1、 KSKSKSKSKSKSKSK KSKSKS KSKSK KSKS KSK KS KS A ISO 22301 KS A ISO 22301: 2013 2013 2 19 http:/www.kats.go.krKS A ISO 22301:2013 : ( ) ( ) CM ( ) : (ISO/TC223) BCP LIG KS A ISO 22301:2013 : (http:/www.standard.go.kr) : :2013 2 19 2013-0071 : :(ISO/TC223) ( 02-509-7278) (http:/www.kats.go.kr). 10 5 ,
2、. KS A ISO 22301:2013 i ii 0.1 . ii 0.2 PDCA . ii 0.3 PDCA . iii 1 1 2 1 3 .1 4 .9 4.1 9 4.2 10 4.3 10 4.4 .11 5 11 5.1 .11 5.2 .11 5.3 .12 5.4 , .12 6 12 6.1 12 6.2 .13 7 13 7.1 .13 7.2 .13 7.3 .14 7.4 .14 7.5 14 8 15 8.1 .15 8.2 16 8.3 .17 8.4 17 8.5 .19 9 .20 9.1 , , .20 9.2 21 9.3 21 10 22 10.1
3、.22 10.2 23 24 KS A ISO 22301:2013 ii 2012 1 ISO 22301, Societal security Business continuity management systems Requirements . 0.1 (BCMS: Business Continuity Management System) . ( BCMS .) . (needs) (disruptive) BCMS BCMS . a) b) c) 1) 2) 3) 4) 5) 6) d) e) . , . 0.2 PDCA BCMS , , , , , , PDCA(Plan-
4、Do-Check-Act) . KS Q ISO 9001( ), KS I ISO 14001( ), KS X ISO/IEC 27001( ), KS X ISO/IEC 20000 1( ) KS V ISO 28000( ) , . 1 BCMS KS A ISO 22301:2013 iii ( , ) . 1 BCMS PDCA 1 PDCA Plan ( ) , , , , . Do ( ) , , . Check ( ) , , . Act ( ) , BCMS BCMS . 0.3 PDCA 1 PDCA 4. 10. . 4. Plan . 4. , BCMS . BCM
5、S (Plan) (Do) (Check) (Act) KS A ISO 22301:2013 iv 5. Plan . 5. BCMS . 6. Plan . 6. BCMS . 6. (BIA) . 8. . 7. Plan . 7. , , BCMS . 8. Do . 8. , , . 9. Check . 9. , BCMS , . 10. Act . 10. BCMS . KS A ISO 22301:2013 Societal security Business continuity management systemsRequirements 1 (business conti
6、nuity management) , , , , , , , , , . , . . BCMS BCMS . , , , , , . . a) BCMS , , b) c) d) (accredited) 3 BCMS / , e) . 2 . . ( ) . . 3 . KS A ISO 22301:2013 2 3.1 (activity) ( ) , , IT, , . 3.2 (audit) , , 1 ( 1 ) ( 2 3 ) , (2 ) . 2 “ (audit evidence)” “ (audit criteria)” KS Q ISO 19011 . 3.3 (busi
7、ness continuity) (disruptive) : KS A ISO 22300 3.4 (business continuity management) , , , 3.5 (business continuity management system) BCMS , , , , , , , , , , . 3.6 (business continuity plan) , , , . 3.7 (business continuity programme) , KS A ISO 22301:2013 3 3.8 (business impact analysis) BIA : KS
8、A ISO 22300 3.9 (competence) 3.10 (conformity) : KS A ISO 22300 3.11 (continual improvement) : KS A ISO 22300 3.12 (correction) : KS A ISO 22300 3.13 (corrective action) , , . “ ” . : KS A ISO 22300 3.14 (document) 1 , , , . 2 , “ (documentation)” . 3.15 (documented information) (media) KS A ISO 223
9、01:2013 4 1 . 2 . ( ) ( ) 3.16 (effectiveness) : KS A ISO 22300 3.17 (event) 1 , . 2 . 3 “ (incident)” “ (accident)” . 4 “ (near miss)”, “ (incident)”, “ (near hit)” “ (close call)” . : ISO/IEC GUIDE 73 3.18 (exercise) 1 , , , , / , , / / / / . 2 . : KS A ISO 22300 3.19 (incident) , , : KS A ISO 223
10、00 3.20 (infrastructure) , 3.21 (interested party) (stakeholder) , KS A ISO 22301:2013 5 . 3.22 (internal audit) , . ( ) . 3.23 (invocation) 3.24 (management system) , 1 . 2 , , , . 3 , , 1 . 3.25 (maximum acceptable outage) MAO / 3.26 (maximum tolerable period of disruption) MTPD / 3.27 (measuremen
11、t) 3.28 (minimum business continuity objective) MBCO / KS A ISO 22301:2013 6 3.29 (monitoring) , , . 3.30 (mutual aid agreement) 2 : KS A ISO 22300 3.31 (nonconformity) : KS A ISO 22300 3.32 (objective) 1 , . 2 ( , , ) , ( , ) . 3 , , , , (aim), (goal) (target) . 4 , . 3.33 (organization) , 1 , , ,
12、, , , , , . 2 . 3.34 outsource (verb) . 3.35 (performance) KS A ISO 22301:2013 7 1 . 2 , , ( ), . 3.36 (performance evaluation) 3.37 (personnel) , , . 3.38 (policy) 3.39 (procedure) 3.40 (process) 3.41 (products and services) , , , 3.42 (prioritized activities) , , , , . : KS A ISO 22300 3.43 (recor
13、d) 3.44 (recovery point objective) RPO “ (maximum data loss)” . KS A ISO 22301:2013 8 3.45 (recovery time objective) RTO , , , , / . 3.46 (requirement) , (need) 1 “ ” . 2 . 3.47 (resources) , , , , ( ), , ( ) 3.48 (risk) 1 . 2 ( , , ) , ( , , , ) . , , , , (aim), (goal) (target) . 3 (ISO/IEC GUIDE 7
14、3, 3.5.1.3) (ISO/IEC GUIDE 73, 3.6.1.3), . 4 ( ) (ISO/IEC GUIDE 73, 3.6.1.1) . 5 ( ) . 6 . 6.2 , . : ISO/IEC GUIDE 73 KS A ISO 22301:2013 9 3.49 (risk appetite) 3.50 (risk assessment) , : ISO/IEC GUIDE 73 3.51 (risk management) : ISO/IEC GUIDE 73 3.52 (testing) . , 1 “ (trial)” . 2 . : KS A ISO 22300 3.53 (top management) 1 . 2 . 3.54 (verification) 3.55 / (work environment) / , , , , , . : KS A ISO 22300 4 4.1 KS A ISO 22301:2013 10 BCMS , . BCMS , . . a) , , , , , , b) , c) (risk appetite) , 1) . 2) . 3) (risk appetite) . 4) BCMS . 4.2 4.2.1 BCMS a) BCMS . b) ( , , ) . 4.2.2 ,