The majority of U.S. companies have a formal, written plan for emergency preparedness, according to a report released by The Conference Board. But a widely adopted certification standard for such plans does not exist yet.
Three-quarters of the 302 senior corporate executives surveyed in mid-2007 said an emergency preparedness plan exists in their companies. The analysis was sponsored by the U.S. Department of Homeland Security as part of an ongoing research project to assess the effectiveness of security in American companies.
The survey sample was intended to reflect the characteristics of American businesses as defined by size and industry. The sample was divided into three strata: small business (companies with $5 to $50 million in annual sales); mid-market ($50 million to $1 billion in sales); and enterprise ($1 billion or more in sales). Within these groups of companies, the survey polled executives with responsibility for security, business continuity, crisis management and emergency-response efforts.
A “voluntary” certification process for preparedness was adopted as part of the 2007 homeland security legislation (Public Law 110-53). The choice of standards that would permit certification under the law is under review. As this report goes to press, it is expected that several different standards may qualify for certification.
“Currently, the most significant finding is that none of the many standards proposed for certification has attained widespread usage in the private sector,” said Thomas Cavanagh, senior research associate for global corporate citizenship at The Conference Board.
The most common standard is the ISO 27001/17799…
Please log in or subscribe to read this article