Post on 23-Jul-2015
Challenges to overcome
when developing global standards
in a field with extreme national interest
Dr Stefan TangenSecretary of ISO/TC 223 Societal security
SIS, Swedish Standards Institute
Stockholm, Sweden
stefan.tangen@sis.se
+46 8 555 521 60
Agenda
• What is a ”good” standard?
• How should a ”good” standard be developed?
• Why become a standards developer
• Current status of standards
• Trends and news in ISO
• ISO/TC 223
What is a standard? What makes it good?
ENEN 1219512195--11 IMOIMO
How to achieve good?
General principles of ISO
• Consensus
• Voluentary
• Equal footing
• Market needs
Which requires
• Participation
• A slow process
• Understanding of various views
• Will to compromise
Leed or follow?
Standards followers
• wait 3 years and buys standards
• adapts to whatever comes out
Standards developers
• joins a mirror committe
• influenses the standard
• makes sure to know everything before their competitors
• have access to the best experts and knowledge in the
world
EN 12195-1:2003 and 2010 Current status on Management System Standards
for Security, BCM, Organisational resilience
• More than 10 existing standards and several under
development (NFPA 1600, BS 25999, SI 240001 etc)
• Extreme national interest, all standards wants to become
THE standard
The ISO/TC 223 way:
• Use input from all standards, not just one
• First step ISO/PAS 22399 – Guidence on IPOCM
• Second step: ISO 22301 – MSS with requirements
• Third step: ISO 22323 – separate BCM from OR
Joint Technical Coordination Group
• Set up to align all existing and future MSSs
• Will be applied to ISO 9001, 14001, 27001 etc
• Identical highlevel structure, sub-clauses, texts and
definitions
• For the management system only (not the disciplin)
• For better understanding of MSS and easier intergration
• Proposal ready for approval during 2011
• ISO/TC 223 is an early adopter
K-141 Kursk
ISO/TC 223 Societal Security -
secretariat
• Chair: Krister Kumlin
• Secretary: Stefan Tangen
• P-members: 42
• O-members: 19
• Working Groups: 5
• Ad hoc group
• DC contact group
• Twinning
• Work Items: 10
• Deliverables: 2
Members
■Argentina ( IRAM )
■Bolivia ( IBNORCA ) (Correspondent member)
■Brazil ( ABNT )
■Costa Rica ( INTECO )
■Cyprus ( CYS )
■Czech Republic ( UNMZ )
■Ecuador ( INEN )
■Ethiopia ( QSAE )
■Greece ( ELOT )
■Hong Kong, China ( ITCHKSAR ) (Correspondent member)
■Ireland ( NSAI )
■Kazakhstan ( KAZMEMST )
■Mauritius ( MSB )
■Poland ( PKN )
■Slovakia ( SUTN )
■Uganda ( UNBS ) (Correspondent member)
■Ukraine ( DSSU )
■Australia ( SA )
■Austria ( ASI )
■Belgium ( NBN )
■Cameroon ( ANOR )
■Canada ( SCC )
■China ( SAC )
■Colombia ( ICONTEC )
■Côte d'Ivoire ( CODINORM )
■Denmark ( DS )
■Egypt ( EOS )
■Finland ( SFS )
■France ( AFNOR )
■Germany ( DIN )
■Indonesia ( BSN )
■Israel ( SII )
■Italy ( UNI )
■Jamaica ( BSJ )
■Japan ( JISC )
■Kenya ( KEBS )
■Korea, Republic of ( KATS )
■Libyan Arab Jamahiriya ( LNCSM )
■Malaysia ( DSM )
■Morocco ( SNIMA )
■Netherlands ( NEN )
■Nigeria ( SON )
■Norway ( SN )
■Peru ( INDECOPI )
■Portugal ( IPQ )
■Romania ( ASRO )
■Russian Federation ( GOST R )
■Serbia ( ISS )
■Singapore ( SPRING SG )
■South Africa ( SABS )
■Spain ( AENOR )
■Sri Lanka ( SLSI )
■Sweden ( SIS )
■Switzerland ( SNV )
■Tanzania, United Republic of ( TBS )
■Thailand ( TISI )
■Trinidad and Tobago ( TTBS )
■USA ( ANSI )
■United Kingdom ( BSI )
P-members 42 O-members 19 Liaisons• ISO/TC 8, Ships and marine technology
• ISO/TC 159/SC 4, Ergonomics of human-system interaction
• ISO/IEC/JTC 1/SC 27, IT Security techniques
• ASIS International
• CEN/TC 391, Societal and citizen security
• PMI, Project Management Institute
• UN/DP, United Nations Development Programme
• UN/FPA, United Nations Population Fund
• UN/ISDR, International Strategy for Disaster Reduction
9 plenary’s
60 working group meetings and
workshops
Stockholm (2006) Bangkok (2006)
Paris (2009)
Seoul (2008)
Orlando (2007) The Hague (2007)
Stockholm (2010) Bali (2008)Ekurhuleni (2009)
Next event:
Bangkok(2010)
29 Nov - 3 Dec
ISO/TC 223 Scope
• ISO/TC 223 develops international standards that aim toincrease societal security, i.e. protection of society fromand response to incidents, emergencies, and disasterscaused by intentional and unintentional human acts,natural hazards, and technical failures.
• An all-hazards perspective is used covering adaptive,proactive and reactive strategies in all phases before,during and after a disruptive incident.
• The area of societal security is multi-disciplinary andinvolves actors from both the public and private sectors,including not-for-profit organisations.
ISO/TC 223 Organization
ISO/TC 223
Societal
Security
WG 1Framework on
Societal SecurityManagement
WG 2Terminology
WG 3Command, Control,
Coordination and
Cooperation
WG 5
Video
surveillance
WG 4Preparedness and
Continuity
Ongoing work – the ISO 22300 series
WG 1
ISO/NP 22397 Public/Private partnerships
ISO/CD 22398 Guidelines for exercises and testing
WG 2
ISO/DIS 22300 Vocabulary
WG 3
ISO/FDIS 22320 Emergency management – Requirements for command and control
ISO/WD 22322 Emergency management – Public warning
ISO/NP 22351 Emergency management – Shared situation awareness - under ballot until Nov 23
WG 4
ISO/DIS 22301 Business continuity management systems – Requirements – submitted to ISO/CS for ballot
ISO/CD 22399 Business continuity management systems – Guidelines
ISO/NP 22323 Organisational resilience management systems – Requirements
WG 5
ISO/CD 22311 Video surveillance
The ISO process:
1) New work item proposal (NP)
2) Working draft (WD)
3) Committee draft (CD)
4) Draft international standard (DIS)
5) Final draft international standard (FDIS)
6) ISO standard (IS)
First deliverable:
ISO/PAS 22399:2007
Guideline for incident preparedness and operational continuity management
A ‘best of five’ document based on:
1. NFPA 1600:2004, Standard on disaster/emergency management and business continuity programs,
National Fire Protection Association.
2. BS 25999-1:2006, Business continuity management - Code of practice, BSI British Standards.
3. HB 221:2004, Business continuity management, Standards Australia/Standards New Zealand, ISBN 0-
7337-6250-6
4. INS 24001:2007, Security and continuity management systems – Requirements and guidance for use,
Standards Institution of Israel.
5. Business Continuity Guideline, Central Disaster Management Council, Cabinet Office, Government of
Japan, 2005
Available information sources
• ISOTC Portal: www.iso.org
• ISO/IEC Directives
– Part 1, Procedures for the technical work
– Part 2, Rules for the structure and drafting
• My ISO Job
• ISO/TC 223:
http://www.iso.org/iso/standards_development/techn
ical_committees/list_of_iso_technical_committees/is
o_technical_committee.htm?commid=295786