ISO/TC 292 - Security and resilience
Standardization in the field of security to enhance the safety and resilience of society. Excluded: Sector specific security projects developed in other relevant ISO committees and projects developed in ISO/TC 262 and ISO/PC 278.
Sécurité et résilience
Normalisation dans le domaine de la sécurité pour accroître la sécurité/sûreté et la résilience de la société. Sont exclus : les projets relatifs à la sécurité spécifiques de certains secteurs et relevant d'autres comités de l'ISO, ainsi que les projets relevant de l'ISO/TC 262 et de l'ISO/PC 278.
General Information
This document specifies requirements for a security management system, including aspects relevant to the supply chain. This document is applicable to all types and sizes of organizations (e.g. commercial enterprises, government or other public agencies and non-profit organizations) which intend to establish, implement, maintain and improve a security management system. It provides a holistic and common approach and is not industry or sector specific. This document can be used throughout the life of the organization and can be applied to any activity, internal or external, at all levels.
- Standard20 pagesEnglish languagesale 15% off
- Draft20 pagesEnglish languagesale 15% off
This document gives guidance on methods for understanding and extending the principles of business continuity embodied in ISO 22301 and ISO 22313 to the management of supplier relationships. It enables an organization to develop and document the strategy to be better prepared to manage supply chain continuity. This document is generic and applicable to all organizations. It is applicable to suppliers of products, services and resources, both upstream and downstream. Supply chain continuity management (SCCM) specifically considers the issues faced by an organization which relies on the continuity of supply of resources as well as the ability to continue delivery of its products and services. The objective of SCCM is to protect the organization’s business activities from supply chain disruption.
- Technical specification20 pagesEnglish languagesale 15% off
- Technical specification23 pagesFrench languagesale 15% off
This document gives guidelines for an organization to implement and maintain a formal and documented business impact analysis (BIA) process appropriate to its needs. It does not prescribe a uniform process for performing a BIA. This document is applicable to all organizations regardless of type, size and nature, whether in the private, public or not-for-profit sectors. The guidance can be adapted to the needs, objectives, resources and constraints of the organization.
- Technical specification36 pagesEnglish languagesale 15% off
- Technical specification37 pagesFrench languagesale 15% off
This document gives guidance on the use of social media in emergency management. It gives guidance on how organizations and the public can use, and interact through, social media before, during and after an incident as well as how social media can support the work of emergency services. This document is applicable to governmental and non-governmental organizations involved in emergency management and crisis communication.
- Standard16 pagesEnglish languagesale 15% off
- Draft16 pagesEnglish languagesale 15% off
This document gives guidance on how to develop recovery plans and renewal strategies from a major emergency, disaster or crisis (such as the COVID-19 pandemic). It provides guidelines on how to identify the short-term, transactional activities needed to reflect and learn, review preparedness of parts of the system impacted by the crisis, and reinstate operations to build preparedness. It also distinguishes a longer-term perspective of recovery, called “renewal”. In describing renewal, the document provides guidelines on how to identify visionary initiatives to address the strategic impacts and opportunities that have been exposed by the crisis and need to be addressed through transformational, ambitious initiatives. Recovery plans enhance preparedness following a crisis and renewal strategies enhance resilience. The guidelines cover how, in both recovery and renewal, there is a need to identify scalable activity on people, places, processes, power and partners. This document is applicable to those involved in community, local, national and international recovery and renewal including staff from public, private, voluntary, community and social enterprise sectors, among others.
- Technical specification36 pagesEnglish languagesale 15% off
- Draft36 pagesEnglish languagesale 15% off
This document provides guidelines for developing and maintaining business continuity plans and procedures. It is applicable to all organizations regardless of type, size and nature, whether in the private, public, or not-for-profit sectors, that wish to develop effective business continuity plans and procedures in a consistent manner.
- Technical specification20 pagesEnglish languagesale 15% off
- Technical specification21 pagesFrench languagesale 15% off
- Draft20 pagesEnglish languagesale 15% off
This document defines terms used in security and resilience standards.
- Standard53 pagesEnglish languagesale 15% off
- Standard56 pagesFrench languagesale 15% off
- Draft53 pagesEnglish languagesale 15% off
- Draft56 pagesFrench languagesale 15% off
This document provides guidelines to organizations for establishing the basic elements, strategies and processes for preventing and reducing crime and the fear of crime at a new or existing built environment. It recommends the establishment of countermeasures and actions to treat crime and security risks in an effective and efficient manner by leveraging environmental design. Within this document, the term "security" is used in a broad manner to include all crime, safety and security-specific applications, so it is applicable to public and private organizations, regardless of type, size or nature. While this document provides general examples of implementation strategies and best practices, it is not intended to provide an exhaustive listing of detailed design, architectural or physical security crime prevention through environmental design (CPTED) implementation strategies or restrict the potential applications to only those examples provided in this document.
- Standard23 pagesEnglish languagesale 15% off
- Standard25 pagesFrench languagesale 15% off
- Standard25 pagesFrench languagesale 15% off
- Draft23 pagesEnglish languagesale 15% off
This document gives guidelines for the implementation of a community-based disaster early warning system (EWS). It describes the methods and procedures to be implemented and provides examples. This document is applicable to communities vulnerable to disasters, without taking secondary/indirect effects into consideration.
- Standard14 pagesEnglish languagesale 15% off
- Draft14 pagesEnglish languagesale 15% off
This document gives guidelines for assessing product security-related threats, risks and countermeasures by developing a suitable protection plan, supporting its implementation and monitoring its effectiveness after implementation. This includes consideration of impacts and modifications to, for example, product life cycle, supply chain, manufacturing, data management, brand perception and costs so as to adapt the protection plan accordingly. This document is applicable to all types and sizes of organizations that want to ensure authenticity and integrity in order to support the trustworthiness of products, including documents, data and services related to products. This document supports organizations setting up a process to assess risks and to select and combine individual measures for developing a product protection plan.
- Standard16 pagesEnglish languagesale 15% off
- Standard18 pagesFrench languagesale 15% off
- Draft16 pagesEnglish languagesale 15% off
- Draft18 pagesFrench languagesale 15% off
This document gives guidelines for performance criteria and an evaluation methodology for authentication solutions that aim to unambiguously establish material good authenticity and integrity throughout an entire material good's life cycle. It focuses on the authentication of a material good and, if appropriate, its components, parts and related data: — covered by intellectual property rights; — covered by relevant international, regional or national regulations; — with counterfeiting-related implications; — otherwise with a distinctive identity. This document is applicable to all types and sizes of organizations that require the ability to validate the authenticity and integrity of material goods. It will help organizations to determine the categories of authentication elements they need in order to combat counterfeiting-related risks, and the criteria for selecting authentication elements, after having undertaken a counterfeiting risk assessment. Authentication solutions can be used in areas such as anti-counterfeiting, prevention of product fraud and prevention of diversion. This document does not specify economic criteria aiming to correlate performance and costs of the authentication solutions.
- Standard25 pagesEnglish languagesale 15% off
- Standard27 pagesFrench languagesale 15% off
This document describes a framework and principles that are coherent with the 2030 Agenda for Sustainable Development, including the New Urban Agenda, Paris Agreement and Sendai Framework, that can be applied to enhance urban resilience. This document proposes the use of metrics and models as the framework upon which to structure urban resilience to assist local authorities and other urban stakeholder's efforts to build more resilient human settlements. This document is primarily intended for use by organizations with responsibility for urban governance. However, it is equally applicable to all types and sizes of organizations that represent the community of stakeholders noted above, and in particular those organizations that have a role in urban planning, development and management processes in urban areas around the world.
- Technical report28 pagesEnglish languagesale 15% off
This document gives guidelines for organizations to design, organize, conduct, receive feedback from and learn from a peer review of their disaster risk reduction (DRR) policies and practices. It is also applicable to other community resilience activities. It is intended for use by organizations with the responsibility for, or involvement in, managing such activities including policy and preparedness, response and recovery operations, and designing preventative measures (e.g. for the effects of environmental changes such as those from climate change). It is applicable to all types, structures and sizes of organizations, such as local, regional and national governments, statutory bodies, non-governmental organizations, businesses, and public and community groups. It is applicable before or after an incident or exercise.
- Standard35 pagesEnglish languagesale 15% off
This document gives guidance and recommendations for applying the requirements of the business continuity management system (BCMS) given in ISO 22301. The guidance and recommendations are based on good international practice. This document is applicable to organizations that: a) implement, maintain and improve a BCMS; b) seek to ensure conformity with stated business continuity policy; c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption; d) seek to enhance their resilience through the effective application of the BCMS. The guidance and recommendations are applicable to all sizes and types of organizations, including large, medium and small organizations operating in industrial, commercial, public and not-for-profit sectors. The approach adopted depends on the organization's operating environment and complexity.
- Standard55 pagesEnglish languagesale 15% off
- Standard58 pagesFrench languagesale 15% off
This document gives guidelines for information exchange. It includes principles, a framework and a process for information exchange. It identifies mechanisms for information exchange that allow a participating organization to learn from others' experiences, mistakes and successes. It can be used to guide the maintenance of the information exchange arrangement in order to increase commitment and engagement. It provides measures that enhance the ability of participating organizations to cope with disruption risk. This document is applicable to private and public organizations that require guidance on establishing the conditions to support information exchange. This document does not apply to technical aspects but focuses on methodology issues. NOTE Legislation can differ from jurisdiction to jurisdiction. It is the user's responsibility to determine how applicable legal requirements relate to this document.
- Standard13 pagesEnglish languagesale 15% off
- Standard14 pagesFrench languagesale 15% off
This document specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise. The requirements specified in this document are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity. This document is applicable to all types and sizes of organizations that: a) implement, maintain and improve a BCMS; b) seek to ensure conformity with stated business continuity policy; c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption; d) seek to enhance their resilience through the effective application of the BCMS. This document can be used to assess an organization's ability to meet its own business continuity needs and obligations.
- Standard21 pagesEnglish languagesale 15% off
- Standard21 pagesEnglish languagesale 15% off
- Standard22 pagesFrench languagesale 15% off
- Standard22 pagesFrench languagesale 15% off
This document gives guidelines for incident management, including — principles that communicate the value and explain the purpose of incident management, — basic components of incident management including process and structure, which focus on roles and responsibilities, tasks and management of resources, and — working together through joint direction and cooperation. This document is applicable to any organization involved in responding to incidents of any type and scale. This document is applicable to any organization with one organizational structure as well as for two or more organizations that choose to work together while continuing to use their own organizational structure or to use a combined organizational structure.
- Standard20 pagesEnglish languagesale 15% off
This document gives guidelines for a landslide early warning system. It provides a definition, aims to improve understanding, describes methods and procedures to be implemented, and gives examples of types of activities. It is applicable to communities vulnerable to landslides, without taking secondary effects into consideration. It recognizes population behaviour response planning as a key part of the preparedness. It takes into account the approach of ISO 22315 and provides additional specifications for landslides.
- Standard15 pagesEnglish languagesale 15% off
This document gives guidelines for the content, security, issuance and examination of physical tax stamps and marks used to indicate that the required excise duty or other applicable taxes identified with an item have been paid and to signify that the item is legitimately on the intended market. Specifically, this document gives guidance on: — defining the functions of a tax stamp; — identifying and consulting with stakeholders; — planning the procurement process and selection of suppliers; — the design and construction of tax stamps; — the overt and covert security features that provide protection of the tax stamp; — the finishing and application processes for the tax stamp; — security of the tax stamp supply chain; — serialization and unique identifier (UID) codes for tax stamps; — examination of tax stamps; — monitoring and assessing tax stamp performance. This document is applicable only to tax stamps that are physical in nature and apparent to the human senses of sight (with the aid of a revealing tool if necessary) or touch, applied to a consumer good or its packaging and which allow material authentication. When the term "authentication" is used in this document, it refers only to the authentication of the tax stamp, not to the product on which the tax stamp is affixed. This document does not apply to systems or procedures that an issuing authority has in place to control and monitor its excise revenue collection, except by reference to them where they have an impact on the design or specification of tax stamps.
- Standard35 pagesEnglish languagesale 15% off
- Standard37 pagesFrench languagesale 15% off
This document gives guidelines for monitoring hazards within a facility as a part of an overall emergency management and continuity programme by establishing the process for hazard monitoring at facilities with identified hazards. It includes recommendations on how to develop and operate systems for the purpose of monitoring facilities with identified hazards. It covers the entire process of monitoring facilities. This document is generic and applicable to any organization. The application depends on the operating environment, the complexity of the organization and the type of identified hazards.
- Standard11 pagesEnglish languagesale 15% off
This document gives guidelines for the application of principles and a process for a complexity assessment of an organization's systems to improve security and resilience. A complexity assessment process allows an organization to identify potential hidden vulnerabilities of its system and to provide an early indication of risk resulting from complexity. This document is generic and applicable to all sizes and types of organization systems, such as critical assets, strategic networks, supply chains, industrial plants, community infrastructures, banks and business companies.
- Technical specification29 pagesEnglish languagesale 15% off
This document gives guidelines for organizations to identify, involve, communicate with and support individuals who are the most vulnerable to natural and human-induced (both intentional and unintentional) emergencies. It also includes guidelines for continually improving the provision of support to vulnerable persons in an emergency. It is intended for use by organizations with the responsibility for, or involvement in, part or all of the planning for working with vulnerable persons in an emergency. It is applicable to all types and sizes of organizations involved in emergency preparation, response and recovery activities, such as local, regional and national governments; statutory bodies; international and non-governmental organizations; businesses; and public and community groups. The focus of this document is on vulnerable individuals and their needs in relation to an emergency.
- Standard10 pagesEnglish languagesale 15% off
This document gives guidelines for establishing interoperability among independently functioning product identification and related authentication systems, as described in ISO 16678. The permanent transfer of data from one system to another is out of the scope of this document. It also gives guidance on how to specify an environment open to existing or new methods of identification and authentication of objects, and which is accessible for legacy systems that may need to remain active. It is applicable to any industry, stakeholder or user group requiring object identification and authentication systems. It can be used on a global scale, or in limited environments. This document supports those involved in planning and establishing interoperation.
- Standard20 pagesEnglish languagesale 15% off
This document gives guidance for business continuity strategy determination and selection. It is applicable to all organizations regardless of type, size and nature, whether in the private, public or not-for-profit sectors. It is intended for use by those responsible for, or participating in, strategy determination and selection.
- Technical specification25 pagesEnglish languagesale 15% off
- Technical specification28 pagesFrench languagesale 15% off
This document establishes general principles for an organization to identify the risks related to various types of product fraud and product fraudsters. It provides guidance on how organizations can establish strategic, business countermeasures to prevent or reduce any harm, tangible or intangible loss and cost from such fraudulent attacks in a cost-effective manner. This document is applicable to all organizations regardless of type, size or nature, whether private or public sector. The guidance can be adapted to the needs, objectives, resources and constraints of the organization. This document is intended to promote common understanding in the field of product-related fraud risk and its countermeasures.
- Standard14 pagesEnglish languagesale 15% off
This document gives guidelines for the planning and development of policies, strategies and procedures for the preparation and management of people affected by an incident. This includes: — preparation through awareness, analysis of needs, and learning and development; — coping with the immediate effects of the incident (respond); — managing people during the period of disruption (recover); — continuing to support the workforce after returning to business as usual (restore). The management of people relating to civil emergencies or other societal disruption is out of the scope of this document.
- Technical specification38 pagesEnglish languagesale 15% off
ISO 22319:2017 provides guidelines for planning the involvement of spontaneous volunteers (SVs) in incident response and recovery. It is intended to help organizations to establish a plan to consider whether, how and when SVs can provide relief to a coordinated response and recovery for all identified hazards. It helps identify issues to ensure the plan is risk-based and can be shown to prioritize the safety of SVs, the public they seek to assist and incident response staff. ISO 22319:2017 is intended for use by organizations with responsibility for, or involvement in, part or all of the planning for working with SVs. It is applicable to all types and sizes of organizations that are involved in the planning for, and management of, SVs (e.g. local, regional, and national governments, statutory bodies, international and non-governmental organizations, businesses and public and community groups). The range of tasks performed by SVs can require only basic planning (e.g. for people who are first on the scene), or a plan that is more complex (e.g. for people who travel to the affected area to volunteer). Coordinating the participation of volunteers who are affiliated to voluntary or professional organizations to provide relief is not within the scope of this document.
- Standard16 pagesEnglish languagesale 15% off
- Standard19 pagesFrench languagesale 15% off
ISO 22316:2017 provides guidance to enhance organizational resilience for any size or type of organization. It is not specific to any industry or sector. ISO 22316:2017 can be applied throughout the life of an organization. ISO 22316:2017 does not promote uniformity in approach across all organizations, as specific objectives and initiatives are tailored to suit an individual organization's needs.
- Standard10 pagesEnglish languagesale 15% off
ISO 22325:2016 provides guidelines for an organization in assessing its emergency management capability. It includes · an assessment model with a hierarchy of four levels; · eight indicators; · an assessment process, explaining how to plan, collect, analyse and report. ISO 22325:2016 is intended to be used by organizations responsible and accountable for emergency management. Each organization's context can involve a mix of prevention, mitigation, preparedness, response and recovery activities.
- Standard11 pagesEnglish languagesale 15% off
ISO 18788:2015 provides a framework for establishing, implementing, operating, monitoring, reviewing, maintaining and improving the management of security operations. It provides the principles and requirements for a security operations management system (SOMS). ISO 18788:2015 provides a business and risk management framework for organizations conducting or contracting security operations and related activities and functions while demonstrating: a) conduct of professional security operations to meet the requirements of clients and other stakeholders; b) accountability to law and respect for human rights; c) consistency with voluntary commitments to which it subscribes. ISO 18788:2015 is applicable to any organization that needs to: a) establish, implement, maintain and improve an SOMS; b) assess its conformity with its stated security operations management policy; c) demonstrate its ability to consistently provide services that meet client needs and are in conformance with applicable laws and human rights requirements.
- Standard98 pagesEnglish languagesale 15% off
- Standard105 pagesFrench languagesale 15% off
ISO/TR 22351:2015 describes a message structure for the exchange of information between organizations involved in emergency management. An organization can ingest the received information, based on the message structure, in its own operational picture. The structured message is called Emergency Management Shared Information (EMSI). ISO/TR 22351:2015 describes the message structure built in order to facilitate interoperability between existing and new information systems. The intended audience of ISO/TR 22351:2015 is control room engineers, information systems designers and decision makers in emergency management. NOTE The EMSI can be used complementary to other message protocols, as for example the common alert protocol (CAP).
- Technical report90 pagesEnglish languagesale 15% off
ISO 22324:2015 provides guidelines for the use of colour codes to inform people at risk as well as first response personnel about danger and to express the severity of a situation. It is applicable to all types of hazard in any location. This International Standard does not cover the method for displaying colour codes, detailed ergonomic considerations related with viewing displays, or safety signs covered by ISO 3864‑1.
- Standard11 pagesEnglish languagesale 15% off
ISO 22322:2015 provides guidelines for developing, managing, and implementing public warning before, during, and after incidents. This International Standard is applicable to any organization responsible for public warning. It is applicable at all levels, from local up to international. Before planning and implementing the public warning system, risks and consequences of potential hazards are assessed. This process is not part of this International Standard.
- Standard12 pagesEnglish languagesale 15% off
ISO 22315:2014 provides guidelines for mass evacuation planning in terms of establishing, implementing, monitoring, evaluating, reviewing, and improving preparedness. It establishes a framework for each activity in mass evacuation planning for all identified hazards. It will help organizations to develop plans that are evidence-based and that can be evaluated for effectiveness. ISO 22315:2014 is intended for use by organizations with responsibility for, or involvement in, part or all of the planning for mass evacuation. It is applicable to all types and sizes of organizations that are involved in the planning for mass evacuation, such as local, regional, and national governments; statutory bodies; international and non-governmental organizations; businesses; and public and social groups. ISO 22315:2014 covers planning for mass evacuation in order to gain a more effective response during the actual evacuation. It will assist organizations to meet their obligation of saving human life and reducing suffering. ISO 22315:2014 does not cover activities to stabilize the affected area after an evacuation, protect property, and preserve the environment.
- Standard24 pagesEnglish languagesale 15% off
- Standard24 pagesEnglish languagesale 15% off
- Standard26 pagesFrench languagesale 15% off
ISO 16678:2014 describes framework for identification and authentication systems. It provides recommendations and best practice guidance that include: consequences and guidance of management and verification of identifiers, physical expression of identifiers, and participants' due diligence; vetting of all participants within the system; relationship between the unique identifier and possible authentication elements related to it; questions that deal with the identification of the inspector and any authorized access to privileged information about the object; and inspector access history (logs). Accordingly, ISO 16678:2014 establishes a framework and outlines functional units used to achieve trustworthiness and interoperability of such systems. It does not specify any specific technical solutions, but instead describes processes, functions, and functional units using a generic model to illustrate what solutions have in common. Object identification systems can incorporate other functions and features such as supply chain traceability, quality traceability, marketing activities, and others, but these aspects are out of scope of ISO 16678:2014.
- Standard24 pagesEnglish languagesale 15% off
- Standard24 pagesEnglish languagesale 15% off
- Standard25 pagesFrench languagesale 15% off
- Standard25 pagesFrench languagesale 15% off
ISO 22397:2014 provides guidelines for establishing partnering arrangements among organizations to manage multiple relationships for events impacting on societal security. It incorporates principles and describes the process for planning, developing, implementing and reviewing partnering arrangements. ISO 22397:2014 is applicable to all organizations regardless of type, size and nature of activity whether in or between the private, public, or not-for-profit sectors.
- Standard13 pagesEnglish languagesale 15% off
- Standard13 pagesEnglish languagesale 15% off
- Standard15 pagesFrench languagesale 15% off
ISO 28004-3:2014 has been developed to supplement ISO 28004-1 by providing additional guidance to medium and small businesses (other than marine ports) that wish to adopt ISO 28000. The additional guidance in ISO 28004-3:2014, while amplifying the general guidance provided in the main body of ISO 28004-1, does not conflict with the general guidance, nor does it amend ISO 28000.
- Standard15 pagesEnglish languagesale 15% off
ISO 28004-4:2014 provides additional guidance for organizations adopting ISO 28000 that also wish to incorporate the Best Practices identified in ISO 28001 as a management objective on their international supply chains. The Best Practices in ISO 28001 both help organizations establish and document levels of security within an international supply chain and facilitate validation in national Authorized Economic Operator (AEO) programmes that are designed in accordance with the World Customs Organization (WCO) Framework of Standards. ISO 28004-4:2014 is not designed as a standalone document. The main body of ISO 28004-1 provides significant guidance pertaining to required inputs, processes, outputs and other elements required by ISO 28000. ISO 28004-4:2014 provides additional specific guidance on implementing ISO 28000 if compliance with ISO 28001 is a management objective.
- Standard6 pagesEnglish languagesale 15% off
ISO 22398:2013 recommends good practice and guidelines for an organization to plan, conduct, and improve its exercise projects which may be organized within an exercise programme. It is applicable to all organizations regardless of type, size or nature, whether private or public. The guidance can be adapted to the needs, objectives, resources, and constraints of the organization. It is intended for use by anyone with responsibility for ensuring the competence of the organization's personnel, particularly the leadership of the organization, and those responsible for managing exercise programmes and exercise projects.
- Standard35 pagesEnglish languagesale 15% off
ISO 22311:2012 is mainly for societal security purposes and specifies a common output file format that can be extracted from the video-surveillance contents collection systems (stand alone machines or large scale systems) by an exchangeable data storage media or through a network to allow end-users to access digital video-surveillance contents and perform their necessary processing.
- Standard29 pagesEnglish languagesale 15% off
- Standard29 pagesFrench languagesale 15% off
ISO 28002:2011 specifies requirements for a resilience management system in the supply chain to enable an organization to develop and implement policies, objectives, and programs, taking into account legal, regulatory and other requirements to which the organization subscribes; information about significant risks, hazards and threats that may have consequences to the organization, its stakeholders, and on its supply chain; protection of its assets and processes; and management of disruptive incidents.
- Standard55 pagesEnglish languagesale 15% off
ISO 28001:2007 provides requirements and guidance for organizations in international supply chains to develop and implement supply chain security processes; establish and document a minimum level of security within a supply chain(s) or segment of a supply chain; assist in meeting the applicable authorized economic operator (AEO) criteria set forth in the World Customs Organization Framework of Standards and conforming national supply chain security programmes. In addition, ISO 28001:2007 establishes certain documentation requirements that would permit verification. Users of ISO 28001:2007 will define the portion of an international supply chain within which they have established security; conduct security assessments on that portion of the supply chain and develop adequate countermeasures; develop and implement a supply chain security plan; train security personnel in their security related duties.
- Standard27 pagesEnglish languagesale 15% off
ISO 28004:2007 provides generic advice on the application of ISO 28000:2007, Specification for security management systems for the supply chain. It explains the underlying principles of ISO 28000 and describes the intent, typical inputs, processes and typical outputs for each requirement of ISO 28000. This is to aid the understanding and implementation of ISO 28000. ISO 28004:2007 does not create additional requirements to those specified in ISO 28000, nor does it prescribe mandatory approaches to the implementation of ISO 28000.
- Standard56 pagesEnglish languagesale 15% off
- Standard61 pagesFrench languagesale 15% off
ISO 28003:2007 contains principles and requirements for bodies providing the audit and certification of supply chain security management systems according to management system specifications and standards such as ISO 28000. It defines the minimum requirements of a certification body and its associated auditors, recognizing the unique need for confidentiality when auditing and certifying/registering a client organization. Requirements for supply chain security management systems can originate from a number of sources, and ISO 28003:2007 has been developed to assist in the certification of supply chain security management systems that fulfil the requirements of ISO 28000, Specification for security management systems for the supply chain, and other supply chain security management system International Standards. The contents of ISO 28003:2007 may also be used to support certification of supply chain security management systems that are based on other specified supply chain security management system requirements. ISO 28003:2007 provides harmonized guidance for the accreditation of certification bodies applying for ISO 28000 (or other specified supply chain security management system requirements) certification/registration; defines the rules applicable for the audit and certification of a supply chain security management system complying with the supply chain security management system standard's requirements (or other sets of specified supply chain security management system requirements); provides the customers with the necessary information and confidence about the way certification of their suppliers has been granted.
- Standard43 pagesEnglish languagesale 15% off
- Standard47 pagesFrench languagesale 15% off
ISO 22300:2018 defines terms used in security and resilience standards.
- Standard35 pagesEnglish languagesale 15% off
- Standard37 pagesFrench languagesale 15% off
ISO/TS 22317:2015 provides guidance for an organization to establish, implement, and maintain a formal and documented business impact analysis (BIA) process. This Technical Specification does not prescribe a uniform process for performing a BIA, but will assist an organization to design a BIA process that is appropriate to its needs. ISO/TS 22317:2015 is applicable to all organizations regardless of type, size, and nature, whether in the private, public, or not-for-profit sectors. The guidance can be adapted to the needs, objectives, resources, and constraints of the organization. It is intended for use by those responsible for the BIA process.
- Technical specification27 pagesEnglish languagesale 15% off
- Technical specification29 pagesFrench languagesale 15% off
ISO/TS 22318:2015 gives guidance on methods for understanding and extending the principles of BCM embodied in ISO 22301 and ISO 22313 to the management of supplier relationships. This Technical Specification is generic and applicable to all organizations (or parts thereof), regardless of type, size and nature of business. It is applicable to the supply of products and services, both internally and externally. The extent of application of this Technical Specification depends on the organization's operating environment and complexity. Supply chain management considers the full range of activities concerned with the provision of supplies or services to an organization as a part of business-as-usual. The scope of this Technical Specification is less broad in that it specifically considers the issues faced by an organization which needs continuity of supply of products and services to protect its business activities or processes, and the continuity strategies for current suppliers within supply chains, which can be used to mitigate the impact of disruption; this is SCCM. Guidance on developing a business continuity plan or business continuity management system is set out in ISO 22301 and ISO 22313.
- Technical specification22 pagesEnglish languagesale 15% off
ISO 22313:2012 for business continuity management systems provides guidance based on good international practice for planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving a documented management system that enables organizations to prepare for, respond to and recover from disruptive incidents when they arise. It is not the intent of ISO 22313:2012 to imply uniformity in the structure of a BCMS but for an organization to design a BCMS that is appropriate to its needs and that meets the requirements of its interested parties. These needs are shaped by legal, regulatory, organizational and industry requirements, the products and services, the processes employed, the environment in which it operates, the size and structure of the organization and the requirements of its interested parties. ISO 22313 is generic and applicable to all sizes and types of organizations, including large, medium and small organizations operating in industrial, commercial, public and not-for-profit sectors that wish to: establish, implement, maintain and improve a BCMS; ensure conformance with the organization's business continuity policy; or make a self-determination and self-declaration of compliance with this International Standard.
- Standard46 pagesEnglish languagesale 15% off
- Standard50 pagesFrench languagesale 15% off
ISO 12931:2012 specifies performance criteria and evaluation methodology for authentication solutions used to establish material good authenticity throughout the entire material good life cycle. It does not specify how technical solutions achieve these performance criteria. ISO 12931:2012 is intended for all types and sizes of organizations that require the ability to validate the authenticity of material goods. It is intended to guide such organizations in the determination of the categories of authentication elements they need to combat those risks, and the criteria for selection of authentication elements that provide those categories, having undertaken a counterfeiting risk analysis. Such authentication elements can be part of the material good itself and/or its packaging. The criteria applies to the material good and/or its packaging.
- Standard28 pagesEnglish languagesale 15% off
- Standard30 pagesFrench languagesale 15% off
ISO 22301:2012 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. The requirements specified in ISO 22301:2012 are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity.
- Standard24 pagesEnglish languagesale 15% off
- Standard29 pagesFrench languagesale 15% off