Professional Documents
Culture Documents
STANDARD 22301
First edition
2012-05-15
Reference number
ISO 22301:2012(E)
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
ISO 2012
ISO 22301:2012(E)
Tel. + 41 22 749 01 11
Web www.iso.org
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
Contents
Foreword ............................................................................................................................................................................ iv
0 Introduction ..................................................................................................................................................................... v
0.1 General .......................................................................................................................................................................... v
0.2 The Plan-Do-Check-Act (PDCA) model ................................................................................................................ v
0.3 Components of PDCA in this International Standard ...................................................................................... vi
1 Scope ...................................................................................................................................................................... 1
2 Normative references ......................................................................................................................................... 1
......................................................................................................................................... 1
4 Context of the organization .............................................................................................................................. 8
4.1 Understanding of the organization and its context.................................................................................... 8
4.2 Understanding the needs and expectations of interested parties ......................................................... 9
4.3 Determining the scope of the business continuity management system ........................................... 9
4.4 Business continuity management system ................................................................................................. 10
5 Leadership........................................................................................................................................................... 10
5.1 Leadership and commitment ......................................................................................................................... 10
5.2 Management commitment............................................................................................................................... 10
5.3 Policy .................................................................................................................................................................... 11
5.4 Organizational roles, responsibilities and authorities ............................................................................ 11
6 Planning ............................................................................................................................................................... 12
6.1 Actions to address risks and opportunities............................................................................................... 12
6.2 Business continuity objectives and plans to achieve them .................................................................. 12
7 Support................................................................................................................................................................. 12
7.1 Resources ........................................................................................................................................................... 12
7.2 Competence ........................................................................................................................................................ 13
7.3 Awareness ........................................................................................................................................................... 13
7.4 Communication .................................................................................................................................................. 13
7.5 Documented information................................................................................................................................. 14
8 Operation ............................................................................................................................................................. 15
8.1 Operational planning and control ................................................................................................................. 15
8.2 Business impact analysis and risk assessment ....................................................................................... 15
8.3 Business continuity strategy ......................................................................................................................... 16
8.4 Establish and implement business continuity procedures ................................................................... 17
8.5 Exercising and testing ..................................................................................................................................... 19
9 Performance evaluation................................................................................................................................... 19
9.1 Monitoring, measurement, analysis and evaluation ................................................................................ 19
9.2 Internal audit ....................................................................................................................................................... 20
9.3 Management review .......................................................................................................................................... 21
10 Improvement ....................................................................................................................................................... 22
10.1 Nonconformity and corrective action .......................................................................................................... 22
10.2 Continual improvement ................................................................................................................................... 23
Bibliography ..................................................................................................................................................................... 24
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
Foreword
Societal security.
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
0 Introduction
0.1 General
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
Quality
management systems Environmental management systems Information security
management systems Information technology Service management
Establish
(Plan)
Interested
Interested
parties
parties
Requirements
Managed
for business
business
continuity
Monitor and continuity
review
(Check)
Plan
Do
procedures.
Check
Act
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
1 Scope
2 Normative references
-
3.1
activity
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
3.2
audit
3.3
business continuity
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
following disruptive incident
3.4
business continuity management
3.5
business continuity management system
BCMS
3.6
business continuity plan
3.7
business continuity programme
3.8
business impact analysis
3.9
competence
3.10
conformity
3.11
continual improvement
3.12
correction
3.13
corrective action
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
[SOURCE: ISO 22300]
3.14
document
3.15
documented information
3.16
effectiveness
3.17
event
3.18
exercise
3.19
incident
3.20
infrastructure
3.21
interested party
stakeholder
3.22
internal audit
3.23
invocation
3.24
management system
4 --`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
ISO 2012 All rights reserved
ISO 22301:2012(E)
3.25
maximum acceptable outage
MAO
3.26
maximum tolerable period of disruption
MTPD
3.27
measurement
3.28
minimum business continuity objective
MBCO
3.29
monitoring
3.30
mutual aid agreement
3.31
nonconformity
3.32
objective
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
3.33
organization
3.34
outsource (verb)
3.35
performance
3.36
performance evaluation
3.37
personnel
3.38
policy
3.39
procedure
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
3.40
process
3.41
products and services
3.42
prioritized activities
3.43
record
3.44
recovery point objective
RPO
3.45
recovery time objective
RTO
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
3.46
requirement
3.47
resources
3.48
risk
3.49
risk appetite
3.50
risk assessment
3.51
risk management
3.52
testing
3.53
top management
3.54
3.55
work environment
set of conditions under which work is performed
4.2.1 General
4.3.1 General
5 Leadership
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
5.3 Policy
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
6 Planning
b) how to
7 Support
7.1 Resources
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
7.2 Competence
7.3 Awareness
7.4 Communication
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
7.5.1 General
8 Operation
8.2.1 General
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
8.4.1 General
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
8.4.4 Business continuity plans
8.4.5 Recovery
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
9 Performance evaluation
9.1.1 General
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
10 Improvement
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
Bibliography
Security and continuity management systems Requirements and guidance for use
[20] Business Continuity Management Systems: Requirements with Guidance for Use
24 --`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
ISO 2012 All rights reserved
--`````,`,,`````````,`,```,,,-`-`,,`,,`,`,,`---
ISO 22301:2012(E)
ICS 03.100.01
--`````,`,,`````````,`,```,,,-`-`,