EN ISO 22301:2014
(Main)Societal security - Business continuity management systems - Requirements (ISO 22301:2012)
Societal security - Business continuity management systems - Requirements (ISO 22301:2012)
ISO 22301:2012 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.
The requirements specified in ISO 22301:2012 are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity.
Sicherheit und Schutz des Gemeinwesens - Business Continuity Management System - Anforderungen (ISO 22301:2012)
Diese Internationale Norm zur Aufrechterhaltung der Betriebsfähigkeit legt Anforderungen fest, um ein dokumentiertes Managementsystem zu planen, einzuführen, umzusetzen, zu betreiben, zu überwachen, zu überprüfen, aufrechtzuerhalten und ständig zu verbessern, um sich gegen Vorfälle mit Betriebsunterbrechung zu schützen, die Wahr¬scheinlichkeit ihres Auftretens zu vermindern, sich auf diese vorzubereiten, auf diese zu reagieren und sich von diesen zu erholen, wenn sie auftreten.
Die Anforderungen dieser Internationalen Norm sind generischer Art und dafür vorgesehen, für sämtliche Organisationen oder Teile dieser, unabhängig von ihrer Art, Größe oder Beschaffenheit zu gelten. Der Umfang der Anwendung dieser Anforderungen ist von der betrieblichen Umgebung und der Komplexität der jeweiligen Organisation abhängig.
Diese Internationale Norm beabsichtigt keine Einheitlichkeit im Aufbau eines Managementsystems zur Aufrecht¬erhaltung der Betriebsfähigkeit (BCMS), setzt jedoch bei einer Organisation voraus, dass diese ein BCMS gestaltet, das ihren Bedürfnissen gerecht wird und die Anforderungen ihrer Interessensgruppen erfüllt. Diese Bedürfnisse werden durch rechtliche, behördliche, organisationstechnische und industrielle Anfor-derungen geprägt sowie durch Produkte und Dienstleistungen, eingesetzte Prozesse, Größe und Aufbau der Organisation und die Anforderungen ihrer Interessensgruppen.
Diese Internationale Norm gilt für sämtliche Arten und Größen von Organisationen, die Folgendes wollen:
a) Einführen, Implementieren, Aufrechterhalten und Verbessern eines BMCS;
b) Sicherstellen der Konformität mit den erklärten Leitlinien zur Aufrecht¬erhaltung der Betriebs¬fähigkeit;
c) Darstellen der Konformität gegenüber anderen;
d) Zertifizierung/Registrierung ihres BMCS durch eine amtlich zugelassene Zertifizierungsstelle einer Drittpartei; oder
e) Erstellung einer eigenen Konformitätsfeststellung oder einer eigenen Konformitätserklärung mithilfe dieser Internationalen Norm.
Dieses Dokument kann dazu genutzt werden, die Befähigung einer Organisation zur Erfüllung ihrer eigenen Kontinuitätsbedürfnisse und -verpflichtungen zu bewerten.
Sécurité sociétale - Systèmes de management de la continuité d'activité - Exigences (ISO 22301:2012)
L'ISO 22301:2012 spécifie les exigences pour planifier, établir, mettre en place et en ?uvre, contrôler, réviser, maintenir et améliorer de manière continue un système de management documenté afin de se protéger des incidents perturbateurs, réduire leur probabilité de survenance, s'y préparer, y répondre et de s'en rétablir lorsqu'ils surviennent.
Les exigences spécifiées dans l'ISO 22301:2012 sont génériques et prévues pour être applicables à toutes les organisations, ou parties de celles-ci, indépendamment du type, de la taille et de la nature de l'organisation. Le champ d'application de ces exigences dépend de l'environnement et de la complexité de fonctionnement de l'organisation.
Družbena varnost - Sistem vodenja neprekinjenosti poslovanja - Zahteve (ISO 22301:2012)
Standard EN ISO 22301 za vodenje neprekinjenosti poslovanja določa zahteve za načrtovanje, ustanavljanje, izvajanje, upravljanje, nadzorovanje, pregledovanje, vzdrževanje in nenehno izboljševanje dokumentiranega sistema vodenja za zaščito pred prekinitvami poslovanja, zmanjševanjem možnosti njihovega pojava, pripravo nanje, odziv nanje in obnovitev poslovanja, kadar pride do prekinitev. Zahteve, določene v tem mednarodnem standardu, so generične in so namenjene uporabi v vseh organizacijah ali njihovih delih, in sicer ne glede na vrsto, velikost in naravo organizacije. Obseg uporabe teh zahtev je odvisen od delovnega okolja in kompleksnosti organizacije. Namen tega mednarodnega standarda ni, da bi zahteval enotno strukturo sistema vodenja neprekinjenosti poslovanja (BCMS), ampak omogočiti, da organizacija oblikuje svoj sistem vodenja neprekinjenosti poslovanja, ki ustreza njenim potrebam in izpolnjuje zahteve njenih zainteresiranih strani. Te potrebe oblikujejo pravne, regulativne, organizacijske in industrijske zahteve, proizvodi ter storitve, uporabljeni procesi, velikost in struktura organizacije ter zahteve njenih zainteresiranih strani. Ta mednarodni standard se uporablja za vse vrste in velikosti organizacij, ki želijo a) vzpostaviti, izvajati, vzdrževati in izboljšati sistem vodenja neprekinjenosti poslovanja, b) zagotoviti skladnost z veljavnim pravilnikom o neprekinjenosti poslovanja, c) dokazati skladnost z drugimi; d) pridobiti potrdilo/registracijo za sistem vodenja neprekinjenosti poslovanja pri akreditiranem certifikacijskem organu tretje strani ter e) sprejeti lastno odločitev in izdati lastno izjavo o skladnosti s tem mednarodnim standardom. Ta mednarodni standard je mogoče uporabljati za oceno sposobnosti organizacije za izpolnjevanje svojih potreb in obveznosti glede neprekinjenosti poslovanja.
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
01-oktober-2014
Družbena varnost - Sistem vodenja neprekinjenosti poslovanja - Zahteve (ISO
22301:2012)
Societal security - Business continuity management systems - Requirements (ISO
22301:2012)
Sicherheit und Schutz des Gemeinwesens - Aufrechterhaltung der Betriebsfähigkeit -
Anforderungen (ISO 22301:2012)
Sécurité sociétale - Systèmes de management de la continuité d'activité - Exigences
(ISO 22301:2012)
Ta slovenski standard je istoveten z: EN ISO 22301:2014
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EUROPEAN STANDARD
EN ISO 22301
NORME EUROPÉENNE
EUROPÄISCHE NORM
July 2014
ICS 03.100.01
English Version
Societal security - Business continuity management systems -
Requirements (ISO 22301:2012)
Sécurité sociétale - Systèmes de management de la Sicherheit und Schutz des Gemeinwesens -
continuité d'activité - Exigences (ISO 22301:2012) Aufrechterhaltung der Betriebsfähigkeit - Anforderungen
(ISO 22301:2012)
This European Standard was approved by CEN on 17 July 2014.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European
Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national
standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same
status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2014 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 22301:2014 E
worldwide for CEN national Members.
Contents Page
Foreword .3
Foreword
The text of ISO 22301:2012 has been prepared by Technical Committee ISO/TC 223 “Societal security” of the
International Organization for Standardization (ISO) and has been taken over as EN ISO 22301:2014 by
Technical Committee CEN/TC 391 “Societal and Citizen Security” the secretariat of which is held by NEN.
This European Standard shall be given the status of a national standard, either by publication of an identical
text or by endorsement, at the latest by January 2015, and conflicting national standards shall be withdrawn at
the latest by January 2015.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following
countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech
Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece,
Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal,
Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom.
Endorsement notice
The text of ISO 22301:2012 has been approved by CEN as EN ISO 22301:2014 without any modification.
INTERNATIONAL ISO
STANDARD 22301
First edition
2012-05-15
Corrected version
2012-06-15
Societal security — Business continuity
management systems — Requirements
Sécurité sociétale — Gestion de la continuité des affaires — Exigences
Reference number
ISO 22301:2012(E)
©
ISO 2012
ISO 22301:2012(E)
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISO’s
member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2012 – All rights reserved
ISO 22301:2012(E)
Contents Page
Foreword .iv
0 Introduction . v
0.1 General . v
0.2 The Plan-Do-Check-Act (PDCA) model. v
0.3 Components of PDCA in this International Standard . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 8
4.1 Understanding of the organization and its context. 8
4.2 Understanding the needs and expectations of interested parties . 9
4.3 Determining the scope of the business continuity management system . 9
4.4 Business continuity management system .10
5 Leadership .10
5.1 Leadership and commitment .10
5.2 Management commitment .10
5.3 Policy . 11
5.4 Organizational roles, responsibilities and authorities . 11
6 Planning .12
6.1 Actions to address risks and opportunities .12
6.2 Business continuity objectives and plans to achieve them .12
7 Support .12
7.1 Resources .12
7.2 Competence .13
7.3 Awareness .13
7.4 Communication .13
7.5 Documented information .14
8 Operation .15
8.1 Operational planning and control .15
8.2 Business impact analysis and risk assessment .15
8.3 Business continuity strategy .16
8.4 Establish and implement business continuity procedures .17
8.5 Exercising and testing .19
9 Performance evaluation .19
9.1 Monitoring, measurement, analysis and evaluation .19
9.2 Internal audit .20
9.3 Management review .21
10 Improvement .22
10.1 Nonconformity and corrective action .22
10.2 Continual improvement .23
Bibliography .24
ISO 22301:2012(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International
Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 22301 was prepared by Technical Committee ISO/TC 223, Societal security.
This corrected version of ISO 22301:2012 incorporates the following corrections:
— first list in 6.1 changed from a numbered to an unnumbered list;
— commas added at the end of list items in 7.5.3 and 8.3.2;
— bibliography items [19] and [20] separated, which were merged in the original;
— font size adjusted in several places.
iv © ISO 2012 – All rights reserved
ISO 22301:2012(E)
0 Introduction
0.1 General
This International Standard specifies requirements for setting up and managing an effective Business Continuity
Management System (BCMS).
A BCMS emphasizes the importance of
— understanding the organization’s needs and the necessity for establishing business continuity management
policy and objectives,
— implementing and operating controls and measures for managing an organization’s overall capability to
manage disruptive incidents,
— monitoring and reviewing the performance and effectiveness of the BCMS, and
— continual improvement based on objective measurement.
A BCMS, like any other management system, has the following key components:
a) a policy;
b)
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.