This document gives guidance and recommendations for applying the requirements of the business continuity management system (BCMS) given in ISO 22301. The guidance and recommendations are based on good international practice.
This document is applicable to organizations that:
a) implement, maintain and improve a BCMS;
b) seek to ensure conformity with stated business continuity policy;
c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption;
d) seek to enhance their resilience through the effective application of the BCMS.
The guidance and recommendations are applicable to all sizes and types of organizations, including large, medium and small organizations operating in industrial, commercial, public and not-for-profit sectors. The approach adopted depends on the organization's operating environment and complexity.

  • Standard
    70 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise.
The requirements specified in this document are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity.
This document is applicable to all types and sizes of organizations that:
a) implement, maintain and improve a BCMS;
b) seek to ensure conformity with stated business continuity policy;
c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption;
d) seek to enhance their resilience through the effective application of the BCMS.
This document can be used to assess an organization's ability to meet its own business continuity needs and obligations.

  • Standard
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document provides guidance on good practice for crisis management to help the strategic decision makers of an organization to plan, implement, establish, operate, monitor, review, maintain and continually improve a crisis management capability. It is intended for any organization regardless of location, size, type, industry, structure, or sector. While it is important to be aware of human and cultural factors as they can cause stress when working as individuals and as part of groups, it is not the purpose of this document to examine aspects of these areas in detail.
This document provides guidance for:
- understanding the context and challenges of crisis management;
- developing an organization’s crisis management capability through preparedness (see 5.5);
- recognizing the complexities facing a crisis team in action;
- communicating successfully during a crisis; and
- reviewing and learning.
NOTE 1 For further information on organizational resilience, see ISO 22316.
This technical specification is intended for management with strategic responsibilities for the delivery of a crisis management capability. It is for those who operate under the direction and within policy of top management in:
- implementing the crisis plans and structures; and
- maintaining and assuring the procedures associated with the capability.
It is not intended for emergency and incident response - these require the application of operational procedures whereas crisis management relies on an adaptive, agile, and flexible strategic response (see 4.3).
It does not cover interoperability or command and control or business continuity management systems.
NOTE 2 For more information on interoperability and command and control, see ISO 22320. For more information on business continuity management systems, please see EN ISO 22301.

  • Technical specification
    34 pages
    English language
    sale 10% off
    e-Library read for
    1 day

ISO 22397:2014 provides guidelines for establishing partnering arrangements among organizations to manage multiple relationships for events impacting on societal security. It incorporates principles and describes the process for planning, developing, implementing and reviewing partnering arrangements.
ISO 22397:2014 is applicable to all organizations regardless of type, size and nature of activity whether in or between the private, public, or not-for-profit sectors.

  • Standard
    21 pages
    English language
    sale 10% off
    e-Library read for
    1 day

ISO 22315:2014 provides guidelines for mass evacuation planning in terms of establishing, implementing, monitoring, evaluating, reviewing, and improving preparedness. It establishes a framework for each activity in mass evacuation planning for all identified hazards. It will help organizations to develop plans that are evidence-based and that can be evaluated for effectiveness.
ISO 22315:2014 is intended for use by organizations with responsibility for, or involvement in, part or all of the planning for mass evacuation. It is applicable to all types and sizes of organizations that are involved in the planning for mass evacuation, such as local, regional, and national governments; statutory bodies; international and non-governmental organizations; businesses; and public and social groups.
ISO 22315:2014 covers planning for mass evacuation in order to gain a more effective response during the actual evacuation. It will assist organizations to meet their obligation of saving human life and reducing suffering.
ISO 22315:2014 does not cover activities to stabilize the affected area after an evacuation, protect property, and preserve the environment.

  • Standard
    33 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This Technical Specification provides guidance for managing security of (high risk) chemical, biological, radioactive, nuclear or Explosive materials, such as those covered by the EU CBRN action plan, that are used within healthcare facilities (HCF); it covers the lifecycle of such materials within a HCF’s span of control. In this Technical Specification these materials are referred to as ‘CBRNE materials’.
It covers the protection of (high risk) CBRNE materials used in healthcare facilities against security threats relating to their deliberate misuse. It covers the protection of people, assets and information related to CBRNE materials.
This Technical Specification also applies to circumstances where healthcare is provided at locations remote from the normal location of the HCF.
This Technical Specification also provides guidance to all stakeholders that are responsible for each step in a lifecycle of CBRNE materials within the HCF such as such as administrator staff, facility management staff, logistics and transport staff, medical staff, waste management staff, domestic staff and security staff as well as visitors and contractors working on the HCF premises.
This Technical Specification can be applied as part of generic management systems such as EN ISO 9001 [2], EN ISO 22301 [3], ISO 22320 [4] and possibly ISO 28001 [5].
It does not apply to occupational health and safety issues deriving from the proper and improper use of such materials.

  • Technical specification
    37 pages
    English language
    sale 10% off
    e-Library read for
    1 day

The standard will specify requirements for planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving a documented security management system in healthcare facilities.

  • Technical specification
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day

ISO 22311:2012 is mainly for societal security purposes and specifies a common output file format that can be extracted from the video-surveillance contents collection systems (stand alone machines or large scale systems) by an exchangeable data storage media or through a network to allow end-users to access digital video-surveillance contents and perform their necessary processing.

  • Standard
    37 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This Technical Specification is based on an all-hazards approach, with a specific focus on terrorism and other security related risks. Looking at the combination of threats, vulnerabilities and values to be protected, threats may be terrorist attacks with chemical, explosive and biological agents, or nuclear waste materials, or with conventional means on CBRN plants, causing a similar devastating effect on a potentially large scale. Major CBRN incidents may jeopardise critical infrastructure, while emergency services may have great difficulty performing their response tasks.
The scope excludes the vulnerability assessment of some specific systems that comply, at the European and Member State level, with existing sets of legal measures: network for drinking water distribution, food chain supply and cosmetics and pharmaceutical products production and distribution chains.
The objective of this Technical Specification is to strengthen common understanding and a common frame of reference for all organisations with an interest and involvement in CBRN. It does so by providing a number of considerations and tools that can be used in the development of a semi-quantitative conceptual framework for vulnerability assessment, awareness and management. The vulnerability assessment covers all members of the population at risk including the requirements of children, the elderly and those with disabilities.

  • Technical specification
    35 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document contains terms and definitions for CBRNE (chemical, biological, radiological, nuclear, explosive) applications.
Common understanding and communication is important in the implementation of an effective CBRNE response and this communication will be most effective if there is common understanding of the terms used. Many of the terms and definitions listed here have been widely used for many years, while others are the result of cross-cutting experience of areas of CBRNE. The gradual evolution of our understanding of CBRNE and response measures means that CBRNE terminology will continue to develop.
This document is dedicated to first responders, administrative staff, industry representatives and researchers.

  • Standard
    101 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document defines terms used in security and resilience standards.

  • Standard
    61 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This document provides guidance on good practice for crisis management to help the strategic decision makers of an organization to plan, implement, establish, operate, monitor, review, maintain and continually improve a crisis management capability. It is intended for any organization regardless of location, size, type, industry, structure, or sector.
This document provides guidance for:
—   understanding the context and challenges of crisis management;
—   developing an organization’s crisis management capability through preparedness (see 5.5);
—   recognizing the complexities facing a crisis team in action;
—   communicating successfully during a crisis; and
—   reviewing and learning.
It is intended for management with strategic responsibilities for the delivery of a crisis management capability. It is for those who operate under the direction and within policy of top management in:
—   implementing the crisis plans and structures; and
—   maintaining and assuring the procedures associated with the capability.
It is not intended for emergency and incident response - these require the application of operational procedures whereas crisis management relies on an adaptive, agile, and flexible strategic response).  It does not cover interoperability or command and control or business continuity management systems. While it is important to be aware of human and cultural factors as they can cause stress when working as individuals and as part of groups, it is not the purpose of this document to examine aspects of these areas in detail.

  • Draft
    43 pages
    English language
    sale 10% off
    e-Library read for
    1 day

This International Standard provides guidance on involving volunteers in the response to major incidents and includes:
1) involving convergent volunteers in an operational response;
2) involving suitably qualified and experienced persons in an incident;
3) developing and using a dynamic risk assessment of convergent volunteers;
4) the interaction of convergent volunteers, suitably qualified and experienced persons, and local community groups.
This international standard is not prescriptive but seeks to aid understanding and implementation by providing good practice, methods, tools, examples and illustrations
The primary users of this standards will be government bodies and NGOs but it will also be of interest to organizations in
public, private, charity, large, and small organizations.
Please see the Annex attached providing a summary of the proposal, benefits, origin, contents, etc.

  • Draft
    21 pages
    English language
    sale 10% off
    e-Library read for
    1 day

ISO 22313:2012 for business continuity management systems provides guidance based on good international practice for planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving a documented management system that enables organizations to prepare for, respond to and recover from disruptive incidents when they arise.
It is not the intent of ISO 22313:2012 to imply uniformity in the structure of a BCMS but for an organization to design a BCMS that is appropriate to its needs and that meets the requirements of its interested parties. These needs are shaped by legal, regulatory, organizational and industry requirements, the products and services, the processes employed, the environment in which it operates, the size and structure of the organization and the requirements of its interested parties.
ISO 22313 is generic and applicable to all sizes and types of organizations, including large, medium and small organizations operating in industrial, commercial, public and not-for-profit sectors that wish to:
establish, implement, maintain and improve a BCMS;
ensure conformance with the organization's business continuity policy; or
make a self-determination and self-declaration of compliance with this International Standard.

  • Standard
    58 pages
    English language
    sale 10% off
    e-Library read for
    1 day

ISO 22301:2012 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.
The requirements specified in ISO 22301:2012 are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity.

  • Standard
    34 pages
    English language
    sale 10% off
    e-Library read for
    1 day

ISO 22300:2018 defines terms used in security and resilience standards.

  • Standard
    42 pages
    English language
    sale 10% off
    e-Library read for
    1 day

ISO 22300:2012 contains terms and definitions applicable to societal security to establish a common understanding so that consistent terms are used.

  • Standard
    19 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    19 pages
    English language
    sale 10% off
    e-Library read for
    1 day