licensed pilot to fly us on an aircraft.
We expect the individuals who hold our lives and livelihood in their hands to adhere to a high standard of competency.
Why shouldn’t we apply these same high standards to the companies and organizations operating in the homeland security space?
Critics of such a position will undoubtedly point to the potentially prohibitive costs that come with mandating compliance with such high standards. These critics are right. There are costs associated with preparedness, and not all businesses can bear them. But if we expect our homeland security infrastructure to function in the most challenging circumstances, we need to demand planned and practiced functionality.
Taxpayers, customers, business partners and more want to know that the organizations and enterprises they depend upon will be there on the good days and more importantly, on the bad ones.
Some undoubtedly will see the costs in building these capacities as an unnecessary and burdensome expenditure.
Others will see an investment in the future and chance to build assurance that even if challenging events arise, they will be ready and resolute in their response.
Regardless of your position, the 9-11 Commission got it right when it said, “Private-sector preparedness is not a luxury; it is a cost of doing business in the post-9/11 world. It is ignored at a tremendous potential cost in lives, money, and national security.”
This piece was originally posted on Security Debrief.