Self-Assessment: Checklist

Emergency Management,
Business Continuity, & Crisis

Management
SELF-ASSESSMENT
CHECKLIST
Self-assessment tool for evaluating organizational preparedness
using NFPA 1600 “Standard on Continuity, Emergency, and Crisis
Management,” 2019 edition
PREPAREDNESS, LLC
Telephone 781.784.0672
https://preparednessllc.com | [email protected]
© 2019 Preparedness, LLC All Rights Reserved
Introduction
Background
This checklist was prepared by Donald L. Schmidt, ARM, CBCP, MCP, CBCLA, CEM®, CEO of Preparedness, LLC and Past
Chair of NFPA’s Technical Committee on Emergency Management and Business Continuity, which is responsible for NFPA
1600, “Standard on Continuity, Emergency, and Crisis Management.” He lead the technical committee during the
development of the 2010, 2013, and 2016 editions. He is the editor of “Implementing NFPA 1600 National Preparedness
Standard,” which was published by the National Fire Protection
Mr. Schmidt co-developed DRI International’s Certified Business Continuity Auditor and Lead Auditor professional
certification course (CBCA or CBCLA) for auditors of emergency management and business continuity programs. The
course, which he also instructs, is accredited by the American National Standards Institute for auditors of the certifying
bodies evaluating private sector preparedness programs under “PS-Prep™.” Mr. Schmidt is past instructor of NFPA’s
two-day course on NFPA 1600, Visiting Full Professor in the Master of Science in Emergency Management program at
Massachusetts Maritime Academy, and contract instructor for Massachusetts Emergency Management Agency.
This tool is based on the 2019 edition of NFPA 1600 “Standard on Continuity, Emergency, and Crisis Management”
published by the National Fire Protection Association and available online for free download at www.nfpa.org/1600. This
checklist is not “official,” and it was not developed in conjunction with NFPA. The only “official” self-assessment
checklist is contained within Annex B “Self-Assessment for Conformity with NFPA 1600, 2019 Edition.” By committee
decision, Annex B was limited to text from the standard. This checklist, which is aligned closely with NFPA 1600,
provides detailed criteria to evaluate a preparedness program.
NFPA 1600, an American National Standard, has been adopted by U.S. Department of Homeland Security (DHS). It has
also been designated by the DHS/Federal Emergency Management Agency for use as criteria for the certification of
private sector preparedness programs under “PS-Prep™.”
Instructions for Use
Users of this checklist should assemble a team with the required knowledge of the entity’s vision, mission, goals and
objectives, facilities, operations, products, services, hazards, resources, policies, plans, procedures, and other program
elements covered by NFPA 1600. Appropriate expertise is needed to understand each question posed within this
checklist and properly evaluate the entity’s preparedness efforts. The author provides no guarantee or warrantee that
use of this checklist will ensure conformity with NFPA 1600, the PS-PREP program, or any other requirement—legal or
otherwise.
If you have questions regarding NFPA 1600 or your preparedness program, please call us (781.784.0672) or email us
([email protected]). We develop, evaluate, and help implement emergency management, business continuity,
and crisis management programs using NFPA 1600. We also develop and deliver educational programs and design and
facilitate exercises.
Additional information on NFPA 1600 can be found on the “NFPA 1600” page of the Preparedness, LLC website. Links to
numerous documents that can help with the development of your preparedness program can be found on the “Links to
Program Resources” page of the Preparedness, LLC website [https://preparednessllc.com].
All questions are written so that a conforming response would be answered “Yes.” Any answer marked “No” or
“Unknown” would indicate a nonconforming response or an area requiring further study. The check boxes are arranged
so that you can quickly scan down the page to see the “No” or “Unknown” which are aligned closest to the right margin.
Self-Assessment Checklist Contents
Note: Numbering begins with 4 to coincide with the chapter numbering in NFPA 1600-2019.
4. Program Management ............................ 1 6.10. Employee Assistance and Support.......... 17

4.1. Leadership and Commitment .................. 1
4.2. Program Coordinator ............................. 1 7. Execution .............................................18
7.1. Incident Detection and Recognition ........ 18
4.3. Program Committee ............................... 1
7.2. Initial Reporting, Alerting, Warning
4.4. Program Administration ......................... 3 & Notifications ..................................... 18
4.5. Laws and Authorities ............................. 3 7.3. Incident Management ........................... 18
4.6. Finance and Administration .................... 4
4.7. Records Management ............................. 4 8. Training & Education .............................19
8.1. Curriculum ........................................... 19
5. Planning ............................................... 4 8.2. Goal of Curriculum ............................... 19
5.1. Planning and Design Process .................. 4 8.3. Scope and Frequency of Instruction ....... 19
5.2. Risk Assessment.................................... 5 8.4. Incident Management System
5.3. Business Impact Analysis (BIA) ............... 6 Training .............................................. 20
5.4. Resource Needs Assessment ................... 7 8.5. Recordkeeping ..................................... 20
5.5. Performance Objectives ......................... 9 8.6. Regulatory and Program
Requirements ...................................... 20
6. Implementation ..................................... 9 8.7. Public Education ................................... 20
6.1. Common Plan Requirements ................... 9
6.2. Prevention .......................................... 10 9. Exercises & Tests...................................20
6.3. Mitigation ........................................... 10 9.1. Program Evaluation .............................. 20
6.4. Crisis Communications and Public 9.2. Exercise and Test Methodology ............. 21
Information ......................................... 11 9.3. Design of Exercises and Tests ............... 21
6.5. Warning, Notifications, and 9.4. Exercise and Test Evaluation ................. 22
Communications .................................. 12 9.5. Frequency ............................................ 22
6.6. Operational Procedures ....................... 13
6.7. Incident Management ........................... 14 10. Program Maintenance & Improvement .....23
10.1. Program Reviews ................................. 23
6.8. Emergency Operations/Response
Plan .................................................... 15 10.2. Corrective Action. ................................ 23
6.9. Continuity and Recovery ...................... 16 10.3. Continuous Improvement ...................... 24
E MERGENCY M ANAGEMENT , B USINESS C ONTINUITY & C RISIS M ANAGEMENT P ROGRAM E VALUATION 1
Note: Numbering begins with 4 to coincide with the chapter numbering in NFPA 1600-2019.
4. Program Management
4.1. Leadership and Commitment

4.1.1. Does senior management demonstrate leadership, commitment to,
and support for, the program by participating in important
activities (e.g., meetings, training, drills, exercises, etc.)? ............. Yes No Unknown
4.1.2. Does senior management provide adequate resources (see section
5.4) to support the program? .......................................................... Yes No Unknown
4.1.3. Does senior management ensure that the program is periodically
reviewed to ensure the program meets the continuing needs of the
entity? ............................................................................................ Yes No Unknown
4.1.4. Does senior management review recommended corrective action
to ensure continuous improvement of the program? ...................... Yes No Unknown
4.2. Program Coordinator

4.2.1. Has a Program Coordinator been appointed and assigned
responsibility for development, implementation, and keeping the
program current? ........................................................................... Yes No Unknown
4.2.2. Has the name of the Program Coordinator been communicated
throughout the entity? .................................................................... Yes No Unknown
4.2.3. Has the role and responsibilities for the Program Coordinator been
defined in writing? ......................................................................... Yes No Unknown
4.2.4. Has the Program Coordinator been vested with sufficient authority
to effectively develop, implement, and keep current the program? Yes No Unknown
4.2.5. Does the Program Coordinator have a demonstrated ability based
on education, training, and experience to administer the program? Yes No Unknown
4.2.6. Is the Program Coordinator’s performance evaluated? .................. Yes No Unknown
4.2.7. Is the Program Coordinator held accountable for performance? .... Yes No Unknown
4.3. Program Committee

4.3.1. Has a Program Committee been established to oversee the
development, implementation, and maintenance of the program? Yes No Unknown
4.3.2. Does the Program Committee have senior management support? . Yes No Unknown
4.3.3. Does the Program Committee have a charter endorsed that defines
its role for providing input or assisting with the development,
implementation, evaluation, and revision of the program? ........... Yes No Unknown
4.3.4. Does the Program Committee include knowledgeable
representation from all functions and departments of the entity? . Yes No Unknown
4.3.4.1. Management
4.3.4.2. Finance
4.3.4.3. Operations (manufacturing and service delivery)
4.3.4.4. Facilities
4.3.4.5. Engineering
4.3.4.6. Purchasing/Supply Chain/Logistics
4.3.4.7. Sales & Marketing/Customer Service
4.3.4.8. Information Technology
4.3.4.9. Human Resources
4.3.4.10. Legal
4.3.4.11. Communications or Public Affairs
4.3.4.12. Environmental, Health & Safety
4.3.4.13. Security
4.3.4.14. Risk Management or Insurance
4.3.4.15. Labor Relations
4.3.4.16. Collective bargaining representative
4.3.5. Do all members of the Program Committee participate regularly in
committee activities? ..................................................................... Yes No Unknown
4.3.6. Has the committee solicited “external” representatives or
consulted with the following? ......................................................... Yes No Unknown
4.3.6.1. Law Enforcement
4.3.6.2. Fire department
4.3.6.3. Emergency Medical Services
4.3.6.4. Rescue service
4.3.6.5. Public Health
4.3.6.6. Emergency Management Agency or Homeland Security
4.3.6.7. Local Emergency Planning Committee
4.3.6.8. Environmental authorities
4.3.6.9. Contractors
4.3.6.10. Vendors & Suppliers
4.3.6.11. Infrastructure providers (utilities, telecommunications, etc.)
4.3.6.12. Key customers
4.4. Program Administration

4.4.1. Has the entity prepared an Executive Policy consistent with the
entity’s vision and mission? ........................................................... Yes No Unknown
4.4.2. Does the Executive Policy define roles, assign responsibilities, and
vest authority for development, implementation, and maintenance
of the program? .............................................................................. Yes No Unknown
4.4.3. Has the Executive Policy been signed by senior management? ...... Yes No Unknown
4.4.4. Has the Executive Policy been widely communicated throughout the
entity? ............................................................................................ Yes No Unknown
4.4.5. Has a budget been established that provides adequate funding to
develop, implement, and keep the program current? ..................... Yes No Unknown
4.4.6. Does the program include a schedule with milestones that define
the major phases and tasks to develop, implement, evaluate, and
revise the program? ....................................................................... Yes No Unknown
4.4.7. Has a management of change process been implemented to
identify changes in the entity that would trigger changes to the
program? ........................................................................................ Yes No Unknown
4.5. Laws and Authorities

4.5.1. Does the entity have a process to identify existing new and
revised laws, regulations, standards, and industry codes of
practice pertaining to the following? .............................................. Yes No Unknown
4.5.1.1. Employee health and safety
4.5.1.2. Life safety
4.5.1.3. Environmental protection
4.5.1.4. Fire prevention and protection
4.5.1.5. Security including physical, operational, and cyber/information
security
4.5.1.6. Vital records identification, confidentiality, and protection
4.5.1.7. Emergency management
4.5.1.8. Business continuity
4.5.1.9. Information technology disaster recovery planning
4.5.2. Has a determination been made whether the program complies
with entity policies and directives and applicable laws and
regulations? ................................................................................... Yes No Unknown
4.5.3. Has a determination been made whether the program conforms to
applicable standards and industry codes of practice? .................... Yes No Unknown
4.5.4. Has the entity implemented a strategy for addressing the need for
revisions to laws, regulations, standards, and industry codes of
practice? ......................................................................................... Yes No Unknown
4.6. Finance and Administration

4.6.1. Have financial and administrative procedures been documented
and implemented to support the program before, during, and after
an incident? .................................................................................... Yes No Unknown
4.6.2. Do procedures define the levels of authority and procedures for
procurement of resources that are compliant with the entity’s
governance requirements? ............................................................. Yes No Unknown
4.6.3. Have procedures been established for expedited approval of
expenditures during or following an incident? ............................... Yes No Unknown
4.6.4. Have finance and administration procedures been developed to
support the program? ..................................................................... Yes No Unknown
4.6.4.1. Program procurement procedures
4.6.4.2. Accounting systems to track and document time and costs prior to
and during an incident
4.6.4.3. Management of funding from external sources
4.7. Records Management

4.7.1. Is there a program to identify, backup, protect, and recover vital
records and information—both electronic and hard copy—for
continuity, recovery, and regulatory purposes? ............................. Yes No Unknown
4.7.2. Do records management practices define who is responsible for
recordkeeping? ............................................................................... Yes No Unknown
4.7.3. Does the process define the retention schedule for each type of
record? ........................................................................................... Yes No Unknown
4.7.4. Are records periodically reviewed to ensure records are properly
completed and retained in accordance with the entity’s policy and
regulatory requirements? .............................................................. Yes No Unknown
5. Planning
5.1. Planning and Design Process

5.1.1. Has the program planning and design process taken an “all-
hazards” approach? ........................................................................ Yes No Unknown
5.1.2. Have the entity's vision, mission, and goals been incorporated into
the objectives of the program? ....................................................... Yes No Unknown
5.1.3. Does the entity have a crisis management plan that addresses
issues that could have the potential to severely impact the entity’s
operations, reputation, market share, ability to do business, and
relationships with key stakeholders? ............................................. Yes No Unknown
5.1.4. Does the planning process ensure that prevention, mitigation,
emergency operations/response, business continuity, crisis
communications, and crisis management plans are sufficiently
integrated? ..................................................................................... Yes No Unknown
5.1.5. In there a process to involve interested stakeholders where
applicable? ..................................................................................... Yes No Unknown
5.2. Risk Assessment

5.2.1. Does the entity have a systematic and documented process for
assessing risks to the following? ................................................... Yes No Unknown
5.2.1.1. People
5.2.1.2. Property
5.2.1.3. Operations including supply chain
5.2.1.4. Environment
5.2.1.5. Entity (reputation, image, relationships with stakeholders, and
financial well-being)?
5.2.2. Does the risk assessment process include the following? .............. Yes No Unknown
5.2.2.1. Hazard identification
5.2.2.2. Vulnerability assessment
5.2.2.3. Impact analysis (people, property, operations, environment, and
entity)
5.2.3. Has a baseline risk assessment been completed for the entity and
all facilities and operations? .......................................................... Yes No Unknown
5.2.4. Has the risk assessment been reviewed within the past 12 months
to determine whether it is current? ................................................ Yes No Unknown
5.2.5. Does the entity require conducting a risk assessment when there is
new construction, renovation, introduction of a new process, or
change to an existing process? ....................................................... Yes No Unknown
5.2.6. Does the risk assessment process follow accepted methodology for
the type of hazard or process? ....................................................... Yes No Unknown
5.2.7. Are assessors competent to conduct the required risk assessment? Yes No Unknown
5.2.8. Were the following hazards evaluated during the risk assessment?
........................................................................................................ Yes No Unknown
5.2.8.1. Natural hazards (geological, meteorological, and biological)
5.2.8.2. Human-caused events (accidental and intentional)
5.2.8.3. Technology caused event
For an expanded list of potential hazards and threats, review NFPA 1600-2019, 5.2.2.1.
5.2.9. Has the frequency or probability of occurrence for all hazards been
estimated or quantified, where possible? ...................................... Yes No Unknown
5.2.10. Have the vulnerabilities of people, property, operations, the
environment, and the entity been identified and evaluated? ......... Yes No Unknown
5.2.11. Are the vulnerabilities of people, property, operations, the
environment, and the entity monitored on an ongoing basis? ....... Yes No Unknown
5.2.12. Have the potential impacts of hazards on the following been
analyzed and quantified? ............................................................... Yes No Unknown
5.2.12.1. Health and safety employees and visitors on-site
5.2.12.2. Health and safety of the community surrounding each facility
5.2.12.3. Health and safety of emergency responders
5.2.12.4. Buildings, facilities, and supporting infrastructure
5.2.12.5. Loss, corruption, or disruption to vital records, critical information,
information technology, and connectivity
5.2.12.6. Business operations (e.g., production, service delivery, etc.)
5.2.12.7. Supply chain
5.2.12.8. Environment
5.2.12.9. Work and labor arrangements
5.2.12.10. Regulatory and contractual obligations
5.2.12.11. Financial condition of the entity
5.2.12.12. Reputation and image of the entity
5.2.13. Have the potential effects of regional, national, or international
incidents that could have cascading impacts been identified? ........ Yes No Unknown
5.2.14. Is the risk assessment documented and communicated to the
program committee, program coordinator, and senior
management? ................................................................................. Yes No Unknown
5.2.15. Has the adequacy of existing prevention and mitigation strategies
been evaluated as part of the risk assessment? ............................ Yes No Unknown
5.3. Business Impact Analysis (BIA)

5.3.1. Has the entity conducted a BIA? ..................................................... Yes No Unknown
5.3.2. Does the BIA identify the functions, processes, technologies,

information, supporting infrastructure, and supply chain that are
critical to the entity? ...................................................................... Yes No Unknown
5.3.3. Does the BIA evaluate the potential impacts resulting from
interruption or disruption of functions, processes, technologies,
information, supporting infrastructure, and supply chain? ............. Yes No Unknown
5.3.4. Does the BIA identify the point in time [recovery time objective
(RTO)] when the impacts of the interruption or disruption of the
identified functions, processes, technologies, information,
supporting infrastructure, and supply chain become unacceptable
to the entity? .................................................................................. Yes No Unknown
5.3.5. Does the BIA assess direct and indirect costs including the
following? ....................................................................................... Yes No Unknown
5.3.5.1. Damage to customer relationships
5.3.5.2. Loss of revenue
5.3.5.3. Loss of market share
5.3.5.4. Increased costs
5.3.5.5. Contractual penalties
5.3.5.6. Missed business opportunities
5.3.5.7. Regulatory noncompliance
5.3.6. Does the impact analysis incorporate end-to-end business
processes (e.g., supply through distribution or service delivery)? . Yes No Unknown
5.3.7. Does the BIA identify dependencies and interdependencies across
functions, processes, and applications to determine the potential
for compounding impacts in the event of an interruption or
disruption? ..................................................................................... Yes No Unknown
5.3.8. Does the BIA evaluate the potential loss of information and the
point in time [recovery point objective (RPO)] that defines the
potential gap between the last restorable backup of information
and the time of the interruption or disruption? .............................. Yes No Unknown
5.3.9. Has an analysis that identifies potential gaps between RTOs, RPOs,
and required capabilities been conducted? ..................................... Yes No Unknown
5.4. Resource Needs Assessment

5.4.1. Has the entity identified and documented the resources needed to
develop, implement, and maintain a program for prevention,
mitigation, response, continuity, and recovery? ............................. Yes No Unknown
5.4.2. Was the resource needs assessment based on the hazards

identified in the risk assessment, the potential impacts identified
in the business impact analysis, RTOs, and RPOs? .......................... Yes No Unknown
5.4.3. Do resource management objectives address? .............................. Yes No Unknown
5.4.3.1. Funding
5.4.3.2. Personnel
5.4.3.3. Expert knowledge
5.4.3.4. Training
5.4.3.5. Facilities
5.4.3.6. Equipment
5.4.3.7. Supply chain
5.4.3.8. Technology
5.4.3.9. Information
5.4.3.10. Intelligence
5.4.4. Do resource management objectives address the following: ......... Yes No Unknown
5.4.4.1. Quantity
5.4.4.2. Response time
5.4.4.3. Capability
5.4.4.4. Limitations
5.4.4.5. Cost
5.4.4.6. Liability connected with using the involved resource
5.4.5. Does the entity have a documented system to locate, acquire,
store, distribute, maintain, test, and account for services,
personnel, resources, materials, and facilities procured or
donated? ........................................................................................ Yes No Unknown
5.4.6. Has the inventory of available resources been compared to
resource management objectives to identify any gaps? ................ Yes No Unknown
5.4.7. Is there a strategy to address any gaps between resource
management objectives and available resources? ......................... Yes No Unknown
5.4.8. Is an inventory of all resources maintained and kept up to date? .. Yes No Unknown
5.4.9. Are resources audited to verify that they are available and in
reliable condition for immediate use? ............................................ Yes No Unknown
5.4.10. Are audit records maintained for review by the Program
Coordinator and Program Committee? ........................................... Yes No Unknown
5.4.11. Has the need for mutual aid or partnership arrangements been
determined? ................................................................................... Yes No Unknown
5.4.12. If mutual aid or partnership arrangements is/are needed, have
agreements been formalized and executed in writing? .................. Yes No Unknown
5.4.13. Have all mutual aid and partnership arrangements been reviewed
by legal counsel and others with responsibility for review of
contracts? ....................................................................................... Yes No Unknown
5.4.14. Are the resources available from mutual aid and partnership
arrangements agreements documented in program plans? ........... Yes No Unknown
5.4.15. Are the facilities capable of supporting response, continuity, and
recovery operations been identified? ............................................. Yes No Unknown
5.5. Performance Objectives

5.5.1. Have program performance objectives been defined? ................... Yes No Unknown
5.5.2. Are objectives measurable? ........................................................... Yes No Unknown
5.5.3. Has the entity established performance objectives for each of the
program elements? ........................................................................ Yes No Unknown
5.5.3.1. Risk assessment
5.5.3.2. Business impact analysis
5.5.3.3. Prevention
5.5.3.4. Mitigation
5.5.3.5. Resources
5.5.3.6. Emergency operations/response
5.5.3.7. Crisis communications and public information
5.5.3.8. Business continuity and recovery
5.5.3.9. Training and education
5.5.3.10. Exercises, reviews, and corrective action
5.5.4. Do performance objectives address both short-term and long-term
needs? ............................................................................................ Yes No Unknown
5.5.5. Are the performance objectives periodically evaluated to
determine whether they meet the needs of the entity? ................. Yes No Unknown
6. Implementation
6.1. Common Plan Requirements

6.1.1. Are objectives clearly stated in all plans? ...................................... Yes No Unknown
6.1.2. Are planning assumptions documented in each plan? .................... Yes No Unknown
6.1.3. Are functional roles and responsibilities of internal and external
agencies, organizations, departments, and positions identified in
each plan? ...................................................................................... Yes No Unknown
6.1.4. Are the lines of authority clearly defined? ..................................... Yes No Unknown
6.1.5. Are the lines of succession clearly defined? ................................... Yes No Unknown
6.1.6. Are Liaisons to external entities clearly defined? .......................... Yes No Unknown
6.1.7. Are resource and logistical requirements defined in each plan? .... Yes No Unknown
6.1.8. Are plans accessible during emergencies when buildings may be
inaccessible or uninhabitable? ....................................................... Yes No Unknown
6.1.9. Does each plan specify when and who has authority to activate the
plan? .............................................................................................. Yes No Unknown
6.1.10. Are there clearly defined thresholds to guide the notification and
escalation sequence for emergency response, business continuity,
crisis management, and recovery activities? ................................. Yes No Unknown
6.1.11. Are procedures established for communicating information and
coordinating decision making between the senior leadership team,
emergency response teams, business continuity teams, or
managers that might become involved in the incident? ................. Yes No Unknown
6.1.12. Have plans been distributed to or do those with defined
responsibilities in the plans have access to plans? ........................ Yes No Unknown
6.2. Prevention
6.2.1. Have prevention strategies been developed to prevent incidents
that threaten life, property, and the environment? ........................ Yes No Unknown
6.2.2. Is there an ongoing process of information collection and
intelligence techniques for developing threats and emerging
hazards to keep prevention strategies current? ............................ Yes No Unknown
6.2.3. Are prevention strategies based on the results of hazard
identification and risk assessment, an analysis of impacts,
program constraints, operational experience, and a cost- benefit
analysis? ........................................................................................ Yes No Unknown
6.2.4. Is there a process to monitor identified hazards and adjust the
level of preventive measures to be commensurate with the risk? . Yes No Unknown
6.3. Mitigation
6.3.1. Have mitigation strategies been documented in a plan that
includes measures to limit or control the consequences, extent, or
severity of an incident that cannot be prevented? ......................... Yes No Unknown
6.3.2. Do mitigation strategies include interim and long-term actions to
reduce vulnerabilities? ................................................................... Yes No Unknown
6.3.3. Are mitigation strategies supported by senior management and

sufficiently funded? ........................................................................ Yes No Unknown
6.3.4. Do mitigation strategies incorporate the following where
applicable? ..................................................................................... Yes No Unknown
6.3.4.1. The use of applicable building construction standards
6.3.4.2. Hazard avoidance through appropriate land-use practices
6.3.4.3. Relocation, retrofitting, or removal of structures at risk
6.3.4.4. Removal or elimination of the hazard
6.3.4.5. Reduction or limitation of the amount or size of the hazard
6.3.4.6. Segregation of the hazard from that which is to be protected
6.3.4.7. Modification of the basic characteristics of the hazard
6.3.4.8. Control of the rate of release of the hazard
6.3.4.9. Provision of protective systems or equipment for both cyber or
physical risks
6.3.4.10. Establishment of hazard warning and communication procedures
6.3.4.11. Redundancy or duplication of essential personnel, critical systems,
equipment, information, operations, or materials
6.4. Crisis Communications and Public Information

6.4.1. Does the entity have a crisis communications plan and procedures
to disseminate information to and respond to requests for
information from the following audiences before, during, and after
6.4.1.1. Internal audiences, including employees
6.4.1.2. External audiences, including the media, individuals with
disabilities, persons with access or other functional needs, and
other stakeholders
6.4.2. Does the entity have a crisis communications plan and procedures
for communicating with the news media and providing information
to the public who may be affected by the incident? ........................ Yes No Unknown
6.4.3. Are persons assigned to speak to the news media properly trained
including realistic practice? ............................................................ Yes No Unknown
6.4.4. Does the crisis communications plan include dissemination of
information to employees and their families? ................................ Yes No Unknown
6.4.5. Do crisis communications plans and procedures identify
stakeholders including customers, regulators, suppliers, investors,
and other stakeholders? ................................................................. Yes No Unknown
6.4.6. Do crisis communications capabilities include prompt dissemination

of approved information through social media, entity website, and
other digital means? ...................................................................... Yes No Unknown
6.4.7. Do procedures identify who should speak with each stakeholder or
group of stakeholders? .................................................................. Yes No Unknown
6.4.8. Have provisions been made for monitoring media coverage during
6.4.9. Does the entity have a crisis communications or public information
capability that includes the following? ........................................... Yes No Unknown
6.4.9.1. Central contact facility or communications hub
6.4.9.2. Physical or virtual information center
6.4.9.3. System for gathering, monitoring, and disseminating information
6.4.9.4. Procedures for developing and delivering coordinated messages
6.4.9.5. Protocol to clear information for release
6.5. Warning, Notifications, and Communications

6.5.1. Do emergency operations/response and business continuity plans
include procedures for alerting and notification of: ........................ Yes No Unknown
6.5.1.1. Members of emergency response, business continuity, and crisis
communications team(s)
6.5.1.2. Public emergency services and agencies
6.5.1.3. Senior management
6.5.2. Do emergency operations/response procedures include procedures
for warning persons at risk or potentially at risk from the incident?
........................................................................................................ Yes No Unknown
6.5.3. Have procedures been implemented for issuing warnings through
authorized agencies if required by law? ........................................ Yes No Unknown
6.5.4. Have pre-scripted information bulletins or templates been
developed for communications with internal and external
audiences? ...................................................................................... Yes No Unknown
6.5.5. Have warning systems (e.g., fire alarm systems, emergency voice
communications systems, etc.) been installed, tested, and
maintained? Are they audible throughout the premises? ............... Yes No Unknown
6.5.6. Have communications systems been identified, configured, and
tested for communications between members of emergency
response and business continuity teams and others? .................... Yes No Unknown
6.5.7. Have communications protocols and procedures been established
and tested? ..................................................................................... Yes No Unknown
6.5.8. Has the interoperability of communication systems and

technologies been evaluated and tested where available? Where
not available, have alternate strategies been developed to enable
communication between all internal and external responders? ..... Yes No Unknown
6.5.9. Are the names, telephone numbers, and emergency contact
instructions for management, emergency response team members,
business continuity team members, crisis communications team
members, public agencies, contractors, suppliers, and others who
support the program compiled, immediately accessible, and up to
date? .............................................................................................. Yes No Unknown
6.6. Operational Procedures

6.6.1. Have operational procedures been coordinated between
emergency response, business continuity, and crisis management
teams and others that have a defined role or responsibility for
response and continuity? ................................................................ Yes No Unknown
6.6.2. Does the emergency operations/response plan adequately address
the organization, staffing, equipment, training, and response
procedures for the credible hazards unique or specific to each
facility as identified in the risk assessment? ................................. Yes No Unknown
6.6.3. Do emergency procedures include assignment of persons and
building specific procedures for the following protective actions? . Yes No Unknown
6.6.3.1. Evacuation
6.6.3.2. Sheltering-In-Place
6.6.3.3. Lockdown
6.6.3.4. “Run, hide, fight”
6.6.3.5. Accounting of persons following an emergency
6.6.4. Do emergency procedures address the safety of first responders? Yes No Unknown
6.6.5. Do emergency procedures include actions to protect property? ..... Yes No Unknown
6.6.6. Do emergency procedures include actions to protect the
environment? ................................................................................. Yes No Unknown
6.6.7. Do procedures include the following? ............................................. Yes No Unknown
6.6.7.1. Control of access to the area affected by the incident
6.6.7.2. Identification of personnel engaged in activities at the incident
6.6.7.3. Accounting for personnel engaged in incident activities
6.6.7.4. Mobilization and demobilization of resources
6.6.8. Do emergency response and business continuity procedures define
criteria and include procedures for initiating mitigation and
recovery efforts when safe? .......................................................... Yes No Unknown
6.7. Incident Management

6.7.1. Does the entity have an incident management system (IMS) to
direct, control, and coordinate response, continuity, and recovery
operations? .................................................................................... Yes No Unknown
6.7.2. Does the entity utilize a recognized incident management system
such as the National Incident Management System (NIMS)/Incident
Command System (ICS) for management of incidents? ................... Yes No Unknown
6.7.3. Does the IMS define organizational roles, titles, and
responsibilities for each function? .................................................. Yes No Unknown
6.7.4. Does the incident management system include appointment of a
capable Incident Commander? ........................................................ Yes No Unknown
6.7.5. Is the Incident Commander vested with authority to command all
resources during the incident and to order shutdown of operations
and protection of persons potentially at risk from the incident? .... Yes No Unknown
6.7.6. Is a capable person assigned responsibility to command
emergency response functions under the “Operations” section of
the Incident Command System or equivalent? ................................ Yes No Unknown
6.7.7. Are capable persons assigned responsibility for the following
“section” and responsibilities as defined in the Incident Command
System or equivalent? .................................................................... Yes No Unknown
6.7.7.1. Planning
6.7.7.2. Logistics
6.7.7.3. Finance/Administration
6.7.8. Is a capable person assigned to oversee the safety of any
response? ....................................................................................... Yes No Unknown
6.7.9. Is a capable person assigned to liaise with public agencies,
vendors, or contractors who may become involved in an incident? Yes No Unknown
6.7.10. Does the incident management system incorporate procedures for
coordination of activities with stakeholders directly involved in
response, continuity, and recovery operations? ............................. Yes No Unknown
6.7.11. Does the incident management system incorporate procedures for
coordination of activities and unification of command during
response, continuity, and recovery operations? ............................. Yes No Unknown
6.7.12. Does the incident management system incorporate procedures and
assign responsibility for conducting a situation analysis that
includes the following? ................................................................... Yes No Unknown
6.7.12.1. Resource needs assessment
6.7.12.2. Damage assessment
6.7.13. Does the IMS include procedures for development and use of an
incident action plan or management by objectives to guide
response/recovery? ....................................................................... Yes No Unknown
6.7.14. Does the IMS include the following resource management tasks? . Yes No Unknown
6.7.14.1. Describing, inventorying, requesting, and tracking resources
6.7.14.2. Typing/categorizing resources by size, capacity, capability, and
skill
6.7.14.3. Mobilizing and demobilizing resources
6.7.14.4. Planning for resource deficiencies
6.7.14.5. Maintaining an inventory of internal and external resources
6.7.14.6. Managing donations of human resources, equipment, material, and
facilities
6.7.15. Is there a system to inventory, acknowledge, maintain, distribute,
retain, and return solicited or unsolicited donations including
goods, services, personnel, and facilities? ..................................... Yes No Unknown
6.7.16. Is this donations management system coordinated with public and
nonprofit organizations? ................................................................ Yes No Unknown
6.7.17. Do plans define the process for managing the flow of information
internally and externally? .............................................................. Yes No Unknown
6.7.18. Have criteria been established and procedures documented for
notification of governmental and regulatory authorities when
required by statute or regulation (e.g., notification of
environmental authorities for a hazardous materials spill or
notification of OSHA if a workplace fatality occurs.) ....................... Yes No Unknown
6.7.19. Have primary and alternate emergency operations centers (EOCs)
been established to support response and recovery efforts? ........ Yes No Unknown
6.7.20. Are the primary and alternate EOCs located or arranged so both
are not rendered inaccessible or unusable as a result of the same
incident? ......................................................................................... Yes No Unknown
6.7.21. Are EOCs property constructed, configured, equipped, staffed, and
supported to meet the needs of the entity to manage response and
recovery operations for an extended period? ................................ Yes No Unknown
6.7.22. Is the location of or access to [virtual] EOCs provided to all
emergency response, business continuity, and crisis management
teams and others who must have access? ...................................... Yes No Unknown
6.8. Emergency Operations/Response Plan

6.8.1. Does the emergency operations/response plan define what
constitutes an emergency and when the plan should be activated? Yes No Unknown
6.8.2. Has management defined the entity’s policy for responding to

emergencies that defines the following? ........................................ Yes No Unknown
6.8.2.1. Functions of the emergency response team
6.8.2.2. Level of response (e.g., incipient stage firefighting or advanced
interior structural firefighting)
6.8.2.3. Staffing
6.8.2.4. Equipment
6.8.2.5. Training
6.8.2.6. Requirements to meet local needs and conditions
6.8.3. Does the emergency operations/response plan address life safety,
property conservation, and incident stabilization actions for the
hazards and threats identified during the risk assessment
including the following? .................................................................. Yes No Unknown
6.8.3.1. Fires
6.8.3.2. Medical emergencies
6.8.3.3. Natural hazards (e.g., tornado, hurricane, flooding, etc.)
6.8.3.4. Security threats (e.g., bomb threats, act of violence, etc.)
6.8.3.5. Hazardous materials spills or releases
6.8.3.6. Rescue
6.8.3.7. Utility outages
6.8.3.8. Acts of terrorism
6.8.3.9. Other types of emergencies
For an expanded list of potential hazards and threats, review NFPA 1600-2019, 5.2.2.1.
6.8.4. Are the emergency response team’s organization, staffing,
training, and equipment compliant with regulatory requirements
including but not limited to the following? ..................................... Yes No Unknown
6.8.4.1. Occupational Safety & Health Administration (Federal or State)
6.8.4.2. Fire Prevention Code
6.8.4.3. Environmental regulations
6.9. Continuity and Recovery

6.9.1. Have business continuity and recovery strategies been established
to maintain critical or time-sensitive functions and processes
identified during the business impact analysis when there is an
interruption or disruption? ............................................................. Yes No Unknown
6.9.2. Does the continuity plan identify the following? ............................ Yes No Unknown
6.9.2.1. Stakeholders that need to be notified
6.9.2.2. Functions, and processes that must be maintained
6.9.2.3. Critical and time- sensitive applications
6.9.2.4. Alternate work sites
6.9.2.5. Manual workarounds to use when automated systems are

unavailable
6.9.2.6. Information security
6.9.2.7. Contact lists
6.9.3. Does the business continuity plan define the timeframes (Recovery
Time Objectives or RTOs) when critical functions must be restored
before there is an unacceptable impact? ........................................ Yes No Unknown
6.9.4. Does the business continuity plan identify the personnel,
procedures, and resource requirements for continuity and recovery
strategies? ..................................................................................... Yes No Unknown
6.9.5. Does the business continuity plan include the protocols and
procedures for alerting of the business continuity team? .............. Yes No Unknown
6.9.6. Does the business continuity plan define the criteria for partial and
full activation of the plan? .............................................................. Yes No Unknown
6.9.7. Is there a process for damage assessment? .................................. Yes No Unknown
6.9.8. Is the business continuity plan connected to and coordinated with
emergency operations/response and crisis management plans? ... Yes No Unknown
6.9.9. Do recovery plans provide for the restoration of infrastructure,
facilities, processes, technology, information, and other required
resources including? ....................................................................... Yes No Unknown
6.9.9.1. Replacement, repair, or rebuilding of infrastructure and facilities
6.9.9.2. Replacement of supply chain and materials
6.9.9.3. Replacement or repair of machinery, equipment, tools
6.9.9.4. Identification and emergency contact information for vendors,
contractors and other resources for recovery
6.9.9.5. Identification of laws, regulations, and other requirements
pertaining to recovery efforts
6.9.9.6. Physical and information security during recovery
6.10. Employee Assistance and Support

6.10.1. Does the entity have an employee assistance and support plan that
includes the following? ................................................................... Yes No Unknown
6.10.1.1. Pre-incident and post-incident awareness
6.10.1.2. Procedures to communications emergency information to
employees before, during and following an emergency or disaster
6.10.1.3. Employee contact information, including emergency contact outside
the anticipated hazard area
6.10.1.4. Procedures for accounting for persons affected, displaced, or
injured by the incident
6.10.1.5. Temporary, short-term, or long-term housing and feeding and care

of those displaced by an incident
6.10.1.6. Mental health and physical well-being of individuals affected by
the incident
6.10.1.7. Promotion of family preparedness education and training for
employees
6.10.2. Does the entity have a plan that includes procedures for the post-
event management of the psychological and other human impacts
of incidents that result in fatalities, injuries, or other trauma? ...... Yes No Unknown
7. Execution
7.1. Incident Detection and Recognition

7.1.1. Have criteria (protocols) been established to define threats,
hazards, conditions, events, and or situations that could impact the
safety of people, damage property, interrupt operations,
contaminate the environment, or negatively impact relationships
and the entity’s reputation? ............................................................ Yes No Unknown
7.2. Initial Reporting, Alerting, Warning & Notifications

7.2.1. Have procedures been established for the initial reporting of an
incident or situation and protocols been established for alerting,
warning, and notifications? ............................................................ Yes No Unknown
7.2.2. Have procedures been established and implemented to warn,
alert, or notify the following as defined in 6.6: .............................. Yes No Unknown
7.2.2.1. Warn persons potentially at risk?
7.2.2.2. Alert members of response, continuity, communications, and crisis
management teams?
7.2.2.3. Notify stakeholders potentially impacted by an incident?
7.3. Incident Management

7.3.1. Have processes been established and implemented to: ................. Yes No Unknown
7.3.1.1. Establish incident command as defined in 6.7 commensurate with
the incident or situation?
7.3.1.2. Conduct a situation analysis?
7.3.1.3. Open a virtual or physical emergency operations center and
coordinate with incident command and other authorities?
7.3.1.4. Develop a verbal or written incident action plan?
7.3.1.5. Document planning, information received and sent, decisions, and

actions taken?
7.3.1.6. Manage resources required for incident stabilization, continuity,
and recovery from activation to demobilization?
8. Training & Education
8.1. Curriculum
8.1.1. Has a training and educational curriculum been established to
support all who have a role in the program? ................................. Yes No Unknown
8.1.2. Does the curriculum address the needs of the following? .............. Yes No Unknown
8.1.2.1. Persons who may be impacted by hazards (i.e., hazard awareness
and protective actions training for all employees, contractors, and
visitors on-site)
8.1.2.2. Emergency response and business continuity teams
8.1.2.3. Crisis management team including senior management
8.1.2.4. Crisis communications team including all media spokesperson(s)
8.1.2.5. Others who support the program?
8.1.3. Is training provided for all employees to make them aware of
emergency response plans, business continuity procedures, vital
records protection, security, etc.? .................................................. Yes No Unknown
8.2. Goal of Curriculum

8.2.1. Does the curriculum create awareness and enhance the knowledge,
skills, and abilities required to implement, support, and maintain
the program? .................................................................................. Yes No Unknown
8.3. Scope and Frequency of Instruction

8.3.1. Have the scope of the training and education curriculum and the
frequency of instruction been identified? ....................................... Yes No Unknown
8.3.2. Is training provided for all employees upon hire? ......................... Yes No Unknown
8.3.3. Is training provided for emergency response, business continuity,
and crisis management teams upon assignment? .......................... Yes No Unknown
8.3.4. Is training provided when the plan or procedures are changed or
when a person’s responsibilities under the plan change? .............. Yes No Unknown
8.3.5. Is training provided as often as needed to maintain competency
and certifications (e.g., first aid/CPR)? ............................................ Yes No Unknown
8.3.6. Is the scope and frequency of training compliant with regulations

including OSHA standards, fire prevention and life safety codes,
and industry practices? .................................................................. Yes No Unknown
8.4. Incident Management System Training

8.4.1. Are personnel trained in the entity’s incident management system
(IMS) and other components of the program to the level of their
involvement? .................................................................................. Yes No Unknown
8.5. Recordkeeping
8.5.1. Are records of training and education maintained as required by
the entity’s records management program and in accordance with
regulatory requirements? .............................................................. Yes No Unknown
8.6. Regulatory and Program Requirements

8.6.1. Does the training and education curriculum comply with applicable
regulatory and program requirements? ......................................... Yes No Unknown
8.7. Public Education

8.7.1. Has a public education program been implemented to communicate
the following to the population at risk from an event at the entity’s
facility? ........................................................................................... Yes No Unknown
8.7.1.1. The potential impacts of a hazards
8.7.1.2. Preparedness information
8.7.1.3. Information needed to develop a preparedness plan
9. Exercises & Tests
9.1. Program Evaluation

9.1.1. Are program plans, procedures, training, and capabilities
evaluated through periodic exercises and tests? ........................... Yes No Unknown
9.1.2. Do members of emergency response, business continuity, and
crisis management teams participate in drills and exercises to
familiarize them with activation and execution of plans, use of
equipment, and operating under the entity’s incident management
system? .......................................................................................... Yes No Unknown
9.1.3. Have metrics for program evaluation been developed? ................. Yes No Unknown
9.1.4. Are post incident critiques conducted promptly after response to an

incident has been terminated? ....................................................... Yes No Unknown
9.1.5. Do the Program Coordinator, Program Committee, or others seek
lessons learned or after action reports from others to assess the
9.2. Exercise and Test Methodology

9.2.1. Do exercises provide an opportunity to practice procedures and
interact with others in one of the following controlled settings? .... Yes No Unknown
9.2.1.1. Workshops or orientation seminars
9.2.1.2. Tabletop exercises
9.2.1.3. Functional exercises
9.2.1.4. Full-scale exercises
9.2.2. Are exercises designed to assess the maturity of program plans,
procedures, and strategies? ........................................................... Yes No Unknown
9.2.3. Are tests designed to demonstrate capabilities? ............................ Yes No Unknown
9.2.4. Are exercises and tests documented? ............................................ Yes No Unknown
9.2.5. Are information technology disaster recovery plans tested and
validated periodically? ................................................................... Yes No Unknown
9.3. Design of Exercises and Tests

9.3.1. Are exercises designed to accomplish the following objectives? .... Yes No Unknown
9.3.1.1. Ensure the safety of people, property, operations, and the
environment involved in the exercise or test
9.3.1.2. Evaluate the program
9.3.1.3. Identify planning and procedural deficiencies
9.3.1.4. Test or validate recently changed procedures or plans
9.3.1.5. Clarify roles and responsibilities
9.3.1.6. Obtain participant feedback and recommendations for program
improvement
9.3.1.7. Measure improvement compared to performance objectives
9.3.1.8. Improve coordination among internal and external teams,
organizations, and entities
9.3.1.9. Validate training and education
9.3.1.10. Increase awareness and understanding of hazards and the
potential impact of hazards on the entity
9.3.1.11. Identify additional resources and assess the capabilities of
existing resources, including personnel and equipment needed for
effective response and recovery
9.3.1.12. Assess the ability of the team to identify, assess, and manage an
incident
9.3.1.13. Practice the deployment of teams and resources to manage an
incident
9.3.1.14. Improve individual performance
9.3.2. Does the scope and frequency of exercises reflect the nature,
scale, and complexity of the entity; its operational environment;
and its exposure to hazards? ......................................................... Yes No Unknown
9.3.3. Are exercises crafted by competent persons experienced in the
design and conduct of exercises and knowledgeable in the policies,
plans, and procedures of the entity? .............................................. Yes No Unknown
9.3.4. Are exercise objectives clearly defined and documented? ............. Yes No Unknown
9.3.5. Are exercise assumptions adequately defined and aligned with the
exercise objectives? ....................................................................... Yes No Unknown
9.3.6. Are exercise scenarios realistic and customized to the entity’s
facilities, operations, and resources? ............................................. Yes No Unknown
9.4. Exercise and Test Evaluation

9.4.1. Are exercises evaluated using a formal process that includes
evaluation forms and a “hot wash” or other facilitated discussion
documented in an After-Action Report (AAR)? .................................. Yes No Unknown
9.4.2. Are copies of the AAR provided to the program coordinator,
program committee, and management? ......................................... Yes No Unknown
9.4.3. Are recommendations from exercises evaluated by the program
coordinator, program committee, and others to revise the
9.5. Frequency
9.5.1. Are exercises and tests conducted on the frequency needed to
establish and maintain required capabilities? ................................ Yes No Unknown
9.5.2. Does the frequency of exercises reflect the nature, scale, and
complexity of the entity; its operational environment; and its
exposure to hazards? ..................................................................... Yes No Unknown
9.5.3. Are protective action drills (e.g., evacuation, shelter-in-place, and
lockdown) conducted at least annually or as frequently as required
by law? ........................................................................................... Yes No Unknown
10. Program Maintenance & Improvement
10.1. Program Reviews

10.1.1. Are program policies, procedures, and capabilities evaluated
through periodic reviews using the program’s performance
objectives as criteria? .................................................................... Yes No Unknown
10.1.2. Has responsibility for evaluating the program been assigned to
persons with authority and the resources necessary to complete
the evaluation? .............................................................................. Yes No Unknown
10.1.3. Has a method for evaluating the program such as ISO 19011 been
defined? ......................................................................................... Yes No Unknown
10.1.4. Do program reviews evaluate the implementation of changes
resulting from preventive and corrective action? ........................... Yes No Unknown
10.1.5. Are evaluations conducted on a regularly scheduled basis and
when the situation changes to question the effectiveness of the
existing program? .......................................................................... Yes No Unknown
10.1.6. Is the program re-evaluated when a change in any of the following
impacts the program? ..................................................................... Yes No Unknown
10.1.6.1. Regulations
10.1.6.2. Hazards and potential impacts
10.1.6.3. Entity's organization
10.1.6.4. Entity operations
10.1.6.5. Resource availability or capability
10.1.6.6. Funding changes
10.1.6.7. Infrastructure, including technology environment
10.1.6.8. Economic and geographic stability
10.1.7. Do program reviews include determination whether corrective
action from post-incident analyses, lessons learned, and past
program reviews? .......................................................................... Yes No Unknown
10.1.8. Are records of program reviews and evaluations maintained in
accordance with records management policies and procedures? ... Yes No Unknown
10.1.9. Are documentation, records, and reports provided to management
for review and follow-up? .............................................................. Yes No Unknown
10.2. Corrective Action.

10.2.1. Is there a documented corrective action process? .......................... Yes No Unknown
10.2.2. Does the corrective action process prioritize deficiencies? ............ Yes No Unknown
10.2.3. Are all deficiencies assigned to a responsible person or

department, tracked, and followed until satisfactorily resolved? .. Yes No Unknown
10.2.4. Are high priority deficiencies elevated to a level of management
with authority to ensure prompt attention? ................................... Yes No Unknown
10.2.5. Does senior management support corrective action? ..................... Yes No Unknown
10.2.6. Has the entity taken corrective action on identified deficiencies? .. Yes No Unknown
10.2.7. Is root cause analysis used to determine the root causes of
recurring and underlying problems? .............................................. Yes No Unknown
10.3. Continuous Improvement

10.3.1. Does the entity have a continuous improvement or change
management process that would trigger program reviews and
corrective action? ........................................................................... Yes No Unknown
About Preparedness, LLC

Preparedness, LLC has more than 35 years of experience helping organizations identify and assess hazard and
operational risks; develop and implement loss prevention and risk mitigation strategies; design and implement
emergency response, business continuity, and crisis management programs; educate and train staff; design,
facilitate, and evaluate drills and exercises; and evaluate existing programs.
We assess hazards and threats to people, property, business operations, and reputations. We assess
vulnerabilities and analyze the potential impacts of hazards. Our analyses provide management with the
information needed to make effective risk management decisions to prevent, mitigate, or finance risk. Our
business impact analyses provide information to determine business continuity strategies and requirements
We develop strategies to prevent hazards or mitigate the impacts of hazards that cannot be prevented. We
develop and help implement loss prevention and risk mitigation programs
We develop emergency management, business continuity, and crisis management programs, so companies can
safeguard employees, protect property, continuity critical business functions, and protect their image,
reputation, and relationships with stakeholders. This includes assessing risk, defining business priorities and
resource needs, organizing teams, writing plans, conducting training, and facilitating exercises.
Preparedness, LLC Services
 Identify and assess hazard and operational risks that can injure people, damage property, interrupt
business processes, and contaminate the environment; provide detailed loss prevention recommendations
 Develop strategies and programs for hazard prevention and risk mitigation
 Evaluate compliance with federal, state, and local regulations and conformity to codes and standards
 Evaluate preparedness and the implementation of emergency management, business continuity, and crisis
management programs
 Develop loss prevention policies, procedures, and programs to meet risk management objectives,
insurance underwriting, and regulatory requirements
 Develop emergency response plans optimized for best use of facility and community resources, and
compliant with regulatory requirements
 Develop business continuity programs with strategies to continue critical business functions
 Develop crisis management programs that define issues, develop strategies, and include an organization
with processes for effective management
 Develop, conduct and facilitate training, drills, and exercises
 Support property insurance and risk management programs by developing risk information for risk
mitigation and risk financing decision-making
PREPAREDNESS, LLC
Telephone 781.784.0672
https://preparednessllc.com | [email protected]

Self-Assessment: Checklist

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Self-Assessment: Checklist

Uploaded by

Copyright:

Available Formats

Emergency Management,

Business Continuity, & Crisis

4. Program Management ............................ 1 6.10. Employee Assistance and Support.......... 17

4.1. Leadership and Commitment

4.2. Program Coordinator

4.3. Program Committee

4.4. Program Administration

4.5. Laws and Authorities

4.6. Finance and Administration

4.7. Records Management

5.1. Planning and Design Process

5.2. Risk Assessment

5.3. Business Impact Analysis (BIA)

5.3.2. Does the BIA identify the functions, processes, technologies,

5.4. Resource Needs Assessment

5.4.2. Was the resource needs assessment based on the hazards

5.5. Performance Objectives

6.1. Common Plan Requirements

6.3.3. Are mitigation strategies supported by senior management and

6.4. Crisis Communications and Public Information

6.4.6. Do crisis communications capabilities include prompt dissemination

6.5. Warning, Notifications, and Communications

6.5.8. Has the interoperability of communication systems and

6.6. Operational Procedures

6.7. Incident Management

6.8. Emergency Operations/Response Plan

6.8.2. Has management defined the entity’s policy for responding to

6.9. Continuity and Recovery

6.9.2.5. Manual workarounds to use when automated systems are

6.10. Employee Assistance and Support

6.10.1.5. Temporary, short-term, or long-term housing and feeding and care

7.1. Incident Detection and Recognition

7.2. Initial Reporting, Alerting, Warning & Notifications

7.3. Incident Management

7.3.1.5. Document planning, information received and sent, decisions, and

8. Training & Education

8.2. Goal of Curriculum

8.3. Scope and Frequency of Instruction

8.3.6. Is the scope and frequency of training compliant with regulations

8.4. Incident Management System Training

8.6. Regulatory and Program Requirements

8.7. Public Education

9. Exercises & Tests

9.1. Program Evaluation

9.1.4. Are post incident critiques conducted promptly after response to an

9.2. Exercise and Test Methodology

9.3. Design of Exercises and Tests

9.4. Exercise and Test Evaluation

10. Program Maintenance & Improvement

10.1. Program Reviews

10.2. Corrective Action.

10.2.3. Are all deficiencies assigned to a responsible person or

10.3. Continuous Improvement

About Preparedness, LLC

You might also like