ISO has published the first internationally ratified benchmark document addressing incident preparedness and continuity management for organizations in both public and private sectors.
The Publicly Available Specification ISO/PAS 22399:2007, Societal security – Guideline for incident preparedness and operational continuity management, is based on best practice from five national standards from Australia, Israel, Japan, the United Kingdom and the United States.
Natural disasters, acts of terror, technology-related accidents and environmental incidents have clearly demonstrated that neither public nor private sectors are immune from crises, either intentionally or unintentionally provoked.
This has lead to a global awareness that organizations in the public and private sectors must know how to prepare for and respond to unexpected and potentially devastating incidents.
ISO/PAS 22399 is the first deliverable from ISO technical committee ISO/TC 223, Societal security, which is charged with developing standards in the area of crisis and continuity management.
Dr. Stefan Tangen, Secretary of ISO/TC 223, states: “ISO/PAS 22399 represents a major breakthrough in addressing emergency and disaster preparedness, response and continuity. It was unanimously passed by the 50 countries that participate in the committee and provides an international agreed upon benchmark for emergency and disaster management for individual organizations.”
ISO/PAS 22399 establishes the process, principles and terminology of incident preparedness and operational (business) continuity management (IPOCM) within the context of societal security. Mr. Ivar Jachwitz, the Convener of the Task Group that was responsible for drafting ISO/PAS 22399 explains: “The purpose of the guideline is to provide a basis for understanding, developing and implementing incident preparedness and operational continuity management within an organization and to provide confidence in organization-to-community, business-to-business and organization-to-customer/client dealings.
"The guideline is a tool to allow public or private organizations to consider the factors and steps necessary to prepare for an unintentionally, intentionally, or naturally caused incident (disruption, emergency, crisis or disaster) so that it can manage and survive the incident and take the appropriate actions to help ensure the organization’s continued viability”.
Organizational resilience requires proactive preparation for potential incidents and disruptions, in order to avoid suspension of critical operations and services, or if operations and services are disrupted, that they resume operations and services as rapidly as required by those who depend on them.
ISO/PAS 22399 describes a holistic management process that identifies potential impacts that threaten an organization and provides a framework for minimizing their effect.
SIS (Swedish Standard Institute), is responsible for the secretariat of ISO/TC 223 and the committee is comprised of representatives from business, industry, the first responder community, emergency and disaster managers, security professionals, government and non-governmental organizations from over 50 countries.
International cooperation within ISO/TC 223 will become increasingly important in the coming years to help organizations and communities jointly deal with and recover from emergencies.
It will allow them to develop standards, procedures and systems, thus making them feel more prepared and confident to handle crisis situations when they arise. Processes for preparedness and continuity that ensures interoperability with the surrounding world are keys to saving lives and helping affected communities rebound when disaster strikes, thus giving them more resilience than those who are not prepared.
ISO/PAS 22399:2007 costs 120 Swiss francs and is available from ISO national member institutes (see the complete list with contact details) and from ISO Central Secretariat through the ISO Store or by contacting the Marketing & Communication department (see right-hand column).
- ISO/PAS 22399:2007 [Withdrawn]Societal security - Guideline for incident preparedness and operational continuity management