1、BSI Standards PublicationBS EN ISO 22301:2014Societal security Businesscontinuity managementsystems Requirements (ISO22301:2012)This British Standard was published under the authority of the Standards Policy and Strategy Committee on 31 May 2012.Amendments/corrigenda issued since publicationDate Tex
2、t affected30 September 2014 This corrigendum renumbers BS ISO 22301:2012 as BS EN ISO 22301:2014BS EN ISO 22301:2014 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of EN ISO22301:2014. It is identical to ISO 22301:2012. It supersedes BS ISO22301:2012 which is withdra
3、wn.The UK participation in its preparation was entrusted to TechnicalCommittee BCM/1, Business continuity management.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessaryprovisions of a contract
4、. Users are responsible for its correctapplication. The British Standards Institution 2014. Published by BSI StandardsLimited 2014ISBN 978 0 580 84814 8ICS 03.100.01Compliance with a British Standard cannot confer immunity fromlegal obligations.Standards Policy and Strategy Committee on 30 September
5、 2014.Amendments issued since publicationDate Text affectedEUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN ISO 22301 July 2014 ICS 03.100.01 English Version Societal security - Business continuity management systems - Requirements (ISO 22301:2012) Scurit socitale - Systmes de management de la c
6、ontinuit dactivit - Exigences (ISO 22301:2012) Sicherheit und Schutz des Gemeinwesens - Aufrechterhaltung der Betriebsfhigkeit - Anforderungen (ISO 22301:2012) This European Standard was approved by CEN on 17 July 2014. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which
7、stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This Europ
8、ean Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are
9、 the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Rom
10、ania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form and b
11、y any means reserved worldwide for CEN national Members. Ref. No. EN ISO 22301:2014 EBS EN ISO 22301:2014EN ISO 22301:2014 (E) 3 Foreword The text of ISO 22301:2012 has been prepared by Technical Committee ISO/TC 223 “Societal security” of the International Organization for Standardization (ISO) and
12、 has been taken over as EN ISO 22301:2014 by Technical Committee CEN/TC 391 “Societal and Citizen Security” the secretariat of which is held by NEN. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by
13、 January 2015, and conflicting national standards shall be withdrawn at the latest by January 2015. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such p
14、atent rights. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedoni
15、a, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. Endorsement notice The text of ISO 22301:2012 has been approved by CEN as
16、 EN ISO 22301:2014 without any modification. BS EN ISO 22301:2014EN ISO 22301:2014 (E) 3 Foreword The text of ISO 22301:2012 has been prepared by Technical Committee ISO/TC 223 “Societal security” of the International Organization for Standardization (ISO) and has been taken over as EN ISO 22301:201
17、4 by Technical Committee CEN/TC 391 “Societal and Citizen Security” the secretariat of which is held by NEN. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by January 2015, and conflicting national
18、standards shall be ithdrawn at the latest by January 2015. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. According to the CEN-CENELE
19、C Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Icel
20、and, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. Endorsement notice The text of ISO 22301:2012 has been approved by CEN as EN ISO 22301:2014 without any modificati
21、on. BS EN ISO 22301:2014EN ISO 22301:2014 (E) 3 Foreword The text of ISO 22301:2012 has been prepared by Technical Committee ISO/TC 223 “Societal security” of the International Organization for Standardization (ISO) and has been taken over as EN ISO 22301:2014 by Technical Committee CEN/TC 391 “Soci
22、etal and Citizen Security” the secretariat of which is held by NEN. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by January 2015, and conflicting national standards shall be withdrawn at the lates
23、t by January 2015. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. According to the CEN-CENELEC Internal Regulations, the national sta
24、ndards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, L
25、uxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. Endorsement notice The text of ISO 22301:2012 has been approved by CEN as EN ISO 22301:2014 without any modification. BS EN ISO 22301:2014ISO 22301:2012(E)
26、 ISO 2012 All rights reserved iiiContents PageForeword iv0 Introduction . v0.1 General v0.2 The Plan-Do-Check-Act (PDCA) model v0.3 Components of PDCA in this International Standard vi1 Scope 12 Normative references . 13 Terms and definitions . 14 Context of the organization 84.1 Understanding of th
27、e organization and its context 84.2 Understanding the needs and expectations of interested parties . 94.3 Determining the scope of the business continuity management system . 94.4 Business continuity management system .105 Leadership .105.1 Leadership and commitment .105.2 Management commitment .105
28、.3 Policy 115.4 Organizational roles, responsibilities and authorities 116 Planning .126.1 Actions to address risks and opportunities .126.2 Business continuity objectives and plans to achieve them 127 Support .127.1 Resources .127.2 Competence 137.3 Awareness .137.4 Communication 137.5 Documented i
29、nformation .148 Operation .158.1 Operational planning and control .158.2 Business impact analysis and risk assessment .158.3 Business continuity strategy .168.4 Establish and implement business continuity procedures .178.5 Exercising and testing .199 Performance evaluation .199.1 Monitoring, measure
30、ment, analysis and evaluation 199.2 Internal audit .209.3 Management review 2110 Improvement .2210.1 Nonconformity and corrective action 2210.2 Continual improvement .23Bibliography .24BS EN ISO 22301:2014EN ISO 22301:2014 (E) 3 Foreword The text of ISO 22301:2012 has been prepared by Technical Comm
31、ittee ISO/TC 223 “Societal security” of the International Organization for Standardization (ISO) and has been taken over as EN ISO 22301:2014 by Technical Committee CEN/TC 391 “Societal and Citizen Security” the secretariat of which is held by NEN. This European Standard shall be given the status of
32、 a national standard, either by publication of an identical text or by endorsement, at the latest by January 2015, and conflicting national standards shall be withdrawn at the latest by January 2015. Attention is drawn to the possibility that some of the elements of this document may be the subject
33、of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgar
34、ia, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turk
35、ey and the United Kingdom. Endorsement notice The text of ISO 22301:2012 has been approved by CEN as EN ISO 22301:2014 without any modification. BS EN ISO 22301:2014ISO 22301:2012(E)ForewordISO (the International Organization for Standardization) is a worldwide federation of national standards bodie
36、s (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations,
37、 governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.International Standards are drafted in accordance with the rules given in the ISO/
38、IEC Directives, Part 2.The main task of technical committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the mem
39、ber bodies casting a vote.Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.ISO 22301 was prepared by Technical Committee ISO/TC 223, Societal security.
40、iv ISO 2012 All rights reservedBS EN ISO 22301:2014ISO 22301:2012(E)ForewordISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical
41、 committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with
42、 the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.The main task of technical committees is to prepare International Standards. Draft Internat
43、ional Standards adopted by the technical committees are circulated to the member bodies for voting. Publication as an International Standard requires approval by at least 75 % of the member bodies casting a vote.Attention is drawn to the possibility that some of the elements of this document may be
44、the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.ISO 22301 was prepared by Technical Committee ISO/TC 223, Societal security.iv ISO 2012 All rights reservedBS EN ISO 22301:2014ISO 22301:2012(E)0 Introduction0.1 GeneralThis International St
45、andard specifies requirements for setting up and managing an effective Business Continuity Management System (BCMS).A BCMS emphasizes the importance of understanding the organizations needs and the necessity for establishing business continuity management policy and objectives, implementing and oper
46、ating controls and measures for managing an organizations overall capability to manage disruptive incidents, monitoring and reviewing the performance and effectiveness of the BCMS, and continual improvement based on objective measurement.A BCMS, like any other management system, has the following ke
47、y components:a) a policy;b) people with defined responsibilities;c) management processes relating to1) policy,2) planning,3) implementation and operation,4) performance assessment,5) management review, and6) improvement;d) documentation providing auditable evidence; ande) any business continuity man
48、agement processes relevant to the organization.Business continuity contributes to a more resilient society. The wider community and the impact of the organizations environment on the organization and therefore other organizations may need to be involved in the recovery process.0.2 The Plan-Do-Check-
49、Act (PDCA) modelThis International Standard applies the “Plan-Do-Check-Act” (PDCA) model to planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving the effectiveness of an organizations BCMS.This ensures a degree of consistency with other management systems standards, such as ISO 9001 Quality management systems, ISO 14001, Environmental management systems, ISO/IEC 27001, Information security management systems, ISO/IEC 20000-1, Information technology Service management, and ISO 28000, Specif
copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1