Challenges to overcome

when developing global standards

in a field with extreme national interest

Dr Stefan TangenSecretary of ISO/TC 223 Societal security

SIS, Swedish Standards Institute

Stockholm, Sweden

stefan.tangen@sis.se

+46 8 555 521 60

Agenda

• What is a ”good” standard?

• How should a ”good” standard be developed?

• Why become a standards developer

• Current status of standards

• Trends and news in ISO

• ISO/TC 223

What is a standard? What makes it good?

ENEN 1219512195--11 IMOIMO

How to achieve good?

General principles of ISO

• Consensus

• Voluentary

• Equal footing

• Market needs

Which requires

• Participation

• A slow process

• Understanding of various views

• Will to compromise

Leed or follow?

Standards followers

• wait 3 years and buys standards

• adapts to whatever comes out

Standards developers

• joins a mirror committe

• influenses the standard

• makes sure to know everything before their competitors

• have access to the best experts and knowledge in the

world

EN 12195-1:2003 and 2010 Current status on Management System Standards

for Security, BCM, Organisational resilience

• More than 10 existing standards and several under

development (NFPA 1600, BS 25999, SI 240001 etc)

• Extreme national interest, all standards wants to become

THE standard

The ISO/TC 223 way:

• Use input from all standards, not just one

• First step ISO/PAS 22399 – Guidence on IPOCM

• Second step: ISO 22301 – MSS with requirements

• Third step: ISO 22323 – separate BCM from OR

Joint Technical Coordination Group

• Set up to align all existing and future MSSs

• Will be applied to ISO 9001, 14001, 27001 etc

• Identical highlevel structure, sub-clauses, texts and

definitions

• For the management system only (not the disciplin)

• For better understanding of MSS and easier intergration

• Proposal ready for approval during 2011

• ISO/TC 223 is an early adopter

K-141 Kursk

ISO/TC 223 Societal Security -

secretariat

• Chair: Krister Kumlin

• Secretary: Stefan Tangen

• P-members: 42

• O-members: 19

• Working Groups: 5

• Ad hoc group

• DC contact group

• Twinning

• Work Items: 10

• Deliverables: 2

Members

■Argentina ( IRAM )

■Bolivia ( IBNORCA ) (Correspondent member)

■Brazil ( ABNT )

■Costa Rica ( INTECO )

■Cyprus ( CYS )

■Czech Republic ( UNMZ )

■Ecuador ( INEN )

■Ethiopia ( QSAE )

■Greece ( ELOT )

■Hong Kong, China ( ITCHKSAR ) (Correspondent member)

■Ireland ( NSAI )

■Kazakhstan ( KAZMEMST )

■Mauritius ( MSB )

■Poland ( PKN )

■Slovakia ( SUTN )

■Uganda ( UNBS ) (Correspondent member)

■Ukraine ( DSSU )

■Australia ( SA )

■Austria ( ASI )

■Belgium ( NBN )

■Cameroon ( ANOR )

■Canada ( SCC )

■China ( SAC )

■Colombia ( ICONTEC )

■Côte d'Ivoire ( CODINORM )

■Denmark ( DS )

■Egypt ( EOS )

■Finland ( SFS )

■France ( AFNOR )

■Germany ( DIN )

■Indonesia ( BSN )

■Israel ( SII )

■Italy ( UNI )

■Jamaica ( BSJ )

■Japan ( JISC )

■Kenya ( KEBS )

■Korea, Republic of ( KATS )

■Libyan Arab Jamahiriya ( LNCSM )

■Malaysia ( DSM )

■Morocco ( SNIMA )

■Netherlands ( NEN )

■Nigeria ( SON )

■Norway ( SN )

■Peru ( INDECOPI )

■Portugal ( IPQ )

■Romania ( ASRO )

■Russian Federation ( GOST R )

■Serbia ( ISS )

■Singapore ( SPRING SG )

■South Africa ( SABS )

■Spain ( AENOR )

■Sri Lanka ( SLSI )

■Sweden ( SIS )

■Switzerland ( SNV )

■Tanzania, United Republic of ( TBS )

■Thailand ( TISI )

■Trinidad and Tobago ( TTBS )

■USA ( ANSI )

■United Kingdom ( BSI )

P-members 42 O-members 19 Liaisons• ISO/TC 8, Ships and marine technology

• ISO/TC 159/SC 4, Ergonomics of human-system interaction

• ISO/IEC/JTC 1/SC 27, IT Security techniques

• ASIS International

• CEN/TC 391, Societal and citizen security

• PMI, Project Management Institute

• UN/DP, United Nations Development Programme

• UN/FPA, United Nations Population Fund

• UN/ISDR, International Strategy for Disaster Reduction

9 plenary’s

60 working group meetings and

workshops

Stockholm (2006) Bangkok (2006)

Paris (2009)

Seoul (2008)

Orlando (2007) The Hague (2007)

Stockholm (2010) Bali (2008)Ekurhuleni (2009)

Next event:

Bangkok(2010)

29 Nov - 3 Dec

ISO/TC 223 Scope

• ISO/TC 223 develops international standards that aim toincrease societal security, i.e. protection of society fromand response to incidents, emergencies, and disasterscaused by intentional and unintentional human acts,natural hazards, and technical failures.

• An all-hazards perspective is used covering adaptive,proactive and reactive strategies in all phases before,during and after a disruptive incident.

• The area of societal security is multi-disciplinary andinvolves actors from both the public and private sectors,including not-for-profit organisations.

ISO/TC 223 Organization

ISO/TC 223

Societal

Security

WG 1Framework on

Societal SecurityManagement

WG 2Terminology

WG 3Command, Control,

Coordination and

Cooperation

WG 5

Video

surveillance

WG 4Preparedness and

Continuity

Ongoing work – the ISO 22300 series

WG 1

ISO/NP 22397 Public/Private partnerships

ISO/CD 22398 Guidelines for exercises and testing

WG 2

ISO/DIS 22300 Vocabulary

WG 3

ISO/FDIS 22320 Emergency management – Requirements for command and control

ISO/WD 22322 Emergency management – Public warning

ISO/NP 22351 Emergency management – Shared situation awareness - under ballot until Nov 23

WG 4

ISO/DIS 22301 Business continuity management systems – Requirements – submitted to ISO/CS for ballot

ISO/CD 22399 Business continuity management systems – Guidelines

ISO/NP 22323 Organisational resilience management systems – Requirements

WG 5

ISO/CD 22311 Video surveillance

The ISO process:

1) New work item proposal (NP)

2) Working draft (WD)

3) Committee draft (CD)

4) Draft international standard (DIS)

5) Final draft international standard (FDIS)

6) ISO standard (IS)

First deliverable:

ISO/PAS 22399:2007

Guideline for incident preparedness and operational continuity management

A ‘best of five’ document based on:

1. NFPA 1600:2004, Standard on disaster/emergency management and business continuity programs,

National Fire Protection Association.

2. BS 25999-1:2006, Business continuity management - Code of practice, BSI British Standards.

3. HB 221:2004, Business continuity management, Standards Australia/Standards New Zealand, ISBN 0-

7337-6250-6

4. INS 24001:2007, Security and continuity management systems – Requirements and guidance for use,

Standards Institution of Israel.

5. Business Continuity Guideline, Central Disaster Management Council, Cabinet Office, Government of

Japan, 2005

Available information sources

• ISOTC Portal: www.iso.org

• ISO/IEC Directives

– Part 1, Procedures for the technical work

– Part 2, Rules for the structure and drafting

• My ISO Job

• ISO/TC 223:

http://www.iso.org/iso/standards_development/techn

ical_committees/list_of_iso_technical_committees/is

o_technical_committee.htm?commid=295786