ISO/PAS 22399:2007 社会安全 突发事件准备和操作连续性管理指南

标准编号：ISO/PAS 22399:2007

中文名称：社会安全 突发事件准备和操作连续性管理指南

英文名称：Societal security - Guideline for incident preparedness and operational continuity management

发布日期：2007-12

标准范围

ISO/PAS 22399:2007为组织（私人、政府和非政府组织）制定自己特定的事故准备和运营连续性绩效标准以及设计适当的管理系统提供了一般指南。它为理解、开发和实施组织内运营和服务的连续性提供了基础，并为业务、社区、客户、急救人员和组织交互提供了信心。它还使本组织能够以一致和公认的方式衡量其复原力。ISO/PAS 22399:2007适用于从事提供产品、流程或服务的各种规模的公共或私营组织，这些组织希望:了解组织运作的整体环境；确定关键目标；了解可能阻碍关键目标的障碍、风险和中断；评估剩余风险和风险承受能力，以了解控制和缓解策略的结果；计划如果发生破坏性事件，组织如何继续实现其目标；制定事件和紧急响应、连续性响应和恢复响应程序；定义角色和职责，以及响应事件的资源；符合适用的法律、法规和其他要求；提供互助和社区援助；与急救人员和媒体沟通；促进组织内的文化变革，认识到风险是每一项决策和活动所固有的，必须得到有效管理。ISO/PAS 22399:2007提出了组织事故准备和运营连续性的一般原则和要素。适用的范围将取决于组织的政策、其活动、产品和服务的性质以及其运作的地点和条件等因素。然而，ISO/PAS 22399:2007不包括事故发生后的具体应急响应活动，如救灾和社会基础设施恢复，这些活动主要由公共部门根据相关立法进行。然而，重要的是保持和记录与这些活动的协调。

ISO/PAS 22399:2007 provides general guidance for an organization — private, governmental, and nongovernmental organizations — to develop its own specific performance criteria for incident preparedness and operational continuity, and design an appropriate management system. It provides a basis for understanding, developing, and implementing continuity of operations and services within an organization and to provide confidence in business, community, customer, first responder, and organizational interactions. It also enables the organization to measure its resilience in a consistent and recognized manner.ISO/PAS 22399:2007 is applicable to all sizes of public or private organizations engaged in providing products, processes, or services that wishes to:

• understand the overall context within which the organization operates;
• identify critical objectives;
• understand barriers, risks, and disruptions that may impede critical objectives;
• evaluate residual risk and risk tolerance to understand outcomes of controls and mitigation strategies;
• plan how an organization can continue to achieve its objectives should a disruptive incident occur;
• develop incident and emergency response, continuity response and recovery response procedures;
• define roles and responsibilities, and resources to respond to an incident;
• meet compliance with applicable legal, regulatory, and other requirements;
• provide mutual and community assistance;
• interface with first responders and the media;
• promote a cultural change within the organization that recognizes that risk is inherent in every decision and activity and must be effectively managed.

ISO/PAS 22399:2007 presents the general principles and elements for incident preparedness and operational continuity of an organization. The extent of the application will depend on factors such as the policy of the organization, the nature of its activities, products and services, and the location where and the conditions under which it functions.ISO/PAS 22399:2007, however, excludes specific emergency response activities following an incident, such as disaster relief and social infrastructure recovery that are primarily to be performed by the public sector in accordance with relevant legislation. It is important, however, that coordination with these activities be maintained and documented.

标准预览图