ISO 10651-3:1997 - ADDED by marina 8 of Aril need to delete
Lung ventilators for medical use — Part 3: Particular requirements for emergency and transport ventilators
General Information
Standards Content (Sample)
IS0
INTERNATIONAL
10651-3
STANDARD
First edition
1997-01-15
Lung ventilators for medical use -
Part 3:
Particular requirements for emergency and
transport ventilators
Ven tila teurs pulmonaires 2 usage m6dical -
Partie 3: Exigences particuh&es pour ventilateurs de secours et de
transport
Reference number
IS0 10651-3:1997(E)
Posebna izdaja SIST z dovoljenjem CEN, CENELEC, ISO in IEC v času epidemije COVID- 19.
Brezplačen vpogled v vsebino standarda. Kopiranje in posredovanje prepovedano. © SIST
<<04/2020>>
ISOlO651-3:1997(E)
Foreword
IS0 (the International Organization for Standardization) is a worldwide fed-
eration of national standards bodies (IS0 member bodies). The work of
preparing International Standards is normally carried out through IS0
technical committees. Each member body interested in a subject for
which a technical committee has been established has the right to be
represented on that committee. International organizations, governmental
I and non-governmental, in liaison with ISO, also take part in the work. IS0
collaborates closely with the International Electrotechnical Commission
(IEC) on all matters of electrotechnical standardization.
Draft International Standards adopted by the technical committees are cir-
culated to the member bodies for voting. Publication as an International
Standard requires approval by at least 75 % of the member bodies casting
a vote.
International Standard IS0 10651-3 was prepared by Technical Committee
lSO/TC 121, Anaesthetic and respiratory equipment, Subcommittee SC 3,
Lung ventilators and related equipment.
IS0 10651 consists of the following parts, under the general title Lung
ventilators for medical use:
Part ? : Particular requirements for critical care ventilators
Part 2: Particular requirements for home care ventilators
- Part 3: Particular requirements for emergent y and transport
ventilators
Annexes M and N of this part of IS0 10651 are for information only.
0 IS0 1997
All rights reserved. Unless otherwise specified, no part of this publication may be
reproduced or utilized in any form or by any means, electronic or mechanical, including
photocopying and microfilm, without permission in writing from the publisher.
International Organization for Standardization
Case Postale 56 l CH-1211 Geneve 20 l Switzerland
Printed in Switzerland
Posebna izdaja SIST z dovoljenjem CEN, CENELEC, ISO in IEC v času epidemije COVID- 19.
ii
Brezplačen vpogled v vsebino standarda. Kopiranje in posredovanje prepovedano. © SIST
<<04/2020>>
IS0 10651=3:1997(E)
@ IS0
Introduction
This part of IS0 10651 specifies requirements for portable lung ventilators
designed for use in emergency situations and transport. These devices
must meet the definition of a lung ventilator (to automatically augment or
provide ventilation of the patient’s lungs), but will frequently be used
outside the hospital or home by persons with different levels of training.
A rationale for the most important requirements is given in annex M.
. . .
III
Posebna izdaja SIST z dovoljenjem CEN, CENELEC, ISO in IEC v času epidemije COVID- 19.
Brezplačen vpogled v vsebino standarda. Kopiranje in posredovanje prepovedano. © SIST
<<04/2020>>
This page intentionally left blank
Posebna izdaja SIST z dovoljenjem CEN, CENELEC, ISO in IEC v času epidemije COVID- 19.
Brezplačen vpogled v vsebino standarda. Kopiranje in posredovanje prepovedano. © SIST
<<04/2020>>
IS0 10651=3:1997(E)
INTERNATIONAL STANDARD @ IS0
Lung ventilators for medical use -
Part 3:
Particular requirements for emergency and transport ventilators
Section 1: General
1.1 Scope
NOTE - See the rationale in annex M.
This part of IS0 10651 is one of a series of International Standards based on IEC 601-l :I988 (the “General Standard”);
this type of International Standard is referred to as a “Particular Standard”. As stated in 1.3 of IEC 601-1:1988, the
requirements of this part of IS0 10651 take precedence over those of IEC 601-I :1988. Where this part of IS0 10651
specifies that a clause of IEC 601-I applies, it means that the clause applies only if the requirement is relevant to the
ventilator under consideration.
This part of IS0 10651 has common requirements with IEC 601-2-12. It also includes requirements from
IS0 10651-I :I 993.
The scope and object given in clause 1 of IEC 601-I :I 988 apply, except that 1 .I shall be replaced by the following:
This part of IS0 10651 specifies requirements for portable lung ventilators designed for use in emergency situations
and transport. Emergency and transport ventilators, called hereafter “ventilator”, are often installed in ambulances or
other types of rescue vehicles, but are often used outside this environment, where they have to be carried by the
operator or other persons. These devices will frequently be used outside the hospital or home by personnel with
different levels of training. This part of IS0 10651 is also applicable to devices permanently mounted in ambulances
or aircraft.
This part of IS0 10651 does not cover operator-powered ventilators (i.e. manual resuscitators).
1.2 Normative references
The following standards contain provisions which, through reference in this text, constitute provisions of this part
of IS0 10651. At the time of publication, the editions indicated were valid. All standards are subject to revision, and
parties to agreements based on this part of IS0 10651 are encouraged to investigate the possibility of applying the
most recent editions of the standards indicated below. Members of IEC and IS0 maintain registers of currently
valid International Standards.
- Marking for identification of con tent.
IS0 32: 1977, Gas cylinders for medical use
Posebna izdaja SIST z dovoljenjem CEN, CENELEC, ISO in IEC v času epidemije COVID- 19.
Brezplačen vpogled v vsebino standarda. Kopiranje in posredovanje prepovedano. © SIST
<<04/2020>>
0 KG
IS0 1065%3:1997(E)
IS0 5356-l :I 996, Anaesthetic and respiratory equipment - Conical connectors - Part I: Cones and sockets.
IS0 5356-2:1987, Anaesthetic and respiratory equipment - Conical connectors - Part 2: Screw-threaded weight-
bearing connectors.
IS0 5358:1992, Anaesthetic machines for use with humans.
IS0 5359: 1989, Low-pressure flexible connecting assemblies for use with medical gas systems.
I SO 5362: 1986, Anaes the tic reservoir bags.
IS0 5367: 1991, Breathing tubes intended for use with anaesthetic apparatus and ventilators.
IS0 7767:- 1), Oxygen monitors for monitoring patient breathing mixtures - Safety requirements.
IS0 9170: I 990, Terminal units for use in medical gas pipeline systems.
IS0 9703-I : 1992, Anaesthesia and respiratory care alarm signals - Part 1: Visual alarm signals.
IS0 9703-2: 1994, Anaesthesia and respiratory care alarm signals - Part 2: Auditory alarm signals.
10651-I :I 993, Lung ventilators for medical use - Part 1: Requirements.
IS0
IEC 68-2-6: 1982, Environmental testing - Part 2: Tests - Test Fc: Vibration (sinusoidal).
IEC 68-2-29:1987, Environmental testing - Part 2: Tests - Test Eb and Guidance: Bump.
IEC 68-2-32:1990, Environmental testing - Part 2: Tests - Test Ed: Free fall.
I EC 68-2-36: 1983, Environmental testing - Part 2: Tests - Test Fdb: Random vibration wide band -
Reproducibility medium.
IEC 79-4:1975, Electrical apparatus for explosive gas atmospheres - Part 4: Method of test for ignition
temperature.
I EC 601-I : 1988, Medica/ electrical equipment - Part 1: General requirements for safety.
I EC 601-I -2: 1993, Medical electrical equipment - Part I: General requirements for safety - Electromagnetic
compatibility - Requirements and tests.
I .3 Definitions
For the purposes of this part of IS0 10651, the definitions given in IS0 10651-I :I 993, I .3, and in clause 2 of
I EC 601-I : 1988 apply, with the following exceptions.
The definition given in IEC 601-I :I 988, 2.1.5, shall be replaced by the following:
2.1.5 applied part: All parts of the ventilator intended to be connected to the patient or to the breathing
system.
NOTE -
See also the rationale in annex M.
1) To be published.
Posebna izdaja SIST z dovoljenjem CEN, CENELEC, ISO in IEC v času epidemije COVID- 19.
Brezplačen vpogled v vsebino standarda. Kopiranje in posredovanje prepovedano. © SIST
<<04/2020>>
IS0 10651=3:1997(E)
0 IS0
The definition given in IS0 10651-I :I 993, I .3.19, shall be replaced by the following:
1.3.19 high-pressure gas input part: Gas input port to which gas is supplied at a pressure greater than
500 kPa.
NOTE - Attention is drawn to the definitions given in IS0 4135.
The following definitions also apply:
1.3.1 emergency ventilator: Portable lung ventilator intended for emergency ventilation and resuscitation use
primarily outside hospital facilities.
1.3.2 microbial [bacterial] [particulate] filter: Device intended to reduce bacteria content and particulate matter
content of the gas stream.
1.3.3 neonatal: Pertaining to an individual weighing less than 5 kg.
1.3.4 operator-powered resuscitator: Portable non-active medical device used in emergency situation to
provide lung ventilation to individual whose breathing is inadequate.
1.3.5 paediatric: Pertaining to an individual weighing between 5 kg and 40 kg.
1.3.6 transport ventilator: Lung ventilator intended for use during transport to, between, or within hospital
facilities.
1.4 General requirements
The general requirements given in clause 3 of IEC 601-I :I 988 apply, with the following addition:
NOTE - All parts of the ventilator should be designed and manufactured to minimize health risks due to substances
leached or leaking from the device during use.
3.6 k) Applicable single-fault conditions are
short- and open-circuits of components or wiring which can increase temperature (see clause 7);
a)
b) incorrect output resulting from software error(s).
3.6 k R) An oxidant leak which is not detected by e.g. an alarm or periodic inspection shall be considered a
normal condition and not a single-fault condition.
NOTE - See also 54.1.
3.6 I) Illumination of 215 lux shall be provided. Measurement of ambient illumination shall be made from the
control panel toward the test subject. Test operator shall have vision of 1, corrected if necessary.
1.5 General requirements for tests
The requirements given in clause 4 of IEC 601-I :I 988 apply.
1.6 Classification
The classification given in clause 5 of IEC 601-I : 1988 applies.
NOTE - A ventilator may have applied parts of different types.
Posebna izdaja SIST z dovoljenjem CEN, CENELEC, ISO in IEC v času epidemije COVID- 19. 3
Brezplačen vpogled v vsebino standarda. Kopiranje in posredovanje prepovedano. © SIST
<<04/2020>>
0 IS0
IS0 10651=3:1997(E)
1.7 Identification, marking and documents
The requirements given in clause 6 of IEC 601-I :I 988 apply with the following additions and modifications:
6.1 e) Amend existing IEC 601-I :I 988 text to read:
The address of the manufacturer and/or authorized representative, as applicable, shall also be marked.
After 6.1 z) add the following items:
unless non-interchangeable, shall be
6.1 aa) All operator-accessible flow-direction-sensitive components,
permanently marked with a clearly legible arrow indicating the direction of flow.
6.1 ab) Any high-pressure gas input port shall be marked with the name or symbol of the intended gas in
accordance with IS0 5359, the range of supply pressures and the maximum flow requirement.
6.1 ac) If operator-accessible ports are provided, they shall be marked. The following terms shall be used at
least in the national language or English. Alternatively, symbols may be used and explained in the instructions
for use.
Driving gas input port: the words “DRIVING GAS INPUT”;
fresh gas intake port: the words “FRESH GAS INTAKE”;
emergency air intake port: the words “WARNING: EMERGENCY AIR INTAKE - DO NOT OBSTRUCT”;
manual ventilation port: the word “BAG”;
5) gas output port: the words “GAS OUTPUT”;
6) gas return port: the words “GAS RETURN”;
7) gas exhaust port: the word “EXHAUST”;
8) pressure gauge port: the words “PRESSURE GAUGE” marked with a clearly legible arrow.
6.1 ad) Each ventilator assembly shall be provided with a permanently attached checklist which summarizes
the test procedures recommended by the manufacturer which have to be performed prior to use. The use of
electronic displays, e.g. a CRT, is permitted.
6.1 ae) The ventilator shall be durably and legibly marked with the following as far as applicable:
1) any particular storage and/or handling instructions;
2) any particular instructions for use;
any particular warnings and/or precautions relevant to the immediate operation of the ventilator;
3)
the range of body mass for which use of the ventilator is specified.
4)
6.1 af) Packages containing breathing attachments intended for single-patient use shall be clearly marked with
the following:
1) a description of the contents;
2) the words “SINGLE PATIENT USE”;
Symbol No. 1051 given in IS0 7000 may additionally be used.
NOTE -
3) the word “STERILE” or “NON-STERILE”, as applicable;
4) the name and/or trademark or the manufacturer and/or supplier;
Posebna izdaja SIST z dovoljenjem CEN, CENELEC, ISO in IEC v času epidemije COVID- 19.
Brezplačen vpogled v vsebino standarda. Kopiranje in posredovanje prepovedano. © SIST
<<04/2020>>
@ IS0
IS0 10651=3:1997(E)
5) recommended methods of cleaning, disinfection and sterilization;
6) an identification reference to the type, batch or serial number;
7) the mass of the ventilator and any associated equipment (e.g. cylinder, batteries, regulators, carrying cases,
etc.);
NOTE - Some breathing attachments may contain these recommended methods in the instructions for use.
6.1 ag] Packages containing breathing attachments made of conductive materials shall be clearly r~ arked with
the word “CONDUCTIVE” or “ANTISTATIC”.
6.1 ah) Packages containing breathing attachments for single-patient use or which are disposab e shall be
clearly marked with the recommended duration of use.
6.1 ai) If gas-specific colour coding of flow controls and flexible hoses is provided, it shall be in a accordance
with IS0 32.
6.8.2 a) Add the following text:
The instructions for use shall additionally include the following:
I) Expected operating time and conditions therefor.
If the ventilator has an internal power source, a specification of the minimum operating time during
a)
which the ventilator meets the specifications under normal use as stated by the manufacturer shall be
given.
If the ventilator is pneumatically powered, the range of supply pressures shall be stated (see 10.2).
b)
If the ventilat or is provided with a reserve power supply, the functioning after a switchover to the
d
reserve powe shal be descr ibed.
r SUPPlY
2) Unless entrainment of air is prevented, recommendation for use in hazardous or explosive atmospheres,
including a warning that if the ventilator will entrain or permit the patient to inhale gas from the atmosphere,
its use in contaminated environments may be hazardous. If applicable, the manufacturer shall describe how
to prevent such entrainment or inhalation, for example, by the use of a filter.
A method of testing the following alarms prior to connection of the breathing system to the patient:
3)
high-pressure alarm;
a)
breathing circuit integrity alarm, if provided;
b)
power failure alarm;
d
d) high and low oxygen concentration alarms, if provided.
The intended use of the ventilator (e.g. adult, neonatal, range of body mass).
4)
5) If the ventilator is fitted with a gas mixing system, the manufacturer shall disclose the information
necessary for safe operation.
A recommendation that an alternative means of ventilation be available.
6)
6.8.2 d) Add the following text:
The instructions for use shall contain information about cleanliness and sterility upon delivery for parts in contact
with the patient or the respiratory gases.
6.8.3 a) Add the following text:
The requirement given applies with the following addition:
Posebna izdaja SIST z dovoljenjem CEN, CENELEC, ISO in IEC v času epidemije COVID- 19. 5
Brezplačen vpogled v vsebino standarda. Kopiranje in posredovanje prepovedano. © SIST
<<04/2020>>
0 IS0
IS0 10651=3:1997(E)
Unless otherwise specified, parameters shall be assumed to be expressed under ATPD (atmospheric
temperature and pressure, dry) conditions. The technical description shall additionally include the following
information, as far as applicable.
1) The following pressure information:
maximum limited pressure (Prim max.);
minimum (subatmospheric) limited pressure (prim min.);
range of values to which the maximum working pressure can be set and the means by which the
maximum is assured (e.g. pressure cycling, pressure-limiting pressure generation);
a statement whether negative pressure (subatmospheric) is available in the expiratory phase. if there is
a facility for negative pressure in the expiratory phase, the limiting pressure and generated pressure, if
applicable, shall be listed for the expiratory phase and the inspiratory phase;
range of values to which the minimum (subatmospheric) working pressure can be set and the means
by which the minimum is assured.
2) Ranges of the following parameters, if preset or settabie to values above ambient:
- cycling pressure;
- end-expiratory pressure;
- delivered concentration of oxygen.
3) Description of the means of triggering.
type, range and sensing position of all measuring a nd display devices either incorporated into
4) The purpose,
for use wit h the ventilator.
the ventilator or recommended by the manufac turer
5) Conditions under which any measured or displayed flow, volume or ventilation (t) are to be expressed (e.g.
ATPD, BTPS) and the condition and composition of gas in the corresponding sensor so that the display
complies with the accuracy requirements specified in 51.9.
For alarms used with the emergency ventilator, a statement of their type, capabilities, principle of the alarm
6)
detection and, if appropriate, suppression or delay of annunciation, estimated battery life and suitable
replacement batteries.
Size and type of battery, criteria for the need for replacement and any special precautions.
Internal volume of any breathing attachments or other components or subassemblies recommended by the
manufacturer to be placed between the patient connection port and the patient. The manufacturer of these
components shall disclose the test method on request.
The instructions for use shall include disclosure of the resistance, compliance, internal volume and other
functional characteristics of the complete ventilator breathing system, including any breathing attachment
or other components or subassemblies, e.g. humidifier or microbial filter, recommended by the
manufacturer, and identification of any operator-detachable breathing system components.
Inspiratory and expiratory resistances shall be disclosed for flowrates of 60 l/min for adult use, 30 I/min for
paediatric use and 5 I/min for neonatal use.
A statement that the operator will have to ensure (in accordance with 56.16) that these values are not
exceeded when adding attachments or other components or subassemblies to the breathing system.
IO) Disclosure of the characteristics or the microbial filter, if fitted.
11 ) Pneumatic diagram of the ventilato r and a diagram for each ventilator breathing sys tern either supplied or
recommended by th e man ufacturer
12 ) Details of any restrictions on the sequence of components within the ventilator breathing system, e.g.
where such components are flow-direction-sensitive.
Posebna izdaja SIST z dovoljenjem CEN, CENELEC, ISO in IEC v času epidemije COVID- 19.
Brezplačen vpogled v vsebino standarda. Kopiranje in posredovanje prepovedano. © SIST
<<04/2020>>
IS0 10651=3:1997(E)
0 IS0
13) Interdependence of controls.
14) Disclosure of accuracies, in terms of precisions and bias and ranges of displayed values and calibrated
controls.
NOTE - Accuracies should be expressed in the form of maximum zero error, quoted directly in appropriate units,
plus a sensitivity error, quoted e.g. as a percentage of the reading.
Rationale: A zero error, together with a sensitivity error, is needed if a variable can pass through zero or can, in any
application, cover a range such that the minimum is a small fraction of the maximum.
15) Disclosure of how the delivered tidal or minute volumes and oxygen concentration are affected by pressure
at the patient connection port, in particular the maximum deviations from the calibrated or stated settings
of these parameters at mean pressures of 0,5 kPa, I,5 kPa, 3,0 kPa and 6,0 kPa.
16) Approximate duration of the gas supply, expressed as time per litre volume of the cylinder when charged at
a typical pressure and when the ventilator is set with typical ventilator settings. The chosen pressure and
the ventilator settings shall be disclosed.
After 6.8.3 d) add the following clause:
6.8.3 e) Extreme conditions
The manufacturer shall declare how the ventilator will respond as the environmental and supply conditions are
extended outside the limits given in clause IO, changing one parameter at a time, while the other parameters
are maintained within the limits given in clause IO, as well as combinations given by the manufacturer.
Outside the environmental and supply conditions specified in clause IO but within the limits declared, the
ventilator shall not cause a safety hazard to the patient or operator.
The ventilator might continue to function but outside the specified tolerances.
NOTE -
1.8 Power input
The requirements given in clause 7 of IEC 601-I :I 988 apply.
Posebna izdaja SIST z dovoljenjem CEN, CENELEC, ISO in IEC v času epidemije COVID- 19.
Brezplačen vpogled v vsebino standarda. Kopiranje in posredovanje prepovedano. © SIST
<<04/2020>>
IS010651=3:1997(E)
Section 2: Environmental conditions
2.1 Basic safety categories
The requirements given in clause 8 of IEC 601-I :I 988 apply.
2.2 Removable protective means
The requirements given in 6.1 z) of IEC 601-I :I 988 apply.
2.3 Environmental conditions
The requirements given in clause IO of IEC 601-I :I 988 apply, with the following modifications and additions.
102.1 a) An ambient temperature range of - 18 OC to -+ 50 OC.
102.1 b) A relative humidity range of 15 % to 95 %.
10.21 c) An atmospheric pressure range of 70 kPa to l IO kPa.
10.2.2 c) The ventilator shall continue to function within the specified tolerances throughout the following
ranges of internal and external electrical power tolerances:
- a.c. voltage: - 25 % to + 15 % of nominal value;
- d.c. voltage: - 15 % to + 25 % of nominal value;
- a.c. frequency: - 5 % to + 5 % of nominal value.
NOTE - D.C. noise should be considered in the design of a ventilator intended to be powered by an external d.c. supply.
10.2.3 External pneumatic power
The ventilator shall continue to function within the specified tolerances throughout the range of pressure
variations specified by the manufacturer.
If the ventilator is intended to be connected to a medical gas supply (either a medical gas pipeline system
complying with prEN 737-3 or a pressure regulator complying with prEN 738-l), it shall operate and meet the
requirements of this part of IS0 10651 for a pneumatic power supply throughout a range of 280 kPa to 600 kPa,
and shall cause no safety hazard under the single-fault condition of the medical gas supply of up to 1 000 kPa
inlet pressure. The time-weighted average over IO s and the steady-state flowrate of each medical gas required
by the ventilator shall not exceed 60 I/min at a pressure of 280 kPa measured at the gas inlet port. The transient
flowrate of each medical gas required by the ventilator shall not exceed the equivalent of 200 I/min for 3 s.
10.3 The ventilator shall function under the extreme conditions and combinations of these as declared by the
manufacturer in 6.8.3 e).
Posebna izdaja SIST z dovoljenjem CEN, CENELEC, ISO in IEC v času epidemije COVID- 19.
Brezplačen vpogled v vsebino standarda. Kopiranje in posredovanje prepovedano. © SIST
<<04/2020>>
IS0 10651=3:1997(E)
Section 3: Protection against electric shock hazards
3.1 General
The requirements given in clause 13 of IEC 601-l :I 988 apply.
3.2 Requirements related to classification
The requirements given in clause 14 of IEC 601-I :I 988 apply.
3.3 Limitation of voltage and/or energy
The requirements given in clause 15 of IEC 601-I :I 988 apply.
3.4 Enclosures and protective covers
The requirements given in clause 16 of IEC 601-I :I 988 apply.
3.5 Separation
The requirements given in clause 17 of IEC 601-I :I 988 apply.
Protective earthing, functional earthing and potential equalization
3.6
The requirements given in clause 18 of IEC 601-I :I 988 apply.
3.7 Continuous leakage currents and patient auxiliary currents
The requirements given in clause 19 of IEC 601-I :I 988 apply with the following amendment.
19.4 Add the following text to item h).
NOTE - See also annex M in this part of IS0 10651.
The patient leakage current shall be measured from the ventilator inlet(s) and outlet(s) and other parts which are
defined as applied parts for the purpose of this part of IS0 10651. All parts of the same type shall be connected
together electrically, with the exception of parts connected to the protective earth terminal which shall be
tested separately from parts not so connected.
3.8 Dielectric strength
The requirements given in clause 20 of IEC 601-I :I 988 apply.
Posebna izdaja SIST z dovoljenjem CEN, CENELEC, ISO in IEC v času epidemije COVID- 19.
Brezplačen vpogled v vsebino standarda. Kopiranje in posredovanje prepovedano. © SIST
<<04/2020>>
IS0 10651=3:1997(E)
Section 4: Protection against mechanical hazards
4.1 Mechanical strength
Latlons:
The requirements given in clause 21 of IEC 601-I :I 988 apply with the following additions and modi*-’ ’
Replace the existing text with the following:
21.6
comply with the
The ventilator while functioning shall withstand the stresses caused by rough handling and shal
tests in 21.6 a) to d).
During and after the tests, the ventilator shall continue to function within the tolerances specified by the
manufacturer for normal use conditions.
21.6 a) Vibration (sinusoidal) in accordance with IEC 68-2-6 Test Fc
- Frequency range: 10 Hz-l 000 Hz
- Amplitude/acceleration: 0,35 mm/49 m-s-2
- Number of sweep cycles: four on each axis
- Sweep rate: 1 octave/min + 10 %
Reproducibility medium in accordance with IEC 68-2-36, Test Fdb
21.6 b) Random vibration (wide band) -
- ASD IO-200 Hz: O,Olg2/Hz
- ASD 200-500 Hz: 0,003g2/Hz
- Total r.m.s. acceleration: 1,7g (rms)
- Duration/axis/mounting: 30 min
21.6 c) Bump test in accordance with IEC 68-2-29, Test Eb
- Peak acceleration: 15g
- Pulse duration: 6 ms
- Number of bumps: 4 000
- Direction: vertical, with the ventilator in its normal operating positions
21.6 d) Free fall test in accordance with IEC 68-2-32, Procedure 1
- Height of fall: 0,75 m
- Number of falls: one on each of the six surfaces
4.2 Moving parts
The requirements given in clause 22 of IEC 601-I :I 988 apply.
4.3 Surfaces, corners and edges
The requirements given in clause 23 of IEC 601-I :I 988 apply.
IO
Posebna izdaja SIST z dovoljenjem CEN, CENELEC, ISO in IEC v času epidemije COVID- 19.
Brezplačen vpogled v vsebino standarda. Kopiranje in posredovanje prepovedano. © SIST
<<04/2020>>
Q IS0 IS0 10651=3:1997(E)
4.4 Stability in normal use
The requirements given in clause 24 of IEC 601-I :I 988 apply.
4.5 Expelled parts
The requirements given in clause 25 of IEC 601-I :I 988 apply.
4.6 Vibration and noise
The requirements given in clause 26 of I EC 601-I :I 988 apply.
4.7 Pneumatic and hydraulic power
The requirements given in clause 27 of IEC 601-I :I 988 apply.
4.8 Suspended masses
The requirements given in clause 28 of IEC 601-I :I 988 apply.
Posebna izdaja SIST z dovoljenjem CEN, CENELEC, ISO in IEC v času epidemije COVID- 19.
Brezplačen vpogled v vsebino standarda. Kopiranje in posredovanje prepovedano. © SIST
<<04/2020>>
IS0 10651=3:1997(E)
Protection against hazards from unwanted or excessive
Section 5:
radiation
5. II X-radiation
The requirements given in clause 29 of IEC 601-I :I 988 apply.
5.2 Alpha, beta, gamma, neutron radiation and other particle radiation
The requirements given in clause 30 of IEC 601-I :I 988 apply.
5.3 Microwave radiation
The requirements given in clause 31 of IEC 601-I :I 988 apply.
5.4 Light radiation (including lasers)
The requirements given in clause 32 of IEC 601-I :I 988 apply.
5.5 Infrared radiation
The requirements given in clause 33 of IEC 601-I :I 988 apply.
5.6 Ultraviolet radiation
The requirements given in clause 34 of IEC 601-I :I 988 apply.
5.7 Acoustical energy (including ultrasonics)
The requirements given in clause 35 of IEC 601-I :I 988 apply.
5.8 Electromagnetic compatibility
The requirements given in clause 36 of IEC 601-I :I 988 apply.
5.8 a) The ventilator shall continue to function and meet the requirements of this part of IS0 10651 or shall fail
without causing a safety hazard when tested in accordance with IEZ 601 -l-2:1 993, with the following
modification.
If an anomaly occurs, such as display interruption, alarm activation, etc., it shal I be possib le to restore normal
operation within 30 s after the electromagnetic disturbances have been applied.
NOTE - Silencing of an activated alarm should not be considered as a failure.
Posebna izdaja SIST z dovoljenjem CEN, CENELEC, ISO in IEC v času epidemije COVID- 19.
Brezplačen vpogled v vsebino standarda. Kopiranje in posredovanje prepovedano. © SIST
<<04/2020>>
0 IS0
IS0 10651=3:1997(E)
5.8 b) The requirements of IEC 601-I-2 apply, with the following modifications:
36.2021 Replace the test voltages specified to 8 kV for contact discharges and 15 kV for air discharges.
If an anomaly occurs, such as display interrupt, alarm activation or silencing of an activated alarm, it shall
not be considered a failure if it is possible to restore normal operation within 30 s.
36.20221 Replace the level of 3 V/m with 30 V/m.
For the purposes of radiated immunity tests, the ventilator shall not be considered as patient-coupled
equipment as defined in 2.202 of IEC 601-I-2.
Posebna izdaja SIST z dovoljenjem CEN, CENELEC, ISO in IEC v času epidemije COVID- 19.
Brezplačen vpogled v vsebino standarda. Kopiranje in posredovanje prepovedano. © SIST
<<04/2020>>
IS0 10651=3:1997QE)
Section 6: Protection against hazards of ignition of flammable
anaesthetic mixtures
6.1 Locations and basic requirements
The requirements given in clause 37 of IEC 601-I :I 988 apply.
6.2 Marking, accompanying documents
The requirements given in clause 38 of IEC 601-I :I 988 apply.
Common requirements for category AP and category APG equipment
6.3
The requirements given in clause 39 of IEC 601-I :I 988 apply.
6.$ Requirements and tests for category APG equipment, parts and components thereof
The requirements given in clauses 40 and 41 of IEC 601-l :I 988 apply.
Posebna izdaja SIST z dovoljenjem CEN, CENELEC, ISO in IEC v času epidemije COVID- 19.
Brezplačen vpogled v vsebino standarda. Kopiranje in posredovanje prepovedano. © SIST
<<04/2020>>
IS0 10651-3:1997(E)
Section 7: Protection against excessive temperatures
and other safety hazards
7.1 Excessive temperatures
The requirements given in clause 42 of IEC 601-I :I 988 apply.
7.2 Fire prevention
The requirements given in clause 43 of IEC 601-I :I 988 apply, together with the following additions.
43.1 In order to reduce the risk to patients other persons or the surroundings due to fire, ignitabie material,
under normal and single-fault conditions, shall not, at the same time, be subjected to conditions in which:
- the temperature of the material is raised to its minimum i
...
SLOVENSKI STANDARD
SIST EN ISO 22301:2020
01-januar-2020
Nadomešča:
SIST EN ISO 22301:2014
Varnost in vzdržljivost - Sistem vodenja neprekinjenosti poslovanja - Zahteve (ISO
22301:2019)
Security and resilience - Business continuity management systems - Requirements (ISO
22301:2019)
Sicherheit und Schutz des Gemeinwesens - Business Continuity Management System -
Anforderungen (ISO 22301:2019)
écurité et résilience - Systèmes de management de la continuité d'activité - Exigences
(ISO 22301:2019)
Ta slovenski standard je istoveten z: EN ISO 22301:2019
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
03.100.70 Sistemi vodenja Management systems
SIST EN ISO 22301:2020 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
Posebna objava SIST z dovoljenjem CEN, CENELEC, ISO in IEC: Za potrebe zagotavljanja brezplačnega dostopa do vsebin standardov v času epidemije COVID-19.
Samo za branje. Kopiranje in posredovanje prepovedano. © SIST
2020-04-08
SIST EN ISO 22301:2020
Posebna objava SIST z dovoljenjem CEN, CENELEC, ISO in IEC: Za potrebe zagotavljanja brezplačnega dostopa do vsebin standardov v času epidemije COVID-19.
Samo za branje. Kopiranje in posredovanje prepovedano. © SIST
2020-04-08
SIST EN ISO 22301:2020
EN ISO 22301
EUROPEAN STANDARD
NORME EUROPÉENNE
November 2019
EUROPÄISCHE NORM
ICS 03.100.01; 03.100.70 Supersedes EN ISO 22301:2014
English Version
Security and resilience - Business continuity management
systems - Requirements (ISO 22301:2019)
Sécurité et résilience - Systèmes de management de la Sicherheit und Resilienz - Business Continuity
continuité d'activité - Exigences (ISO 22301:2019) Management System - Anforderungen (ISO
22301:2019)
This European Standard was approved by CEN on 14 October 2019.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2019 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 22301:2019 E
worldwide for CEN national Members.
Posebna objava SIST z dovoljenjem CEN, CENELEC, ISO in IEC: Za potrebe zagotavljanja brezplačnega dostopa do vsebin standardov v času epidemije COVID-19.
Samo za branje. Kopiranje in posredovanje prepovedano. © SIST
2020-04-08
SIST EN ISO 22301:2020
EN ISO 22301:2019 (E)
Contents Page
European foreword . 3
Posebna objava SIST z dovoljenjem CEN, CENELEC, ISO in IEC: Za potrebe zagotavljanja brezplačnega dostopa do vsebin standardov v času epidemije COVID-19.
Samo za branje. Kopiranje in posredovanje prepovedano. © SIST
2020-04-08
SIST EN ISO 22301:2020
EN ISO 22301:2019 (E)
European foreword
This document (EN ISO 22301:2019) has been prepared by Technical Committee ISO/TC 292 "Security
and resilience" in collaboration with Technical Committee CEN/TC 391 “Societal and Citizen Security”
the secretariat of which is held by AFNOR.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by May 2020, and conflicting national standards shall be
withdrawn at the latest by May 2020.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN ISO 22301:2014.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the
United Kingdom.
Endorsement notice
The text of ISO 22301:2019 has been approved by CEN as EN ISO 22301:2019 without any modification.
Posebna objava SIST z dovoljenjem CEN, CENELEC, ISO in IEC: Za potrebe zagotavljanja brezplačnega dostopa do vsebin standardov v času epidemije COVID-19.
Samo za branje. Kopiranje in posredovanje prepovedano. © SIST
2020-04-08
SIST EN ISO 22301:2020
Posebna objava SIST z dovoljenjem CEN, CENELEC, ISO in IEC: Za potrebe zagotavljanja brezplačnega dostopa do vsebin standardov v času epidemije COVID-19.
Samo za branje. Kopiranje in posredovanje prepovedano. © SIST
2020-04-08
SIST EN ISO 22301:2020
INTERNATIONAL ISO
STANDARD 22301
Second edition
2019-10
Security and resilience — Business
continuity management systems —
Requirements
Sécurité et résilience — Systèmes de management de la continuité
d'activité — Exigences
Reference number
ISO 22301:2019(E)
©
Posebna objava SIST z dovoljenjem CEN, CENELEC, ISO in IEC: Za potrebe zagotavljanja brezplačnega dostopa do vsebin standardov v času epidemije ISO 2019COVID-19.
Samo za branje. Kopiranje in posredovanje prepovedano. © SIST
2020-04-08
SIST EN ISO 22301:2020
ISO 22301:2019(E)
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved
Posebna objava SIST z dovoljenjem CEN, CENELEC, ISO in IEC: Za potrebe zagotavljanja brezplačnega dostopa do vsebin standardov v času epidemije COVID-19.
Samo za branje. Kopiranje in posredovanje prepovedano. © SIST
2020-04-08
SIST EN ISO 22301:2020
ISO 22301:2019(E)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 7
4.1 Understanding the organization and its context . 7
4.2 Understanding the needs and expectations of interested parties . 7
4.2.1 General. 7
4.2.2 Legal and regulatory requirements . 7
4.3 Determining the scope of the business continuity management system . 7
4.3.1 General. 7
4.3.2 Scope of the business continuity management system . 8
4.4 Business continuity management system . 8
5 Leadership . 8
5.1 Leadership and commitment . 8
5.2 Policy . 8
5.2.1 Establishing the business continuity policy . 8
5.2.2 Communicating the business continuity policy . 9
5.3 Roles, responsibilities and authorities . 9
6 Planning . 9
6.1 Actions to address risks and opportunities . 9
6.1.1 Determining risks and opportunities . 9
6.1.2 Addressing risks and opportunities . 9
6.2 Business continuity objectives and planning to achieve them . 9
6.2.1 Establishing business continuity objectives . 9
6.2.2 Determining business continuity objectives.10
6.3 Planning changes to the business continuity management system .10
7 Support .10
7.1 Resources .10
7.2 Competence .10
7.3 Awareness .11
7.4 Communication .11
7.5 Documented information .11
7.5.1 General.11
7.5.2 Creating and updating .11
7.5.3 Control of documented information .12
8 Operation .12
8.1 Operational planning and control .12
8.2 Business impact analysis and risk assessment .12
8.2.1 General.12
8.2.2 Business impact analysis .13
8.2.3 Risk assessment . .13
8.3 Business continuity strategies and solutions .13
8.3.1 General.13
8.3.2 Identification of strategies and solutions .13
8.3.3 Selection of strategies and solutions .14
8.3.4 Resource requirements .14
8.3.5 Implementation of solutions .14
8.4 Business continuity plans and procedures .14
8.4.1 General.14
Posebna objava SIST z dovoljenjem CEN, CENELEC, ISO in IEC: Za potrebe zagotavljanja brezplačnega dostopa do vsebin standardov v času epidemije COVID-19.
Samo za branje. Kopiranje in posredovanje prepovedano. © SIST
2020-04-08
SIST EN ISO 22301:2020
ISO 22301:2019(E)
8.4.2 Response structure .15
8.4.3 Warning and communication .15
8.4.4 Business continuity plans .16
8.4.5 Recovery .17
8.5 Exercise programme .17
8.6 Evaluation of business continuity documentation and capabilities .17
9 Performance evaluation .17
9.1 Monitoring, measurement, analysis and evaluation .17
9.2 Internal audit .18
9.2.1 General.18
9.2.2 Audit programme(s) .18
9.3 Management review .18
9.3.1 General.18
9.3.2 Management review input .18
9.3.3 Management review outputs .19
10 Improvement .19
10.1 Nonconformity and corrective action .19
10.2 Continual improvement .20
Bibliography .21
iv © ISO 2019 – All rights reserved
Posebna objava SIST z dovoljenjem CEN, CENELEC, ISO in IEC: Za potrebe zagotavljanja brezplačnega dostopa do vsebin standardov v času epidemije COVID-19.
Samo za branje. Kopiranje in posredovanje prepovedano. © SIST
2020-04-08
SIST EN ISO 22301:2020
ISO 22301:2019(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 292, Security and resilience.
This second edition cancels and replaces the first edition (ISO 22301:2012), which has been technically
revised. The main changes compared with the previous edition are as follows:
— ISO’s requirements for management system standards, which have evolved since 2012, have been
applied;
— requirements have been clarified, with no new requirements added;
— discipline-specific business continuity requirements are now almost entirely within Clause 8;
— Clause 8 has been re-structured to provide a clearer understanding of the key requirements;
— a number of discipline-specific business continuity terms have been modified to improve clarity
and to reflect current thinking.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
Posebna objava SIST z dovoljenjem CEN, CENELEC, ISO in IEC: Za potrebe zagotavljanja brezplačnega dostopa do vsebin standardov v času epidemije COVID-19.
Samo za branje. Kopiranje in posredovanje prepovedano. © SIST
2020-04-08
SIST EN ISO 22301:2020
ISO 22301:2019(E)
Introduction
0.1 General
This document specifies the structure and requirements for implementing and maintaining a business
continuity management system (BCMS) that develops business continuity appropriate to the amount
and type of impact that the organization may or may not accept following a disruption.
The outcomes of maintaining a BCMS are shaped by the organization’s legal, regulatory, organizational
and industry requirements, products and services provided, processes employed, size and structure of
the organization, and the requirements of its interested parties.
A BCMS emphasizes the importance of:
— understanding the organization’s needs and the necessity for establishing business continuity
policies and objectives;
— operating and maintaining processes, capabilities and response structures for ensuring the
organization will survive disruptions;
— monitoring and reviewing the performance and effectiveness of the BCMS;
— continual improvement based on qualitative and quantitative measures.
A BCMS, like any other management system, includes the following components:
a) a policy;
b) competent people with defined responsibilities;
c) management processes relating to:
1) policy;
2) planning;
3) implementation and operation;
4) performance assessment;
5) management review;
6) continual improvement;
d) documented information supporting operational control and enabling performance evaluation.
0.2 Benefits of a business continuity management system
The purpose of a BCMS is to prepare for, provide and maintain controls and capabilities for managing
an organization’s overall ability to continue to operate during disruptions. In achieving this, the
organization is:
a) from a business perspective:
1) supporting its strategic objectives;
2) creating a competitive advantage;
3) protecting and enhancing its reputation and credibility;
vi © ISO 2019 – All rights reserved
Posebna objava SIST z dovoljenjem CEN, CENELEC, ISO in IEC: Za potrebe zagotavljanja brezplačnega dostopa do vsebin standardov v času epidemije COVID-19.
Samo za branje. Kopiranje in posredovanje prepovedano. © SIST
2020-04-08
SIST EN ISO 22301:2020
ISO 22301:2019(E)
4) contributing to organizational resilience;
b) from a financial perspective:
1) reducing legal and financial exposure;
2) reducing direct and indirect costs of disruptions;
c) from the perspective of interested parties:
1) protecting life, property and the environment;
2) considering the expectations of interested parties;
3) providing confidence in the organization’s ability to succeed;
d) from an internal processes perspective:
1) improving its capability to remain effective during disruptions;
2) demonstrating proactive control of risks effectively and efficiently;
3) addressing operational vulnerabilities.
0.3 Plan-Do-Check-Act (PDCA) cycle
This document applies the Plan (establish), Do (implement and operate), Check (monitor and review)
and Act (maintain and improve) (PDCA) cycle to implement, maintain and continually improve the
effectiveness of an organization’s BCMS.
This ensures a degree of consistency with other management systems standards, such as ISO 9001,
ISO 14001, ISO/IEC 20000-1, ISO/IEC 27001 and ISO 28000, thereby supporting consistent and
integrated implementation and operation with related management systems.
In accordance with the PDCA cycle, Clauses 4 to 10 cover the following components.
— Clause 4 introduces the requirements necessary to establish the context of the BCMS applicable to
the organization, as well as needs, requirements and scope.
— Clause 5 summarizes the requirements specific to top management’s role in the BCMS, and how
leadership articulates its expectations to the organization via a policy statement.
— Clause 6 describes the requirements for establishing strategic objectives and guiding principles for
the BCMS as a whole.
— Clause 7 supports BCMS operations related to establishing competence and communication on a
recurring/as-needed basis with interested parties, while documenting, controlling, maintaining
and retaining required documented information.
— Clause 8 defines business continuity needs, determines how to address them and develops
procedures to manage the organization during a disruption.
— Clause 9 summarizes the requirements necessary to measure business continuity performance,
BCMS conformity with this document, and to conduct management review.
— Clause 10 identifies and acts on BCMS nonconformity and continual improvement through
corrective action.
0.5 Contents of this document
This document conforms to ISO’s requirements for management system standards. These requirements
include a high level structure, identical core text and common terms with core definitions, designed to
benefit users implementing multiple ISO management system standards.
Posebna objava SIST z dovoljenjem CEN, CENELEC, ISO in IEC: Za potrebe zagotavljanja brezplačnega dostopa do vsebin standardov v času epidemije COVID-19.
Samo za branje. Kopiranje in posredovanje prepovedano. © SIST
2020-04-08
SIST EN ISO 22301:2020
ISO 22301:2019(E)
This document does not include requirements specific to other management systems, though its
elements can be aligned or integrated with those of other management systems.
This document contains requirements that can be used by an organization to implement a BCMS and to
assess conformity. An organization that wishes to demonstrate conformity to this document can do so by:
— making a self-determination and self-declaration; or
— seeking confirmation of its conformity by parties having an interest in the organization, such as
customers; or
— seeking confirmation of its self-declaration by a party external to the organization; or
— seeking certification/registration of its BCMS by an external organization.
Clauses 1 to 3 in this document set out the scope, normative references and terms and definitions
that apply to the use of this document. Clauses 4 to 10 contain the requirements to be used to assess
conformity to this document.
In this document, the following verbal forms are used:
a) “shall” indicates a requirement;
b) “should” indicates a recommendation;
c) “may” indicates a permission;
d) “can” indicates a possibility or a capability.
Information marked as “NOTE” is for guidance in understanding or clarifying the associated
requirement. “Notes to entry” used in Clause 3 provide additional information that supplements the
terminological data and can contain provisions relating to the use of a term.
viii © ISO 2019 – All rights reserved
Posebna objava SIST z dovoljenjem CEN, CENELEC, ISO in IEC: Za potrebe zagotavljanja brezplačnega dostopa do vsebin standardov v času epidemije COVID-19.
Samo za branje. Kopiranje in posredovanje prepovedano. © SIST
2020-04-08
SIST EN ISO 22301:2020
INTERNATIONAL STANDARD ISO 22301:2019(E)
Security and resilience — Business continuity
management systems — Requirements
1 Scope
This document specifies requirements to implement, maintain and improve a management system to
protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from
disruptions when they arise.
The requirements specified in this document are generic and intended to be applicable to all
organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of
application of these requirements depends on the organization’s operating environment and complexity.
This document is applicable to all types and sizes of organizations that:
a) implement, maintain and improve a BCMS;
b) seek to ensure conformity with stated business continuity policy;
c) need to be able to continue to deliver products and services at an acceptable predefined capacity
during a disruption;
d) seek to enhance their resilience through the effective application of the BCMS.
This document can be used to assess an organization’s ability to meet its own business continuity needs
and obligations.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 22300, Security and resilience — Vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 22300 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
NOTE The terms and definitions given below supersede those given in ISO 22300:2018.
3.1
activity
set of one or more tasks with a defined output
[SOURCE: ISO 22300:2018, 3.1, modified — The definition has been replaced and the example has been
deleted.]
Posebna objava SIST z dovoljenjem CEN, CENELEC, ISO in IEC: Za potrebe zagotavljanja brezplačnega dostopa do vsebin standardov v času epidemije COVID-19.
Samo za branje. Kopiranje in posredovanje prepovedano. © SIST
2020-04-08
SIST EN ISO 22301:2020
ISO 22301:2019(E)
3.2
audit
systematic, independent and documented process (3.26) for obtaining audit evidence and evaluating it
objectively to determine the extent to which the audit criteria are fulfilled
Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party),
and it can be a combined audit (combining two or more disciplines).
Note 2 to entry: An internal audit is conducted by the organization (3.21) itself, or by an external party on its behalf.
Note 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.
Note 4 to entry: The fundamental elements of an audit include the determination of the conformity (3.7) of an
object according to a procedure carried out by personnel not being responsible for the object audited.
Note 5 to entry: An internal audit can be for management review and other internal purposes and can form the
basis for an organization’s declaration of conformity. Independence can be demonstrated by the freedom from
responsibility for the activity (3.1) being audited. External audits include second- and third-party audits. Second-
party audits are conducted by parties having an interest in the organization, such as customers, or by other
persons on their behalf. Third-party audits are conducted by external, independent auditing organizations, such
as those providing certification/registration of conformity or government agencies.
Note 6 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards. The original definition has been modified by adding Notes 4 and 5 to entry.
3.3
business continuity
capability of an organization (3.21) to continue the delivery of products and services (3.27) within
acceptable time frames at predefined capacity during a disruption (3.10)
[SOURCE: ISO 22300:2018, 3.24, modified — The definition has been replaced.]
3.4
business continuity plan
documented information (3.11) that guides an organization (3.21) to respond to a disruption (3.10) and
resume, recover and restore the delivery of products and services (3.27) consistent with its business
continuity (3.3) objectives (3.20)
[SOURCE: ISO 22300:2018, 3.27, modified — The definition has been replaced and Note 1 to entry has
been deleted.]
3.5
business impact analysis
process (3.26) of analysing the impact (3.13) over time of a disruption (3.10) on the organization (3.21)
Note 1 to entry: The outcome is a statement and justification of business continuity (3.3) requirements (3.28).
[SOURCE: ISO 22300:2018, 3.29, modified — The definition has been replaced and Note 1 to entry has
been added.]
3.6
competence
ability to apply knowledge and skills to achieve intended results
Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.7
conformity
fulfilment of a requirement (3.28)
Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
2 © ISO 2019 – All rights reserved
Posebna objava SIST z dovoljenjem CEN, CENELEC, ISO in IEC: Za potrebe zagotavljanja brezplačnega dostopa do vsebin standardov v času epidemije COVID-19.
Samo za branje. Kopiranje in posredovanje prepovedano. © SIST
2020-04-08
SIST EN ISO 22301:2020
ISO 22301:2019(E)
3.8
continual improvement
recurring activity (3.1) to enhance performance (3.23)
Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.9
corrective action
action to eliminate the cause(s) of a nonconformity (3.19) and to prevent recurrence
Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.10
disruption
incident (3.14), whether anticipated or unanticipated, that causes an unplanned, negative deviation from
the expected delivery of products and services (3.27) according to an organization’s (3.21) objectives (3.20)
[SOURCE: ISO 22300:2018, 3.70, modified — The definition has been replaced.]
3.11
documented information
information required to be controlled and maintained by an organization (3.21) and the medium on
which it is contained
Note 1 to entry: Documented information can be in any format and media, and from any source.
Note 2 to entry: Documented information can refer to:
— the management system (3.16), including related processes (3.26);
— information created in order for the organization to operate (documentation);
— evidence of results achieved (records).
Note 3 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.12
effectiveness
extent to which planned activities (3.1) are realized and planned results achieved
Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.13
impact
outcome of a disruption (3.10) affecting objectives (3.20)
[SOURCE: ISO 22300:2018, 3.107, modified — The definition has been replaced.]
3.14
incident
event that can be, or could lead to, a disruption (3.10), loss, emergency or crisis
[SOURCE: ISO 22300:2018, 3.111, modified — The definition has been replaced.]
Posebna objava SIST z dovoljenjem CEN, CENELEC, ISO in IEC: Za potrebe zagotavljanja brezplačnega dostopa do vsebin standardov v času epidemije COVID-19.
Samo za branje. Kopiranje in posredovanje prepovedano. © SIST
2020-04-08
SIST EN ISO 22301:2020
ISO 22301:2019(E)
3.15
interested party (preferred term)
stakeholder (admitted term)
person or organization (3.21) that can affect, be affected by, or perceive itself to be affected by a decision
or activity (3.1)
EXAMPLE Customers, owners, personnel, providers, bankers, regulators, unions, partners or society that
can include competitors or opposing pressure groups.
Note 1 to entry: A decision maker can be an interested party.
Note 2 to entry: Impacted communities and local populations are considered to be interested parties.
Note 3 to entry: This constitutes one of the common terms and core definitions of the high level structure for
ISO management system standards. The original definition has been modified by adding an example and Notes 1
and 2 to entry.
3.16
management system
set of interrelated or interacting elements of an organization (3.21) to establish policies (3.24) and
objectives (3.20) and processes (3.26) to achieve those objectives
Note 1 to entry: A management system can address a single discipline or several disciplines.
Note 2 to entry: The system elements include the organization’s structure, roles and responsibilities, planning
and operation.
Note 3 to entry: The scope of a management system can include the whole of the organization, specific and
identified functions of the organization, specific and identified sections of the organization, or one or more
functions across a group of organizations.
Note 4 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.17
measurement
process (3.26) to determine a value
Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.18
monitoring
determining the status of a system, a process (3.26) or an activity (3.1)
Note 1 to entry: To determine the status, there can be a need to check, supervise or critically observe.
Note 2 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.19
nonconformity
non-fulfilment of a requirement (3.28)
Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.20
objective
result to be achieved
Note 1 to entry: An objective can be strategic, tactical, or operational.
4 © ISO 2019 – All rights reserved
Posebna objava SIST z dovoljenjem CEN, CENELEC, ISO in IEC: Za potrebe zagotavljanja brezplačnega dostopa do vsebin standardov v času epidemije COVID-19.
Samo za branje. Kopiranje in posredovanje prepovedano. © SIST
2020-04-08
SIST EN ISO 22301:2020
ISO 22301:2019(E)
Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and
environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and
process (3.26)).
Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an
operational criterion, as a business continuity (3.3) objective, or by the use of other words with similar meaning
(e.g. aim, goal, or target).
Note 4 to entry: In the context of business continuity management systems (3.16), business continuity objectives
are set by the organization (3.21), consistent with the business continuity policy (3.24), to achieve specific results.
Note 5 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.21
organization
person or group of people that has its own functions with responsibilities, authorities and relationships
to achieve its objectives (3.20)
Note 1 to entry: The concept of organization includes, but is not limited to, sole-trader, company, corporation, firm,
enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated
or not, public or private.
Note 2 to entry: For organizations with more than one operating unit, a single operating unit can be defined as an
organization.
Note 3 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards. The original definition has been modified by adding Note 2 to entry.
3.22
outsource
make an arrangement where an external organization (3.21) performs part of an organization’s function
or process (3.26)
Note 1 to entry: An external organization is outside the scope of the management system (3.16), although the
outsourced function or process is within the scope.
Note 2 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.23
performance
measurable result
Note 1 to entry: Performance can relate either to quantitative or qualitative findings.
Note 2 to entry: Performance can relate to managing activities (3.1), processes (3.26), pr
...
SLOVENSKI STANDARD
SIST EN ISO 22301:2020
01-januar-2020
Nadomešča:
SIST EN ISO 22301:2014
Varnost in vzdržljivost - Sistem vodenja neprekinjenosti poslovanja - Zahteve (ISO
22301:2019)
Security and resilience - Business continuity management systems - Requirements (ISO
22301:2019)
Sicherheit und Schutz des Gemeinwesens - Business Continuity Management System -
Anforderungen (ISO 22301:2019)
écurité et résilience - Systèmes de management de la continuité d'activité - Exigences
(ISO 22301:2019)
Ta slovenski standard je istoveten z: EN ISO 22301:2019
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
03.100.70 Sistemi vodenja Management systems
SIST EN ISO 22301:2020 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
SIST TEST
SIST EN ISO 22301:2020
SIST TEST
SIST EN ISO 22301:2020
EN ISO 22301
EUROPEAN STANDARD
NORME EUROPÉENNE
November 2019
EUROPÄISCHE NORM
ICS 03.100.01; 03.100.70 Supersedes EN ISO 22301:2014
English Version
Security and resilience - Business continuity management
systems - Requirements (ISO 22301:2019)
Sécurité et résilience - Systèmes de management de la Sicherheit und Resilienz - Business Continuity
continuité d'activité - Exigences (ISO 22301:2019) Management System - Anforderungen (ISO
22301:2019)
This European Standard was approved by CEN on 14 October 2019.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2019 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 22301:2019 E
worldwide for CEN national Members.
SIST TEST
SIST EN ISO 22301:2020
EN ISO 22301:2019 (E)
Contents Page
European foreword . 3
SIST TEST
SIST EN ISO 22301:2020
EN ISO 22301:2019 (E)
European foreword
This document (EN ISO 22301:2019) has been prepared by Technical Committee ISO/TC 292 "Security
and resilience" in collaboration with Technical Committee CEN/TC 391 “Societal and Citizen Security”
the secretariat of which is held by AFNOR.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by May 2020, and conflicting national standards shall be
withdrawn at the latest by May 2020.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN ISO 22301:2014.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the
United Kingdom.
Endorsement notice
The text of ISO 22301:2019 has been approved by CEN as EN ISO 22301:2019 without any modification.
SIST TEST
SIST EN ISO 22301:2020
SIST TEST
SIST EN ISO 22301:2020
INTERNATIONAL ISO
STANDARD 22301
Second edition
2019-10
Security and resilience — Business
continuity management systems —
Requirements
Sécurité et résilience — Systèmes de management de la continuité
d'activité — Exigences
Reference number
ISO 22301:2019(E)
©
ISO 2019
SIST TEST
SIST EN ISO 22301:2020
ISO 22301:2019(E)
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved
SIST TEST
SIST EN ISO 22301:2020
ISO 22301:2019(E)
Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 7
4.1 Understanding the organization and its context . 7
4.2 Understanding the needs and expectations of interested parties . 7
4.2.1 General. 7
4.2.2 Legal and regulatory requirements . 7
4.3 Determining the scope of the business continuity management system . 7
4.3.1 General. 7
4.3.2 Scope of the business continuity management system . 8
4.4 Business continuity management system . 8
5 Leadership . 8
5.1 Leadership and commitment . 8
5.2 Policy . 8
5.2.1 Establishing the business continuity policy . 8
5.2.2 Communicating the business continuity policy . 9
5.3 Roles, responsibilities and authorities . 9
6 Planning . 9
6.1 Actions to address risks and opportunities . 9
6.1.1 Determining risks and opportunities . 9
6.1.2 Addressing risks and opportunities . 9
6.2 Business continuity objectives and planning to achieve them . 9
6.2.1 Establishing business continuity objectives . 9
6.2.2 Determining business continuity objectives.10
6.3 Planning changes to the business continuity management system .10
7 Support .10
7.1 Resources .10
7.2 Competence .10
7.3 Awareness .11
7.4 Communication .11
7.5 Documented information .11
7.5.1 General.11
7.5.2 Creating and updating .11
7.5.3 Control of documented information .12
8 Operation .12
8.1 Operational planning and control .12
8.2 Business impact analysis and risk assessment .12
8.2.1 General.12
8.2.2 Business impact analysis .13
8.2.3 Risk assessment . .13
8.3 Business continuity strategies and solutions .13
8.3.1 General.13
8.3.2 Identification of strategies and solutions .13
8.3.3 Selection of strategies and solutions .14
8.3.4 Resource requirements .14
8.3.5 Implementation of solutions .14
8.4 Business continuity plans and procedures .14
8.4.1 General.14
SIST TEST
SIST EN ISO 22301:2020
ISO 22301:2019(E)
8.4.2 Response structure .15
8.4.3 Warning and communication .15
8.4.4 Business continuity plans .16
8.4.5 Recovery .17
8.5 Exercise programme .17
8.6 Evaluation of business continuity documentation and capabilities .17
9 Performance evaluation .17
9.1 Monitoring, measurement, analysis and evaluation .17
9.2 Internal audit .18
9.2.1 General.18
9.2.2 Audit programme(s) .18
9.3 Management review .18
9.3.1 General.18
9.3.2 Management review input .18
9.3.3 Management review outputs .19
10 Improvement .19
10.1 Nonconformity and corrective action .19
10.2 Continual improvement .20
Bibliography .21
iv © ISO 2019 – All rights reserved
SIST TEST
SIST EN ISO 22301:2020
ISO 22301:2019(E)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 292, Security and resilience.
This second edition cancels and replaces the first edition (ISO 22301:2012), which has been technically
revised. The main changes compared with the previous edition are as follows:
— ISO’s requirements for management system standards, which have evolved since 2012, have been
applied;
— requirements have been clarified, with no new requirements added;
— discipline-specific business continuity requirements are now almost entirely within Clause 8;
— Clause 8 has been re-structured to provide a clearer understanding of the key requirements;
— a number of discipline-specific business continuity terms have been modified to improve clarity
and to reflect current thinking.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
SIST TEST
SIST EN ISO 22301:2020
ISO 22301:2019(E)
Introduction
0.1 General
This document specifies the structure and requirements for implementing and maintaining a business
continuity management system (BCMS) that develops business continuity appropriate to the amount
and type of impact that the organization may or may not accept following a disruption.
The outcomes of maintaining a BCMS are shaped by the organization’s legal, regulatory, organizational
and industry requirements, products and services provided, processes employed, size and structure of
the organization, and the requirements of its interested parties.
A BCMS emphasizes the importance of:
— understanding the organization’s needs and the necessity for establishing business continuity
policies and objectives;
— operating and maintaining processes, capabilities and response structures for ensuring the
organization will survive disruptions;
— monitoring and reviewing the performance and effectiveness of the BCMS;
— continual improvement based on qualitative and quantitative measures.
A BCMS, like any other management system, includes the following components:
a) a policy;
b) competent people with defined responsibilities;
c) management processes relating to:
1) policy;
2) planning;
3) implementation and operation;
4) performance assessment;
5) management review;
6) continual improvement;
d) documented information supporting operational control and enabling performance evaluation.
0.2 Benefits of a business continuity management system
The purpose of a BCMS is to prepare for, provide and maintain controls and capabilities for managing
an organization’s overall ability to continue to operate during disruptions. In achieving this, the
organization is:
a) from a business perspective:
1) supporting its strategic objectives;
2) creating a competitive advantage;
3) protecting and enhancing its reputation and credibility;
vi © ISO 2019 – All rights reserved
SIST TEST
SIST EN ISO 22301:2020
ISO 22301:2019(E)
4) contributing to organizational resilience;
b) from a financial perspective:
1) reducing legal and financial exposure;
2) reducing direct and indirect costs of disruptions;
c) from the perspective of interested parties:
1) protecting life, property and the environment;
2) considering the expectations of interested parties;
3) providing confidence in the organization’s ability to succeed;
d) from an internal processes perspective:
1) improving its capability to remain effective during disruptions;
2) demonstrating proactive control of risks effectively and efficiently;
3) addressing operational vulnerabilities.
0.3 Plan-Do-Check-Act (PDCA) cycle
This document applies the Plan (establish), Do (implement and operate), Check (monitor and review)
and Act (maintain and improve) (PDCA) cycle to implement, maintain and continually improve the
effectiveness of an organization’s BCMS.
This ensures a degree of consistency with other management systems standards, such as ISO 9001,
ISO 14001, ISO/IEC 20000-1, ISO/IEC 27001 and ISO 28000, thereby supporting consistent and
integrated implementation and operation with related management systems.
In accordance with the PDCA cycle, Clauses 4 to 10 cover the following components.
— Clause 4 introduces the requirements necessary to establish the context of the BCMS applicable to
the organization, as well as needs, requirements and scope.
— Clause 5 summarizes the requirements specific to top management’s role in the BCMS, and how
leadership articulates its expectations to the organization via a policy statement.
— Clause 6 describes the requirements for establishing strategic objectives and guiding principles for
the BCMS as a whole.
— Clause 7 supports BCMS operations related to establishing competence and communication on a
recurring/as-needed basis with interested parties, while documenting, controlling, maintaining
and retaining required documented information.
— Clause 8 defines business continuity needs, determines how to address them and develops
procedures to manage the organization during a disruption.
— Clause 9 summarizes the requirements necessary to measure business continuity performance,
BCMS conformity with this document, and to conduct management review.
— Clause 10 identifies and acts on BCMS nonconformity and continual improvement through
corrective action.
0.5 Contents of this document
This document conforms to ISO’s requirements for management system standards. These requirements
include a high level structure, identical core text and common terms with core definitions, designed to
benefit users implementing multiple ISO management system standards.
SIST TEST
SIST EN ISO 22301:2020
ISO 22301:2019(E)
This document does not include requirements specific to other management systems, though its
elements can be aligned or integrated with those of other management systems.
This document contains requirements that can be used by an organization to implement a BCMS and to
assess conformity. An organization that wishes to demonstrate conformity to this document can do so by:
— making a self-determination and self-declaration; or
— seeking confirmation of its conformity by parties having an interest in the organization, such as
customers; or
— seeking confirmation of its self-declaration by a party external to the organization; or
— seeking certification/registration of its BCMS by an external organization.
Clauses 1 to 3 in this document set out the scope, normative references and terms and definitions
that apply to the use of this document. Clauses 4 to 10 contain the requirements to be used to assess
conformity to this document.
In this document, the following verbal forms are used:
a) “shall” indicates a requirement;
b) “should” indicates a recommendation;
c) “may” indicates a permission;
d) “can” indicates a possibility or a capability.
Information marked as “NOTE” is for guidance in understanding or clarifying the associated
requirement. “Notes to entry” used in Clause 3 provide additional information that supplements the
terminological data and can contain provisions relating to the use of a term.
viii © ISO 2019 – All rights reserved
SIST TEST
SIST EN ISO 22301:2020
INTERNATIONAL STANDARD ISO 22301:2019(E)
Security and resilience — Business continuity
management systems — Requirements
1 Scope
This document specifies requirements to implement, maintain and improve a management system to
protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from
disruptions when they arise.
The requirements specified in this document are generic and intended to be applicable to all
organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of
application of these requirements depends on the organization’s operating environment and complexity.
This document is applicable to all types and sizes of organizations that:
a) implement, maintain and improve a BCMS;
b) seek to ensure conformity with stated business continuity policy;
c) need to be able to continue to deliver products and services at an acceptable predefined capacity
during a disruption;
d) seek to enhance their resilience through the effective application of the BCMS.
This document can be used to assess an organization’s ability to meet its own business continuity needs
and obligations.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 22300, Security and resilience — Vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 22300 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
NOTE The terms and definitions given below supersede those given in ISO 22300:2018.
3.1
activity
set of one or more tasks with a defined output
[SOURCE: ISO 22300:2018, 3.1, modified — The definition has been replaced and the example has been
deleted.]
SIST TEST
SIST EN ISO 22301:2020
ISO 22301:2019(E)
3.2
audit
systematic, independent and documented process (3.26) for obtaining audit evidence and evaluating it
objectively to determine the extent to which the audit criteria are fulfilled
Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party),
and it can be a combined audit (combining two or more disciplines).
Note 2 to entry: An internal audit is conducted by the organization (3.21) itself, or by an external party on its behalf.
Note 3 to entry: “Audit evidence” and “audit criteria” are defined in ISO 19011.
Note 4 to entry: The fundamental elements of an audit include the determination of the conformity (3.7) of an
object according to a procedure carried out by personnel not being responsible for the object audited.
Note 5 to entry: An internal audit can be for management review and other internal purposes and can form the
basis for an organization’s declaration of conformity. Independence can be demonstrated by the freedom from
responsibility for the activity (3.1) being audited. External audits include second- and third-party audits. Second-
party audits are conducted by parties having an interest in the organization, such as customers, or by other
persons on their behalf. Third-party audits are conducted by external, independent auditing organizations, such
as those providing certification/registration of conformity or government agencies.
Note 6 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards. The original definition has been modified by adding Notes 4 and 5 to entry.
3.3
business continuity
capability of an organization (3.21) to continue the delivery of products and services (3.27) within
acceptable time frames at predefined capacity during a disruption (3.10)
[SOURCE: ISO 22300:2018, 3.24, modified — The definition has been replaced.]
3.4
business continuity plan
documented information (3.11) that guides an organization (3.21) to respond to a disruption (3.10) and
resume, recover and restore the delivery of products and services (3.27) consistent with its business
continuity (3.3) objectives (3.20)
[SOURCE: ISO 22300:2018, 3.27, modified — The definition has been replaced and Note 1 to entry has
been deleted.]
3.5
business impact analysis
process (3.26) of analysing the impact (3.13) over time of a disruption (3.10) on the organization (3.21)
Note 1 to entry: The outcome is a statement and justification of business continuity (3.3) requirements (3.28).
[SOURCE: ISO 22300:2018, 3.29, modified — The definition has been replaced and Note 1 to entry has
been added.]
3.6
competence
ability to apply knowledge and skills to achieve intended results
Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.7
conformity
fulfilment of a requirement (3.28)
Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
2 © ISO 2019 – All rights reserved
SIST TEST
SIST EN ISO 22301:2020
ISO 22301:2019(E)
3.8
continual improvement
recurring activity (3.1) to enhance performance (3.23)
Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.9
corrective action
action to eliminate the cause(s) of a nonconformity (3.19) and to prevent recurrence
Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.10
disruption
incident (3.14), whether anticipated or unanticipated, that causes an unplanned, negative deviation from
the expected delivery of products and services (3.27) according to an organization’s (3.21) objectives (3.20)
[SOURCE: ISO 22300:2018, 3.70, modified — The definition has been replaced.]
3.11
documented information
information required to be controlled and maintained by an organization (3.21) and the medium on
which it is contained
Note 1 to entry: Documented information can be in any format and media, and from any source.
Note 2 to entry: Documented information can refer to:
— the management system (3.16), including related processes (3.26);
— information created in order for the organization to operate (documentation);
— evidence of results achieved (records).
Note 3 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.12
effectiveness
extent to which planned activities (3.1) are realized and planned results achieved
Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.13
impact
outcome of a disruption (3.10) affecting objectives (3.20)
[SOURCE: ISO 22300:2018, 3.107, modified — The definition has been replaced.]
3.14
incident
event that can be, or could lead to, a disruption (3.10), loss, emergency or crisis
[SOURCE: ISO 22300:2018, 3.111, modified — The definition has been replaced.]
SIST TEST
SIST EN ISO 22301:2020
ISO 22301:2019(E)
3.15
interested party (preferred term)
stakeholder (admitted term)
person or organization (3.21) that can affect, be affected by, or perceive itself to be affected by a decision
or activity (3.1)
EXAMPLE Customers, owners, personnel, providers, bankers, regulators, unions, partners or society that
can include competitors or opposing pressure groups.
Note 1 to entry: A decision maker can be an interested party.
Note 2 to entry: Impacted communities and local populations are considered to be interested parties.
Note 3 to entry: This constitutes one of the common terms and core definitions of the high level structure for
ISO management system standards. The original definition has been modified by adding an example and Notes 1
and 2 to entry.
3.16
management system
set of interrelated or interacting elements of an organization (3.21) to establish policies (3.24) and
objectives (3.20) and processes (3.26) to achieve those objectives
Note 1 to entry: A management system can address a single discipline or several disciplines.
Note 2 to entry: The system elements include the organization’s structure, roles and responsibilities, planning
and operation.
Note 3 to entry: The scope of a management system can include the whole of the organization, specific and
identified functions of the organization, specific and identified sections of the organization, or one or more
functions across a group of organizations.
Note 4 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.17
measurement
process (3.26) to determine a value
Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.18
monitoring
determining the status of a system, a process (3.26) or an activity (3.1)
Note 1 to entry: To determine the status, there can be a need to check, supervise or critically observe.
Note 2 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.19
nonconformity
non-fulfilment of a requirement (3.28)
Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.20
objective
result to be achieved
Note 1 to entry: An objective can be strategic, tactical, or operational.
4 © ISO 2019 – All rights reserved
SIST TEST
SIST EN ISO 22301:2020
ISO 22301:2019(E)
Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and
environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and
process (3.26)).
Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an
operational criterion, as a business continuity (3.3) objective, or by the use of other words with similar meaning
(e.g. aim, goal, or target).
Note 4 to entry: In the context of business continuity management systems (3.16), business continuity objectives
are set by the organization (3.21), consistent with the business continuity policy (3.24), to achieve specific results.
Note 5 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.21
organization
person or group of people that has its own functions with responsibilities, authorities and relationships
to achieve its objectives (3.20)
Note 1 to entry: The concept of organization includes, but is not limited to, sole-trader, company, corporation, firm,
enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated
or not, public or private.
Note 2 to entry: For organizations with more than one operating unit, a single operating unit can be defined as an
organization.
Note 3 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards. The original definition has been modified by adding Note 2 to entry.
3.22
outsource
make an arrangement where an external organization (3.21) performs part of an organization’s function
or process (3.26)
Note 1 to entry: An external organization is outside the scope of the management system (3.16), although the
outsourced function or process is within the scope.
Note 2 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.23
performance
measurable result
Note 1 to entry: Performance can relate either to quantitative or qualitative findings.
Note 2 to entry: Performance can relate to managing activities (3.1), processes (3.26), products (including
services), systems or organizations (3.21).
Note 3 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.24
policy
intentions and direction of an organization (3.21), as formally expressed by its top management (3.31)
Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
SIST TEST
SIST EN ISO 22301:2020
ISO 22301:2019(E)
3.25
prioritized activity
activity (3.1) to which urgency is given in order to avoid unacceptable impacts (3.13) to the business
during a disruption (3.10)
[SOURCE: ISO 22300:2018, 3.176, modified — The definition has been replaced and Note 1 to entry has
been deleted.]
3.26
process
set of interrelated or interacting activities (3.1) which transforms inputs into outputs
Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.27
product and service
output or outcome provided by an organization (3.21) to interested parties (3.15)
EXAMPLE Manufactured items, car insurance, community nursing.
[SOURCE: ISO 22300:2018, 3.181, modified — The term "product and service" has replaced "product or
service" and the definition has been replaced.]
3.28
requirement
need or expectation that is stated, generally implied or obligatory
Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization (3.21) and
interested parties (3.15) that the need or expectation under consideration is implied.
Note 2 to entry: A specified requirement is one that is stated, e.g. in documented information (3.11).
Note 3 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards.
3.29
resource
all assets (including plant and equipment), people, skills, technology, premises, and supplies and
information (whether electronic or not) that an organization (3.21) has to have available to use, when
needed, in order to operate and meet its objective (3.20)
[SOURCE: ISO 22300:2018, 3.193, modified — The definition has been replaced.]
3.30
risk
effect of uncertainty on objectives (3.20)
Note 1 to entry: An effect is a deviation from the expected — positive or negative.
Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or
knowledge of, an event, its consequence, or likelihood.
Note 3 to entry: Risk is often characterized by reference to potential “events” (as defined in ISO Guide 73) and
“consequences” (as defined in ISO Guide 73), or a combination of these.
Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including
changes in circumstances) and the associated likelihood (as defined in ISO Guide 73) of occurrence.
Note 5 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO
management system standards. The definition has been modified to add "on objectives" to be consistent with
ISO 31000.
6 © ISO 2019 – All rights reserved
SIST TEST
SIST EN ISO 22301:2020
ISO 22301:2019(E)
3.31
top management
person or group of people who directs and controls an organization (3.21) at the highest level
Note 1 to entry: Top management has the power to delegate authority and provide resources (3.29) within the
organization.
Note 2 to entry: If the scope of the management system (3.16) covers only part of an organization, then top
management refers to those who direct and control that part of the organization.
Note 3 to entry: This constitutes one of the common terms and core definitions of th
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...