TECHNICAL SPECIFICATION PD ISO/TS 22317:2015 ISO/TS
22317
First edition
2015-09-15
Societal security -Business continui!f management systems -Guidelines for business impact analysis (BIA)
Securite societale -Systemes de management de la continuite en αEαires -Lignes directrices pour I'αnαlyse d’impαct en affaires
主SOJ
Reference number ISO/TS 22317:ZOlS(E)
© ISO 2015
PD ISO厅S22317:2015 ISO/TS 22317:2015(E)
ii
PD ISO/TS 22317:2015 ISO/TS 22317:2015(E)
Contents
Pag e
Foreword .................................................................................................................... v Introduction ................................................................................................................................................................................................................... v i 1 Scope ........................................................................................................... 1 2 Normative referenc
“”“”“...........…………………”“”………………………...........”“………………………………………………………”“”1
测试
网页游戏
3 Terms and definitions ......................................................................................... 1 4
Prerequisites ”……………··……………·…………·……·………·…....……山……··…………·……·………·…......……山……··………......
1
4.1 General..……··………·”……··………·”……··……··………·”……··………·”……··……··””……··……··………·…
1 4.2 BC programme context and scope (2)
4.2.1 BC ............... ”川川”川”川川”川川”川川””川川”川川”川”...................... (2) 4.2.2 Scope of the BC programme ...”.....……”…”……”……“…”……“……“……”…“……”……”……有源音箱
电路图 投票箱制作
...........................
2 4.3
BC programme roles.…··……......山”…“山山”……“山”……“山山”…川”山”……”·山”…“山山”……“山山”…“山山”……”·…......…
24.3.1 BC programme roles and responsibilities .”…
……··………………·……··………·…川……......
2 4.3.2 BlA process-specific roles and competencies ....................................................................................... 2 4.4 BC programme commitment 川”川川”川”川川”川川”川川””川川”川川”川”.””...........“川”山山川川川”山川川川”山山川川川”山”4
4.5
BC programme resources ..........….............................................“........................…...............
4 5
Performing the business impact analysis ................................................................................................................................... 4 5.1
General..…………”………………”………”……··…”………………·”…………”……··…”………………·”…………”……··…”………………·”……………
4 5.2
Project planning and management ….....………......….....………·………··….....….....…......……….......….....…·”.
5 5.2.
.........................……...................…...........….......................…......................................
…5 5.2.2 Initial BIA considerations.
………·”…叫…·”…叫.....”……··…叫……”……··………·”……··……··”.......
6 5.3 Product and service prioritization (6)
5.3.1 Overview ..……··………·…”……………·”………·”…·”……”………·”…·”……………·”…………”…………………………·…….... 6 5.3.2 Inputs …………··…川.....……….....……....……......…·……··”………….....…….....…·”……··……川………......…·…85.3.3 Outcomes ”“”“”““””…………………….”...……………………………
….9 5.4
Process prioritization ...”.......”.....”...叫....”.......”...叫....””........”..叫..”...叫.....”.......”...叫......”...........叫95.4.1 General ........................................................................................ 9 5.4.2 Inputs ...............”.........”......”......”...”......”...”...........”......”.........”......”......”.........”......”......”...”......”......”. (9)
5.4.3 Outcomes
川……··……………………··………·…………………….””........””......川..…”....””........……..
9 5.5 Activi 可prioritization
.......…….............................................……...................................…”..............
10 5.5.1 Overview.………··”……··”……··………·”……··”……··”……··……··………·”……··”………·”……··…叫
105.5.2 Inputs ......................................................................................... 10 5.5.3 Information collection ..…”……”………·”…·”………·”…·”…·”…·.....”…·川……………”…………………”……”…………
11
防爆雷达液位计5.5.4 Outcomes
”…·……………………………………….…”...””...................””
1 25.6
Analysis and consolidation .........…”......…….........…….....…..................................….......……......…................... 12 5.6.1 Overview.………··”……··”……··………·”……··”……··”……··……··………·”……··………·”……··…叫125.6.2 Inputs ........................................................................................ 12 5.6.3 Methods ...…”……”………·…”………·……”………·…”………·”…·”……”………”………·………·….....”……”………·”12 5.6.4 Outcomes ………………………………………….…”..””................””
1 3 5.7 Obtain top management endorsement of BIA results .......….................…·“....…......….............
13
5.7.1 General
.”...叫....””..........................”................”................””..........................”........”...叫135.7.2 Inputs . (13)
5.7.3 Methods ...…”……”……
…
·…”………·……………··…”………·”…·”……”………”………·…”………………·………”………13 5.7.4 Outcomes
………………………………………….…”...””.................””
14 5.8
After the BIA 一Business continuity strategy selection ..”“…”……“…”……“……“……”…“……”……”……“”
1 4 6
BIA process monitoring and review ....”........”.......”.........”........”.........”..................”...........”...........”..............”.. (14)
Annex A〔informative)Business impact analysis within an ISO 22301 business continuity management system ..……………”…·…·”……·…·……·………·””…·…·”……···”……·…·……·………………·”…·川··…16Annex B (informative) Business impact analysis terminology mapping .………........….......………........…......…·”. 17
Annex C 〔informative 〕Business impact analysis information collecting methods . .18
Annex D (informative) Other uses for the business impact analysis process “…
(24)
·
l
·l ·l
PD ISO厅S22317:2015
ISO/TS 22317:2015(E) ”..........”..................”................””................”..........”..................”..................”................” (27)
iv
Foreword
PD ISO/TS 22317:2015 ISO/TS 22317:2015(E)
紫外可见漫反射光谱
ISO (the International Organization for Standardization〕is a worldwide federation of national standards bodies 〔ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see 雪/directive s〕.
皮尔斯电子Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.i /patent s).
Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO’s adherence to the WTO principles in the Technical Barriers to Trade 〔TBT)see the following URL: Foreword -Sunnlementarv i nformation
The committee responsible for this document is ISO/TC 292, Security and resilience.
v
PD ISO厅S22317:2015
ISO/TS 22317:2015(E)
Introduction
This Technical S pecification provides detailed guidance for establishing, implementing, and maintaining a business impact analysis (BIA〕process consistent with the requirements in ISO 22301. This Technical Specification is applicable to the performance of any BIA process, whether par
t of a business continuity management system (BCMS〕or business continuity programme (BC programme). Hereinafter, BC programme means either BCMS or BC programme .
.Eigi且tl notes the relationship of the BIA process to the BC programme as a whole. The organization should complete a cycle of the BIA process before business continuity strategies are selected.
Figure 1 -Elements of business continuity management
(Source: ISO 22313)
The BIA process analyses the consequences of a disruptive incident on the organization. The outcome is a statement and justification of business continuity requirements.
The BIA process consists of a number of individual BIAs, each focusing of a sub-set of the BC programme scope. The BIA process prioritizes products and services, and continues with prioritizing processes and activities that together cover the entire scope of the BC programme. After a period of time determined by the organization, individual BI A s are repeated to ensure that the BC requirements remain current. NOTE In this Technical Specification, business continuity requirements has the same meaning as continuity and recovery priorities, objectives, and targets (ISO 22301:2012, 8.2.2).
The purposes of this Technical Specification are the following:
vi provide a basis for understanding, developing, implementing, reviewing, maintaining, and continually improving an effective BIA process within an organization;
provide guidance for planning, conducting, and reporting on a BIA;
assist the organization with conducting a BIA in a consistent manner that reflects good practices; enable proper coordination between the BIA process and the overarching BC programme.
