Security and resilience — Emergency management — Guidelines for incident management

This document gives guidelines for incident management, including — principles that communicate the value and explain the purpose of incident management, — basic components of incident management including process and structure, which focus on roles and responsibilities, tasks and management of resources, and — working together through joint direction and cooperation. This document is applicable to any organization involved in responding to incidents of any type and scale. This document is applicable to any organization with one organizational structure as well as for two or more organizations that choose to work together while continuing to use their own organizational structure or to use a combined organizational structure.

Sécurité et résilience — Gestion des urgences — Lignes directrices pour la gestion des incidents

General Information

Status
Published
Publication Date
04-Nov-2018
Current Stage
6060 - International Standard published
Start Date
05-Nov-2018
Completion Date
05-Nov-2018
Ref Project

RELATIONS

Buy Standard

Standard
ISO 22320:2018 - Security and resilience -- Emergency management -- Guidelines for incident management
English language
20 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO
STANDARD 22320
Second edition
2018-11
Security and resilience — Emergency
management — Guidelines for
incident management
Sécurité et résilience — Gestion des urgences — Lignes directrices
pour la gestion des incidents
Reference number
ISO 22320:2018(E)
ISO 2018
---------------------- Page: 1 ----------------------
ISO 22320:2018(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2018

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2018 – All rights reserved
---------------------- Page: 2 ----------------------
ISO 22320:2018(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Principles ..................................................................................................................................................................................................................... 1

4.1 General ........................................................................................................................................................................................................... 1

4.2 Ethics ............................................................................................................................................................................................................... 1

4.3 Unity of command ................................................................................................................................................................................ 1

4.4 Working together .................................................................................................................................................................................. 2

4.5 All-hazards approach ........................................................................................................................................................................ 2

4.6 Risk management ................................................................................................................................................................................. 2

4.7 Preparedness ............................................................................................................................................................................................ 2

4.8 Information sharing ............................................................................................................................................................................ 2

4.9 Safety ............................................................................................................................................................................................................... 2

4.10 Flexibility ..................................................................................................................................................................................................... 2

4.11 Human and cultural factors ......................................................................................................................................................... 2

4.12 Continual improvement .................................................................................................................................................................. 2

5 Incident management ..................................................................................................................................................................................... 2

5.1 General ........................................................................................................................................................................................................... 2

5.2 Incident management process .................................................................................................................................................. 3

5.2.1 General...................................................................................................................................................................................... 3

5.2.2 Different perspectives ................................................................................................................................................. 4

5.2.3 Understanding the importance of time ........................................................................................................ 4

5.2.4 Being proactive .................................................................................................................................................................. 5

5.3 Incident management structure .............................................................................................................................................. 5

5.3.1 General...................................................................................................................................................................................... 5

5.3.2 Roles and responsibilities ........................................................................................................................................ 6

5.3.3 Incident management tasks ................................................................................................................................... 6

5.3.4 Incident management resources........................................................................................................................ 7

6 Working together ................................................................................................................................................................................................. 7

6.1 General ........................................................................................................................................................................................................... 7

6.2 Prerequisites for achieving coordination and cooperation .............................................................................. 8

6.2.1 Sharing the same incident management process ................................................................................ 8

6.2.2 Seeing the whole picture ........................................................................................................................................... 8

6.2.3 Common operational picture ................................................................................................................................ 8

6.2.4 Establishing communication ................................................................................................................................. 9

6.2.5 Establishing joint decisions .................................................................................................................................... 9

6.3 Developing and implementing methods for working together ..................................................................... 9

6.3.1 General...................................................................................................................................................................................... 9

6.3.2 Agreements ...................................................................... ..................................................................................................... 9

6.3.3 Technical equipment .................................................................................................................................................10

Annex A (informative) Additional guidance on working together .....................................................................................11

Annex B (informative) Additional guidance on incident management structure ..............................................14

Annex C (informative) Examples of incident management tasks ........................................................................................16

Annex D (informative) Incident management planning ...............................................................................................................18

Bibliography .............................................................................................................................................................................................................................20

© ISO 2018 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO 22320:2018(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO’s adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso

.org/iso/foreword .html.

This document was prepared by Technical Committee ISO/TC 292, Security and resilience.

This second edition cancels and replaces the first edition (ISO 22320:2011), which has been technically

revised.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/members .html.
iv © ISO 2018 – All rights reserved
---------------------- Page: 4 ----------------------
ISO 22320:2018(E)
Introduction

In recent years, there have been many disasters, both natural and human-induced, and other major

incidents which have shown the importance of incident management in order to save lives, reduce harm

and damage, and to ensure an appropriate level of continuity of essential societal functions.

Such functions include health, telecommunication, water and food supply, and access to electricity and

fuel. While in the past the focus of incident management has been national, regional or within single

organizations, today and for the future there is a need for a multinational and multi-organizational

approach. This need is driven by relationships and interdependencies between governments,

non-governmental organizations (NGO), civil society organizations (CSO) and the private sector

internationally.

Factors such as increased urbanization, critical infrastructure dependencies and interdependencies,

socio-economic dynamics, environmental change, animal and human diseases and the heightened

movement of people and goods around the world have increased the potential for disruptions and

disasters that transcend geographic and political boundaries and impact the incident management

capability.

This document provides guidance for organizations to improve their handling of all types of incidents

(for example, emergencies, crisis, disruptions and disasters). The multiple incident management

activities are often shared between organizations and agencies, with the private sector, regional

organizations, and governments, have different levels of jurisdiction. Thus, there is a need to guide all

involved parties in how to prepare and implement incident management.

Cross-organization-region or -border assistance during incident management is expected to be

appropriate to the needs of the affected population and to be culturally sensitive. Therefore, multi-

stakeholder participation, which focuses on community involvement in the development and

implementation of incident management, is desirable where appropriate. Involved organizations require

the ability to share a common approach across geographical, political and organizational boundaries.

This document is applicable to any organization responsible for preparing for or responding to incidents

at the local, regional, national and, possibly, international level, including those who

a) are responsible for, and participating in, incident preparation,
b) offer guidance and direction in incident management,
c) are responsible for communication and interaction with the public, and
d) do research in the field of incident management.

Organizations benefit from using a common approach for incident management as this enables

collaborative work and ensures more coherent and complementary actions among organizations.

Most incidents are local in nature and are managed at the local, municipal, regional, state or

provincial level.
© ISO 2018 – All rights reserved v
---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO 22320:2018(E)
Security and resilience — Emergency management —
Guidelines for incident management
1 Scope
This document gives guidelines for incident management, including

— principles that communicate the value and explain the purpose of incident management,

— basic components of incident management including process and structure, which focus on roles

and responsibilities, tasks and management of resources, and
— working together through joint direction and cooperation.

This document is applicable to any organization involved in responding to incidents of any type and scale.

This document is applicable to any organization with one organizational structure as well as for two

or more organizations that choose to work together while continuing to use their own organizational

structure or to use a combined organizational structure.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 22300, Security and resilience — Vocabulary
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 22300 apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org/
4 Principles
4.1 General

An organization dealing with any incident should consider the principles described in 4.2 to 4.12.

4.2 Ethics

Incident management respects the primacy of human life and human dignity through neutrality and

impartiality.
4.3 Unity of command

Incident management requires that every person at any point in time reports to only one supervisor.

© ISO 2018 – All rights reserved 1
---------------------- Page: 6 ----------------------
ISO 22320:2018(E)
4.4 Working together
Incident management requires organizations to work together.
NOTE For additional information, see Clause 6.
4.5 All-hazards approach

Incident management considers both natural and human induced incidents, including those which the

organization has not yet experienced.
NOTE For a definition of all-hazards, see ISO 22300.
4.6 Risk management
Incident management is based on risk management.
NOTE Guidance on risk management is given in ISO 31000.
4.7 Preparedness
Incident management requires preparedness.
4.8 Information sharing
Incident management requires the sharing of information and perspectives.
4.9 Safety

Incident management emphasizes the importance of safety for both responders and those impacted.

4.10 Flexibility

Incident management is flexible (e.g. adaptability, scalability, and subsidiarity).

4.11 Human and cultural factors
Incident management takes human and cultural factors into account.
4.12 Continual improvement

Incident management emphasizes continual improvement to enhance organizational performance.

5 Incident management
5.1 General

Incident management should consider a combination of facilities, equipment, personnel, organizational

structure, procedures and communications.

Incident management is predicated on the understanding that in any and every incident there are

certain management functions that should be carried out regardless of the number of people who are

available or involved in the responding to the incident.
The organization should implement incident management, including
a) an incident management process (5.2), and
2 © ISO 2018 – All rights reserved
---------------------- Page: 7 ----------------------
ISO 22320:2018(E)

b) an incident management structure, which identifies incident management roles and responsibilities,

tasks and the allocation of resources (5.3).
The organization should document the incident management process and structure.
5.2 Incident management process
5.2.1 General

The incident management process is based on objectives which are developed by gathering and

proactively sharing information in order to assess the situation and identify contingencies.

The organization should engage in planning activities as part of preparedness and response, which

consider the following:
a) safety,
b) incident management objectives,
c) information about the situation,
d) monitoring and assessing the situation,
e) planning function which determine an incident action plan,
f) allocating, tracking and releasing resources,
g) communications,
h) relationships with other organizations, common operational picture,
j) demobilization and termination,
k) documentation guidelines.
NOTE 1 Annex D gives recommendations on incident management planning.

NOTE 2 An incident action plan (verbal or written) includes goals, objectives, strategies, tactics, safety,

communications and resource management information.
NOTE 3 Demobilize means to return resources to their original use and status.

NOTE 4 Termination means a formal handover from incident management responsibilities to another

organization.

Decisions made among organizations should be shared as appropriate. The incident management

process applies to any scale of incident (short-/long-term) and should be applied as appropriate to all

levels of responsibility. Figure 1 gives a simple example of the incident management process.

The organization should establish an incident management process that is ongoing and includes the

following activities:
— observation;
— information gathering, processing and sharing;
— assessment of the situation, including forecast;
— planning;
— decision-making and the communication of the decisions taken;
— implementation of decisions;
© ISO 2018 – All rights reserved 3
---------------------- Page: 8 ----------------------
ISO 22320:2018(E)
— feedback gathering and control measures.

The incident management process should not be limited to the actions of the incident commander

but should also be applicable to all people involved in the incident command team, at all levels of

responsibility.
Figure 1 — Incident management process
5.2.2 Different perspectives
The organization should strive to understand other perspectives such as
a) within and outside the organization,
b) various response scenarios,
c) differing needs,
d) various required actions, and
e) different organizational cultures and objectives.
5.2.3 Understanding the importance of time
The organization should
a) anticipate cascading effects,
b) take the initiative to do something sooner, rather than later,
c) consider other organization’s timelines,
d) determine the impact of different timelines, and
e) modify its timeline accordingly.
4 © ISO 2018 – All rights reserved
---------------------- Page: 9 ----------------------
ISO 22320:2018(E)

The organization should consider the needs and effects in both the short- and long-term. This includes

anticipating
— how the incident will develop,
— when different needs will arise, and
— how long it takes to meet these needs.
5.2.4 Being proactive
The organization should take the initiative to
a) assess risks and align the response to increase response effectiveness,
b) anticipate how incidents can change and use resources effectively,

c) make decisions concerning various measures early enough for decisions to be effective when they

are actually needed,
d) manage the incident early,
e) initiate a joint response instead of waiting for someone else to do so,
f) find out what shared information is required, and

g) inform and instruct involved parties, e.g. in order to build up new resources.

5.3 Incident management structure
5.3.1 General

The organization should implement an incident management structure to carry out the tasks relevant

to the incident objectives.
An incident management structure should include the following basic functions.

a) Command: authority and control of the incident; incident management objectives structure and

responsibilities; ordering and release of resources.

b) Planning: collection, evaluation and timely sharing of incident information and intelligence; status

reports including assigned resources and staffing; development and documentation of incident

action plan; information gathering, sharing and documentation.

c) Operations: tactical objectives; hazard reduction; protection of people, property and environment;

control of incident and transition to recovery phase.

d) Logistics: incident support and resources; facilities, transportation, supplies, equipment

maintenance, fuel, food service and medical services for incident personnel; communications and

information technology support.

e) Finance and administration: compensation and claims; procurement; costs and time. (Depending

on the scale of an incident, a separate financial and administrative function may not be necessary.)

Planning, operations, logistics and finance and administration should be considered for each level of

incident management, e.g. sections and subsections of the whole incident management system.

The organization should define and document the minimum staffing requirements to immediately

initiate and continuously maintain the organization’s incident management.

Annexes B, C and D provide additional information and examples of an incident management structure

for one or more collaborating organizations with internal hierarchal structures.
© ISO 2018 – All rights reserved 5
---------------------- Page: 10 ----------------------
ISO 22320:2018(E)
5.3.2 Roles and responsibilities

The organization should clearly define roles and responsibilities of all personnel and the operating

procedures to be used. The organization should designate one or more persons with the responsibility for

a) determining incident management objectives,
b) identifying legal and other obligations,

c) initiating, coordinating and taking responsibility for all measures of incident management,

d) establishing the organizational structure, taking span of control into account,

e) assigning tasks, and
f) activation, escalation, demobilization, termination.
Annex C provides additional information.
5.3.3 Incident management tasks
5.3.3.1 At each level of command, the organization should
a) establish incident command and internal organizational structure,
b) assess the risks in the affected area,
c) determine objectives,
d) determine decision-making process,
e) create an action plan,
f) organize the site and develop organizational structure,
g) manage the resources,
h) create a common operational picture,
i) review and modify plans,
j) manage additional facilities,
k) manage additional resources,
l) manage logistics, and
m) keep records.

5.3.3.2 The organization should include the following functions at its top level, as appropriate:

a) safety;
b) public information;
c) liaisons;
d) specific advising/consulting;
e) information and communication technology support.

5.3.3.3 Annex C provides a description of public information and additional examples of incident

management tasks.
6 © ISO 2018 – All rights reserved
---------------------- Page: 11 ----------------------
ISO 22320:2018(E)

5.3.3.4 Depending on the scale of the incident, tasks may be combined. In large-scale incidents

additional resources may be needed or may be allocated to other organizations. These tasks are also

relevant for a joint command in an inter-organizational incident management structure.

5.3.3.5 The organization may allocate responsibility relating to finance and administration, intelligence

and investigations to other departments or organizations.
5.3.4 Incident management resources
The organization should administer and manage resources by
a) identifying and quantifying required resources,
b) ordering, tracking and distributing resources, and
c) establishing resource demobilization procedures.
6 Working together
6.1 General
Working together is about coordination and cooperation for both
— different department or levels within a single organization, and
— multiple organizations.

Organizations should use interoperable terminology within the incident management process and

structure as described in Clause 5. Additional recommendations are provided in 6.2.2.

NOTE ISO/TR 22351 provides more information on exchange of information.

Organizations should commit to contribute and strive to achieve joint direction. Joint direction results

from top management from each organization agreeing on common incident objectives.

Figure 2 and Annex A provide additional information on working together.
© ISO 2018 – All rights reserved 7
---------------------- Page: 12 ----------------------
ISO 22320:2018(E)
Figure 2 — Coordinated incident management process for multiple organizations
6.2 Prerequisites for achieving coordination and cooperation
6.2.1 Sharing the same incident management process

Working together involves organizations using the incident management process in the same way

(see 5.2).
6.2.2 Seeing the whole picture

The organization should look beyond its scope of operations to consider and understand

a) the overall incident management objectives,
b) the other organizations involved and their capabilities,
c) the tasks allocated to other organizations,
d) the resources needed to respond to the incident, and
e) the possible effects of different ways of responding.
6.2.3 Common operational picture

The organization should plan to manage concurrent incidents, as consequences of an incident may arise

concurrently on multiple levels and in several sectors of the general public.
When managing concurrent incidents on multiple levels the organization should

— identify the organizations involved in order to avoid duplication and to facilitate the offering of or

request for assistance in a timely and simple way,
8 © ISO 2018 – All rights reserved
---------------------- Page: 13 ----------------------
ISO 22320:2018(E)

— anticipate that other organizations may assess the situation in a different way, and

— identify situations (e.g. cascading effects) that may impede or delay agreements and result in

inappropriate actions.
The organization should develop a common operational picture by

— actively sharing information with other organizations, ensuring that the requests made a

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.