Federal, state and local laws and regulations define minimum requirements for emergency management and business continuity.
Requirements may apply to industries that are part of our nation’s “critical infrastructure.” These industries range from financial services to energy. Regulations may require emergency planning, business continuity plans, information technology disaster recovery plans, cyber/information security, physical and operational security and other issues.
Other industries must comply with regulations because of their use of hazardous chemicals or their hazardous operations.
Most buildings must be built in accordance with building, life safety and fire codes. These codes specify requirements for building construction, occupant warning systems, exits and protection systems designed to get people safely out of a building during an emergency. Some buildings may require higher levels of protection because of their size, height (e.g., high-rise buildings) or the number of occupants they house (e.g., public assembly facilities such as theaters).
Facilities that manufacture, treat, store or dispose of highly hazardous chemicals must comply with environmental regulations. Chemical facilities that pose a pollution threat to water resources also must comply with environmental regulations.
Regulations may differ by jurisdiction (city, town, county, parish or state). If you are developing a program for multiple facilities located in different jurisdictions, you need to identify applicable regulations by facility location.
Role of the Program Coordinator and Program Committee
The program coordinator working with the program committee and external representatives should determine which regulations are applicable. Confer with environmental, health, safety and security professionals within the business. Determine which regulations apply and then identify the requirements that need to be incorporated into the preparedness program. Regulations may apply to hazard prevention, risk mitigation, emergency response and business continuity.
Employee Safety & Health
Occupational safety and health standards by OSHA (U.S. Occupational Safety and Health Administration or state OSHA) specify measures to be taken to protect employees in the workplace. Emergency action plans are one of the OSHA standards that apply to many employers of 10 or more employees. Other regulations pertain to means of egress (exits), medical services, hazardous waste, confined spaces, fire protection, firefighting and more. OSHA’s Evacuation Plans and Procedures eTool is a great resource to determine if your business needs an emergency action plan. OSHA Publication 3122 provides guidance on emergency response requirements in OSHA regulations. OSHA also provides links to approved State Occupational Safety and Health Plans.
Environmental Laws and Regulations
Businesses that manufacture, treat, store or dispose of hazardous chemicals that exceed threshold quantities may have to comply with multiple environmental regulations. Facilities that store large quantities of hazardous materials also may have to comply with environmental or hazardous materials regulations. These plans include hazardous materials management plans (required by fire codes), spill prevention control and countermeasures plan and hazardous waste plans.
Check with your Local Emergency Planning Committee (LEPC) to obtain local information and check the U.S. Environmental Protection Agency laws and regulations pertaining to environmental emergency management and compliance assistance by manufacturing sector.
Life Safety and Fire Codes
Life Safety codes are designed to ensure that occupants of a building can be safely evacuated or protected in place if there is a fire or other emergency within a building. The National Fire Protection Association publishes the NFPA 101®: Life Safety Code®. Life safety requirements may also be specified in building codes. Check with your local building department, fire department or state fire marshal.
Fire prevention codes specify requirements for fire safety. There are two model fire prevention codes within the United States—NFPA 1, Fire Code and the International Fire Code. Some states and cities also publish their own codes or amend the model codes. Check with your local fire department or fire marshal to determine which code is enforceable in your community.
Business Continuity and Information Technology
Recognizing the need to protect the confidentiality of electronic information and to ensure the stability of our financial system, the financial services and health care industries should carefully research regulations pertaining to business continuity and information technology disaster recovery planning. Businesses that store customer contact and financial information such as credit card data may have to comply with information security regulations. Check with your industry trade group or state office of economic development for regulations in your state.
Standards and Best Practices
There are many non-mandatory standards and practices for emergency management and business continuity. These standards and practices provide guidance on the subjects of fire brigades, rescue, hazardous materials response, pre-incident planning and security services in fire loss prevention.
The Professional Practices for Business Continuity Planners published by DRI International (a non-profit education and certification body) is a comprehensive guide to developing business continuity plans.