ISO/PAS 22399:2007

Titel:

Societal security – Guidelines for incident preparedness and operational continuity management

Herausgeber:

ISO (TC 223)

Veröffentlichung:

Dezember 2007 – zurückgezogen am 25.11.2013 (withdrawn stage 95.99)

Beschreibung:

Guidance für Incident Management

1 Scope ………………………………………………………………………………………………………………………………….. 1

2 Normative references …………………………………………………………………………………………………………… 2

3 Terms and definitions…………………………………………………………………………………………………………… 2

4 General………………………………………………………………………………………………………………………………… 8

5 Policy ………………………………………………………………………………………………………………………………….. 9

5.1 Establishing the program …………………………………………………………………………………………………….. 9

5.2 Defining program scope ………………………………………………………………………………………………………. 9

5.3 Management leadershipand commitment …………………………………………………………………………… 10

5.4 Policy development ……………………………………………………………………………………………………………. 10

5.5 Policy review ……………………………………………………………………………………………………………………… 10

5.6 Organizational structure for implementation……………………………………………………………………….. 11

6 Planning …………………………………………………………………………………………………………………………….. 11

6.1 General………………………………………………………………………………………………………………………………. 11

6.2 Legal and other requirements …………………………………………………………………………………………….. 11

6.3 Risk assessment and impact analysis …………………………………………………………………………………12

6.4 Hazard, risk, and threat identification………………………………………………………………………………….. 12

6.5 Risk assessment………………………………………………………………………………………………………………… 12

6.6 Impact analysis ………………………………………………………………………………………………………………….. 12

6.7 Incident preparedness and operational continuity management programs ………………………….. 13

7 Implementation and operation ……………………………………………………………………………………………. 17

7.1 Resources, roles, responsibility and authority ……………………………………………………………………. 17

7.2 Building and embedding IPOCM in the organization’s culture ……………………………………………… 17

7.3 Competence, training and awareness ………………………………………………………………………………….18

7.4 Communications and warning ……………………………………………………………………………………………. 18

7.5 Operational control…………………………………………………………………………………………………………….. 19

7.6 Finance and administration………………………………………………………………………………………………… 20

8 Performance assessment …………………………………………………………………………………………………… 20

8.1 System evaluation ……………………………………………………………………………………………………………… 20

8.2 Performance measurement and monitoring ………………………………………………………………………… 20

8.3 Testing and exercises ………………………………………………………………………………………………………… 21

8.4 Corrective and preventive action ………………………………………………………………………………………… 21

8.5 Maintenance ………………………………………………………………………………………………………………………. 22

8.6 Internal audits and self assessment ……………………………………………………………………………………. 22

9 Management review……………………………………………………………………………………………………………. 23

Annex A(informative) Impact analysis procedure……………………………………………………………………………. 24

Annex B(informative) Emergency response management program…………………………………………………. 26

Annex C(informative) Continuity management program …………………………………………………………………. 28

Annex D(informative) Building an incident preparedness and operational continuity culture…………… 30

Zertifizierung:

keine Zertifizierung des BCM nach ISO 22399 möglich

Bezug:

ISO

Ähnliche Einträge