Standards and Guidance Available on Incident and Crisis Management
Keeping up with the number of Standards and Guidance documents available to support incident and crisis management and business continuity is quite a challenge! This is a roundup of what’s out there in the crisis and incident management arena from a UK perspective.
PAS 200:2011 Crisis Management – Guidance and good practice
Published in September 2011, this is a Publically Available Specification (PAS) sponsored by the UK Government’s Cabinet Office and developed in concert with the British Standards Institution (BSI). It is aimed primarily at top managers with strategic responsibilities who have a role in shaping, directing and developing the crisis management capability of their organisation. The PAS differentiates between the terms ‘incident’ and ‘crisis’ and argues that their management presents special challenges that require different approaches, the PAS focussing on guidance to the development of the strategic crisis management capability within an organisation.
ISO 22320:2011 Societal Security – Emergency management – Requirements for incident response
Published in November 2011 by the Technical Committee ISO/TC 223, Societal Security of the International Standards Organisation (ISO), ISO 22320 includes requirements for the co-operative aspects of incident response between organisations at international, national and regional levels. The ISO is designed to help public and private incident response organisations to improve their capabilities in handling all types of emergencies and create command and control structures that facilitate information flows and interoperability between involved organisations, agencies and other parties when required. The ISO uses the term incident with the scale of a challenge differentiated by a classification of incident levels. In the context of the ISO, incident response is defined as being part of the emergency management process.
ISO/PAS 22399:2007 Societal Security – Guideline for incident preparedness and operational continuity management
Published in 2007, this ISO/PAS 223999 lays out the general principles and elements for incident preparedness and operational continuity of an organisation (private, governmental and nongovernmental). It is designed to guide an organisation in the development of its own specific performance criteria for incident preparedness and operational continuity, and design an appropriate management system. The extent of the application will depend on factors such as the policy of the organisation, the nature of its activities, products and services, and the location where and the conditions under which it functions.
BS 25999-2: 2007 Business Continuity Management Specification
BS 25999-2 is the British Standard for Business Continuity Management. It also specifies requirements for incident management as part of a business continuity management system. It details the requirements for an incident response structure and incident management plans within an organisation. These detail how an organisation will manage an incident and, in tandem, with the business continuity plan, determine how it will recover or maintain its activities in the event of a disruption. Another ISO prepared by the Societal Security Technical Committee, ISO 22301 Societal Security – Business Continuity Management Systems, is due to be published this year. Much of the new ISO is expected to be based on BS25999-2 and therefore it is also expected to cover an element of incident management.
Source