U.S Code last checked for updates: Sep 29, 2023
§ 321m.
Voluntary private sector preparedness accreditation and certification program
(a)
Establishment
(1)
In general

The Secretary, acting through the officer designated under paragraph (2), shall establish and implement the voluntary private sector preparedness accreditation and certification program in accordance with this section.

(2)
Designation of officer
The Secretary shall designate an officer responsible for the accreditation and certification program under this section. Such officer (hereinafter referred to in this section as the “designated officer”) shall be one of the following:
(A)
The Administrator, based on consideration of—
(i)
the expertise of the Administrator in emergency management and preparedness in the United States; and
(ii)
the responsibilities of the Administrator as the principal advisor to the President for all matters relating to emergency management in the United States.
(B)
The Assistant Secretary for Infrastructure Protection,1
1
 See Change of Name note below.
based on consideration of the expertise of the Assistant Secretary in, and responsibilities for—
(i)
protection of critical infrastructure;
(ii)
risk assessment methodologies; and
(iii)
interacting with the private sector on the issues described in clauses (i) and (ii).
(C)
The Under Secretary for Science and Technology, based on consideration of the expertise of the Under Secretary in, and responsibilities associated with, standards.
(3)
Coordination
In carrying out the accreditation and certification program under this section, the designated officer shall coordinate with—
(A)
the other officers of the Department referred to in paragraph (2), using the expertise and responsibilities of such officers; and
(B)
the Special Assistant to the Secretary for the Private Sector, based on consideration of the expertise of the Special Assistant in, and responsibilities for, interacting with the private sector.
(b)
Voluntary private sector preparedness standards; voluntary accreditation and certification program for the private sector
(1)
Accreditation and certification program
Not later than 210 days after August 3, 2007, the designated officer shall—
(A)
begin supporting the development and updating, as necessary, of voluntary preparedness standards through appropriate organizations that coordinate or facilitate the development and use of voluntary consensus standards and voluntary consensus standards development organizations; and
(B)
in consultation with representatives of appropriate organizations that coordinate or facilitate the development and use of voluntary consensus standards, appropriate voluntary consensus standards development organizations, each private sector advisory council created under section 112(f)(4) of this title, appropriate representatives of State and local governments, including emergency management officials, and appropriate private sector advisory groups, such as sector coordinating councils and information sharing and analysis centers—
(i)
develop and promote a program to certify the preparedness of private sector entities that voluntarily choose to seek certification under the program; and
(ii)
implement the program under this subsection through any entity with which the designated officer enters into an agreement under paragraph (3)(A), which shall accredit third parties to carry out the certification process under this section.
(2)
Program elements
(A)
In general
(i)
Program

The program developed and implemented under this subsection shall assess whether a private sector entity complies with voluntary preparedness standards.

(ii)
Guidelines

In developing the program under this subsection, the designated officer shall develop guidelines for the accreditation and certification processes established under this subsection.

(B)
Standards
The designated officer, in consultation with representatives of appropriate organizations that coordinate or facilitate the development and use of voluntary consensus standards, representatives of appropriate voluntary consensus standards development organizations, each private sector advisory council created under section 112(f)(4) of this title, appropriate representatives of State and local governments, including emergency management officials, and appropriate private sector advisory groups such as sector coordinating councils and information sharing and analysis centers—
(i)
shall adopt one or more appropriate voluntary preparedness standards that promote preparedness, which may be tailored to address the unique nature of various sectors within the private sector, as necessary and appropriate, that shall be used in the accreditation and certification program under this subsection; and
(ii)
after the adoption of one or more standards under clause (i), may adopt additional voluntary preparedness standards or modify or discontinue the use of voluntary preparedness standards for the accreditation and certification program, as necessary and appropriate to promote preparedness.
(C)
Submission of recommendations

In adopting one or more standards under subparagraph (B), the designated officer may receive recommendations from any entity described in that subparagraph relating to appropriate voluntary preparedness standards, including appropriate sector specific standards, for adoption in the program.

(D)
Small business concerns

The designated officer and any entity with which the designated officer enters into an agreement under paragraph (3)(A) shall establish separate classifications and methods of certification for small business concerns (under the meaning given that term in section 632 of title 15) for the program under this subsection.

(E)
Considerations
In developing and implementing the program under this subsection, the designated officer shall—
(i)
consider the unique nature of various sectors within the private sector, including preparedness standards, business continuity standards, or best practices, established—
(I)
under any other provision of Federal law; or
(II)
by any Sector Risk Management Agency, as defined under Homeland Security Presidential Directive–7; and
(ii)
coordinate the program, as appropriate, with—
(I)
other Department private sector related programs; and
(II)
preparedness and business continuity programs in other Federal agencies.
(3)
Accreditation and certification processes
(A)
Agreement
(i)
In general

Not later than 210 days after August 3, 2007

(ii)
Contents

A selected entity shall manage the accreditation process and oversee the certification process in accordance with the program established under this subsection and accredit qualified third parties to carry out the certification program established under this subsection.

(B)
Procedures and requirements for accreditation and certification
(i)
In general

Any selected entity shall collaborate to develop procedures and requirements for the accreditation and certification processes under this subsection, in accordance with the program established under this subsection and guidelines developed under paragraph (2)(A)(ii).

(ii)
Contents and use
The procedures and requirements developed under clause (i) shall—
(I)
ensure reasonable uniformity in any accreditation and certification processes if there is more than one selected entity; and
(II)
be used by any selected entity in conducting accreditations and overseeing the certification process under this subsection.
(iii)
Disagreement

Any disagreement among selected entities in developing procedures under clause (i) shall be resolved by the designated officer.

(C)
Designation

A selected entity may accredit any qualified third party to carry out the certification process under this subsection.

(D)
Disadvantaged business involvement

In accrediting qualified third parties to carry out the certification process under this subsection, a selected entity shall ensure, to the extent practicable, that the third parties include qualified small, minority, women-owned, or disadvantaged business concerns when appropriate. The term “disadvantaged business concern” means a small business that is owned and controlled by socially and economically disadvantaged individuals, as defined in section 124 of title 13, United States Code of Federal Regulations.

(E)
Treatment of other certifications

At the request of any entity seeking certification, any selected entity may consider, as appropriate, other relevant certifications acquired by the entity seeking certification. If the selected entity determines that such other certifications are sufficient to meet the certification requirement or aspects of the certification requirement under this section, the selected entity may give credit to the entity seeking certification, as appropriate, to avoid unnecessarily duplicative certification requirements.

(F)
Third parties
To be accredited under subparagraph (C), a third party shall—
(i)
demonstrate that the third party has the ability to certify private sector entities in accordance with the procedures and requirements developed under subparagraph (B);
(ii)
agree to perform certifications in accordance with such procedures and requirements;
(iii)
agree not to have any beneficial interest in or any direct or indirect control over—
(I)
a private sector entity for which that third party conducts a certification under this subsection; or
(II)
any organization that provides preparedness consulting services to private sector entities;
(iv)
agree not to have any other conflict of interest with respect to any private sector entity for which that third party conducts a certification under this subsection;
(v)
maintain liability insurance coverage at policy limits in accordance with the requirements developed under subparagraph (B); and
(vi)
enter into an agreement with the selected entity accrediting that third party to protect any proprietary information of a private sector entity obtained under this subsection.
(G)
Monitoring
(i)
In general

The designated officer and any selected entity shall regularly monitor and inspect the operations of any third party conducting certifications under this subsection to ensure that the third party is complying with the procedures and requirements established under subparagraph (B) and all other applicable requirements.

(ii)
Revocation
If the designated officer or any selected entity determines that a third party is not meeting the procedures or requirements established under subparagraph (B), the selected entity shall—
(I)
revoke the accreditation of that third party to conduct certifications under this subsection; and
(II)
review any certification conducted by that third party, as necessary and appropriate.
(4)
Annual review
(A)
In general

The designated officer, in consultation with representatives of appropriate organizations that coordinate or facilitate the development and use of voluntary consensus standards, appropriate voluntary consensus standards development organizations, appropriate representatives of State and local governments, including emergency management officials, and each private sector advisory council created under section 112(f)(4) of this title, shall annually review the voluntary accreditation and certification program established under this subsection to ensure the effectiveness of such program (including the operations and management of such program by any selected entity and the selected entity’s inclusion of qualified disadvantaged business concerns under paragraph (3)(D)) and make improvements and adjustments to the program as necessary and appropriate.

(B)
Review of standards

Each review under subparagraph (A) shall include an assessment of the voluntary preparedness standard or standards used in the program under this subsection.

(5)
Voluntary participation

Certification under this subsection shall be voluntary for any private sector entity.

(6)
Public listing

The designated officer shall maintain and make public a listing of any private sector entity certified as being in compliance with the program established under this subsection, if that private sector entity consents to such listing.

(c)
Rule of construction
Nothing in this section may be construed as—
(1)
a requirement to replace any preparedness, emergency response, or business continuity standards, requirements, or best practices established—
(A)
under any other provision of federal law; or
(B)
by any Sector Risk Management Agency, as those agencies are defined under Homeland Security Presidential Directive–7; or
(2)
exempting any private sector entity seeking certification or meeting certification requirements under subsection (b) from compliance with all applicable statutes, regulations, directives, policies, and industry codes of practice.
(Pub. L. 107–296, title V, § 524, as added Pub. L. 110–53, title IX, § 901(a), Aug. 3, 2007, 121 Stat. 365; amended Pub. L. 116–283, div. H, title XC, § 9002(c)(2)(B), Jan. 1, 2021, 134 Stat. 4772.)
cite as: 6 USC 321m