iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO 22336

(Main)

Security and resilience — Organizational resilience — Guidelines for resilience policy and strategy

Security and resilience — Organizational resilience — Guidelines for resilience policy and strategy

This document provides organizations with guidance on how to formulate corporate policy and implement a strategy to enhance organizational resilience will assist organizations in articulating the organizations’ vision and purpose, set strategic objectives and define its actions to achieve an enhanced state of organizational resilience . This document will provide guidance based on foundation principles of organizational resilience and the development of essential attributes as set out in ISO 22316:2017, Security and resilience – Organizational resilience – Principles and attributes. It is not specific to any industry or sector. This document can be applied throughout the life of an organization. This document will include guidance on: - How to design and formulate a resilience policy; - How to develop strategy to achieve the objectives of a resilience policy; - How to prepare an implementation plan to deliver strategic objectives; and - How to establish a cooperative and coordinated capability to enhance resilience.

Sécurité et résilience — Résilience organisationnelle — Lignes directrices pour une politique et une stratégie de résilience

General Information

Status
Not Published
ICS
03.100.01 - Company organization and management in general
Technical Committee
ISO/TC 292 - Security and resilience
Drafting Committee
ISO/TC 292 - Security and resilience
Current Stage
6000 - International Standard under publication
Completion Date
04-Sep-2024
Ref Project

Buy Standard

ISO/FDIS 22336 - Security and resilience — Organizational resilience — Guidelines for resilience policy and strategy Released:25. 06. 2024ISO/FDIS 22336 - Security and resilience — Organizational resilience — Guidelines for resilience policy and strategy Released:25. 06. 2024
PreviousNext
Draft
ISO/FDIS 22336 - Security and resilience — Organizational resilience — Guidelines for resilience policy and strategy Released:25. 06. 2024
English language
21 pages
sale 15% off
Preview
sale 15% off
Preview
REDLINE ISO/FDIS 22336 - Security and resilience — Organizational resilience — Guidelines for resilience policy and strategy Released:25. 06. 2024REDLINE ISO/FDIS 22336 - Security and resilience — Organizational resilience — Guidelines for resilience policy and strategy Released:25. 06. 2024
PreviousNext
Draft
REDLINE ISO/FDIS 22336 - Security and resilience — Organizational resilience — Guidelines for resilience policy and strategy Released:25. 06. 2024
English language
21 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


FINAL DRAFT
International
Standard
ISO/FDIS 22336
ISO/TC 292
Security and resilience —
Secretariat: SIS
Organizational resilience —
Voting begins on:
Guidelines for resilience policy and
2024-07-09
strategy
Voting terminates on:
2024-09-03
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
Reference number
ISO/FDIS 22336:2024(en) © ISO 2024

FINAL DRAFT
ISO/FDIS 22336:2024(en)
International
Standard
ISO/FDIS 22336
ISO/TC 292
Security and resilience —
Secretariat: SIS
Organizational resilience —
Voting begins on:
Guidelines for resilience policy and
strategy
Voting terminates on:
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
© ISO 2024
IN ADDITION TO THEIR EVALUATION AS
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
or ISO’s member body in the country of the requester.
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
ISO/FDIS 22336:2024(en) © ISO 2024

ii
ISO/FDIS 22336:2024(en)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles . 1
4.1 General .1
4.2 Policy formulation .2
4.3 Strategy design . .2
4.4 Strategy implementation .3
5 Organizational context . . 3
6 Attributes of policies and strategies for resilience . 3
6.1 General .3
6.2 P olicy formulation .3
6.2.1 General .3
6.2.2 Shared vision and clarity of purpose .4
6.2.3 Understanding and influencing context .4
6.2.4 Culture supportive of organizational resilience .4
6.3 Strategy design . .4
6.3.1 General .4
6.3.2 Anticipates, absorbs, and manages change .4
6.3.3 Shared information and knowledge.4
6.3.4 Continual improvement and evaluation .4
6.4 Strategy implementation .4
6.4.1 General .4
6.4.2 Availability of resources .4
6.4.3 Effective and empowered leadership .5
6.4.4 Coordination and alignment of systems.5
7 Enabling behaviours . 5
7.1 General .5
7.2 Adaptable . . .5
7.3 Inclusive .5
7.4 Integrated .6
7.5 Reflective .6
7.6 Prepared .6
7.7 Robust . .7
7.8 Innovative .7
8 Framework for resilience policy and strategy . 8
8.1 General .8
8.2 L eadership and commitment .8
8.2.1 General .8
8.2.2 Commitment to enhancing resilience .9
8.3 Policy formulation .9
8.4 Strategy design .10
8.5 Strategy implementation .10
8.6 Evaluation .10
8.6.1 General .10
8.6.2 Key performance indicators .11
9 Process . .11
9.1 General .11
9.2 Understanding the context of the resilience policy and strategy . 12

iii
ISO/FDIS 22336:2024(en)
9.2.1 General . 12
9.2.2 Determining the internal context . 12
9.2.3 Determining the external context . 13
9.2.4 Horizon scanning . 13
9.3 Communication .14
9.4 Policy formulation .14
9.5 Strategy design . 15
9.5.1 General . 15
9.5.2 Designing strategy to achieve resilience policy objectives . 15
9.5.3 Ensuring alignment with organizational goals . 15
9.5.4 Estab
...


Style Definition: Heading 1: Indent: Left: 0 pt, First line: 0
ISO/FDIS 22336:2024(Een)
pt, Tab stops: Not at 21.6 pt
Style Definition: Heading 7: Font: Bold, No bullets or
ISO/TC 292
numbering, Tab stops: 72 pt, List tab
Style Definition: Heading 8: Font: Bold, No bullets or
Secretariat: SIS
numbering, Tab stops: 90 pt, List tab
Style Definition: Heading 9: Font: Bold, No bullets or
Date: 2024-04-0906-25
numbering, Tab stops: 90 pt, List tab
Formatted: English (United States)
Security and resilience — Organizational resilience — Guidelines for resilience
Formatted: English (United States)
policy and strategy
Formatted: English (United States)

CLEAN – FOR SUBMISSION TO ISO/CS FOR PREPARATION OF THE FDIS BALLOT

ISO/FDIS 22336:2024(E)
Formatted
Formatted: Default Paragraph Font
All rights reserved. Unless otherwise specified, or required in the context of its
Formatted: Default Paragraph Font
implementation, no part of this publication may be reproduced or utilized otherwise in any
Formatted: Adjust space between Latin and Asian text,
form or by any means, electronic or mechanical, including photocopying, or posting on the
Adjust space between Asian text and numbers
internet or an intranet, without prior written permission. Permission can be requested from
either ISO at the address below or ISO’sISO's member body in the country of the requester.
ISO copyright officeCopyright Office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva Formatted: Adjust space between Latin and Asian text,
Adjust space between Asian text and numbers
Phone: + 41 22 749 01 11
Email: copyright@iso.org
Email: copyright@iso.org
Website: www.iso.orgwww.iso.org Formatted: English (United Kingdom)
Formatted: English (United Kingdom)
Published in Switzerland.
Formatted: Adjust space between Latin and Asian text,
Adjust space between Asian text and numbers
Formatted: English (United Kingdom)
ii © ISO 2024 – All rights reserved

Formatted: Centered, Space After: 36 pt
ISO/FDIS 22336:2024(E) en)
Contents
Foreword . vii
Introduction . viii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles . 1
4.1 General . 1
4.2 Policy formulation . 3
4.3 Strategy design . 3
4.4 Strategy implementation . 3
5 Organizational context . 4
6 Attributes of policies and strategies for resilience . 4
6.1 General . 4
6.2 Policy formulation . 5
6.2.1 General . 5
6.2.2 Shared vision and clarity of purpose . 5
6.2.3 Understanding and influencing context . 5
6.2.4 Culture supportive of organizational resilience . 5
6.3 Strategy design . 5
6.3.1 General . 5
6.3.2 Anticipates, absorbs, and manages change . 5
6.3.3 Shared information and knowledge . 5
6.3.4 Continual improvement and evaluation . 5
6.4 Strategy implementation . 6
6.4.1 General . 6
6.4.2 Availability of resources . 6
6.4.3 Effective and empowered leadership . 6
6.4.4 Coordination and alignment of systems. 6
7 Enabling behaviours . 6
7.1 General . 6
7.2 Adaptable . 6
7.3 Inclusive . 7
7.4 Integrated . 7
7.5 Reflective . 7
7.6 Prepared . 8
7.7 Robust . 8
7.8 Innovative . 9
8 Framework for resilience policy and strategy . 9
8.1 General . 9
8.2 Leadership and commitment . 10
8.2.1 General . 10
8.2.2 Commitment to enhancing resilience . 11
Formatted: Centered, Space After: 24 pt
iii
ISO/FDIS 22336:2024(E)
8.3 Policy formulation . 12
8.4 Strategy design . 12
8.5 Strategy implementation . 12
8.6 Evaluation . 13
8.6.1 General . 13
8.6.2 Key performance indicators . 13
9 Process . 14
9.1 General . 14
9.2 Understand the context of the resilience policy and strategy . 15
9.2.1 General . 15
9.2.2 Determining the internal context. 16
9.2.3 Determining the external context . 16
9.2.4 Horizon scanning . 17
9.3 Communication . 17
9.4 Policy formulation . 17
9.5 Strategy design . 18
9.5.1 General . 18
9.5.2 Design strategy to achieve resilience policy objectives . 18
9.5.3 Ensure alignment with organizational goals . 19
9.5.4 Establish resilience objectives . 19
9.5.5 Prioritize objectives . 19
9.6 Strategy implementation . 20
9.6.1 General . 20
9.6.2 Develop strategic implementation plan . 20
9.6.3 Allocating resources . 21
9.6.4 Roles and responsibilities . 21
10 Continual improvement . 21
10.1 General . 21
10.2 Performance evaluation . 22
10.2.1 Monitor and review . 22
10.2.2 General . 22
10.2.3 Measuring progress against resilience key performance indicators . 22
10.2.4 Reporting . 24
10.3 Continual improvement . 24
Bibliography . 26

Figure 1 — Organizational resilience policy and strategy framework . x
Figure 2 — Designing and implementing the organizational resilience policy and
strategy . 3
Figure 3 — Framework . 10
Figure 4 — Process . 15
Foreword . v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles . 1
iv © ISO 2024 – All rights reserved

Formatted: Centered, Space After: 36 pt
ISO/FDIS 22336:2024(E) en)
4.1 General . 1
4.2 Policy formulation . 3
4.3 Strategy design . 3
4.4 Strategy implementation .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/TS 22360:2024(Main)
Security and resilience — Crisis management — Concepts, principles and framework

This document provides an outline of crisis concepts and the principles that inform and support contemporary thinking on the circumstances and conditions under which crises can develop. It specifies: — concepts and principles, governing crises; — the social-ecological system (SES) framework in which crises develop; — factors that contribute to crises; — the progression and evolution of a crisis; — a structure for classifying crises; — the relationship between issues, incidents, emergencies, disasters, and crises; — a crisis taxonomy for the systematic development of policies, strategies, and standards, relevant to crisis management (see Annex A). This document does not provide guidance on how organizations can: — manage physiological or psychological aspects of human reactions to personal crises; — manage personal health or public health crisis affecting individuals, communities, or having broader impacts on society; — design, develop or implement crisis management programs or plans; — develop a strategic capability for crisis management; — apply crisis management techniques to specific crisis situations. This document is applicable to all organizations. It can also be applied by standards users and standards writers and educators. It encourages a better understanding of crisis concepts and the interconnected characteristics of factors that contribute to crises through referencing the crisis controls and effects social-ecological system model. The application of the principles described in this document can encourage consistency in the use of crises related terms and definitions and complements other ISO standards for crisis management.

  • Technical specification
    26 pages
    English language
    sale 15% off
  • Technical specification
    29 pages
    French language
    sale 15% off
ISO
ISO 22359:2024(Main)
Security and resilience — Guidelines for hardened protective shelters

This document provides guidelines for the design, use and maintenance of hardened protective shelters (hereafter referred to as “shelters”). It specifies guidance on the layout, structures, equipment and actions related to a shelter. This document is intended for organizations or individuals responsible for or involved in decision-making, planning, implementation, administration, use or upkeep of shelters, such as local, regional and national governments, civil protection agencies, first responders and businesses such as designers, constructers and equipment suppliers. This document does not cover the minimum requirements or exact specifications for the properties of or actions related to a shelter; nor does it cover rapidly erected temporary shelters, such as lightweight canvas weather shelters, other tarp tent shelters, or metal and container shelters. Military shelters are subject to additional requirements which are outside the scope of this document.

  • Standard
    26 pages
    English language
    sale 15% off
ISO
ISO 28000:2022/Amd 1:2024(Amendment)
Security and resilience — Security management systems — Requirements — Amendment 1: Climate action changes
  • Standard
    1 page
    English language
    sale 15% off
ISO
ISO 22301:2019/Amd 1:2024(Amendment)
Security and resilience — Business continuity management systems — Requirements — Amendment 1: Climate action changes
  • Standard
    1 page
    English language
    sale 15% off
  • Standard
    1 page
    French language
    sale 15% off
ISO
ISO 22388:2023(Main)
Security and resilience — Authenticity, integrity and trust for products and documents — Guidelines for securing physical documents

This document gives guidance on how to secure physical documents for specifying entities of physical documents. It establishes a procedure for security design, which includes: — risk assessment; — determination of document classes; — introduction of security features; — security evaluation; — document risk mitigation. This document is applicable to secure physical documents that are used for important actions such as validating value transactions, providing access, demonstrating compliance and securing products. This document does not apply to banknotes, machine-readable travel documents, driving licences, postage stamps, tax stamps, health cards or national identity cards covered by existing standards and regulations.

  • Standard
    36 pages
    English language
    sale 15% off
  • Standard
    39 pages
    French language
    sale 15% off
ISO
ISO 22376:2023(Main)
Security and resilience — Authenticity, integrity and trust for products and documents — Specification and usage of visible digital seal (VDS) data format for authentication, verification and acquisition of data carried by a document or object

This document defines the conditions necessary for the interoperable deployment of visible digital seals (VDSs). It describes the structure, possible forms of representation, production process and verification process applicable to VDSs, for any type of document or object to which they relate. This document does not establish requirements for users that issue and verify documents or for users that implement and deploy VDSs. This document does not apply to detailed response formatting functions (RFFs). These requirements and functions are defined by the trust service operator (TSO) and generally cover functionalities such as the security levels of certificates and governance rules to be applied to document issuers and trust service providers (TSPs) intervening in the VDS ecosystem. This document does not apply to the governance related to the operation of the VDS scheme. It is not intended to replace the specifications from Agence Nationale des Titres Sécurisés (ANTS), Bundesamt für Sicherheit in der Informationstechnik (BSI) and International Civil Aviation Organization (ICAO) documents.

  • Standard
    40 pages
    English language
    sale 15% off
  • Standard
    41 pages
    French language
    sale 15% off
ISO
ISO 22342:2023(Main)
Security and resilience — Protective security — Guidelines for the development of a security plan for an organization

This document gives guidance on developing and maintaining security plans. The security plan describes how an organization establishes effective security planning and how it can integrate security within organizational risk management practices. This document is applicable to all organizations regardless of type, size and nature, whether in the private, public or not-for-profit sectors, that wish to develop effective security plans in a consistent manner. This document is applicable to any organization intending to implement measures designed to protect their assets against malicious acts and mitigate their associated risks. This document does not provide specific criteria for identifying the need to implement or enhance prevention and protection measures against malicious acts. It does not apply to services and operations delivered by private security companies.

  • Standard
    11 pages
    English language
    sale 15% off
  • Standard
    12 pages
    French language
    sale 15% off
ISO
ISO 22393:2023(Main)
Security and resilience — Community resilience — Guidelines for planning recovery and renewal

This document gives guidance on how to develop meaningful recovery activities and renewal initiatives from any type of major emergency, disaster or crisis, no matter what type of impact or damage it has. It provides guidelines on how to identify the short-term, transactional activities needed to reflect and learn, review preparedness of parts of the system impacted by the crisis, and reinstate operations to build preparedness to future emergencies. It distinguishes a longer-term perspective, called “renewal”, and provides guidelines on how to identify visionary initiatives to be addressed through transformation to change lives and futures. The guidelines cover how, in both recovery and renewal, there is a need to identify scalable activity on people, places, processes, power and partners. This document is applicable to all organizations, particularly those involved in recovery and renewal and that are responsible for human welfare and community development (e.g. public, voluntary, community and social enterprise sectors).

  • Standard
    39 pages
    English language
    sale 15% off
ISO
ISO 22385:2023(Main)
Security and resilience — Authenticity, integrity and trust for products and documents — Guidelines to establish a framework for trust and interoperability

This document establishes a framework for a trustworthy environment for information processing and communication that protects integrity along the supply chain of physical and related electronic documents, products, software and services life cycle to mitigate product fraud and counterfeit goods, by using object identification techniques. This document gives guidelines to establish a framework for ensuring trust, interoperability and interoperation via secure and reliable electronically signed encoded data set (ESEDS) schemes for multi-actor applications which are even applicable in multi-sector environment. This document does not interfere with existing traceability and identification and authentication systems but is able to support interoperations between them by introducing an ESEDS scheme.

  • Standard
    16 pages
    English language
    sale 15% off
  • Standard
    16 pages
    French language
    sale 15% off
ISO
ISO 22328-3:2023(Main)
Security and resilience — Emergency management — Part 3: Guidelines for the implementation of a community-based early warning system for tsunamis

This document gives guidelines for the implementation of a community-based disaster early warning system (EWS) for tsunamis. It complements the generic guidelines in ISO 22328-1[5]. It describes the methods, procedures, implementation measures and activities specifically related to tsunamis. This document is applicable to communities vulnerable to tsunamis, without taking secondary/indirect effects into consideration.

  • Standard
    15 pages
    English language
    sale 15% off