Titel:
Societal security - Guidelines for incident preparedness and operational continuity management
Herausgeber:
ISO (TC 223)
Veröffentlichung:
Dezember 2007 - zurückgezogen am 25.11.2013 (withdrawn stage 95.99)
Beschreibung:
Guidance für Incident Management
1 Scope ..................................................................................................................................................... 1
2 Normative references ........................................................................................................................... 2
3 Terms and definitions........................................................................................................................... 2
4 General................................................................................................................................................... 8
5 Policy ..................................................................................................................................................... 9
5.1 Establishing the program .................................................................................................................... 9
5.2 Defining program scope ...................................................................................................................... 9
5.3 Management leadershipand commitment ....................................................................................... 10
5.4 Policy development ............................................................................................................................ 10
5.5 Policy review ....................................................................................................................................... 10
5.6 Organizational structure for implementation................................................................................... 11
6 Planning ............................................................................................................................................... 11
6.1 General................................................................................................................................................. 11
6.2 Legal and other requirements ........................................................................................................... 11
6.3 Risk assessment and impact analysis .............................................................................................12
6.4 Hazard, risk, and threat identification............................................................................................... 12
6.5 Risk assessment................................................................................................................................. 12
6.6 Impact analysis ................................................................................................................................... 12
6.7 Incident preparedness and operational continuity management programs ................................ 13
7 Implementation and operation .......................................................................................................... 17
7.1 Resources, roles, responsibility and authority ............................................................................... 17
7.2 Building and embedding IPOCM in the organization's culture ...................................................... 17
7.3 Competence, training and awareness ..............................................................................................18
7.4 Communications and warning .......................................................................................................... 18
7.5 Operational control............................................................................................................................. 19
7.6 Finance and administration............................................................................................................... 20
8 Performance assessment .................................................................................................................. 20
8.1 System evaluation .............................................................................................................................. 20
8.2 Performance measurement and monitoring .................................................................................... 20
8.3 Testing and exercises ........................................................................................................................ 21
8.4 Corrective and preventive action ...................................................................................................... 21
8.5 Maintenance ........................................................................................................................................ 22
8.6 Internal audits and self assessment ................................................................................................. 22
9 Management review............................................................................................................................ 23
Annex A(informative) Impact analysis procedure........................................................................................ 24
Annex B(informative) Emergency response management program.......................................................... 26
Annex C(informative) Continuity management program ............................................................................ 28
Annex D(informative) Building an incident preparedness and operational continuity culture............... 30
Zertifizierung:
keine Zertifizierung des BCM nach ISO 22399 möglich
Bezug:
ISO