CEN/TS 16595:2013

SLOVENSKI STANDARD
01-marec-2014
&%51NHPLþQDELRORãNDUDGLRORãNDLQMHGUVNDWYHJDQMD2FHQMHYDQMHUDQOMLYRVWL
LQ]DãþLWDRJURåHQLKOMXGL
CBRN - Vulnerability Assessment and Protection of People at Risk
ABC-Risiken - Verwundbarkeitsbewertung und Schutz gefährdeter Bevölkerungsteile
NRBC - Evaluation de la vulnérabilité et protection des populations à risque
Ta slovenski standard je istoveten z: CEN/TS 16595:2013
ICS:
13.200 3UHSUHþHYDQMHQHVUHþLQ Accident and disaster control
NDWDVWURI
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

TECHNICAL SPECIFICATION
CEN/TS 16595
SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
September 2013
ICS 13.200
English Version
CBRN - Vulnerability Assessment and Protection of People at
Risk
NRBC - Evaluation de la vulnérabilité et protection des ABC-Risiken - Verwundbarkeitsbewertung und Schutz
populations à risque gefährdeter Bevölkerungsteile
This Technical Specification (CEN/TS) was approved by CEN on 19 August 2013 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their
comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available
promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS)
until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2013 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 16595:2013: E
worldwide for CEN national Members.

Contents Page
Foreword .3
Introduction .4
1 Scope .5
2 Normative references .5
3 Terms and definitions .5
4 Abbreviated terms .5
5 Vulnerability assessment .6
5.1 Different approaches to vulnerability in social and natural science .6
5.2 Vulnerability assessment .7
6 Protection of the population at risk . 10
6.1 Vulnerability awareness . 10
6.2 Vulnerability management . 12
6.2.1 General approaches . 12
6.2.2 Use of surveys . 17
6.2.3 Use of templates . 19
Annex A (informative) Template for a general management system for CBRN vulnerability
assessment, awareness and management . 21
Annex B (informative) Historical timeline for the development of conceptual models in
vulnerability . 29
Bibliography . 33

Foreword
This document (CEN/TS 16595:2013) has been prepared by Technical Committee CEN/TC 391 “Societal and
Citizen Security”, the secretariat of which is held by NEN.
This Technical Specification (TS) on CBRN vulnerability assessment, awareness and management provides a
common frame of reference and recommends methodologies to assess the vulnerabilities of citizens, first
responders and other assets to an ‘all-hazard’, i.e. natural, incidental or intended, exposure to hazardous
substances.
These hazardous substances could be Chemical, Biological or Radiological (the latter forming the hazardous
part of Nuclear, together abbreviated to CBRN). CBRN agents can cause significant direct and indirect
damage to persons, livestock, vegetation and environment as well as disrupt the system of products and
services we need to sustain our daily livelihoods, i.e. our ‘Critical Infrastructure’.
This Technical Specification can be used as a starting point for further risk and vulnerability assessment and
for guidelines on the many issues surrounding a CBRN incident. It is intended for any organisation involved or
interested in CBRN, both in the private sector and for public authorities.
The elaboration of this European technical specification has been financially supported by the European
Commission and the CIPS programme (Grant agreement HOME /2009/CIPS/FP/CEN-003 VAPPAR).
Important notice:
Whereas the original request called for a ‘risk’-based approach, CEN/TC 391 ‘Societal and Citizen
Security’ recommended to change this to a ‘vulnerability’-based approach. Terms such as ‘risk’ and
‘vulnerability’- and their assessment, awareness and management – can be approached from both a
social sciences as well as a natural sciences approach. By combining the latest academic insights with
operational lessons, this document attempts to reconcile some of the differences between these
conflicting scientific approaches.
It cannot be emphasised enough that this Technical Specification:
 is intended to meet the complex and variable needs of a wide range of different end-users;
 is an initial document of which other versions can be developed in the future;
 offers a common frame of reference and a common context;
 can be viewed in the context of being a ‘standard’, a ‘scientific paper’ and an ‘open source’ document;
 puts a stronger emphasis on ‘recommendations’ then on ‘requirements'. These advantages include the
fact that recommendations facilitate customisation by the end-users themselves and allow for an
interactive, participatory format of tools such as models, tables and checklists;
 is not a European Standard. Technical Specifications such as the VAPPAR document can co-exist with
any national standard whereby specific (national) regulations take precedence over any Technical
Specification.
According to the CEN/CENELEC Internal Regulations, the national standards organisations of the following
countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus,
Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany,
Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland,
Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom.
Introduction
National regulations in most European countries focus on emergency responders (e.g. personal protective
equipment (PPE) and intervention procedures), and European and national regulations regulate contingency
planning of chemical, biological, nuclear and radiological plants and industries. The protection of the
population, animals, vegetation and environment from CBRN incidents is a field in need of a common
understanding of vulnerability assessment, awareness and management.
1 Scope
This Technical Specification is based on an all-hazards approach, with a specific focus on terrorism and other
security related risks. Looking at the combination of threats, vulnerabilities and values to be protected, threats
may be terrorist attacks with chemical, explosive and biological agents, or nuclear waste materials, or with
conventional means on CBRN plants, causing a similar devastating effect on a potentially large scale. Major
CBRN incidents may jeopardise critical infrastructure, while emergency services may have great difficulty
performing their response tasks.
The scope excludes the vulnerability assessment of some specific systems that comply, at the European and
Member State level, with existing sets of legal measures: network for drinking water distribution, food chain
supply and cosmetics and pharmaceutical products production and distribution chains.
The objective of this Technical Specification is to strengthen common understanding and a common frame of
reference for all organisations with an interest and involvement in CBRN. It does so by providing a number of
considerations and tools that can be used in the development of a semi-quantitative conceptual framework for
vulnerability assessment, awareness and management. The vulnerability assessment covers all members of
the population at risk including the requirements of children, the elderly and those with disabilities.
2 Normative references
Not applicable.
3 Terms and definitions
There are various documents that contain terms and definitions related to CBRN. Unfortunately, not all
documents are consistent with each other and it is therefore difficult to find a document which contains
a) all terms, and
b) meets with universal acceptance.
In the context of this document, the following documents are recommended for use by the end user of this
Technical Specification:
 ISO 31000, Risk Management – Principles and Guidelines
 ISO/Guide 73, Risk Management – Vocabulary
 ISO 22300, Societal Security – Terminology
 ISO 22301, Societal Security – Business Continuity Management Systems – Requirements
 ISO 22313, Societal security – business Continuity management systems – Guidance
 CWA 16106, PPE for Chemical, Biological, Radiological and Nuclear (CBRN) Hazards
 ISO 22320, Societal Security – Emergency management – Requirements for Incident Response
The use of the CBRN Glossary of the European Commission is mandatory in Europe
(see http://cbrn.jrc.ec.europa.eu.)
4 Abbreviated terms
B  Biological
C  Chemical
CB  Chemical, Biological
CBRN Chemical, Biological, Radiological, Nuclear
CBRNE Chemical, Biological, Radiological, Nuclear, Energy
CERT Community Emergency Response Team
ED  Emergency Department
MD  Medical Doctor
PPE Personal Protective Equipment
POC Point Of Contact
R  Radiological
RN  Registered Nurse
SWOT Strength, Weaknesses, Opportunities, Threats
VAPPAR Vulnerability Assessment and Protection of People at Risk

5 Vulnerability assessment
5.1 Different approaches to vulnerability in social and natural science
It is very difficult to find universally accepted definitions of ‘Vulnerability' [1].
Vulnerability assessment is only one component of loss estimation and risk assessment. Risk involves
forecasting of loss (and/or gain) and is composed of several components – hazard, vulnerability, exposure,
and coping capacity. Risk and its components are not specific to any feature or field, but are instead
ubiquitous notions applicable to any situation or experience. It is the conceptualisation of these components
(how they are considered, defined, divided, measured, and recombined) that differs.
Which components are considered to contribute to risk and how they are evaluated varies between
disciplines. Investigations in the social sciences consider a more general view of risk for societies at large and
for individuals, while investigations in the natural sciences and engineering give detailed consideration to
structural damage to the built environment and to life-loss.
In natural science, emphasis is placed on characterisation of hazard and exposure, which is quantitatively
strong. Vulnerability is considered a static factor that modifies the amount of loss caused by threats. Coping
capacity receives little, if any, attention.
In social science, emphasis is placed on vulnerability and coping capacity, which are considered as dynamic
and complex properties of a (social) system. Due to the complexity, qualitative methods are favoured. Hazard
is viewed as a static state of the physical/cultural environment and receives minimal attention.
The complementary strengths of natural science and social science perspectives can improve the
understanding and analysis of vulnerability. This requires an adaptation of the comprehensive views on
vulnerability in the social sciences to the more quantitative approaches that
...