iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

SIST EN ISO 22301:2020

(Main)

Security and resilience - Business continuity management systems - Requirements (ISO 22301:2019)

Security and resilience - Business continuity management systems - Requirements (ISO 22301:2019)

This document specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise. The requirements specified in this document are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization’s operating environment and complexity. This document is applicable to all types and sizes of organizations that: a) implement, maintain and improve a BCMS; b) seek to ensure conformity with stated business continuity policy; c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption; d) seek to enhance their resilience through the effective application of the BCMS. This document can be used to assess an organization’s ability to meet its own business continuity needs and obligations.

Sicherheit und Schutz des Gemeinwesens - Business Continuity Management System - Anforderungen (ISO 22301:2019)

Dieses Dokument legt Anforderungen fest, um ein Managementsystem zu verwirklichen, aufrechtzuerhalten und zu verbessern, um sich gegen Störungen zu schützen, die Wahrscheinlichkeit ihres Auftretens zu vermindern, sich auf diese vorzubereiten, auf diese zu reagieren und sich von diesen zu erholen, wann immer sie auftreten.
Die in diesem Dokument aufgeführten Anforderungen sind allgemeiner Art und dafür vorgesehen, für sämtliche Organisationen oder Teile dieser, unabhängig von ihrer Art, Größe oder Beschaffenheit zu gelten. Der Umfang der Anwendung dieser Anforderungen ist von der betrieblichen Umgebung und der Komplexität der jeweiligen Organisation abhängig.
Dieses Dokument gilt für sämtliche Arten und Größen von Organisationen, die:
a) ein BCMS verwirklichen, aufrechterhalten und verbessern wollen;
b) eine Übereinstimmung mit der erklärten Politik zur Aufrechterhaltung der Betriebsfähigkeit sicherstellen wollen;
c) die Fähigkeit benötigen, die Belieferung mit Produkten und Dienstleistungen mit einer akzeptablen, zuvor festgelegten Kapazität während einer Störung fortzusetzen;
d) anstreben, ihre Resilienz durch die effektive Anwendung des BCMS zu verbessern.
Dieses Dokument kann dazu genutzt werden, die Befähigung einer Organisation zur Erfüllung ihrer eigenen Erfordernissen und Verpflichtungen in Bezug auf die Aufrechterhaltung der Betriebsfähigkeit zu bewerten.

écurité et résilience - Systèmes de management de la continuité d'activité - Exigences (ISO 22301:2019)

Le présent document spécifie les exigences pour mettre en œuvre, maintenir et améliorer un système de management afin de se protéger contre les perturbations, réduire la vraisemblance de leur survenance, s'y préparer, y répondre et se rétablir lorsqu'elles se produisent.
Les exigences spécifiées dans le présent document sont génériques et prévues pour être applicables à tous les organismes, ou à des parties de ceux-ci, indépendamment du type, de la taille et de la nature de l'organisme. Le champ d'application de ces exigences dépend de l'environnement et de la complexité de fonctionnement de l'organisme.
Le présent document est applicable à tous les types et toutes les tailles d'organismes qui:
a)    mettent en œuvre, maintiennent et améliorent un SMCA;
b)    cherchent à assurer la conformité à la politique de continuité d'activité déclarée;
c)    ont besoin d'être aptes à poursuivre la livraison de produits et la fourniture de services à un niveau de capacité acceptable et préalablement défini durant une perturbation;
d)    cherchent à améliorer leur résilience à travers l'application efficace du SMCA.
Le présent document peut être utilisé pour apprécier l'aptitude d'un organisme à satisfaire ses propres besoins et obligations en matière de continuité d'activité.

Varnost in vzdržljivost - Sistem vodenja neprekinjenosti poslovanja - Zahteve (ISO 22301:2019)

Ta dokument določa zahteve za izvajanje, vzdrževanje in izboljševanje sistema vodenja za zaščito pred prekinitvami poslovanja, zmanjševanjem možnosti njihovega pojava, pripravo nanje, odziv nanje in obnovitev poslovanja, kadar pride do prekinitev. Zahteve, določene v tem dokumentu, so splošne in so namenjene uporabi v vseh organizacijah ali njihovih delih, in sicer ne glede na vrsto, velikost in naravo organizacije. Obseg uporabe teh zahtev je odvisen od delovnega okolja in kompleksnosti organizacije. Ta dokument se uporablja za vse vrste in velikosti organizacij, ki: a) izvajajo, vzdržujejo in izboljšujejo sistem vodenja neprekinjenosti poslovanja; b) stremijo k zagotavljanju skladnosti z veljavnim pravilnikom o neprekinjenosti poslovanja; c) morajo biti zmožne nadaljevati dobavo izdelkov in storitev na sprejemljivi predhodno določeni ravni zmogljivosti med prekinitvijo; d) iščejo priložnosti za povečanje svoje odpornosti na podlagi učinkovite uporabe sistema vodenja neprekinjenosti poslovanja. Ta dokument se lahko uporablja za oceno sposobnosti organizacije za izpolnjevanje svojih potreb in obveznosti glede neprekinjenosti poslovanja.

General Information

Status
Published
Public Enquiry End Date
31-Mar-2019
Publication Date
24-Nov-2019
ICS
03.100.01 - Company organization and management in general
03.100.70 - Management systems
Technical Committee
I13 - Imaginarni 13
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
20-Nov-2019
Due Date
25-Jan-2020
Completion Date
25-Nov-2019
Ref Project
EN ISO 22301:2019 - Security and resilience - Business continuity management systems - Requirements (ISO 22301:2019)

Relations

Revised
SIST EN ISO 22301:2014 - Societal security - Business continuity management systems - Requirements (ISO 22301:2012)
Effective Date
06-Dec-2017
Replaces
SIST EN ISO 22301:2014 - Societal security - Business continuity management systems - Requirements (ISO 22301:2012)
Effective Date
13-Nov-2019
Replaces
SIST EN ISO 22301:2014 - Societal security - Business continuity management systems - Requirements (ISO 22301:2012)
Effective Date
08-Jun-2022

Buy Standard

EN ISO 22301:2020EN ISO 22301:2020
PreviousNext
Standard
EN ISO 22301:2020
English language
32 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
prEN ISO 22301:2019prEN ISO 22301:2019
PreviousNext
Draft
prEN ISO 22301:2019
English language
32 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN ISO 22301:2020
01-januar-2020
Nadomešča:
SIST EN ISO 22301:2014
Varnost in vzdržljivost - Sistem vodenja neprekinjenosti poslovanja - Zahteve (ISO
22301:2019)
Security and resilience - Business continuity management systems - Requirements (ISO
22301:2019)
Sicherheit und Schutz des Gemeinwesens - Business Continuity Management System -
Anforderungen (ISO 22301:2019)
écurité et résilience - Systèmes de management de la continuité d'activité - Exigences
(ISO 22301:2019)
Ta slovenski standard je istoveten z: EN ISO 22301:2019
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
03.100.70 Sistemi vodenja Management systems
SIST EN ISO 22301:2020 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN ISO 22301:2020

---------------------- Page: 2 ----------------------
SIST EN ISO 22301:2020


EN ISO 22301
EUROPEAN STANDARD

NORME EUROPÉENNE

November 2019
EUROPÄISCHE NORM
ICS 03.100.01; 03.100.70 Supersedes EN ISO 22301:2014
English Version

Security and resilience - Business continuity management
systems - Requirements (ISO 22301:2019)
Sécurité et résilience - Systèmes de management de la Sicherheit und Resilienz - Business Continuity
continuité d'activité - Exigences (ISO 22301:2019) Management System - Anforderungen (ISO
22301:2019)
This European Standard was approved by CEN on 14 October 2019.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2019 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 22301:2019 E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------
SIST EN ISO 22301:2020
EN ISO 22301:2019 (E)
Contents Page
European foreword . 3

2

---------------------- Page: 4 ----------------------
SIST EN ISO 22301:2020
EN ISO 22301:2019 (E)
European foreword
This document (EN ISO 22301:2019) has been prepared by Technical Committee ISO/TC 292 "Security
and resilience" in collaboration with Technical Committee CEN/TC 391 “Societal and Citizen Security”
the secretariat of which is held by AFNOR.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by May 2020, and conflicting national standards shall be
withdrawn at the latest by May 2020.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN ISO 22301:2014.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the
United Kingdom.
Endorsement notice
The text of ISO 22301:2019 has been approved by CEN as EN ISO 22301:2019 without any modification.


3

---------------------- Page: 5 ----------------------
SIST EN ISO 22301:2020

---------------------- Page: 6 ----------------------
SIST EN ISO 22301:2020
INTERNATIONAL ISO
STANDARD 22301
Second edition
2019-10
Security and resilience — Business
continuity management systems —
Requirements
Sécurité et résilience — Systèmes de management de la continuité
d'activité — Exigences
Reference number
ISO 22301:2019(E)
©
ISO 2019

---------------------- Page: 7 ----------------------
SIST EN ISO 22301:2020
ISO 22301:2019(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved

---------------------- Page: 8 ----------------------
SIST EN ISO 22301:2020
ISO 22301:2019(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 7
4.1 Understanding the organization and its context . 7
4.2 Understanding the needs and expectations of interested parties . 7
4.2.1 General. 7
4.2.2 Legal and regulatory requirements . 7
4.3 Determining the scope of the business continuity management system . 7
4.3.1 General. 7
4.3.2 Scope of the business continuity management system . 8
4.4 Business continuity management system . 8
5 Leadership . 8
5.1 Leadership and commitment . 8
5.2 Policy . 8
5.2.1 Establishing the business continuity policy . 8
5.2.2 Communicating the business continuity policy . 9
5.3 Roles, responsibilities and authorities . 9
6 Planning . 9
6.1 Actions to address risks and opportunities . 9
6.1.1 Determining risks and opportunities . 9
6.1.2 Addressing risks and opportunities . 9
6.2 Business continuity objectives and planning to achieve them . 9
6.2.1 Establishing business continuity objectives . 9
6.2.2 Determining business continuity objectives.10
6.3 Planning changes to the business continuity management system .10
7 Support .10
7.1 Resources .10
7.2 Competence .10
7.3 Awareness .11
7.4 Communication .11
7.5 Documented information .11
7.5.1 General.11
7.5.2 Creating and updating .11
7.5.3 Control of documented information .12
8 Operation .12
8.1 Operational planning and control .12
8.2 Business impact analysis and risk assessment .12
8.2.1 General.12
8.2.2 Business impact analysis .13
8.2.3 Risk assessment . .13
8.3 Business continuity strategies and solutions .13
8.3.1 General.13
8.3.2 Identification of strategies and solutions .13
8.3.3 Selection of strategies and solutions .14
8.3.4 Resource requirements .14
8.3.5 Implementation of solutions .14
8.4 Business continuity plans and procedures .14
8.4.1 General.14
© ISO 2019 – All rights reserved iii

---------------------- Page: 9 ----------------------
SIST EN ISO 22301:2020
ISO 22301:2019(E)

8.4.2 Response structure .15
8.4.3 Warning and communication .15
8.4.4 Business continuity plans .16
8.4.5 Recovery .17
8.5 Exercise programme .17
8.6 Evaluation of business continuity documentation and capabilities .17
9 Performance evaluation .17
9.1 Monitoring, measurement, analysis and evaluation .17
9.2 Internal audit .18
9.2.1 General.18
9.2.2 Audit programme(s) .18
9.3 Management review .18
9.3.1 General.18
9.3.2 Management review input .18
9.3.3 Management review outputs .19
10 Improvement .19
10.1 Nonconformity and corrective action .19
10.2 Continual improvement .20
Bibliography .21
iv © ISO 2019 – All rights reserved

---------------------- Page: 10 ----------------------
SIST EN ISO 22301:2020
ISO 22301:2019(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 292, Security and resilience.
This second edition cancels and replaces the first edition (ISO 22301:2012), which has been technically
revised. The main changes compared with the previous edition are as follows:
— ISO’s requirements for management system standards, which have evolved since 2012, have been
applied;
— requirements have been clarified, with no new requirements added;
— discipline-specific business continuity requirements are now almost entirely within Clause 8;
— Clause 8 has been re-structured to provide a clearer understanding of the key requirements;
— a number of discipline-specific business continuity terms have been modified to improve clarity
and to reflect current thinking.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2019 – All rights reserved v

---------------------- Page: 11 ----------------------
SIST EN ISO 22301:2020
ISO 22301:2019(E)

Introduction
0.1  General
This document specifies the structure and requirements for implementing and maintaining a business
continuity management system (BCMS) that develops business continuity appropriate to the amount
and type of impact that the organization may or may not accept following a disruption.
The outcomes of maintaining a BCMS are shaped by the organization’s legal, regulatory, organizational
and industry requirements, products and services provided, processes employed, size and structure of
the organization, and the requirements of its interested parties.
A BCMS emphasizes the importance of:
— understanding the organization’s needs and the necessity for establishing business continuity
policies and objectives;
— operating and maintaining processes, capabilities and response structures for ensuring the
organization will survive disruptions;
— monitoring and reviewing the performance and effectiveness of the BCMS;
— continual improvement based on qualitative and quantitative measures.
A BCMS, like any other management system, includes the following components:
a) a policy;
b) competent people with defined responsibilities;
c) management processes relating to:
1) policy;
2) planning;
3) implementation and operation;
4) performance assessment;
5) management review;
6) continual improvement;
d) documented information supporting operational control and enabling performance evaluation.
0.2 Benefits of a business continuity management system
The purpose of a BCMS is to prepare for, provide and maintain controls and capabilities for managing
an organization’s overall ability to continue to operate during disruptions. In achieving this, the
organization is:
a) from a business perspective:
1) supporting its strategic objectives;
2) creating a competitive advantage;
3) protecting and enhancing its reputation and credibility;
vi © ISO 2019 – All rights reserved

---------------------- Page: 12 ----------------------
SIST EN ISO 22301:2020
ISO 22301:2019(E)

4) contributing to organizational resilience;
b) from a financial perspective:
1) reducing legal and financial exposure;
2) reducing direct and indirect costs of disruptions;
c) from the perspective of interested parties:
1) protecting life, property and the environment;
2) considering the expectations of interested parties;
3) providing confidence in the organization’s ability to succeed;
d) from an internal processes perspective:
1) improving its capability to remain effective during disruptions;
2) demonstrating proactive control of risks effectively and efficiently;
3) addressing operational vulnerabilities.
0.3  Plan-Do-Check-Act (PDCA) cycle
This document applies the Plan (establish), Do (implement and operate), Check (monitor and review)
and Act (maintain and improve) (PDCA) cycle to implement, maintain and continually improve the
effectiveness of an organization’s BCMS.
This ensures a degree of consistency with other management systems standards, such as ISO 9001,
ISO 14001, ISO/IEC 20000-1, ISO/IEC 27001 and ISO 28000, thereby supporting consistent and
integrated implementation and operation with related management systems.
In accordance with the PDCA cycle, Clauses 4 to 10 cover the following components.
— Clause 4 introduces the requirements necessary to establish the context of the BCMS applicable to
the organization, as well as needs, requirements and scope.
— Clause 5 summarizes the requirements specific to top management’s role in the BCMS, and how
leadership articulates its expectations to the organization via a policy statement.
— Clause 6 describes the requirements for establishing strategic objectives and guiding principles for
the BCMS as a whole.
— Clause 7 supports BCMS operations related to establishing competence and communication on a
recurring/as-needed basis with interested parties, while documenting, controlling, maintaining
and retaining required documented information.
— Clause 8 defines business continuity needs, determines how to address them and develops
procedures to manage the organization during a disruption.
— Clause 9 summarizes the requirements necessary to measure business continuity performance,
BCMS conformity with this document, and to conduct management review.
— Clause 10 identifies and acts on BCMS nonconformity and continual improvement through
corrective action.
0.5  Contents of this document
This document conforms to ISO’s requirements for management system standards. These requirements
include a high level structure, identical core text and common terms with core definitions, designed to
benefit users implementing multiple ISO management system standards.
© ISO 2019 – All rights reserved vii

---------------------- Page: 13 ----------------------
SIST EN ISO 22301:2020
ISO 22301:2019(E)

This document does not include requirements specific to other management systems, though its
elements can be aligned or integrated with those of other management systems.
This document contains requirements that can be used by an organization to implement a BCMS and to
assess conformity. An organization that wishes to demonstrate conformity to this document can do so by:
— making a self-determination and self-declaration; or
— seeking confirmation of its conformity by parties having an interest in the organization, such as
customers; or
— seeking confirmation of its self-declaration by a party external to the organization; or
— seeking certification/registration of its BCMS by an external organization.
Clauses 1 to 3 in this document set out the scope, normative references and terms and definitions
that apply to the use of this document. Clauses 4 to 10 contain the requirements to be used to assess
conformity to this document.
In this document, the following verbal forms are used:
a) “shall” indicates a requirement;
b) “should” indicates a recommendation;
c) “may” indicates a permission;
d) “can” indicates a possibility or a capability.
Information marked as “NOTE” is for guidance in understanding or clarifying the associated
requirement. “Notes to entry” used in Clause 3 provide additional information that supplements the
terminological data and can contain provisions relating to the use of a term.
viii © ISO 2019 – All rights reserved

---------------------- Page: 14 ----------------------
SIST EN ISO 22301:2020
INTERNATIONAL STANDARD ISO 22301:2019(E)
Security and resilience — Business continuity
management systems — Requirements
1 Scope
This document specifies requirements to implement, maintain and improve a management system to
protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from
disruptions when they arise.
The requirements specified in this document are generic and intended to be applicable to all
organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of
application of these requirements depends on the organization’s operating environment and complexity.
This document is applicable to all types and sizes of organizations that:
a) implement, maintain and improve a BCMS;
b) seek to ensure conformity with stated business continuity policy;
c) need to be able to continue to deliver products and services at an acceptable predefined capacity
during a disruption;
d) seek to enhance their resilience through the effective application of the BCMS.
This document can be used to assess an organization’s ability to meet its own business continuity needs
and obligations.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 22300, Security and resilience — Vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 22300 and th
...

SLOVENSKI STANDARD
oSIST prEN ISO 22301:2019
01-marec-2019
Varnost in vzdržljivost - Sistem vodenja neprekinjenosti poslovanja - Zahteve
(ISO/DIS 22301:2019)
Security and resilience - Business continuity management systems - Requirements
(ISO/DIS 22301:2019)
Sicherheit und Schutz des Gemeinwesens - Business Continuity Management System -
Anforderungen (ISO/DIS 22301:2019)
écurité et résilience - Systèmes de management de la continuité d'activité - Exigences
(ISO/DIS 22301:2019)
Ta slovenski standard je istoveten z: prEN ISO 22301
ICS:
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
03.100.70 Sistemi vodenja Management systems
oSIST prEN ISO 22301:2019 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN ISO 22301:2019

---------------------- Page: 2 ----------------------
oSIST prEN ISO 22301:2019
DRAFT INTERNATIONAL STANDARD
ISO/DIS 22301
ISO/TC 292 Secretariat: SIS
Voting begins on: Voting terminates on:
2019-01-03 2019-03-28
Security and resilience — Business continuity
management systems — Requirements
Sécurité et résilience — Systèmes de management de la continuité d'activité — Exigences
ICS: 03.100.01; 03.100.70
THIS DOCUMENT IS A DRAFT CIRCULATED
This document is circulated as received from the committee secretariat.
FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
NOT BE REFERRED TO AS AN INTERNATIONAL
STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
ISO/CEN PARALLEL PROCESSING
BEING ACCEPTABLE FOR INDUSTRIAL,
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
Reference number
NATIONAL REGULATIONS.
ISO/DIS 22301:2019(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
©
PROVIDE SUPPORTING DOCUMENTATION. ISO 2019

---------------------- Page: 3 ----------------------
oSIST prEN ISO 22301:2019
ISO/DIS 22301:2019(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved

---------------------- Page: 4 ----------------------
oSIST prEN ISO 22301:2019
ISO/DIS 22301:2019(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization .10
4.1 Understanding of the organization and its context .10
4.2 Understanding the needs and expectations of interested parties .10
4.2.1 General.10
4.2.2 Legal and regulatory requirements .10
4.3 Determining the scope of the business continuity management system .10
4.3.1 General.10
4.3.2 Scope of the BCMS .11
4.4 Business continuity management system .11
5 Leadership .11
5.1 Leadership and commitment .11
5.2 Policy .11
5.2.1 Top management shall establish a business continuity policy that: .11
5.2.2 The business continuity policy shall: .12
5.3 Organizational roles, responsibilities and authorities.12
6 Planning .12
6.1 Actions to address risks and opportunities .12
6.2 Business continuity objectives and planning to achieve them .12
6.3 Planning of changes to the BCMS .13
7 Support .13
7.1 Resources .13
7.2 Competence .13
7.3 Awareness .14
7.4 Communication .14
7.5 Documented information .14
7.5.1 General.14
7.5.2 Creating and updating .14
7.5.3 Control of documented information .15
8 Operation .15
8.1 Operational planning and control .15
8.2 Business impact analysis and risk assessment .15
8.2.1 General.15
8.2.2 Business impact analysis .16
8.2.3 Risk assessment . .16
8.3 Business continuity strategies and solutions .16
8.3.1 General.16
8.3.2 Identification and selection of strategies and solutions .17
8.3.3 Resource requirements .17
8.3.4 Implementation of solutions .17
8.4 Business continuity plans and procedures .17
8.4.1 General.17
8.4.2 Response structure .18
8.4.3 Warning and communication .18
8.4.4 Business continuity plans .19
8.4.5 Recovery .19
8.5 Exercise programme .20
© ISO 2019 – All rights reserved iii

---------------------- Page: 5 ----------------------
oSIST prEN ISO 22301:2019
ISO/DIS 22301:2019(E)

9 Performance evaluation .20
9.1 Monitoring, measurement, analysis and evaluation .20
9.1.1 General.20
9.1.2 Evaluation of business continuity plans, procedures and capabilities .20
9.2 Internal audit .21
9.2.1 The organization shall: .21
9.3 Management review .21
9.3.1 General.21
9.3.2 Management review input .21
9.3.3 Management review outputs .22
10 Improvement .22
10.1 Nonconformity and corrective action .22
10.2 Continual improvement .23
Bibliography .24
iv © ISO 2019 – All rights reserved

---------------------- Page: 6 ----------------------
oSIST prEN ISO 22301:2019
ISO/DIS 22301:2019(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www .iso .org/iso/foreword .html.
ISO 22301 was prepared by Technical Committee ISO/TC 292, Security and resilience.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
© ISO 2019 – All rights reserved v

---------------------- Page: 7 ----------------------
oSIST prEN ISO 22301:2019
ISO/DIS 22301:2019(E)

Introduction
0.1 General
This document specifies the structure and requirements for implementing and maintaining an effective
business continuity management system (BCMS).
An organization should develop business continuity that is appropriate to the magnitude and type of
impact that it may or may not accept following a disruption. The outcomes of maintaining a BCMS are
shaped by the organization’s legal, regulatory, organizational and industry requirements, products and
services provided, processes employed, size and structure of the organization, and the requirements of
its interested parties.
A BCMS emphasizes the importance of:
understanding the organization's needs and the necessity for establishing business continuity policies
and objectives;
operating and maintaining processes, capabilities and response structures for ensuring the organization
will survive disruptions;
monitoring and reviewing the performance and effectiveness of the BCMS;
continual improvement based on qualitative and quantitative measures.
A BCMS, like any other management system, includes the following components:
a) a policy;
b) competent people with defined responsibilities;
c) management processes relating to:
policy;
planning;
implementation and operation;
performance assessment;
management review;
continual improvement;
d) documented information supporting operational control and enabling performance evaluation.
0.2 Benefits of a BCMS
The BCMS is to prepare for, provide and maintain controls and capabilities for managing an organization’s
overall ability to continue to operate during disruptions. In achieving this, the organization is:
a) from a business perspective:
— supporting its strategic objectives;
— creating a competitive advantage;
— protecting and enhancing its reputation and credibility;
— contributing to organizational resilience;
b) from a financial perspective:
vi © ISO 2019 – All rights reserved

---------------------- Page: 8 ----------------------
oSIST prEN ISO 22301:2019
ISO/DIS 22301:2019(E)

— making business partners confident in its success;
— reducing legal and financial exposure;
— reducing direct and indirect costs of disruptions;
c) from the perspective of interested parties:
— protecting life, property and environment;
— considering the expectations of interested parties;
d) from an internal processes perspective:
— improving its capability to remain effective during disruptions;
— demonstrating proactive control of risks effectively and efficiently;
— addressing operational vulnerabilities.
0.3 The Plan-Do-Check-Act (PDCA) model
This document applies the “Plan-Do-Check-Act” (PDCA) model to planning, establishing, implementing,
operating, monitoring, reviewing, maintaining and continually improving the effectiveness of an
organization's BCMS.
This ensures a degree of consistency with other management systems standards, such as ISO 9001
Quality management systems, ISO 14001, Environmental management systems, ISO/IEC 27001, Information
security management systems, ISO/IEC 20000-1, Information technology – Service management, and
ISO 28000, Specification for security management systems for the supply chain, thereby supporting
consistent and integrated implementation and operation with related management systems.
0.4 Components of PDCA in this document
In the PDCA model, Clause 4 through Clause 10 in this document cover the following components.
Clause 4 is a component of Plan. It introduces requirements necessary to establish the context of the
BCMS as it applies to the organization, as well as needs, requirements, and scope.
Clause 5 is a component of Plan. It summarizes the requirements specific to top management's role in
the BCMS, and how leadership articulates its expectations to the organization via a policy statement.
Clause 6 is a component of Plan. It describes requirements as it relates to establishing strategic
objectives and guiding principles for the BCMS as a whole.
Clause 7 is a component of Plan. It supports BCMS operations as they relate to establishing competence
and communication on a recurring/as-needed basis with interested parties, while documenting,
controlling, maintaining and retaining required documented information.
Clause 8 is a component of Do. It defines business continuity needs, determines how to address them
and develops the procedures to manage the organization during a disruption.
Clause 9 is a component of Check. It summarizes requirements necessary to measure business
continuity performance, BCMS compliance with this document and management review.
Clause 10 is a component of Act. It identifies and acts on BCMS non-conformance and continual
improvement through corrective action.
0.5 Contents of this document
This document conforms to ISO’s requirements for management system standards. These requirements
include a high-level structure, identical core text, and common terms with core definitions, designed to
benefit users implementing multiple ISO management system standards.
© ISO 2019 – All rights reserved vii

---------------------- Page: 9 ----------------------
oSIST prEN ISO 22301:2019
ISO/DIS 22301:2019(E)

This document does not include requirements specific to other management systems, though its
elements can be aligned or integrated with those of other management systems.
This document contains requirements that can be used by an organization to implement a BCMS and to
assess conformity. An organization that wishes to demonstrate conformity to this document can do so by:
making a self-determination and self-declaration, or
seeking confirmation of its conformity by parties having an interest in the organization, such as
customers, or
seeking confirmation of its self-declaration by a party external to the organization, or
seeking certification/registration of its BCMS by an external organization.
Clauses 1 to 3 in this document set out the scope, normative references and terms and definitions which
apply to the use of this document, while Clauses 4 to 10 contain the requirements to be used to assess
conformity to this document.
In this document, the following verbal forms are used:
a) ‘shall’ indicates a requirement;
b) ‘should’ indicates a recommendation;
c) ‘may’ indicates a permission;
d) ‘can’ indicates a possibility or a capability.
Information marked as “NOTE” is for guidance in understanding or clarifying the associated
requirement. “Notes to entry” used in Clause 3 provide additional information that supplements the
terminological data and can contain provisions relating to the use of a term.
viii © ISO 2019 – All rights reserved

---------------------- Page: 10 ----------------------
oSIST prEN ISO 22301:2019
DRAFT INTERNATIONAL STANDARD ISO/DIS 22301:2019(E)
Security and resilience — Business continuity
management systems — Requirements
1 Scope
This document specifies requirements to plan, establish, implement, operate, monitor, review, maintain
and continually improve a management system to protect against, reduce the likelihood of occurrence,
prepare for, respond to, and recover from disruptions when they arise.
The requirements specified in this document are generic and intended to be applicable to all
organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of
application of these requirements depends on the organization's operating environment and complexity.
This document is applicable to all types and sizes of organizations that:
a) implement maintain and improve a BCMS;
b) seek to ensure conformity with stated business continuity policy;
c) need an ability to continue delivery of products and services at acceptable predefined capacity
during a disruption;
d) seek to enhance their resilience through the effective application of the BCMS.
This document can be used to assess an organization's ability to meet its own business continuity needs
and obligations.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online Browsing Platform: Available at http: //www .iso .org/obp
— IEC Electropedia: Available at http: //www .electropedia .org
3.1
activity
a set of one or more tasks with a defined output
[SOURCE: ISO 22300:2018, 3.1, modified. Note to entry deleted.]
3.2
audit
systematic, independent and documented process (3.40) for obtaining audit evidence and evaluating it
objectively to determine the extent to which the audit criteria are fulfilled
Note 1 to entry: The fundamental elements of an audit include the determination of the conformity (3.8) of an
object (3.29) according to a procedure (3.39) carried out by personnel (3.35) not being responsible for the object
audited.
© ISO 2019 – All rights reserved 1

---------------------- Page: 11 ----------------------
oSIST prEN ISO 22301:2019
ISO/DIS 22301:2019(E)

Note 2 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party),
and it can be a combined audit (combining two or more disciplines).
Note 3 to entry: An internal audit is conducted by the organization or by an external party on its behalf. Internal
audit can be for management (3.24) review (3.47) and other internal purposes, and can form the basis for an
organization’s declaration of conformity. Independence can be demonstrated by the freedom from responsibility
for the activity (3.1) being audited.
Note 4 to entry: External audits include those generally called second- and third-party audits. Second-party
audits are conducted by parties having an interest in the organization, such as customers, or by other persons
on their behalf. Third-party audits are conducted by external, independent auditing organizations such as those
providing certification/registration of conformity or government agencies.
Note 5 to entry: to entry “Audit evidence” and “audit criteria” are defined in ISO 19011.
[SOURCE: ISO 22300:2018, 3.13, modified. Notes to entry 5, 6 and 8 deleted.]
3.3
business continuity
capability of an organization (3.31) to continue delivery of products and services (3.41) within acceptable
time frames at predefined capacity relating to a disruption (3.12)
[SOURCE: ISO 22300:2018, 3.24, modified.]
3.4
business continuity management system
BCMS
management system (3.25) for business continuity (3.3)
Note 1 to entry: The management system includes organizational structure, policies, planning (3.36) activities
(3.1), responsibilities, procedures (3.39), processes (3.40) and resources
[SOURCE: ISO 22300:2018, 3.26, modified]
3.5
business continuity plan
documented information (3.13) that guides an organization (3.31) to respond to a disruption (3.12)
and resume, recover and restore the delivery of products and services consistent with its business
continuity objectives
[SOURCE: ISO 22300:2018, 3.27, modified. Note 1 to entry deleted.]
3.6
business impact analysis
process (3.40) of analyzing the impact (3.18) of a disruption (3.12) on the organization (3.31)
Note 1 to entry: The outcome is a statement and justification of business continuity (3.3) requirements (3.45).
[SOURCE: ISO 22300:2018, 3.29, modified. Note 1 to entry added.]
3.7
competence
ability to apply knowledge and skills to achieve intended results
[SOURCE: ISO 22300:2018, 3.44.]
3.8
conformity
fulfilment of a requirement (3.45)
[SOURCE: ISO 22300:2018, 3.45.]
2 © ISO 2019 – All rights reserved

---------------------- Page: 12 ----------------------
oSIST prEN ISO 22301:2019
ISO/DIS 22301:2019(E)

3.9
consequence
outcome of an event (3.16) affecting objectives (3.30)
Note 1 to entry: A consequence can be certain or uncertain and can have positive or negative direct or indirect
effects on objectives.
Note 2 to entry: Consequences can be expressed qualitatively or quantitatively.
Note 3 to entry: Any consequence can escalate through cumulative effects.
[SOURCE: ISO 31000:2018, 3.6.]
3.10
continual improvement
recurring activity (3.1) to enhance performance (3.33)
[SOURCE: ISO 22300:2018, 3.48.]
3.11
corrective action
action to eliminate the cause of a nonconformity (3.28) and to prevent recurrence
Note 1 to entry: In the case of other undesirable outcomes, action is necessary to minimize or eliminate causes
and to reduce impact (3.18) or preve
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST EN ISO 56002:2021(Main)
Innovation management - Innovation management system - Guidance (ISO 56002:2019)
EN ISO 56002:2021

1.1 This document provides guidance for the establishment, implementation, maintenance, and continual improvement of an innovation management system for use in all established organizations. It is applicable to:
a) organizations seeking sustained success by developing and demonstrating their ability to effectively manage innovation activities to achieve the intended outcomes;
b) users, customers, and other interested parties, seeking confidence in the innovation capabilities of an organization;
c) organizations and interested parties seeking to improve communication through a common understanding of what constitutes an innovation management system;
d) providers of training in, assessment of, or consultancy for, innovation management and innovation management systems;
e) policy makers, aiming for higher effectiveness of support programs targeting the innovation capabilities and competitiveness of organizations and the development of society.
1.2 All the guidance within this document is generic and intended to be applicable to:
a) all types of organizations, regardless of type, sector, or size. The focus is on established organizations, with the understanding that both temporary organizations and start-ups can also benefit by applying these guidelines in all or in part;
b) all types of innovations, e.g. product, service, process, model, and method, ranging from incremental to radical;
c) all types of approaches, e.g. internal and open innovation, user-, market-, technology-, and design-driven innovation activities.
It does not describe detailed activities within the organization, but rather provides guidance at a general level. It does not prescribe any requirements or specific tools or methods for innovation activities.

  • Standard
    38 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    35 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 22313:2020(Main)
Security and resilience - Business continuity management systems - Guidance on the use of ISO 22301 (ISO 22313:2020)
EN ISO 22313:2020

ISO 22313 gives guidance and recommendations for applying the requirements of the business continuity management system (BCMS) given in ISO 22301. The guidance and recommendations are based on good international practice.This document is applicable to organizations that:a) implement, maintain and improve a BCMS;b) seek to ensure conformity with stated business continuity policy;c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption;d) seek to enhance their resilience through the effective application of the BCMS.The guidance and recommendations are applicable to all sizes and types of organizations, including large, medium and small organizations operating in industrial, commercial, public and not-for-profit sectors. The approach adopted depends on the organization’s operating environment and complexity.

  • Standard
    70 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    67 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
oSIST prEN ISO 56008:2023(Main)
Innovation management - tools and methods for innovation operation measurements - Guidance (ISO/DIS 56008:2023)
prEN ISO 56008

Meaningful measurements that lead to timely learning, corrective actions and improvements are key to support the management of innovation activities in an organization to ensure its survival and beneficial evolution (i.e. enhanced competitiveness for businesses and/or enhanced effectiveness and relevance for public-oriented organizations).
This proposed Tools and Methods standard is complementary to the ISO56002 Innovation Management System standard. It will provide guidance for the definition, implementation, evaluation and further improvement of the measurements necessary to manage effectively innovation operations in an organization.
Specifically, this standard will guide:
- The planning for the alignment of innovation measurements to the organization’s strategy, operational objectives and innovation management system;
- The selection of indicators to measure the progress of innovation activities and performance of the innovation portfolio.
- The design of ways to measure each indicator (via quantitative or qualitative metrics) in a clear and actionable way;
- The choice of frequency and expected performance targets for innovation measurements;
- The provision of necessary support to undertake innovation measurements efficiently and manage their evolution: funding, people, infrastructure, legal aspects, documentation and communications;
- The evaluation of measurement results, taking corrective action, learning and communicating;
- The review and update of the organization’s innovation measurements in terms of effectiveness in achieving intended innovation results and minimizing risks.
The guidelines to innovation measurements provided by this standard will be useful for all types of organizations (irrespective of sector and size) and all types of innovations (independent of time horizons).
This standard provides guidance at a general level. While it gives some examples of measurements in use, it does not prescribe any specific tools, methods for innovation measurements or metrics.

  • Draft
    67 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST ISO 28000:2023(Main)
Security and resilience - Security management systems - Requirements
ISO 28000:2022

This document specifies requirements for a security management system, including aspects relevant to the supply chain.
This document is applicable to all types and sizes of organizations (e.g. commercial enterprises, government or other public agencies and non-profit organizations) which intend to establish, implement, maintain and improve a security management system. It provides a holistic and common approach and is not industry or sector specific.
This document can be used throughout the life of the organization and can be applied to any activity, internal or external, at all levels.

  • Standard
    27 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    20 pages
    English language
    sale 15% off
  • Draft
    20 pages
    English language
    sale 15% off
SIST
SIST ISO 37002:2021(Main)
Whistleblowing management systems - Guidelines
ISO 37002:2021

This document gives guidelines for establishing, implementing and maintaining an effective whistleblowing management system based on the principles of trust, impartiality and protection in the following four steps:
a) receiving reports of wrongdoing;
b) assessing reports of wrongdoing;
c) addressing reports of wrongdoing;
d) concluding whistleblowing cases.
The guidelines of this document are generic and intended to be applicable to all organizations, regardless of type, size, nature of activity, and whether in the public, private or not-for profit sectors.
The extent of application of these guidelines depends on the factors specified in 4.1, 4.2 and 4.3. The whistleblowing management system can be stand-alone or can be used as part of an overall management system.

  • Standard
    40 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    33 pages
    English language
    sale 15% off
  • Standard
    35 pages
    French language
    sale 15% off
  • Standard
    35 pages
    Spanish language
    sale 15% off
  • Draft
    32 pages
    English language
    sale 15% off
SIST
SIST ISO 37301:2021(Main)
Compliance management systems - Requirements with guidance for use
ISO 37301:2021

This document specifies requirements and provides guidelines for establishing, developing, implementing, evaluating, maintaining and improving an effective compliance management system within an organization.
This document is applicable to all types of organizations regardless of the type, size and nature of the activity, as well as whether the organization is from the public, private or non-profit sector.
All requirements specified in this document that refer to a governing body apply to top management in cases where an organization does not have a governing body as a separate function.

  • Standard
    48 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    40 pages
    English language
    sale 15% off
  • Standard
    44 pages
    French language
    sale 15% off
  • Standard
    44 pages
    French language
    sale 15% off
  • Standard
    44 pages
    Spanish language
    sale 15% off
  • Draft
    47 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    40 pages
    English language
    sale 15% off
SIST
SIST EN ISO 56002:2021(Main)
Innovation management - Innovation management system - Guidance (ISO 56002:2019)
EN ISO 56002:2021

1.1 This document provides guidance for the establishment, implementation, maintenance, and continual improvement of an innovation management system for use in all established organizations. It is applicable to:
a) organizations seeking sustained success by developing and demonstrating their ability to effectively manage innovation activities to achieve the intended outcomes;
b) users, customers, and other interested parties, seeking confidence in the innovation capabilities of an organization;
c) organizations and interested parties seeking to improve communication through a common understanding of what constitutes an innovation management system;
d) providers of training in, assessment of, or consultancy for, innovation management and innovation management systems;
e) policy makers, aiming for higher effectiveness of support programs targeting the innovation capabilities and competitiveness of organizations and the development of society.
1.2 All the guidance within this document is generic and intended to be applicable to:
a) all types of organizations, regardless of type, sector, or size. The focus is on established organizations, with the understanding that both temporary organizations and start-ups can also benefit by applying these guidelines in all or in part;
b) all types of innovations, e.g. product, service, process, model, and method, ranging from incremental to radical;
c) all types of approaches, e.g. internal and open innovation, user-, market-, technology-, and design-driven innovation activities.
It does not describe detailed activities within the organization, but rather provides guidance at a general level. It does not prescribe any requirements or specific tools or methods for innovation activities.

  • Standard
    38 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    35 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO 22313:2020(Main)
Security and resilience - Business continuity management systems - Guidance on the use of ISO 22301 (ISO 22313:2020)
EN ISO 22313:2020

ISO 22313 gives guidance and recommendations for applying the requirements of the business continuity management system (BCMS) given in ISO 22301. The guidance and recommendations are based on good international practice.This document is applicable to organizations that:a) implement, maintain and improve a BCMS;b) seek to ensure conformity with stated business continuity policy;c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption;d) seek to enhance their resilience through the effective application of the BCMS.The guidance and recommendations are applicable to all sizes and types of organizations, including large, medium and small organizations operating in industrial, commercial, public and not-for-profit sectors. The approach adopted depends on the organization’s operating environment and complexity.

  • Standard
    70 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    67 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST ISO 44001:2017
Collaborative business relationship management systems - Requirements and framework
ISO 44001:2017

This document specifies requirements for the effective identification, development and management of
collaborative business relationships within or between organizations.
This document is applicable to private and public organizations of all sizes, from large multinational
corporations and government organizations, to non-profit organizations and micro/small businesses.
Application of this document can be on several different levels, e.g.
— a single application (including operating unit, operating division, single project or programme,
mergers and acquisitions);
— an individual relationship (including one-to-one relationships, alliance, partnership, business
customers, joint venture);
— multiple identified relationships (including multiple partner alliances, consortia, joint ventures,
networks, extended enterprise arrangements and end-to-end supply chains);
— full application organization-wide for all identified relationship types.

  • Standard
    60 pages
    English language
    sale 15% off
  • Standard
    68 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
oSIST prEN ISO 56008:2023(Main)
Innovation management - tools and methods for innovation operation measurements - Guidance (ISO/DIS 56008:2023)
prEN ISO 56008

Meaningful measurements that lead to timely learning, corrective actions and improvements are key to support the management of innovation activities in an organization to ensure its survival and beneficial evolution (i.e. enhanced competitiveness for businesses and/or enhanced effectiveness and relevance for public-oriented organizations).
This proposed Tools and Methods standard is complementary to the ISO56002 Innovation Management System standard. It will provide guidance for the definition, implementation, evaluation and further improvement of the measurements necessary to manage effectively innovation operations in an organization.
Specifically, this standard will guide:
- The planning for the alignment of innovation measurements to the organization’s strategy, operational objectives and innovation management system;
- The selection of indicators to measure the progress of innovation activities and performance of the innovation portfolio.
- The design of ways to measure each indicator (via quantitative or qualitative metrics) in a clear and actionable way;
- The choice of frequency and expected performance targets for innovation measurements;
- The provision of necessary support to undertake innovation measurements efficiently and manage their evolution: funding, people, infrastructure, legal aspects, documentation and communications;
- The evaluation of measurement results, taking corrective action, learning and communicating;
- The review and update of the organization’s innovation measurements in terms of effectiveness in achieving intended innovation results and minimizing risks.
The guidelines to innovation measurements provided by this standard will be useful for all types of organizations (irrespective of sector and size) and all types of innovations (independent of time horizons).
This standard provides guidance at a general level. While it gives some examples of measurements in use, it does not prescribe any specific tools, methods for innovation measurements or metrics.

  • Draft
    67 pages
    English language
    sale 10% off
    e-Library read for
    1 day