ISO/PAS 22399:2007 for Societal Security

ISO has published the first internationally ratified benchmark document addressing incident preparedness and continuity management for organizations in both public and private sectors.

The Publicly Available Specification, ISO/PAS 22399:2007, Societal security – Guideline for incident preparedness and operational continuity management, is based on best practice from Australia, Israel, Japan, the United Kingdom, and the United States.

Natural disasters, acts of terror, technology-related accidents, and environmental incidents have clearly demonstrated that public and private sectors are not immune from crises. This has led to a global awareness that organizations in the public and private sectors must know how to prepare for and respond to unexpected and potentially devastating incidents.

ISO/PAS 22399 establishes the process, principles, and terminology of incident preparedness and operational (business) continuity management within the context of societal security.

The purpose of the guideline is to provide a basis for understanding, developing, and implementing incident preparedness and operational continuity management within an organization, as well as, to provide confidence in organization-to-community, business-to-business, and organization-to-customer/client dealings.

The guideline is a tool to allow public or private organizations to consider the factors and steps necessary to prepare for an unintentionally, intentionally, or naturally caused incident (disruption, emergency, crisis or disaster) so that it can manage and survive the incident and take the appropriate actions to help ensure the organization’s continued viability.

Organizational resilience requires proactive preparation for potential incidents and disruptions, in order to avoid suspension of critical operations and services, or if operations and services are disrupted, that they resume operations and services as rapidly as required by those who depend on them.

ISO/PAS 22399 describes a holistic management process that identifies potential impacts that threaten an organization and provides a framework for minimizing their effect.