June 24, 2009, 5:32 PM — In my discussions lately about the British standard for business continuity (BS 25999), one might wonder whether the US has an equivalent generic standard, and the answer is, "sort of."
The US Private Sector Preparedness Act, part of PL 110-53 that was signed into law in August 2007, deals with the issues surrounding disaster preparedness in the private sector, and Title IX of that law specifically calls for the creation of a private sector preparedness standard. PL 110-53 was intended to carry out the recommendations of the 9/11 Commission. So what is it, and why haven't we heard much about it? Is it something we need to get ready for? So far, there's not many answers. But as with any government initiative, it's always a good idea to be prepared.
In general, the concept of a set of standards for private sector preparedness is a good idea, whether or not the government is the one behind creating the standard. It's likely that Title IX would incorporate some of the same best practices outlined in BS 25999, and in the meantime, we can use the British standard as a model for getting ready.
Like the British standard, Title IX would be a voluntary set of standards for business continuity. And it would apply to all types of potential disasters--despite the fact that it came out of the 9/11 Commission and a desire to be on guard against terrorism. Title IX isn't limited to anti-terrorist preparation, instead focusing on all the usual culprits of disaster, including natural disaster.
Although the plan will be voluntary, there will be a proposed public listing of compliant organizations, which may lead to a competitive advantage, and maybe even lower insurance premiums--so there's a little extra incentive there besides just being ready for the next big earthquake. Achieving certification will be overseen by a third party standards body, and DHS entered into an agreement with ANSI ASQ to oversee a certification process.