The first standard for responding to an active shooter, NFPA 3000 includes requirements for high-risk facilities.
Mass shootings have become tragically common. In 2016, following the shootings that killed 49 people at the Pulse Night Club in Orlando, Fla., the chief of the Orange County, Fla., Fire and Rescue Department asked the National Fire Protection Association (NFPA) to develop a standard to help communities prepare for and respond to active shooter and other hostile incidents. In 2017, NFPA formed a technical committee on Cross Functional Emergency Preparedness and Response, consisting of members from the emergency response community, as well as higher education and facility management.
Less than two years later, in April 2018, NFPA issued the Standard for an Active Shooter/Hostile Event Response (ASHER) Program as NFPA 3000. This is a provisional standard that is subject to further update and is valid for a two-year period. It is only the second provisional standard issued in NFPA history. Having this standard as provisional allows NFPA to introduce this “voluntary consensus standard” to the community while conducting ongoing research and improvements. Although this standard introduces new and non-intuitive terminology (like ASHER), it promises to save lives in communities that implement it.
The standard includes requirements for high-risk facilities. For facility managers, the efforts required to adhere to the standard should be minimal if the facility has a comprehensive and up-to-date all-hazards risk assessment, emergency response plan, or business continuity plan.
NFPA 3000 is the first standard that has formed a consensus on the components of a multidisciplinary program for responding to an active shooter or other hostile event. Those components are preparedness, response, and recovery.
Impact on FMs
Although the standard primarily affects the first responder community, there are important implications and compliance requirements for facility managers responsible for high-risk facilities. High risk or “at risk” facilities are identified by community members who are responsible for implementing the ASHER program.
The most important sections of NFPA 3000 for facility managers are chapter 5 (on risk assessment) and chapter 9 (on facility preparedness). Chapter 19 describes requirements for hospital preparedness and response for out-of-hospital incidents involving active shooters or other hostile events and is therefore of importance to hospital facility managers.
The chapter on risk assessment covers community risk assessment as well as facility risk assessment. Each facility considered “at-risk” as determined by the community risk assessment must complete the facility risk assessment and submit it to the administering authority. That authority most likely will be led by first responders who will be looking for participation from affected community partners. Although the standard doesn’t spell it out, presumably the personnel administering the community assessment would reach out to facilities considered “at risk” and discuss the requirements of the facility risk assessment. Factors used to identify “at risk” facilities may include occupancy, ease of access, public profile, known target, potential significant public impact, and other factors.
Facility risk assessments are based on a wide range of information. Some of the data needed provides a snapshot of the building itself:
• Name of building owner representative
• Name or other identification of area/facility
• Number of occupants/attendees at maximum capacity
• Facility/area use
• Age groups of occupants or attendees
• Building construction type
• Availability of building map or site plan
• Area accessibility
• Ingress and egress point identification.
The assessment also looks at preparedness, safety, and security measures in place. These include occupant/attendee preparedness measures established for the area/facility; security capabilities (cameras, staffing); access control measures in place; alarm systems in place; and the existence of fire protection systems.
Finally the assessment requires information that goes beyond the facility itself. One example of that additional information is known threats against the building or law enforcement intelligence that suggests the building is a likely target for an attack. The assessment also notes distance to and capabilities of medical facilities; nearby structures; seasonal weather conditions; and emergency responder accessibility. The assessment may also need other relevant information as deemed pertinent.
Most facilities that would fall into the “at risk” category should have this information readily available in their all-hazards risk assessment, emergency response plans, or business continuity plans.