1、This British Standard provides a basis for understanding, developing, implementing and maintaining proportionate and effective risk management throughout an organization, in order to enhance an organizations likelihood of achieving its objectives. It establishes the principles and terminology for ri
2、sk management and gives recommendations for the model, framework, process and implementation of risk management, which are derived from experience and good practice. The basic risk management principles are applicable to any organization, but the way they are implemented will vary according to an or
3、ganizations nature, including size and complexity, and context. This standard is intended for use by anyone with responsibility for any of the following: ensuring an organization achieves its objectives; ensuring risks are proactively managed in speci c areas or activities; overseeing risk managemen
4、t in an organization; providing assurance on the effectiveness of an organizations risk management; and/or reporting to stakeholders. BS 31100 Risk management Code of practice BSI Group Headquarters389 Chiswick High Road London W4 4AL United KingdomTel: +44 (0)20 8996 9001 Fax: +44 (0)20 8996 7001 W
5、ebsite: Email: $“ #$#% # managing people during the period of disruption (the continuity stage); and supporting staff after recovery of normal operations. This PD supports business continuity, as covered in BS 25999, highlighting the needs of people who could be involved in, or affected by, a disr
6、uption. It provides guidance for anyone with responsibility for human resources associated with business operations. This covers top management through all levels of the organization: from those with a single site to those with a global presence; from small-to-medium enterprises (SMEs) to organizati
7、ons employing thousands of people. The extent of application depends on the organizations operating environment and complexity. This PD is not a definitive guide to managing an incident, but a review of the implications for managing the impacts on staff and others who could be affected. It is not ap
8、plicable to the activities of emergency planning inasmuch as that topic relates to civil emergencies.2 Terms and definitions For the purposes of this Published Document, the following terms and definitions apply.2.1 business continuity strategic and tactical capability of the organization to plan fo
9、r and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level BS 259992.2 business continuity management (BCM) holistic management process that identifies potential threats to an organization and the impacts to business operations that
10、 those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities NOTE Business continuity management inv
11、olves managing the recovery or continuation of business activities in the event of a business disruption, and management of the overall programme through training, exercises and reviews, to ensure the business continuity plan(s) stays current and up-to-date. BS 259992.3 business continuity plan (BCP
12、) documented collection of procedures and information that is developed, compiled and maintained in readiness for use in an incident to enable an organization to continue to deliver its critical activities at an acceptable predefined level BS 25999 Licensed Copy: Wang Bin, ISO/EXCHANGE CHINA STANDAR
13、DS, 28/12/2010 02:09, Uncontrolled Copy, (c) BSI2 BSI 2010 PD 25111:2010 PUBLISHED DOCUMENT2.4 disruption event, whether anticipated (e.g. a labour strike or hurricane) or unanticipated (e.g. a blackout or earthquake), which causes an unplanned, negative deviation from the expected delivery of produ
14、cts or services according to the organizations objectives BS 259992.5 employee assistance programme (EAP) contracted service provided to organizations, usually by external healthcare providers NOTE Staff are provided with a freephone telephone number, which is usually 24-7. The telephone line is usu
15、ally staffed by counsellors who can provide advice over the phone or arrange face-to-face counselling. The EAP maintains a geographical list of affiliated counsellors who provide counselling on its behalf. Callers can also access life management services that provide information on a wide range of i
16、ssues, such as employment rights, divorce and money management. The organization has to understand what capability the EAP has for responding to incidents and for crisis awareness briefings.2.6 human aspects of business continuity elements associated with the management of people involved in, or aff
17、ected by, a disruptive event in order to minimize trauma and maximize productivity and recovery, and achieve the objectives of business continuity2.7 human impact analysis method of determining the likely health and welfare effects of incidents, alternative actions or decisions 2.8 incident situatio
18、n that might be, or could lead to, a business disruption, loss, emergency or crisis BS 259992.9 incident management plan clearly defined and documented plan of action for use at the time of an incident, typically covering the key personnel, resources, services and actions needed to implement the inc
19、ident management process2.10 incident management team management team specifically designated before or at the time of an incident to manage the organizations response 2.11 invacuate move people to predetermined areas inside the building/site in order to protect them from external dangers during an
20、incident2.12 organization group of people and facilities with an arrangement of responsibilities, authorities and relationships EXAMPLE Company, corporation, firm, enterprise, institution, charity, sole trader or association, or parts or combinations thereof. NOTE 1 The arrangement is generally orde
21、rly. NOTE 2 An organization can be public or private. BS EN ISO 9000:2005 Licensed Copy: Wang Bin, ISO/EXCHANGE CHINA STANDARDS, 28/12/2010 02:09, Uncontrolled Copy, (c) BSI BSI 2010 3 PD 25111:2010 PUBLISHED DOCUMENT3 Overview of the human aspects of business continuity3.1 Introduction The causes o
22、f disruptions are many and varied, which is why business continuity management focuses on developing and delivering plans to manage the consequences of such disruptions through a series of predetermined, exercised and tested responses. Predicting the human response to a given set of events is more d
23、ifficult, so it is useful to have in place a process that enables those responsible for the human aspects of business continuity to ensure that the needs of everyone who could be affected are taken into account. Such a process is intended to ensure that the principal business processes of the organi
24、zation are maintained or recovered within predetermined timescales following the recognition that normal operations have been disrupted, while meeting the needs of the people involved in delivering the business continuity solution.3.2 The human impacts of disruption The organization needs to underst
25、and the resources that might need to be deployed in order to maintain or recover operations. Business continuity management (BCM) good practice requires a business impact analysis (BIA) to be undertaken to identify the critical activities and processes that support the key products and services of t
26、he organization. Prioritizing the welfare and safety of people above other business concerns greatly enhances the organizations brand and its staffs motivation and morale. However, BIAs might not take full account of the contributions made by different groups of staff members or individuals. Even wh
27、ere key personnel have been identified, the organization should be alert to the assumptions made about the ability or even willingness of these groups to respond in accordance with the business continuity plan (BCP). Therefore, the team responsible for developing BCPs should normally include a perso
28、n responsible for people human resources (HR) in the organization. The organization should consider the possible wider impacts of a disruption on groups and individuals who are not identified as key personnel for the maintenance or recovery of operations. Not only does the organization have responsi
29、bilities (including a duty of care) to a wide range of people, but these people include members of staff, upon whose loyalty the organization depends, and suppliers and customers with whom the organization has to maintain a continuing relationship (see Annex A). Research by the Chartered Management
30、Institute 1 has consistently shown that the most frequent disruptions to organizations are those involving failure of IT and communications technologies, loss of power and other utilities, and severe weather. BCM is concerned with the consequences of such events, and an understanding of the range of
31、 effects on people (see Annex B) will inform an understanding of the human issues that need to be addressed following an incident. It is therefore recommended that the BCM planning process includes a “human impact analysis” to complement the BIA. This should consider Licensed Copy: Wang Bin, ISO/EXCHANGE CHINA STANDARDS, 28/12/2010 02:09, Uncontrolled Copy, (c) BSI
