CERTIFICATION
Auditing Today’s
Business Continuity
Management Systems
By LYNNDA M. NELSON
Auditors of information systems, information secu- rity systems, and it governance or business continu- ity professionals may be interested in adding to their professional qualifications by becoming an auditor of business continuity management systems. Never
heard of this designation? That’s because it is a new requirement that is an outcome of US legislation enacted as way to
increase the preparedness of the private sector. It is called PS
Prep Certification.
What is Private Sector Preparedness (PS Prep)?
In 2001, the USA Patriot Act identified the importance of protecting critical infrastructure in the United States. It also focused
on the importance of protecting
key resources essential to the
minimal operations of the economy or government that are pub-lically or privately controlled.
The National Infrastructure
Protection Plan (NIPP) was
developed as an output of the act
to be a unifying structure for the
government and the private sector
and to improve the protection and resiliency of critical infrastructure and key resources.
On August 2, 2007, Public Law 110-53 was enacted and documented in a report titled, “Implementing Recommendations of
the 9/11 Commission 2007 Act – Comprehensive Summary of
Public Law 110-53.” For a full copy of this report visit http://
intelligence.senate.gov/laws/pl11053.pdf.
Title IX of this law focuses on Private Sector Preparedness
(PS Prep) and identifies a program for encouraging the private
sector to voluntarily participate in being certified under PS Prep
to demonstrate that they are prepared to manage risks and have
increased the resiliency of the organization.
With more than 80 percent of the US critical infrastructure
owned and controlled by the private sector, this law is vital to
ensuring the private sector is prepared to provide its goods and
services under all conditions.
Under Title IX, the administrator and the assistant secretary
for infrastructure protection was assigned to develop recommendations to assist or foster action by the private sector to increase
their resilience.
Section 524 assigned the development of the Voluntary Private
Section Preparedness Accreditation and Certification Program
(PS Prep) to the American National Accreditation Board (ANAB).
PS-Prep is a partnership between DHS, FEMA, and the private sector that enables private entities to receive emergency preparedness certification from a DHS accreditation system created
in coordination with the private sector.
http://www.fema.gov/privatesector/preparedness/
What are the PS Prep Standards?
In June 2010, three standards were identified and accepted for
compliance:
1. ASIS SPC. 1-2009-Organizational Resilience: Security Preparedness,
and Continuity Management Systems- Requirements with Guidance
for Use. (Download for Free at http://webstore.ansi.org/RecordDetail.
aspx?sku=ASIS+SPC.1-2009.)
2. British Standard 25999-2:2007- Business Continuity Management.
(Download at cost at http://www.bsiamerica.com/en-us/Assessment-and-Certificationservices/Management-systems/Standards-and-
schemes/BS-25999?gclid=CMfGrLHXw6ICFQE_bAodIFCInw.)
3. National Fire Protection Association1600 - 2010 -Standard
on Disaster/Emergency Management and Business Continuity
Programs. (Download for Free http://www.nfpa.org/assets/files/PDF/
NFPA16002010.pdf)
“Private organizations across
the country-from businesses to
universities to non-profit orga-
nizations- have a vital role to
play in bolstering our disas-
ter preparedness and response
capabilities,” said Secretary
Janet Napolitano. “These new
standards will provide our pri-
vate sector partners with the tools they need to enhance the readi-
ness and resiliency of our nation.”
PS-Prep will raise the level of private sector preparedness
through a number of means, including:
1. Establishing a system for DHS to adopt private sector preparedness
standards;
2. Encouraging creation of those standards;
3. Developing a method for a private sector entity to obtain a certification
of conformity with a particular DHS-adopted private sector standard,
and encouraging such certification; and
4. Making preparedness standards adopted by DHS more widely
available.
Why Should my Business Become Certified?
Certification helps you to demonstrate to your stakeholders
that your business is run effectively and that it will continue to do
so in the event of a disruption.
The process of achieving and maintaining the business continuity management (BCM) certification also helps ensure that you
are continually improving and refining your BCM activities. The
