EN ISO 22301:2019
(Main)Security and resilience - Business continuity management systems - Requirements (ISO 22301:2019)
Security and resilience - Business continuity management systems - Requirements (ISO 22301:2019)
This document specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise.
The requirements specified in this document are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity.
This document is applicable to all types and sizes of organizations that:
a) implement, maintain and improve a BCMS;
b) seek to ensure conformity with stated business continuity policy;
c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption;
d) seek to enhance their resilience through the effective application of the BCMS.
This document can be used to assess an organization's ability to meet its own business continuity needs and obligations.
Sicherheit und Resilienz - Business Continuity Management System - Anforderungen (ISO 22301:2019)
Dieses Dokument legt Anforderungen fest, um ein Managementsystem zu verwirklichen, aufrechtzuerhalten und zu verbessern, um sich gegen Störungen zu schützen, die Wahrscheinlichkeit ihres Auftretens zu vermindern, sich auf diese vorzubereiten, auf diese zu reagieren und sich von diesen zu erholen, wann immer sie auftreten.
Die in diesem Dokument aufgeführten Anforderungen sind allgemeiner Art und dafür vorgesehen, für sämtliche Organisationen oder Teile dieser, unabhängig von ihrer Art, Größe oder Beschaffenheit zu gelten. Der Umfang der Anwendung dieser Anforderungen ist von der betrieblichen Umgebung und der Komplexität der jeweiligen Organisation abhängig.
Dieses Dokument gilt für sämtliche Arten und Größen von Organisationen, die:
a) ein BCMS verwirklichen, aufrechterhalten und verbessern wollen;
b) eine Übereinstimmung mit der erklärten Politik zur Aufrechterhaltung der Betriebsfähigkeit sicherstellen wollen;
c) die Fähigkeit benötigen, die Belieferung mit Produkten und Dienstleistungen mit einer akzeptablen, zuvor festgelegten Kapazität während einer Störung fortzusetzen;
d) anstreben, ihre Resilienz durch die effektive Anwendung des BCMS zu verbessern.
Dieses Dokument kann dazu genutzt werden, die Befähigung einer Organisation zur Erfüllung ihrer eigenen Erfordernissen und Verpflichtungen in Bezug auf die Aufrechterhaltung der Betriebsfähigkeit zu bewerten.
Sécurité et résilience - Systèmes de management de la continuité d'activité - Exigences (ISO 22301:2019)
Le présent document spécifie les exigences pour mettre en œuvre, maintenir et améliorer un système de management afin de se protéger contre les perturbations, réduire la vraisemblance de leur survenance, s'y préparer, y répondre et se rétablir lorsqu'elles se produisent.
Les exigences spécifiées dans le présent document sont génériques et prévues pour être applicables à tous les organismes, ou à des parties de ceux-ci, indépendamment du type, de la taille et de la nature de l'organisme. Le champ d'application de ces exigences dépend de l'environnement et de la complexité de fonctionnement de l'organisme.
Le présent document est applicable à tous les types et toutes les tailles d'organismes qui:
a) mettent en œuvre, maintiennent et améliorent un SMCA;
b) cherchent à assurer la conformité à la politique de continuité d'activité déclarée;
c) ont besoin d'être aptes à poursuivre la livraison de produits et la fourniture de services à un niveau de capacité acceptable et préalablement défini durant une perturbation;
d) cherchent à améliorer leur résilience à travers l'application efficace du SMCA.
Le présent document peut être utilisé pour apprécier l'aptitude d'un organisme à satisfaire ses propres besoins et obligations en matière de continuité d'activité.
Varnost in vzdržljivost - Sistem vodenja neprekinjenosti poslovanja - Zahteve (ISO 22301:2019)
Ta dokument določa zahteve za izvajanje, vzdrževanje in izboljševanje sistema vodenja za zaščito pred prekinitvami poslovanja, zmanjševanjem možnosti njihovega pojava, pripravo nanje, odziv nanje in obnovitev poslovanja, kadar pride do prekinitev. Zahteve, določene v tem dokumentu, so splošne in so namenjene uporabi v vseh organizacijah ali njihovih delih, in sicer ne glede na vrsto, velikost in naravo organizacije. Obseg uporabe teh zahtev je odvisen od delovnega okolja in kompleksnosti organizacije. Ta dokument se uporablja za vse vrste in velikosti organizacij, ki: a) izvajajo, vzdržujejo in izboljšujejo sistem vodenja neprekinjenosti poslovanja; b) stremijo k zagotavljanju skladnosti z veljavnim pravilnikom o neprekinjenosti poslovanja; c) morajo biti zmožne nadaljevati dobavo izdelkov in storitev na sprejemljivi predhodno določeni ravni zmogljivosti med prekinitvijo; d) iščejo priložnosti za povečanje svoje odpornosti na podlagi učinkovite uporabe sistema vodenja neprekinjenosti poslovanja. Ta dokument se lahko uporablja za oceno sposobnosti organizacije za izpolnjevanje svojih potreb in obveznosti glede neprekinjenosti poslovanja.
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
01-januar-2020
Nadomešča:
SIST EN ISO 22301:2014
Varnost in vzdržljivost - Sistem vodenja neprekinjenosti poslovanja - Zahteve (ISO
22301:2019)
Security and resilience - Business continuity management systems - Requirements (ISO
22301:2019)
Sicherheit und Schutz des Gemeinwesens - Business Continuity Management System -
Anforderungen (ISO 22301:2019)
écurité et résilience - Systèmes de management de la continuité d'activité - Exigences
(ISO 22301:2019)
Ta slovenski standard je istoveten z: EN ISO 22301:2019
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
03.100.70 Sistemi vodenja Management systems
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EN ISO 22301
EUROPEAN STANDARD
NORME EUROPÉENNE
November 2019
EUROPÄISCHE NORM
ICS 03.100.01; 03.100.70 Supersedes EN ISO 22301:2014
English Version
Security and resilience - Business continuity management
systems - Requirements (ISO 22301:2019)
Sécurité et résilience - Systèmes de management de la Sicherheit und Resilienz - Business Continuity
continuité d'activité - Exigences (ISO 22301:2019) Management System - Anforderungen (ISO
22301:2019)
This European Standard was approved by CEN on 14 October 2019.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2019 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 22301:2019 E
worldwide for CEN national Members.
Contents Page
European foreword . 3
European foreword
This document (EN ISO 22301:2019) has been prepared by Technical Committee ISO/TC 292 "Security
and resilience" in collaboration with Technical Committee CEN/TC 391 “Societal and Citizen Security”
the secretariat of which is held by AFNOR.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by May 2020, and conflicting national standards shall be
withdrawn at the latest by May 2020.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN ISO 22301:2014.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the
United Kingdom.
Endorsement notice
The text of ISO 22301:2019 has been approved by CEN as EN ISO 22301:2019 without any modification.
INTERNATIONAL ISO
STANDARD 22301
Second edition
2019-10
Security and resilience — Business
continuity management systems —
Requirements
Sécurité et résilience — Systèmes de management de la continuité
d'activité — Exigences
Reference number
ISO 22301:2019(E)
©
ISO 2019
ISO 22301:2019(E)
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved
ISO 22301:2019(E)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 7
4.1 Understanding the organization and its context . 7
4.2 Understanding the needs and expectations of interested parties . 7
4.2.1 General. 7
4.2.2 Legal and regulatory requirements . 7
4.3 Determining the scope of the business continuity management system . 7
4.3.1 General. 7
4.3.2 Scope of the business continuity management system . 8
4.4 Business continuity management system . 8
5 Leadership . 8
5.1 Leadership and commitment . 8
5.2 Policy . 8
5.2.1 Establishing the business continuity policy . 8
5.2.2 Communicating the business continuity policy . 9
5.3 Roles, responsibilities and authorities . 9
6 Planning . 9
6.1 Actions to address risks and opportunities . 9
6.1.1 Determining risks and opportunities . 9
6.1.2 Addressing risks and opportunities . 9
6.2 Business continuity objectives and planning to achieve them . 9
6.2.1 Establishing business continuity objectives . 9
6.2.2 Determining business continuity objectives.10
6.3 Planning changes to the business continuity management system .10
7 Support .10
7.1 Resources .10
7.2 Competence .10
7.3 Awareness .11
7.4 Communication .11
7.5 Documented information .11
7.5.1 General.11
7.5.2 Creating and updating .11
7.5.3 Control of documented information .12
8 Operation .12
8.1 Operational planning and control .12
8.2 Business impact analysis and risk assessment .12
8.2.1 General.12
8.2.2 Business impact analysis .13
8.2.3 Risk assessment . .13
8.3 Business continuity strategies and solutions .13
8.3.1 General.13
8.3.2 Identification of strategies and solutions .13
8.3.3 Selection of strategies and solutions .14
8.3.4 Resource requirements .14
8.3.5 Implementation of solutions .14
8.4 Business continuity plans and procedures .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.