Standards & Guidelines – Reference Lists from DRJ and BCI
Two organizations in the private sector maintain comprehensive lists of the laws, standards and guidelines related to disaster recovery planning and business continuity management. One is an organization based in the US. The other is an organization based in the UK. Both are excellent resources for professional reference.
- The Disaster Recovery Journal’s list can be downloaded (in Excel format) from the Rules and Regulations Page.
- The Business Continuity Institute’s list can be downloaded (in PDF format) from the BCM Legislations, Regulations, Standards and Good Practice Page – Regulations, Standards & Guidelines Page.
Background on Private Sector Preparedness
DHS/FEMA Private Sector Preparedness Program (PS-Prep)
The Voluntary Private Sector Preparedness Program (PS-Prep) is mandated by Title IX of the Implementing Recommendations of the 9/11 Commission Act of 2007 (Public Law 110-53).
The purpose of the PS-Prep Program is to enhance nationwide resilience by encouraging private sector preparedness in an all-hazards environment.
Prior to the PS-Prep program, there was no comprehensive set of standards that the spectrum of American businesses and private sector entities could use to assess their preparedness for all hazards.
Congress directed the Department of Homeland Security (DHS) to develop and implement a voluntary program of accreditation and certification of private entities using standards adopted by DHS that promote private sector preparedness, including disaster management, emergency management and business continuity programs.
For more information on the PS-Prep Program, visit:
Standards for Private Sector Preparedness
NFPA 1600:2019 – Standard on Disaster/Emergency Management and Business Continuity Programs
Approved by the U.S. Department of Homeland Security development for voluntary certification of Business Continuity and Emergency Preparedness Programs in the private sector, under Title IX of Public Law 110-53.
About the Standard: Developed by the National Fire Protection Association (NFPA), this standard provides a management system framework and the criteria for development of programs to support an organization’s preparedness for emergency, disaster and business disruption.
NFPA 1600 is recognized by the American National Standards Institute (ANSI) as an American National Standard.
NFPA 1600:2013 includes a new chapter on Training and Education as well as annexes to address issues within the field of emergency management and business continuity and to address the use of NFPA 1600 as a Management System Standard..
The 2013 Edition of NFPA 1600 may be downloaded at no cost from NFPA Org.
There is a cost for the 2019 Edition NFPA Org.
ASIS SPC.1-2009 – Organizational Resilience: Security, Preparedness, and Continuity Management Systems – Requirements with Guidance for Use
Approved by the U.S. Department of Homeland Security development for voluntary certification of Business Continuity and Emergency Preparedness Programs in the private sector, under Title IX of Public Law 110-53.
About the Standard: Developed by the American Society for Industrial Security (ASIS), this standard provides the framework for a management system that integrates security, preparedness, response, mitigation, business/operational continuity and recovery from an emergency, crisis, or disaster.
ASIS SPC.1 is recognized by the American National Standards Institute (ANSI) as an American National Standard.
At present, ASIS has not announced any updates to this standard.
Obtaining a Copy: This standard may be downloaded at no cost from the PS-Prep™ Standards Page.
ISO 22301:2019 – Societal Security – Business Continuity Management Systems – Requirements
Approved by the U.S. Department of Homeland Security development for voluntary certification of Business Continuity and Emergency Preparedness Programs in the private sector, under Title IX of Public Law 110-53.
The family of ISO business continuity-related standards and technical specifications is as follows. They may be downloaded directly from the ISO website for a fee:
These additional publications may be of interest. They are available to download from the ISO website free of charge:
Other applicable resources:
Associated standards:
AS/NZS 5050:2010 -Business Continuity – Managing Disruption-Related Risk
About the Standard: Developed by Standards Australia, AS/NZS 5050 is a joint national standard for Business Continuity Management in New Zealand and Australia.
This standard has not yet been adopted or endorsed by the U.S. Department of Homeland Security under the category of “Standards for Business Continuity and Emergency Preparedness”. It is, however, an internationally recognized standard and is in close alignment with ISO 31000 (Risk Management – Principles and Guidelines).
AS/NZS 5050 describes the application of the principles, framework and process to manage business disruption related risk and establish business continuity management programs in a manner consistent with the international standard for risk management, ISO 31000:2009.
The Standard includes, in Section 5, a schedule of requirements for organizations seeking to demonstrate their processes for managing disruption-related risk meet the characteristics of management systems as described in ISO Guide 72.
Standards Australia has not announced a schedule for update of AS/NZS 5050.
Obtaining a Copy: This standard may be downloaded for a fee from SAI Global.