This document discusses organizational resilience and the PS Prep program. It provides an overview of organizational resilience, explaining it as an integrated approach that includes IT disaster recovery, business continuity management, crisis management, security management, and recovery management. It then discusses three standards - ASIS SPC.1-2009, BS 25999-2:2007, and NFPA 1600:2007 and 2010 - that are part of the PS Prep program. PS Prep is a voluntary program that provides third-party certification to promote private sector preparedness. The document explains the goals and overview of the PS Prep program.

1. Metropolitan Security Council
Oct 18th, 2011
Terri Sinski
Strategic Planning Partners, LLC
www.GetSPP.com

2. What is Organizational Resilience?
Standards Selection Considerations
Review of PS Prep Program & Standards
www.GetSPP.com

3. WHAT IS BUSINESS - ORGANIZATIONAL RESILIENCE?
Trends in Corporate Protection & Preparedness
Evolution of Planning Approaches
IT-Disaster Recovery - Protection & Redundancy measures for:
 Computers
 Information Technology
 Data Center Operations
Business Continuity – More than IT protection…
Protection & Recovery strategies to secure the assets of a corporation in
the event of a disaster:
 Personnel
 Operational Capability
 Reputation & Public Image
 Customer base and market, supply chain, and profitability
Organizational Resilience - Integrated Approach
 IT-Disaster Recovery +
 Business Continuity Management +
 Crisis Management +
 Security Management +
 Recovery Management = RESILIENCE
www.GetSPP.com

4. WHAT IS ORGANIZATIONAL RESILIENCE?
The Adaptive Capacity of an Organization in a Complex - Changing Environment:
 Systematic and Coordinated Activates & Practices through which an organization
…..manages its Operational Risk, and the associated Potential Threats & Impacts
Ongoing management and governance process supported by top management-
….necessary steps are taken to:
 Identify the Impact of Potential losses
 Maintain viable recovery strategies and plans
 Ensure continuity of functions/products/services
 Implement Exercises, Rehearsal Tests, Drills, Training,
…...Maintenance & Assurance.
ASIS SPC.1-2009 Standard - Organizational Resilience:
Security Preparedness, and Continuity Management
Systems
www.GetSPP.com

5. INTEGRATING ORGANIZATIONAL RESILIENCE INTO YOUR SECURITY PROGRAM
Where to Start?
There are a multitude of Standards & Programs out there to incorporate
Prevention, Response, Recovery & Resiliency Strategies into your Corporate
Organizational Structure
Selecting the one most suitable for your Organization/Business Requires
considering various factors including:
Size & Scope of Organization
Existing Procedures & Current Plans
Particular Industry
Required Industry standards
Critical Corporate Customer Requirements
Corporate Culture, Mission, Objectives, Management Perspective
AND…..
DETERMINING HOW PS-PREP MAY AFFECT AND/OR BENEFIT YOUR COMPANY
www.GetSPP.com

6. PS PREP
The Voluntary Private Sector Preparedness
Accreditation and Certification Program
The Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep) is mandated by
Title IX of the Implementing Recommendations of the 9/11 Commission Act of 2007 (the Act.)
Congress directed the Department of Homeland Security (DHS) to develop and implement a voluntary
program of accreditation and certification of private entities using standards adopted by DHS that promote
private sector preparedness, including disaster management, emergency management and business
continuity programs.
 ASIS SPC.1-2009
Organizational Resilience: Security Preparedness, and Continuity Management Systems
Written by: American Society for International Security
 BS 25999-2: 2007
Business Continuity Management
Written By: British Standard Institution
 NFPA 1600: 2007 and 2010
Standard on Disaster/Emergency Management and Business Continuity Programs
Written by: National Fire Protection Association
www.fema.gov/privatesector/preparedness
www.GetSPP.com

7. PS PREP
Goal: To Enhance Nationwide Resilience by Encouraging
Private Sector Preparedness
Program Overview:
 Provides a method to independently certify the Emergency Preparedness of an Organization
 Focuses on businesses and other private-sector organizations
 Provides for an independent third-party certification
 Voluntary (market-driven) in nature
Private sector-led and administered outside of government
 Utilizes existing private-sector standards and processes
Addresses Operational Risk including Disaster/Emergency Management & Business Continuity
…programs
Informative Interview with Bill Raisch – Founding Director at the
International Center for Enterprise Preparedness (InterCEP) at New York University
InterCEP - Academic research center dedicated to private sector risk management & resilience.
http://www.continuityinsights.com/articles/are-you-prepared-for-ps-prep
www.GetSPP.com

8. PS PREP
The Voluntary Private Sector Preparedness
Accreditation and Certification Program
Background:
•Aug 2007 - Evolved from Title IX of the Implementing Recommendations
………………… of the 9/11 Commission Act - Public Law 110-53
•July 2008 – DHS announces agreement with ANSI-ASQ National Accreditation Board
What is ANSI’s Role? Develop & oversee certification process – issue
accreditation to 3rd party certification entities
•Oct 2009 - DHS announces intent to Adopt 3 Standards
Public Forums- Invite comments & recommendations of additional standards
•June 2010 - DHS Secretary Janet Napolitano Announces Formal Adoption of the Standards
Comments may be submitted to http://www.regulations.gov or FEMA-POLICY@dhs.gov, in
Docket ID FEMA-2008-0017
www.GetSPP.com

9. PS PREP
The Voluntary Private Sector Preparedness
Accreditation and Certification Program
 Private sector-led and administered outside of government
Then What is DHS’s Role?
While the Process is Administered by Private Sector, DHS is responsible for:
1) Selection of the Standards
2) Supporting the development of the certification process by designating and funding
the accrediting body
Note: Certification & Accreditation Process is still in development stage
3) Developing and communicating the business case for the program to the private sector.
www.GetSPP.com

10. www.continuitycompliance.org/business-
continuity/ps-prep-overview
www.GetSPP.com

11. BS 25999-2:2007
Business Continuity Management
BS 25999-2:2007
• Developed by a broad based group of world class experts representing a
…cross-section of industry sectors and the government to establish the process,
…principles and terminology of Business Continuity Management.
Model based on BCM Best Practice and covers the whole BCM lifecycle.
•Designed to keep business going during the most challenging and unexpected
...circumstances and interruptions:
Protecting your staff
Preserving your reputation and
Providing the ability to continue to operate and trade
www.bsigroup.com/en/Assessment-and-certification-services/management-
systems/Standards-and-Schemes/BS-25999/
www.GetSPP.com

12. NFPA 1600:2007 and 2010 Standard on
Disaster/Emergency Management and Business
Continuity Programs
NFPA 1600:2007 and 2010
Provides a conceptual framework for disaster/emergency management and
business continuity programs.
Five aspects which bring standard into alignment with related disciplines and
practices of risk management, security, and loss prevention process:
1. Prevention
2. Mitigation
3. Preparedness
4. Response
5. Recovery
June 2011 - FEMA awarded contract to NFPA to update the web-based content
of Ready Business (designed for small to mid sized companies) — which is a part
of the Ready.gov website
www.GetSPP.com

13. ASIS SPC-1:2009 Organizational Resilience: Security
Preparedness, and Continuity Management Systems
ASIS SPC.1-2009
Unique to other Preparedness Standards in that:
 The only preparedness standard that is 100% compatible with existing ISO
…….management system standards (such as ISO 9000, ISO 14000, ISO27000 and ISO
…….28000), thus enabling a cost-saving integrated application.
 Awarded Safety Act Certification by DHS – Sept 2011
 It is the only preparedness standard that takes an ENTERPRISE-WIDE view of risk
…..management-
•Considers ALL Departments within the organization = avoids segregating risks
•Provides Strategies for prevention, preparation, mitigation, response & recovery
www.asisonline.org/guidelines/or.xml
www.GetSPP.com

14. ENTERPRISE RISK MANAGEMENT
ASIS SPC.1-2009 Program Features
Resilience
Risk Management
Security Risk Management Security Management
Emergency Management Physical Asset Protection
Crisis Management Disaster Management
Information and Network Security Recovery Management
Emergency Preparedness Continuity Management
Critical Infrastructure Protection Incident Response
www.GetSPP.com

15. BUILDS ON THE PDCA MODEL
ASIS SPC.1-2009 Program Features
Plan: Define & Analyze a Problem
……….Indentify Root Cause
Do: Devise Solution- Develop Detailed Action-
……..Plan & Implement it Systematically
Check: Confirm outcomes against Plan -
………….Identify Deviations & Issues
Act: Standardize Solution
Cycle of Continual Improvement
………Review & Define
……...Next Issues
www.GetSPP.com

16. EDUCATIONAL PLANNING RESOURCES
ASIS FEMA
www.asisonline.org www.fema.gov
BSI NFPA
www.bsigroup.com www.nfpa.org
Continuity Insights NYU - InterCep
www.continuityinsights.com www.nyu.edu/intercep
Continuity Compliance READY.GOV
www.continuitycompliance.org www.ready.gov
www.GetSPP.com

17. Strategic Planning Partners, LLC
ll
A Resident Research Partner at
The Morrelly Homeland Security Center
510 Grumman Road West Suite 214
Bethpage, NY 11714
516-390-5281
Strategic Planning Partners (SPP) provides
Emergency Preparedness, Maritime Security & Corporate Resiliency
Solutions to Private and Public Sector Clientele.
TSinski@GetSPP.com
ll
Terri Sinski
Director, Business Continuity Services
l
www.GetSPP.com