In 1995 the NFPA Standards Council was contacted by the insurance industry regarding premises security standards. The council did not go forward with the project after the security industry raised concerns that a fire protection organization was considering developing security standards. In 1999, the insurance industry again asked the standards council to reconsider development of premises security standards. The council decided to proceed with the premises security project by July 2000.
The security industry continued to express concerns that a security standard should not be developed by the NFPA. To mitigate these fears, the NFPA made drafts of the proposed documents available for public review and comment in multiple publications and on the NFPA Web site. Originally NFPA 730 was drafted as a standard, but became a guideline when the committee was unable to reach a consensus among committee members.
The Premises Security Committee considered 279 proposals submitted for review. More than 200 of the proposals were accepted by the committee for consideration. This writer submitted 31 proposals of which 13 were accepted in principle.
The American Society for Industrial Security (ASIS) and NFPA are in competition for legitimacy in establishing security guidelines. ASIS and NFPA members have participated in the development of each others’ guidelines. Guidelines are recommended practices, policies, and procedures to use regarding a particular issue, problem, or situation. Standards are mandatory practices that use the word “shall†when referencing compliance of a practice. Codes are a standard that is suitable for adoption into law.
The NFPA was founded in 1896 in Boston to create a standard for the uniform installation of fire sprinklers. The NFPA has developed more than 300 building life-safety codes and standards. NFPA codes and standards are developed based on an open consensus-based process. Anyone can submit a request to develop a new code or standard. The Standards Council reviews requests and directs a technical committee to review the request and reach a consensus by at least two-thirds vote to take action. Once a code or standard is approved by a technical committee it is published and a call for proposals is issued. Anyone may submit proposals regarding a new code or standard. After the completion of the proposal and comment period, the technical committee will present the new code or standard to the NFPA membership at the annual World Safety Conference and Exposition.
ASIS established the Commission on Guidelines in 2001 in response to a need for security guidelines to help the private sector secure businesses and critical infrastructure. The commission establishes guideline projects and forms a committee of ASIS members with knowledge of the subject matter to participate in guideline development. The committee completes a draft guideline and submits it to the commission for final review. Draft guidelines are posted online for a comment period. The commission reviews comments prior to final issue.
(The Department of Homeland Security (DHS) recently endorsed NFPA 1600 Standard for Business Continuity. ASIS Commission on Guidelines issued a continuity guideline last year, but the NFPA 1600 was updated and beat out the ASIS guideline.)
The NFPA promotes standards and code that assist security and life-safety professionals in meeting minimum protective measures. Property owners do not want to bear the cost of new standards or codes that will cost them money to implement. The real estate industry lobbies state and local government hard to delay or prevent the implementation of new fire code. As technology improved and fire code was updated, local government gave property owners exceptions to permit buildings to meet fire code in effect at the time. Older buildings are often grandfathered into old fire code to save the property owner the cost of implementing new life-safety equipment. One example of this is the thousands of pre-1980 high-rise buildings that do not have fire sprinklers or modern evacuation systems.
After a tragedy such as the 2003 fire at the Cook County Building in Chicago, government officials revisit fire code exceptions made in the past. New building standards and code are published and, as usual, property owners are given exceptions and extended deadlines to comply with new code. Bottom line: guidelines and standards adopted by government and the insurance industry are good for property owners and the public in the long run.
Argument for NFPA 730
We have to start somewhere. No current standards-setting organization has provided an overall guide or standard encompassing all of the recommendations from ANSI, ASHRAE, ASIS, CDC, DOJ, NIOSH, OSHA, etc. NFPA guidelines and standards are living documents subject to change as improvements in technology and procedures are refined.
The NFPA standards-adoption process allows for interested persons to comment on the standard/guideline by submitting proposals for consideration to the committee. The NFPA method of standard/ guideline development allows for disparate interests to voice their concerns and impact the final document. NFPA reviews standards/guidelines on a regular basis to keep the guideline or code current.
Argument against NFPA 730
The NFPA 730 Guideline is loosely based on DOJ, OSHA, and military publications not applicable to the private sector. Premises Security Committee members have a vested interest in the adoption of security standards. Committee members include: code and standard enforcement authorities, end users, equipment manufacturers, insurance industry, and special experts. ADT, Simplex Grinnell, and Tyco were represented on the committee. Five consulting firms were represented on the committee as special experts. A minority of committee members represented end users and the security industry. Although the security industry has softened its criticism of NFPA 730, they do not feel that the NFPA should set security standards or guidelines. The problem is no security industry trade group or association has put forth any overall security guideline for consideration.
Assessment of NFPA 730 Guideline
Seventeen of 46 pages of the guideline are dedicated to physical security. Chapter 5, which covers security vulnerability assessment, is very limited; it lists seven steps of a vulnerability assessment. Chapter 10, which covers security planning, is limited to an outline of what a plan should include. Chapters 11-22 (24 pages) describe 12 different facility types. Facility chapters describe protective measures in the same basic format.
NFPA 730 Guide for Premises Security does a good job covering physical security and policy from the 10,000-foot level. However, it does not address specific issues in detail such as vulnerability assessments and security planning. As NFPA 730 is updated and expanded, it will become the standard facilities and enforcement authorities can use to improve security operations. The insurance industry now has a guide to use when assessing existing or planned protective measures to mitigate loss at a facility.
Over time the security industry will accept NFPA 730 because it leaves security planning and vulnerability assessments to the security professional to address. Qualified security practitioners will continue to conduct security assessments and develop security plans based on their specific industry or company profile. It is only a matter of time until NFPA 730 becomes a standard either officially or by default, as the security industry adopts the guideline as accepted practices. Bottom line: NFPA 730 will be good for the security industry, facility owners, and the public in the long run.