ARP 22399:2008 Edition 1 ISO/PAS 22399:2007 Edition 1

Transcription

1 ISBN ISO/PAS 22399:2007 STANDARDS SOUTH AFRICA Recommended practice Societal security Guideline for incident preparedness and operational continuity management This recommended practice is the identical implementation of ISO/PAS 22399:2007 and is adopted with the permission of the International Organization for Standardization. This document does not have the status of a South African National Standard. Published by Standards South Africa 1 dr lategan road groenkloof private bag x191 pretoria 0001 tel: fax: international code Standards South Africa

2 ISO/PAS 22399:2007 Table of changes Change No. Date Scope National foreword This recommended practice was approved by National Committee StanSA TC 223, National disaster response, in accordance with procedures of Standards South Africa, in compliance with annex 3 of the WTO/TBT agreement. This document was published in June 2008.

3 PUBLICLY AVAILABLE SPECIFICATION ISO/PAS First edition Societal security Guideline for incident preparedness and operational continuity management Sécurité sociétale Lignes directrices pour être préparé à un incident et gestion de continuité opérationnelle Reference number ISO 22399:2007(E) ISO 2007

4 ISO 22399:2007(E) Licensed exclusively to SABS. PDF disclaimer This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. COPYRIGHT PROTECTED DOCUMENT ISO 2007 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISO's member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Geneva 20 Tel Fax copyright@iso.org Web Published in Switzerland ii ISO 2007 All rights reserved

5 ISO 22399:2007(E) Contents Page Foreword... iv Introduction... v 1 Scope Normative references Terms and definitions General Policy Establishing the program Defining program scope Management leadership and commitment Policy development Policy review Organizational structure for implementation Planning General Legal and other requirements Risk assessment and impact analysis Hazard, risk, and threat identification Risk assessment Impact analysis Incident preparedness and operational continuity management programs Implementation and operation Resources, roles, responsibility and authority Building and embedding IPOCM in the organization's culture Competence, training and awareness Communications and warning Operational control Finance and administration Performance assessment System evaluation Performance measurement and monitoring Testing and exercises Corrective and preventive action Maintenance Internal audits and self assessment Management review Annex A (informative) Impact analysis procedure Annex B (informative) Emergency response management program Annex C (informative) Continuity management program Annex D (informative) Building an incident preparedness and operational continuity culture Bibliography ISO 2007 All rights reserved iii