NFPA 1600 2007


NFPA 1600 2007 is NOW OBSOLETE.

See ISO 22301 2012 Business Continuity Standard.

3.1 Introduction
NFPA distinguishes between two kinds of definitions:
  • NFPA’s official definitions (see Section 3.2)

  • Other technical definitions (see Section 3.3)

Terms that aren’t formally defined here tend to have their ordinary
non‑technical meanings. Whenever you’re not sure about the
meaning of a word, and it’s not defined here, you may wish to
consult a dictionary.

3.2 NFPA'S Official Definitions

3.2.1 Approved

Something is approved when it has been accepted or certified.
Since NFPA is not in the approval or certification business, we
need to consider who is doing the approving. In the context
of this standard, approvals are granted by what NFPA calls an
Authority Having Jurisdiction (see Section 3.2.2 for details).

But, what is being approved? While NFPA doesn’t say so explicitly,
they’re really talking about whether or not elements of the NFPA
1600 Program
have been approved. These include the approval
of things like systems, strategies, practices, procedures, protocols,
plans, methods, machines, facilities, and installations.

But, when can we say that something is approved? Or, more
precisely, under what conditions can we say that something has
been approved? We can say that something has been approved:

  • When it complies with an official standard

  • When evidence shows that it is acceptable

3.2.2 Authority Having Jurisdiction (AHJ)

AHJs include:

  • Officials

  • Agencies

  • Departments

  • Organizations

AHJs have two responsibilities:

  • Enforcement

  • Approval

AHJs have the official authority and duty to enforce compliance
with a standard or code, and to approve the use of systems,
strategies, practices, procedures, protocols, plans, methods,
machines, facilities, and installations (see Section 3.2.1).

3.2.3 Shall

When the word shall is used in a sentence, it means that a
requirement has been stated. Requirements are mandatory
expectations. All the expectations listed in Chapters 4 and 5
are mandatory. They list the requirements that make up the 
NFPA 1600 2007 Standard.

3.2.4 Should

When the word should is used in a sentence, it means that
a recommendation has been stated. Recommendations are
voluntary expectations. All the expectations listed in NFPA
1600 Annex A are voluntary. They are recommendations or
suggestions and are provided for information purposes only.

3.2.5 Standard

A standard is a document that defines a set of expectations.
The NFPA 1600 standard defines two kinds of expectations:

  • Requirements (mandatory provisions)

  • Recommendations (voluntary provisions)

Requirements are defined in Chapter 4 and Chapter 5, while
recommendations can be found in Annex A. NFPA expects
you to meet the requirements found in Chapter 4 and 5, and
to consider the recommendations found in Annex A.

3.3 Other Technical Definitions

3.3.1 Business Continuity

A business continuity program is a process that is
established in order to carry out the following tasks:

  • To identify the impact that potential losses can
    have on the continuation of service delivery.

  • To maintain effective service recovery
    plans, procedures, and strategies.

  • To ensure that service delivery is continued
    even though serious losses have occurred.

In order to be effective, a business continuity program
must receive continuous funding and support from
senior management.

3.3.2 Damage Assessment

A damage assessment is an analytical process that
is used to evaluate the effect a disaster has had on
resources. Its purpose is:

  • To evaluate the harm done to human resources

  • To evaluate the harm done to physical resources

  • To evaluate the harm done to economic resources

  • To evaluate the harm done to natural resources

3.3.3 Disaster or Emergency Management

Disaster or emergency management is an
ongoing, organized process that is used to:

  • Prevent hazardous incidents
  • Mitigate hazardous incidents
  • Prepare for hazardous incidents
  • Respond to hazardous incidents
  • Recover from hazardous incidents

This management process tries to cope with:

  • Incidents that threaten, injure, or kill people
  • Incidents that threaten, damage, or destroy property
  • Incidents that threaten, disrupt, or demolish operations
  • Incidents that threaten, harm, or damage the environment

3.3.4 Emergency Management Program

NFPA 1600 asks you to develop a program that complies with
this NFPA standard. Definition 3.3.4 says that this program may be
referred to as an emergency management program. More precisely,
any organization that establishes a vision and mission that complies
with the NFPA 1600 standard and sets up a management framework
to achieve the standard’s strategic goals and objectives, could be
referred to as an emergency management program.

3.3.5 Entity

An entity is a group of people responsible
for any one of the following functions:

  • Emergency management

  • Business continuity management

Entities include:

  • Government organizations

    • Government agencies

    • Government jurisdictions

  • Corporate organizations

    • Private companies

    • Public companies

  • Nonprofit organizations

3.3.6 Impact Analysis (Business Impact Analysis)

An impact analysis is a methodology that managers use
to study what would happen to a company, organization,
or jurisdiction if it lost its resources. An impact analysis:

  • Identifies the impact of a resource loss

  • Describes the impact of a resource loss

  • Measures the impact of a resource loss

  • Evaluates the impact of a resource loss

Such an analysis helps managers:

  • To make better hazard mitigation decisions

  • To make better disaster recovery decisions

  • To make better continuity planning decisions

An impact analysis can also be referred to
as a business impact analysis, or BIA.

3.3.7 Incident Action Plan

An incident action plan describes how an incident or emergency
is being handled. It explains what the risks are, what the basic
strategy is, and what kinds of tactics are being used to respond
to a particular incident or emergency. The incident action plan
is developed by the incident commander and is updated as
the emergency evolves.

3.3.8 Incident Management System (IMS)

An incident management system is an organizational structure that
is set up to manage emergencies and incidents (hazardous events).
An incident management system achieves its goals by managing
incident management personnel, procedures, facilities, equipment,
and communications.

3.3.9 Mitigation

To mitigate means to reduce the severity of hazardous incidents
and emergencies, to control the consequences, and to limit the
damage and loss that tends to occur when prevention fails.

3.3.10 Mutual Aid Agreement

A mutual aid agreement is a mutual understanding or promise
between jurisdictions, organizations, and companies to help
each other in response to an incident.

3.3.11 Preparedness

Preparedness means being ready to handle future emergencies.
Your jurisdiction, organization, or company has achieved a state
of preparedness if you're ready to manage future emergencies.

You're ready if you've
established all the systems, programs, and
procedures that are needed and if you've defined all the tasks and
activities that should be performed. You’ve achieved a state of
preparedness if you’ve set up the infrastructure needed to help:

  • Prevent emergencies

  • Mitigate emergencies

  • Respond to emergencies

  • Recover from emergencies

3.3.12 Prevention

Prevention means to avoid an incident or emergency.
Incidents and emergencies can be avoided by:

  • Developing a prevention strategy
  • Establishing prevention programs
  • Implementing preventive systems
  • Preparing prevention plans
  • Performing preventive actions
  • Taking preventive measures

3.3.13 Recovery

Recovery means to restore or rebuild services, operations, facilities,
programs, and institutions after an incident or emergency. Recovery
means to restore conditions back to a level that is acceptable to the
company, organization, or jurisdiction that experienced the incident
or emergency.

3.3.14 Resource Management

Resource management is a system that is used to identify and
deploy resources that are needed to manage incidents. Resource
management systems
use a variety of methods to manage and
control both internal and external resources (both purchased and
donated). Resources include personnel, services, supplies,
materials, equipment, facilities, energy, information, and
systems. These resources are used to:

  • Prevent incidents
  • Mitigate incidents
  • Prepare for incidents
  • Respond to incidents
  • Recover from incidents

3.3.15 Response

A response is an activity or task that is carried out or a program
or system that is used to manage incidents that threaten people,
property, operations, or the environment. Responses are both
immediate and ongoing and should address both the incident
and its effects.

3.3.16 Situation Analysis

A situation analysis evaluates incidents and events and prepares
a situation report to communicate the results. A situation analysis:

  • Evaluates the severity of an incident or event

  • Evaluates the severity of the problems
    that are caused by the incident or event

3.3.17 Stakeholder

Stakeholders include individual, groups, and organizations.
These entities become stakeholders when they:

  • Might affect an emergency or incident, or
  • Might be affected by an emergency or incident, or
    • Believe they are affected by an emergency or incident



Introduction to NFPA
Introduction to NFPA 1600
Overview of NFPA 1600 2007
NFPA 1600 2007 in Plain English
NFPA 1600 2007 Audit Process

How to Perform an NFPA 1600 Risk Assessment

How to Develop an NFPA 1600 Mitigation Strategy
How to Conduct NFPA 1600 Business Continuity Planning
How to Develop an NFPA 1600 Corrective Action Procedure
Business Continuity Management using NFPA 1600 Standard
Emergency Management using the NFPA 1600 Standard
Disaster Management using the NFPA 1600 Standard

How to Order

Our Products

Our Prices

Our Guarantee

Home Page

Table of Contents

Our License

Our Customers

Telephone: 780-461-4514 - Email:

Updated on April 12, 2013. First published on May 28, 2004.

Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
 material as often as you wish, free of charge. And as long as you keep intact
 all copyright notices, you are also welcome to print or make one copy of this
 page for your own personal, noncommercial, home use. But, you are not
 legally authorized to print or produce additional copies or to copy and paste
 any of our material onto another web site or to republish it in any way.

Copyright © 2004 - 2013 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research Group Limited