iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO 22336:2024

(Main)

Security and resilience — Organizational resilience — Guidelines for resilience policy and strategy

Security and resilience — Organizational resilience — Guidelines for resilience policy and strategy

This document provides guidelines on the design and development of an organizational resilience policy and strategy. It includes: — how to design and formulate a resilience policy; — how to design strategy to achieve the objectives of a resilience policy; — how to determine priorities for implementation of the organization’s resilience initiatives; — how to establish a cooperative and coordinated capability to enhance resilience. This document is applicable to organizations seeking to enhance resilience. It is not specific to any industry or sector. It can be applied throughout the life of an organization to enhance resilience. This document does not provide guidance on the development of an organizational resilience capability.

Sécurité et résilience — Résilience organisationnelle — Lignes directrices pour une politique et une stratégie de résilience

General Information

Status
Published
Publication Date
08-Oct-2024
ICS
03.100.01 - Company organization and management in general
Technical Committee
ISO/TC 292 - Security and resilience
Drafting Committee
ISO/TC 292 - Security and resilience
Current Stage
6060 - International Standard published
Start Date
09-Oct-2024
Due Date
08-Oct-2024
Completion Date
09-Oct-2024
Ref Project

Buy Standard

ISO 22336:2024 - Security and resilience — Organizational resilience — Guidelines for resilience policy and strategy Released:9. 10. 2024ISO 22336:2024 - Security and resilience — Organizational resilience — Guidelines for resilience policy and strategy Released:9. 10. 2024
PreviousNext
Standard
ISO 22336:2024 - Security and resilience — Organizational resilience — Guidelines for resilience policy and strategy Released:9. 10. 2024
English language
21 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


International
Standard
ISO 22336
First edition
Security and resilience —
2024-10
Organizational resilience —
Guidelines for resilience policy and
strategy
Sécurité et résilience — Résilience organisationnelle — Lignes
directrices pour une politique et une stratégie de résilience
Reference number
© ISO 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Principles . 1
4.1 General .1
4.2 Policy formulation .2
4.3 Strategy design . .2
4.4 Strategy implementation .3
5 Organizational context . . 3
6 Attributes of policies and strategies for resilience . 3
6.1 General .3
6.2 P olicy formulation .3
6.2.1 General .3
6.2.2 Shared vision and clarity of purpose .4
6.2.3 Understanding and influencing context .4
6.2.4 Culture supportive of organizational resilience .4
6.3 Strategy design . .4
6.3.1 General .4
6.3.2 Anticipates, absorbs, and manages change .4
6.3.3 Shared information and knowledge.4
6.3.4 Continual improvement and evaluation .4
6.4 Strategy implementation .4
6.4.1 General .4
6.4.2 Availability of resources .4
6.4.3 Effective and empowered leadership .5
6.4.4 Coordination and alignment of systems.5
7 Enabling behaviours . 5
7.1 General .5
7.2 Adaptable . . .5
7.3 Inclusive .5
7.4 Integrated .6
7.5 Reflective .6
7.6 Prepared .6
7.7 Robust . .7
7.8 Innovative .7
8 Framework for resilience policy and strategy . 8
8.1 General .8
8.2 L eadership and commitment .8
8.2.1 General .8
8.2.2 Commitment to enhancing resilience .9
8.3 Policy formulation .9
8.4 Strategy design .10
8.5 Strategy implementation .10
8.6 Evaluation .10
8.6.1 General .10
8.6.2 Key performance indicators .11
9 Process . .11
9.1 General .11
9.2 Understanding the context of the resilience policy and strategy . 12

iii
9.2.1 General . 12
9.2.2 Determining the internal context . 12
9.2.3 Determining the external context . 13
9.2.4 Horizon scanning . 13
9.3 Communication .14
9.4 Policy formulation .14
9.5 Strategy design . 15
9.5.1 General . 15
9.5.2 Designing strategy to achieve resilience policy objectives . 15
9.5.3 Ensuring alignment with organizational goals . 15
9.5.4 Establishing resilience objectives . 15
9.5.5 Prioritizing objectives .16
9.6 Strategy implementation .16
9.6.1 General .16
9.6.2 Developing a strategic implementation plan.16
9.6.3 Allocating resources .17
9.6.4 Roles and responsibilities .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/TS 22386:2024(Main)
Security and resilience — Authenticity, integrity and trust for products and documents — Guidelines for brand protection and enforcement procedures

This document provides guidelines for establishing and enforcing respective measures for brand protection. It supports the development of a brand protection strategy and describes a brand protection framework for the development, production, and distribution of products and documents. Applying these guidelines throughout the product lifecycle can facilitate interaction between individuals and organizations involved in brand protection activities and can make brand protection procedures more effective and efficient. This document is intended to support the brand owner’s business resilience, brand reputation, and brand value, by protecting products, documents, and associated services from counterfeiting and other infringements.

  • Technical specification
    17 pages
    English language
    sale 15% off
ISO
ISO/TS 22360:2024(Main)
Security and resilience — Crisis management — Concepts, principles and framework

This document provides an outline of crisis concepts and the principles that inform and support contemporary thinking on the circumstances and conditions under which crises can develop. It specifies: — concepts and principles, governing crises; — the social-ecological system (SES) framework in which crises develop; — factors that contribute to crises; — the progression and evolution of a crisis; — a structure for classifying crises; — the relationship between issues, incidents, emergencies, disasters, and crises; — a crisis taxonomy for the systematic development of policies, strategies, and standards, relevant to crisis management (see Annex A). This document does not provide guidance on how organizations can: — manage physiological or psychological aspects of human reactions to personal crises; — manage personal health or public health crisis affecting individuals, communities, or having broader impacts on society; — design, develop or implement crisis management programs or plans; — develop a strategic capability for crisis management; — apply crisis management techniques to specific crisis situations. This document is applicable to all organizations. It can also be applied by standards users and standards writers and educators. It encourages a better understanding of crisis concepts and the interconnected characteristics of factors that contribute to crises through referencing the crisis controls and effects social-ecological system model. The application of the principles described in this document can encourage consistency in the use of crises related terms and definitions and complements other ISO standards for crisis management.

  • Technical specification
    26 pages
    English language
    sale 15% off
  • Technical specification
    29 pages
    French language
    sale 15% off
ISO
ISO 22359:2024(Main)
Security and resilience — Guidelines for hardened protective shelters

This document provides guidelines for the design, use and maintenance of hardened protective shelters (hereafter referred to as “shelters”). It specifies guidance on the layout, structures, equipment and actions related to a shelter. This document is intended for organizations or individuals responsible for or involved in decision-making, planning, implementation, administration, use or upkeep of shelters, such as local, regional and national governments, civil protection agencies, first responders and businesses such as designers, constructers and equipment suppliers. This document does not cover the minimum requirements or exact specifications for the properties of or actions related to a shelter; nor does it cover rapidly erected temporary shelters, such as lightweight canvas weather shelters, other tarp tent shelters, or metal and container shelters. Military shelters are subject to additional requirements which are outside the scope of this document.

  • Standard
    26 pages
    English language
    sale 15% off
ISO
ISO 28000:2022/Amd 1:2024(Amendment)
Security and resilience — Security management systems — Requirements — Amendment 1: Climate action changes
  • Standard
    1 page
    English language
    sale 15% off
ISO
ISO 22301:2019/Amd 1:2024(Amendment)
Security and resilience — Business continuity management systems — Requirements — Amendment 1: Climate action changes
  • Standard
    1 page
    English language
    sale 15% off
  • Standard
    1 page
    French language
    sale 15% off
  • Standard
    1 page
    French language
    sale 15% off
ISO
ISO 22388:2023(Main)
Security and resilience — Authenticity, integrity and trust for products and documents — Guidelines for securing physical documents

This document gives guidance on how to secure physical documents for specifying entities of physical documents. It establishes a procedure for security design, which includes: — risk assessment; — determination of document classes; — introduction of security features; — security evaluation; — document risk mitigation. This document is applicable to secure physical documents that are used for important actions such as validating value transactions, providing access, demonstrating compliance and securing products. This document does not apply to banknotes, machine-readable travel documents, driving licences, postage stamps, tax stamps, health cards or national identity cards covered by existing standards and regulations.

  • Standard
    36 pages
    English language
    sale 15% off
  • Standard
    39 pages
    French language
    sale 15% off
ISO
ISO 22376:2023(Main)
Security and resilience — Authenticity, integrity and trust for products and documents — Specification and usage of visible digital seal (VDS) data format for authentication, verification and acquisition of data carried by a document or object

This document defines the conditions necessary for the interoperable deployment of visible digital seals (VDSs). It describes the structure, possible forms of representation, production process and verification process applicable to VDSs, for any type of document or object to which they relate. This document does not establish requirements for users that issue and verify documents or for users that implement and deploy VDSs. This document does not apply to detailed response formatting functions (RFFs). These requirements and functions are defined by the trust service operator (TSO) and generally cover functionalities such as the security levels of certificates and governance rules to be applied to document issuers and trust service providers (TSPs) intervening in the VDS ecosystem. This document does not apply to the governance related to the operation of the VDS scheme. It is not intended to replace the specifications from Agence Nationale des Titres Sécurisés (ANTS), Bundesamt für Sicherheit in der Informationstechnik (BSI) and International Civil Aviation Organization (ICAO) documents.

  • Standard
    40 pages
    English language
    sale 15% off
  • Standard
    41 pages
    French language
    sale 15% off
ISO
ISO 22342:2023(Main)
Security and resilience — Protective security — Guidelines for the development of a security plan for an organization

This document gives guidance on developing and maintaining security plans. The security plan describes how an organization establishes effective security planning and how it can integrate security within organizational risk management practices. This document is applicable to all organizations regardless of type, size and nature, whether in the private, public or not-for-profit sectors, that wish to develop effective security plans in a consistent manner. This document is applicable to any organization intending to implement measures designed to protect their assets against malicious acts and mitigate their associated risks. This document does not provide specific criteria for identifying the need to implement or enhance prevention and protection measures against malicious acts. It does not apply to services and operations delivered by private security companies.

  • Standard
    11 pages
    English language
    sale 15% off
  • Standard
    12 pages
    French language
    sale 15% off
ISO
ISO 22393:2023(Main)
Security and resilience — Community resilience — Guidelines for planning recovery and renewal

This document gives guidance on how to develop meaningful recovery activities and renewal initiatives from any type of major emergency, disaster or crisis, no matter what type of impact or damage it has. It provides guidelines on how to identify the short-term, transactional activities needed to reflect and learn, review preparedness of parts of the system impacted by the crisis, and reinstate operations to build preparedness to future emergencies. It distinguishes a longer-term perspective, called “renewal”, and provides guidelines on how to identify visionary initiatives to be addressed through transformation to change lives and futures. The guidelines cover how, in both recovery and renewal, there is a need to identify scalable activity on people, places, processes, power and partners. This document is applicable to all organizations, particularly those involved in recovery and renewal and that are responsible for human welfare and community development (e.g. public, voluntary, community and social enterprise sectors).

  • Standard
    39 pages
    English language
    sale 15% off
ISO
ISO 22385:2023(Main)
Security and resilience — Authenticity, integrity and trust for products and documents — Guidelines to establish a framework for trust and interoperability

This document establishes a framework for a trustworthy environment for information processing and communication that protects integrity along the supply chain of physical and related electronic documents, products, software and services life cycle to mitigate product fraud and counterfeit goods, by using object identification techniques. This document gives guidelines to establish a framework for ensuring trust, interoperability and interoperation via secure and reliable electronically signed encoded data set (ESEDS) schemes for multi-actor applications which are even applicable in multi-sector environment. This document does not interfere with existing traceability and identification and authentication systems but is able to support interoperations between them by introducing an ESEDS scheme.

  • Standard
    16 pages
    English language
    sale 15% off
  • Standard
    16 pages
    French language
    sale 15% off