The United States has made significant progress since the terrorist attacks in September 2001 in developing an infrastructure for standards and conformity assessment for a range of homeland security products. The 9/11 Commission, in their final report in 2004, recommended several steps to make the nation safer and better prepared to respond to national-level disasters. In particular, they recommended that private-sector organizations follow standards such as NFPA 1600-2002: Standard on Emergency Management and Business Continuity. Then-Department of Homeland Security (DHS) Secretary Tom Ridge agreed with these recommendations, and thus NFPA 1600 became “the first” DHS-adopted standard. However, it took eight years to implement a DHS program such that individual corporations could demonstrate compliance with emergency management/business continuity standards.
Why did it take eight years to establish a program that everyone agreed from the start was a great idea? Multiple factors contributed to the timeline. There were two different communities involved:...