EN ISO 22313:2014
(Main)Societal security - Business continuity management systems - Guidance (ISO 22313:2012)
Societal security - Business continuity management systems - Guidance (ISO 22313:2012)
ISO 22313:2012 for business continuity management systems provides guidance based on good international practice for planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving a documented management system that enables organizations to prepare for, respond to and recover from disruptive incidents when they arise.
It is not the intent of ISO 22313:2012 to imply uniformity in the structure of a BCMS but for an organization to design a BCMS that is appropriate to its needs and that meets the requirements of its interested parties. These needs are shaped by legal, regulatory, organizational and industry requirements, the products and services, the processes employed, the environment in which it operates, the size and structure of the organization and the requirements of its interested parties.
ISO 22313 is generic and applicable to all sizes and types of organizations, including large, medium and small organizations operating in industrial, commercial, public and not-for-profit sectors that wish to:
establish, implement, maintain and improve a BCMS;
ensure conformance with the organization's business continuity policy; or
make a self-determination and self-declaration of compliance with this International Standard.
Sicherheit und Schutz des Gemeinwesens - Business Continuity Management Systems - Leitlinie (ISO 22313:2012)
Diese Internationale Norm für Business Continuity Management Systeme enthält Leitlinien, die auf international anerkannten Praktiken zur Planung, Einführung, Umsetzung, Betrieb, Überwachung, Überprüfung, Aufrechterhaltung und ständigen Verbesserung eines dokumentierten Managementsystems beruhen, die Organisationen ermöglichen, sich auf Zwischenfälle mit Betriebsunterbrechung vorzubereiten, auf sie zu reagieren und sich nach ihrem Eintreten von ihnen zu erholen.
Diese Internationale Norm beabsichtigt keine Einheitlichkeit im Aufbau eines BCMS, setzt jedoch bei einer Organisation voraus, dass diese ein BCMS gestaltet, das, ihren Bedürfnissen entspricht und die Anforde-rungen ihrer Interessengruppen erfüllt. Diese Bedürfnisse werden durch rechtliche, behördliche, organisatorische und branchenspezifische Anforderungen, durch die Produkte und Dienstleistungen, die eingesetzten Prozesse, die Betriebsumgebung, die Größe und Struktur der Organisation und die Anforderungen der Interessengruppen geprägt.
Diese Internationale Norm ist generisch und gilt für alle Organisationsgrößen und -typen, einschließlich großer, mittlerer und kleiner Unternehmen, die im industriellen, kommerziellen, öffentlichen und gemeinnützigen Bereich tätig sind und
a) ein BCMS einführen, umsetzen, aufrechterhalten und verbessern möchten,
b) die Übereinstimmung mit den Leitlinien einer Organisation im Hinblick auf die Aufrechterhaltung der Betriebsfähigkeit sicherstellen möchten oder
c) eine Eigenfeststellung oder eine Selbsterklärung der Übereinstimmung mit dieser Inter¬nationalen Norm erstellen möchten.
Diese Internationale Norm kann nicht dazu angewendet werden, die Befähigung einer Organisation zur Erfüllung der eigenen Kontinuitätsbedürfnisse oder der Erfüllung von Kunden-, gesetz¬lichen oder behördlichen Bedürfnissen zu bewerten. Organisationen, die dies wünschen, können die Anforderungen von ISO 22301 anwenden, um anderen die Übereinstimmung nachzuweisen oder um die Zertifizierung ihres BCMS durch eine akkreditierte dritte Seite Zertifizierungsstelle zu ersuchen.
Sécurité sociétale - Systèmes de management de la continuité d'activité - Lignes directrices (ISO 22313:2012)
L'ISO 22313:2012 relative aux systèmes de management de la continuité d'activité fournit des lignes directrices basées sur une bonne pratique internationale pour la planification, l'établissement, la mise en ?uvre, l'exploitation, la surveillance, le réexamen, la mise à jour et l'amélioration constante d'un système de management documenté permettant aux organisations de se préparer aux incidents perturbateurs, d'y répondre et de reprendre leurs activités lorsqu'ils surviennent.
L'ISO 22313:2012 ne prétend pas uniformiser la structure d'un SMCA, mais permettre à une organisation de définir un SMCA qui convienne à ses besoins et qui réponde aux exigences des parties concernées. Ces besoins sont conditionnés par les exigences légales, réglementaires, organisationnelles et industrielles, par les produits et les services, les processus employés, l'environnement dans lequel l'organisation fonctionne, la taille et la structure de cette dernière et les exigences des parties concernées.
L'ISO 22313:2012 est générique et s'applique à toute taille et tout type d'organisations, qu'elles soient grandes, moyennes ou petites et qu'elles interviennent dans les secteurs industriels, commerciaux, publics et à but non lucratif, dans la mesure où elles souhaitent:
a) établir, mettre en ?uvre, maintenir et améliorer un SMCA;
b) assurer la conformité avec la politique de continuité d'activité de l'organisation;
c) procéder à une autodétermination et effectuer une auto-déclaration de conformité avec la présente Norme internationale.
Družbena varnost - Sistem vodenja neprekinjenosti poslovanja - Navodilo (ISO 22313:2012)
Ta mednarodni standard za sisteme vodenja neprekinjenosti poslovanja zagotavlja navodila na podlagi dobre mednarodne prakse za načrtovanje, ustanavljanje, izvajanje, upravljanje, nadzorovanje, pregledovanje, vzdrževanje in nenehno izboljševanje dokumentiranega sistema vodenja, ki organizacijam omogoča, da se pripravijo in odzovejo na prekinitve poslovanja, kadar pride do njih, ter si opomorejo po njih. Namen tega mednarodnega standarda ni, da bi zahteval enotno strukturo sistema vodenja neprekinjenosti poslovanja (BCMS), ampak omogočiti, da organizacija oblikuje svoj sistem vodenja neprekinjenosti poslovanja, ki ustreza njenim potrebam in izpolnjuje zahteve njenih zainteresiranih strani. Te potrebe oblikujejo pravne, regulativne, organizacijske in industrijske zahteve, proizvodi ter storitve, uporabljeni procesi, okolje, v katerem deluje, velikost in struktura organizacije ter zahteve njenih zainteresiranih strani. Ta mednarodni standard je generičen in se uporablja za vse velikosti in vrste organizacij, tudi za velike, srednje velike in majhne organizacije, ki delujejo v industrijskem, gospodarskem, javnem in nepridobitnem sektorju, ki želijo: a) ustanoviti, izvajati, vzdrževati in izboljšati sistem vodenja neprekinjenosti poslovanja; b) zagotoviti skladnost s politiko neprekinjenosti poslovanja organizacije ali c) sprejeti lastno odločitev in izdati lastno izjavo o skladnosti s tem mednarodnim standardom. Tega mednarodnega standarda ni mogoče uporabljati za oceno sposobnosti organizacije za izpolnjevanje svojih potreb glede neprekinjenosti poslovanja ali strankinih, pravnih ali regulativnih potreb. Organizacije, ki to želijo narediti, lahko uporabijo zahteve iz standarda ISO 22301, da dokažejo skladnost z drugimi ali pridobijo potrdilo za svoj sistem vodenja neprekinjenosti poslovanja pri akreditiranem certifikacijskem organu tretje strani.
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
01-februar-2015
Družbena varnost - Sistem vodenja neprekinjenosti poslovanja - Navodilo (ISO
22313:2012)
Societal security - Business continuity management systems - Guidance (ISO
22313:2012)
Sicherheit und Schutz des Gemeinwesens - Aufrechterhaltung der Betriebsfähigkeit -
Leitlinie (ISO 22313:2012)
Sécurité sociétale - Systèmes de management de la continuité d'activité - Lignes
directrices (ISO 22313:2012)
Ta slovenski standard je istoveten z: EN ISO 22313:2014
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EUROPEAN STANDARD
EN ISO 22313
NORME EUROPÉENNE
EUROPÄISCHE NORM
November 2014
ICS 03.100.01
English Version
Societal security - Business continuity management systems -
Guidance (ISO 22313:2012)
Sécurité sociétale - Systèmes de management de la Sicherheit und Schutz des Gemeinwesens -
continuité d'activité - Lignes directrices (ISO 22313:2012) Aufrechterhaltung der Betriebsfähigkeit - Leitlinie (ISO
22313:2012)
This European Standard was approved by CEN on 18 October 2014.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European
Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national
standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same
status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2014 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 22313:2014 E
worldwide for CEN national Members.
Contents Page
Foreword .3
Foreword
The text of ISO 22313:2012 has been prepared by Technical Committee ISO/TC 223 “Societal security” of the
International Organization for Standardization (ISO) and has been taken over as EN ISO 22313:2014 by
Technical Committee CEN/TC 391 “Societal and Citizen Security” the secretariat of which is held by NEN.
This European Standard shall be given the status of a national standard, either by publication of an identical
text or by endorsement, at the latest by May 2015, and conflicting national standards shall be withdrawn at the
latest by May 2015.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following
countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech
Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece,
Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal,
Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom.
Endorsement notice
The text of ISO 22313:2012 has been approved by CEN as EN ISO 22313:2014 without any modification.
INTERNATIONAL ISO
STANDARD 22313
First edition
2012-12-15
Societal security — Business continuity
management systems — Guidance
Sécurité sociétale — Systèmes de management de la continuité
d’activité — Lignes directrices
Reference number
ISO 22313:2012(E)
©
ISO 2012
ISO 22313:2012(E)
© ISO 2012
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any
means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the
address below or ISO’s member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2012 – All rights reserved
ISO 22313:2012(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 1
4.1 Understanding of the organization and its context . 1
4.2 Understanding the needs and expectations of interested parties . 2
4.3 Determining the scope of the management system . 4
4.4 Business continuity management system . 4
5 Leadership . 4
5.1 Leadership and commitment . 4
5.2 Management commitment . 5
5.3 Policy . 5
5.4 Organizational roles, responsibilities and authorities. 6
6 Planning . 7
6.1 Actions to address risks and opportunities . 7
6.2 Business continuity objectives and plans to achieve them . 7
7 Support . 7
7.1 Resources . 7
7.2 Competence . 8
7.3 Awareness .10
7.4 Communication .11
7.5 Documented information .12
8 Operation .14
8.1 Operational planning and control .14
8.2 Business impact analysis and risk assessment .17
8.3 Business continuity strategy .21
8.4 Establish and implement business continuity procedures .28
8.5 Exercising and testing .38
9 Performance evaluation .40
9.1 Monitoring, measurement, analysis and evaluation .40
9.2 Internal audit .42
9.3 Management review .43
10 Improvement .44
10.1 Nonconformity and corrective action .44
10.2 Continual improvement .45
Bibliography .46
ISO 22313:2012(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International
Standards adopted by the technical committees are circulated to the member bodies for voting.
Publication as an International Standard requires approval by at least 75 % of the member bodies
casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 22313 was prepared by Technical Committee ISO/TC 223, Societal security.
For the purposes of research, users are encouraged to share their views on ISO 22313:2012
and their priorities for changes to future editions of the document. Click on the link below to
take part in the online survey:
http://www.surveymonkey.com/s/22313
iv © ISO 2012 – All rights reserved
--------------
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.