Pagina I de 1 DRAFT INTERNATIONAL STANDARD ISO/DIS 22300 sorte 223 Secretariat: SIS Voting begine on Voling terminates on 2010-12-22 2011.05.22 — Vocabulary Sécurilé sceitiale — Vocabulaire les 01.040.03; 08.100.01 provisions of Council Resolution 15/1089 this document Is ciculatod in ly. Contormément aux clspositions do la Résolution du Conseil 1/1889, ce document est distribus en version anglaise seulement, To expedite distribution, this document is circulated as racelved trom the committee secretariat 180 Central Secretariat wore of editing and text composition wil be underlokon at publlestion stage. Pour accéiérer Ia distribution, 19 présont document set ditribué tol quil est parvenu du ‘eorétarlat du comité. Le travail de rédaction et de composition de teste sera effactud ou ‘Secttariat cantal de F1S0 au stad de publication /http://images.slidesharecdn.com/isodis22300-1 107291 55942-phpapp02/95/slide-1-728,jp.... 05/07/2012TloziLorso “dl-$zL-7-epHs/s6/zoddedud-zy6¢¢ 162401 -00¢ZesIPos1u0>-upoaeysopys'soSeU/- vives * peIna0so1d oq Kew siOiROIA ‘Wwoursa.60 Buisusdy| & 10 sjuauited AyeAos 01 ro8/gns aq Aew LoHonpoidey | Boosrm gom Bioconeiubukdeo yeu) 4y 60 6r2 20 ty» x04 Hi bore 22 1+ os G2 ProUED LLZEHD + 96 opesod oBey | 29470 uke OSt | “ejzonbet ou Jo hiun09 a4 ut Ap09 soqwews S081 10 moreq ssa,ppe eyi iP OS] JeyNe Oo} PEssauNpe oq PINcYs onpe.de! O1 UoIssjuLIad 40) sisenboy ;Pomoos Bog uotssuved vont id yo es pI0W0 10 Bupraoes ‘BuNkdosooud | ‘suorse ‘suraw fue 4q 10 woh Aue u: penusien io worsk> [erowor w ul poles neoeeoe | | 8g fey ¥ woy torre Aus Jou yesp OS! Sy) JenoU “Aiunoo eJe8n =x Jo SKE] okeaNaCe au) open | Pritued #10 O51 pion wpe maUS PuOHoLN ge NID OS | | eorj0u 1yByAdog "wo ee aioe 6a ivi ave usw goa equ 08% fos" Ogee osee gu oi 9 a8 este Bi oj eraad puna na Bes umceat oa weve howe ou] ye ae 8s a srg art para oo | 3 404 8 UDI Pest Sanpon! srmyor a Jo Cg ‘pawseecou names egy 2 weuepe4 8 a | a aU Ege 2029 | na wai esse sosed a na Boece puso pesuen} ait pappaqus sie Yor aoamedh a ceown pagpe ve FUN LoNORY tm wOUEpIED i aDe¥ al pepoRgu See? hw 300 soup 4d vez siaiost 1 ep 1 euliggPagina 1 de 1 IsovDIs 22300 Contents Soclatal securlty nan. 22 Management of societal security 23 Operational - Risk Reduction 24 Operational - Training. 2 — Oporational - Recovery, 26 Technology . http://images.slidesharecdn.comy/isodis22300-110729155942-phpapp02/95/slide-3-728 j 05/07/2012Pagina 1 de 1 Isovpis 22300 Foreword |SO (the Intemational Organization for Standardization) is a worldwide federation of national standards bodies {ISO member bodies). The work of preparing Intemational Slandards is normally cartied out Through ISO ‘echnical committees. Each member body Interested in a subject for which e technical commie has been established has the night to be represented on that committee. Intemational organizations, governmental and ron-goverimenial, in litison vith (SO, also take part in the work. ISO collaborates closely with the Intesnational Electrotechnical Commission (IEC) on ail matior of electotechrical standardization. International Standards are dratted in accordance with the rules given in the ISOVIEC Directives, Part 2 ‘The main task of technicel committees is to prepare International Standards. Draft International Standards adopted by the technical committees are circulated to the member bodies for voting. Publeation ‘as an International Standard requires approval by atleast 75 % of the member bodes casting a vote, “Attention is drawn to the possibly thal some ofthe elements ofthis document may be the subject of patent "ights. ISO shall nal be hed responsible for identiying any or al such patent righ. 180 22500 was prepared by Technical Committee ISO/TC 223, Societal socunty hitp:/images.slidesharecdn.com/isodis22300-1 10729155942-phpapp02/95/slide-4-728 jp... 05/07/2012Pagina I de 1 sss DRAFT INTERNATIONAL STANDARD. Isorpis 22300 Societal security — Vocabulary 1 Scope ‘This International Standard contains terms and their defintions applicable to societal security to establish a Common understanding 60 that consistent terms are used. 2 Terms and definitions For the purpeses ofthis document, the following terms and definons apply 2.4 Societal security 2aa societal security protection of sotiely from, and response to, incidents, emergencies and disasters caused by intentional and ‘Unintentional human acts, natural hazards, and technical falures, 21.2 Intertested party (proferred term) stakeholder (admitted term) person or group of people that holds a view that can alee! the organization 2n9 societal security framework ‘et of components that provide the foundations and organizational arrangements for designing, implementing, ‘monitoring, reviewing end continualy improving societal security NOTE 1 The foundations inciule pot, objecver, mandate and commitment e manage socutl secur. NOTE2 Organizatonal arangemerts include plans, rlavorships, accountebtes, resources, processes and actives. 214 civil protection measures taken and systems implemented to preserve the lives and health of ctizens, ther properties and {heir environment from undasived events NOTE Undesied evonts may incude accidents, amergencios and dase 218 tisk etiet of uncertainty on ebjectives NOTE 1 An atfectis« deviation rom the axpecod postive andor negative, NOTE 2 _ Cbjocives can relate to diforont dscpines (such as franclal health and safoly and environmental got) and can apply at dierent levels (suchas strategic, orgarnzaion wide, pote predutl, and process). An jective Cor ty ‘expressed in oer ways, og. as an intanced outcome, a purpose, an eperatona entaron #82 societal socey sou, 19rby he use of other words wih cimiar meaning fq, ai, ges. o arg’. http://images.slidesharecdn.com/isodis22300-1107291 55942-phpapp02/9S/slide-5-728,jp... 05/07/2012Pagina 1 de 1 IsovDis 22300 NOTES Fiskis often charactorizod by reference to potential vant, and cansequences, or a combina o! hose. NOTE 4 Risk i oien expressed in toms af a combination of the consequences of an event (nckeing changes in reamstances) andthe associated Tkeiond of occurance, NOTE 5 Uncontainty is he siat, ven part of dione of information related to, understanng or knowledge ot, an ‘vent, ts consequanee, © Bkenead. NOTE 6 _ in tho content of sociota security managamont system standards socal secury objectives are sot by iho ‘rgenizaton, consistent wih tho soca secuny pote to active specie results 238 disaster risk reduction concept and practice of reducing disaster risks through ellorts to analyse and manage the causa! fectors of disasters, NOTE. Eflos nud reduced exposure to hazards, lessoned winerabily of poopte and prety wise management Tard and he environment, are improved preparedness for adverse events aur safety talus oF condition of people, propery, information and operation being protected agains! or from intentional, Unintentional human get or natural disaster 218 security resistance to events that may cause harm or damage 219 threat fotenlal cause of an unwanted incident, which may result in harm to individuals, a system or organization, the ‘environment or the community 21.10 ‘event ‘eccurtence or change of a particular set of circumstances NOTE { Nature, Hethood, and consequence of an event cannot be ful knowabl NOTE —Anevent can be one or more aecusrenea, and can have several causes. NOTES —Ukotbood associated with the event ean be dotrminod, NOTE 4 An event ean consist of anon occurrence of ore or more cicumstances. NOTES An evont it a consequence is somtines refered to as “incident. NOTE An ert wire no loss occurs may also be rofered to as a "near mis" near Ni, cose ca” or dangerous ce where widespread human, material, economic or environmental losses have occurred which exceeded the abilty ofthe alfected organization, community or society 10 respond and recaver using is own resources 24.12 emergency unforeseen occurence; a sudden and urgant eceasion for action http://images.slidesharecdn.com/isodis22300-110729155942-phpapp02/95/slide-6-728,jp... 05/07/2012Pagina 1 de 1 Isoris 22300 24.13 crisis ‘situation with high level of uncerainty that eisrupts the eo foquites urgent action 8 and / or crecblty of an organization and 2344 al-hazerds rarally ocouring events, human induced events (both intentional and norvintentional) and technology ‘ausod events with potential impact on an organization, community or socily and the environment on which depends 21.18 hazard ‘source of potential harm NOTE Hazard can be a source of rok 21.16 incident Situation that might be, or could lead to, a disruption, loss, emergency or ersis 2aa7 ‘mitigation measures taken to imit, or make less serious or severe, the negative consequences of unavoidable emergencies and disasters ‘adaptive capacity of an organization ina complex and changing environment 22 Management of societal security 224 ‘emergency management that might occur (ganeral, the emargency management consists of risk Wentifcatan, proveion, preparedness, response 222 policy Intentions and dlraction of an orgarization as formally expressed by top mangement 228 objective result to be achieved NOTE 1 An cbjctve canbe sates tactical or operational. NOTE 2 An objective can bo expressodin char ways, e9, a8 an intended outcome, a purpose, an operatenal iteton 8 2 sociota socutly objective or by te uee of ober wards cf similar maaning (og, am, goa or tage), 224 top management person or group of people who directs and controls an organization atthe highest level NOTE 1 Top management has the power to dologate athody and provide resources vthn the organization NOTE 2 An organization fer this purpose can be inilied by reference to the soape of the implementation of a management system, hhttp://images.slidesharecdn.com/isodis22300-110729155942-phpapp02/95/slide-7-728,jp..._ 05/07/2012Pagina 1 de 1 Iso/pis 22300 225 ‘management system set of Intereleted or interacting elements of an organization to establish polloes and objectives, and Processes to achieve those objectives NOTE 1 Amanagomentsysiom can adress tingle dscipine or saveral sipinas NOTE 2 The .systom olamans include tho organization's stueture roles ad response, planning, operation a NOTES The scope of a management systom may include the whole of the rgarizaion. specif and tonifiod funcione of he organization, specfe and eriied sections othe eganieaton, or ong of move functors aerose @ gous ose Sails crrenernrrrenronemeeneepere= nar ‘sensitive Information information protected from pubic cisclosure only because it would have an adverse elect on an organization, ‘national security or public safoty 228 risk source ‘element which alone or in combination has the intinsle potato give rise to risk NOTE Arsh ouree can be tangibe or intangbie., 229 ‘organization person or group of people that has Its own functions with responsiblliee, authorties and relationships 10 ‘achieve its cbjectves NOTE The concopt of organization Includes, but net imiod to eo trader, company, corporation, frm, enters, _authorhy, partnership, charly or insition, or par ar eombuaton thereat, whether incoporaied or nol, publ o pve 22.0 risk owner person oF entity withthe accountability and authorly to manage @rish text of the definiton 22.11 Performance measurable result NOTE 1 Portormanco can relato thor 1 quantiatve or qualitative tidings NOTE2 Performance can relate to the managomant of achlles, processes, products (ncuding survices),eysiome, oF exganizators. 22.12 partnership ‘organized relationship between Iwo bodies (puble public, prvale-pubte, prvate- private) which establishes scope, roles, procedures and tools to prevent and manage any incident impacting on societal security with respect of elated laws. 22.13 ‘mutual ald agreement pre-arranged agreement developed between two or more entities to render assistance to one another hitp://images.slideshareedn.com/isodis22300-110729155942-phpapp02/95/slide-8-728,jp... 05/07/2012Pagina I de 1 IsovDIs 22300 NOTE In the puble ecctor a memorandum of understanding (MOU) can be used as the basis of a Mutual Aid ‘Agrooment UAL). 2214 exercise programme a process building toward a ful-ecale exercise 2215 capacity Combination of al the strengths anc resources available within an erganization, cemmuniy or society that can reduce the evel of risk, or the effecis of a crisis NOTE _Copacily may inciudo physica, inituional, social, er economic means as well as shiled parsonnel oF ‘toutes such as leadership and management, 22.16 competence abilly 1o apply knowledge and skis to achiove intended results 2217 rnoncontormity ror-ulflment of a requirement 2218 correction action tc eliminate a detected noncontormity 2210 corrective action ‘ction fo eliminate the cause of a noncantormily and to prevent recurrence NOTE in the case of otter undesirable cutzomes, action ie neccesary 10 minimise or alminate the causes and to Foguce the impactor prevent recurence. Such actions fll use tho concept of corecva acon” inthe Senge Ie etter 22.20 residual risk tisk remaining ator rok woatmont NOTE 1 — Rosidual ss can conan undenited isk, NOTE 2 Resicval ris algo known as “rezanod” risk texto! he definion, 22a ‘contormity {ultiment ofa requirement 2222 audit systematic, independent and documented process for obtaining audit evidence and evaluating tabjectively to determine the extent to which the audit enteta are tlliled NOTE 1 An aucltmay be an internal auc (st par) or an estornal aud (Second pany orth par, ardit may be a combined audit (combising two or mora cscpines) or a jor aust (by Mo oF more auching oraricaions oF of fro oF ore austed organtastong), NOTE 2 “Audit evidence” and ‘au eile” era defined in ISO 19011 http://images.slidesharecdn.comvisodis22300-110729155942-phpapp02/95/slide-9-728.jp... 05/07/2012Pagina | de 1 Iso/DIs 22300 2223 verification contmation, through the prevision of evidence, that specified roquirements have been fullled 2224 evaluation systematic process that compares the result of measurement to recognizes enteron to determine the gap between intended and actual performance NOTE The gaps ao inputs nto the contrunt improvement process. 22.25 effectiveness ‘extent to which planned activites are realized and planned results achieved 22.26 validation verifeation fora spaciic oF intended use 2227 ‘continual improvement recurring activily o enhance performance 23° Operational - Risk Reduction 234 ‘work environment ‘set of conctions under which work Is performed NOTE Condtions include physical, soci, psychological and endronmenta actors such as temperature, recernition| schomes, ergonomics and stmesphece eompasiton 232 vulnerability intrinsic properties of something resuling in susceptiblty to @ tisk source that can lead to an event with a ‘consequence 233 risk assesement ‘overall process of risk dentifcation, risk analysis, and rsk evaluation 23.4 probability measure of the chance of occurrence expressed as a number botwesn 0 and 1 where Oi impossibility and 4 Is absolut cortainly 235 prioritized activities activites to which urgent priority must be given fellowing an incident in order to ate impacts. NOTE Terms in common uso ta describe actvilos witln tis group Include: etal, eazenta, vital. urgent and Koy. 236 REI eve conten or evenly NOTE The event condton or aventuatty may be ot an emergency nature http://images.slidesharecdn.com/isodis22300- 1 10729155942-phpapp02/95/slide-10-728,... 05/07/2012Pagina I de 1 1S0/0IS 22300 23.7 training Activites designed to facitate the learting and development of knowledge, skils, and abilies, and to improve the performance of spectic tasks or roles, 23.8 test ‘exercise whose alm s 1 obtain an expected, measurabie passitell outcome NOTE, A testa a unique and particular ype of exercise, which Incorporates an expectavon of a pate or fall element ‘iin the aim er abjorives ofthe exercise bay planned. 23.9 testing procedure for evaluation; a means of determining the presence, qualty, or vetacly of something NOTE 1 Assessing a capabity wih the resut boing eter pass orf NOTE2 Testing may be referad to as ata NOTES: Tostngis on appiod te supportng plans. NOTE-4 —Tointont of sting iso imereve the everall perfomance of an organization. 24 Operational - Training 244 ‘scenario pre-planned storyline that drives an exercise, the slimull used to achieve exercise objectives 242 Inject Scripted pioce of information input in the exereise designod to elicit a response or decision and faciliate the flow of the exerciso 243 role player ‘exorcise participant who responds to set of simul generatad by the exercise scnpt; creates or simulatos a ‘scenario by acting oUt the role of someone who would ba involved In a eéal incident 244 seript story of the exercise as it develops which allows directing sialf fo underetand how events will develop during ‘exercise play as the various elements of the master events list ae introduced NOTE The scrips on writon a8 a narrative of s:mulatus avers tox ofthe deiaion 245 exercise co-ordinator person responsible for planning, coordinating, and Implementing exarcises NOTE This porson is also rasponsbie fr the cooperation among arises, dvsions, and extemal orparizatons in large conn oxorelsee, ‘exercise participant who watches selected segments as they unfold whlle remaining separate from role player activities | http:/fimages.slideshareedn.com/isodis22300-110729155942-phpapp02/95/slide-11-728,j... 05/07/2012Pagina 1 de 1 'so/DIs 22300 NOTE, Observers pay a cuca soa inthe debating and reparing process ator an exorcise. The tom i algo used ‘oe “VIP observers’, who usual ait he exercise for only a short ime, argly fr intemal er eternal PR purposes, and do rot ako part in th debs 247 ‘monitoring termining the status of a eystom, a process of an activily NOTE To determin the status there may bo a needto chock, supervise or ericaly observe 248 rill text of the detiniion a coordinated, eupervised activity usually employed to train and to test a single spectic operation or tunction within a single entity NOTE Example are dopartmont conducts a decontamination dil, 249 exorcise ‘process to rain for, assess, practice, and improve performance in an organisation NOTE _Exorises can be used fr validating polos, plans, procedures, taining, equipment, and intr ergerizavonal agraemens: claryng and vainng personna a roles and asponsibites; improving intr eranicaenal catanatin and communications; iactying gape in rosoutooe: improving inahidua purfonmarce andi onalyig, peoraes ne ‘mprovemon|; and eonrled opportuni to practoe improvisation 24.10 ‘exercise safety officer ‘Person tasked with ensuring that any actions during the exercise and testing are performed sately NOTE 1 Usual elovantio a "We play exercso. NOTE 2 The Exercise Salaty Oficer should bo volved tom the planning of the exercise and esting though to the ebriting 2am functional exerciee an oxercise to tain for, assess, practice, and improve performance of single functions designed to respond to andi recover from an unwanted event NOTE t Functons could incluso an omergency eperatens center (EOC) team or eis's maragemont toam ar {ihtars dacontarinating mack vets. NOTE2 —Atunctonal exercise dos not avove any actus acton 24.12 full-scale exercise ‘an exercise which involves muliple organizations and functions and includes actual activites 2443 strategic exercise 8 process to assess, train for, practee, and improve pertormance of ertical personnel al the strategic level of ‘an organization NOTE _Stratoyc lvelcical sta! Incude intorministvat esa tal, police! administave stat, erxs sector and ‘Yoke departmental managment sal and te criss managemen’expanisason ef te corporate managernen eam, 2414 post-exercise report document which secords, describes and analysee the exercise, drawing on debriels and reports from ‘observers, and derives lessons from i hitp://images.slidesharecdn.com/isodis22300-110729155942-phpapp02/95/slide-12-728,j... 05/07/2012Pagina 1 de 1 Isomis 22300 2415 exercise annual plan document in which the exercise policy plan has been translated to exercise goals, exercis ‘exercise agenda or exercise calendar fora certain year are reliect and it wich 2.8 Oporational - Recovery 254 alert warning addressed to persons in the danger envircament or request for human intervention caused by alarm, tamper ar faut NOTE 1 Human intorwenton cou be emergency sorvices. NOTE 2 Sometimes the torm alarm waning is weed instoad. 252 warning dissemination of message signaling imminent hazard which may include adviee on protective measures 253 Incident response ‘actions taken in der to mizgate the consequences of an incident NOTE Incident osponsa i part ofthe emergency management process. 254 Incident command part ofan organized lncident response structure NOTE Incdant command is the process that is conducted within the command stwuetures that evoWe dung the ‘management ofan incident. 255 ‘command and control | process that supports effective management ofall avaliable capscty in an organization NOTE this process wit upport the management dureg roubne. emergency, continu andor recovery 256 co-ordination text ofthe cetintion way in which diferent organizations or paris af the seme organization (public or private) work ot act together in order to achieve a common objective NOTE 1 Cocrsinaton intograls th individual response actives of inohved parts (including 04. pubic or private ‘organizations and government) fo achieve syroray io tie exert thatthe indent responso hes @ uolied abictve and 9ordinate actives through transparect information sharing regarding tha reepeosve helen retponea actives, NOTE2 Allorganzafons ae invclved into process to agros on a common inne response objective and accept io Impiamont he satogies by this consensus adtsion making procoss. 257 improvization ‘act af inventing, composing or performing wit litle or no preparation as reaction to the unexpected 258 ‘operational information various forms of information that have varying degrees of uly for commanders and ther stat, ittp://images.slidesharecdn.comvisodis22300-110729155942-phpapp02/9S/slide-13-728,... 05/07/2012Pagina | de 1 IsovbIs 22300 259 protection ‘measures that enable an organization fo reduce the impacto! a poten disruption 28.10 recovery Festoration and improvement, where appropriate of operations, faciltes, Fvelinoads cor living conditions af affectes organizations indluding efforts to reduce risk factors 2544 ‘shelter in place remain or take immediate refuge ina protected location relevant tothe risk 2.6 Technology 2 forensic use of knowledge and techniques derived from various sciences In an investigation 262 logical structure ‘data that is arranged to make sense toa given user 264 alarm ‘warning ofthe presence of a hazard to ite, property oF the environment NOTE An alam can be generated by the video suvellance sysiom (yplcally by a detection alorthen) or oxtal ‘cure as 2 noice fo aporators hat paentaly hari event esueposied and ft an aston most be taken te be ‘ceased sarms ras besa explansty, ate an aalaed wise! egy 204 CCTV system television system in which signals are not publily distributed NOTE A sunvoitanca system may be comprised of cameras ecorders and daplays and used te monitor acti in a spoots inastucture, 265 Video surveillance Use of video cameras to transmit a signal to @ specific place 28.6 motadata information to describe audiovisual content and data essence in a format defined by ISO or any other authorty 26.7 With a Giga image aside from the pixel values that doos not change over the time or atleast ‘does not change over the a sequence 268 dynamic metadata data associated with a digital image aside from the pixel values which can change for each trame of a video Nine http://images slideshareedn.com/isodis22300-1 10729155942-phpapp02/95/slide-14-728j..._ 05/07/2012Pagina 1 de 1 'sonis 22300 Bibliography {1 1S0.9000:2008 Quality Management Systems ~ Fundamentals and requirements [2} 180 Guide 73: 2009 Fisk Management Vocabulary [8] ISO/PAS 22399:2007, Societal security ~ Guideline for incident preparedness and operational continuly ‘management [4] ISO JTCA/TF Nas & JTOGITFSINT25} - Management Systems Standards —Terms and definitions and recommendations for tre usage /hutp://images slidesharecdn.com/isodis22300-110729155942-phpapp02/95/slide-15-728j... 05/07/2012DRAFT INTERNATIONAL STANDARD —— a alam ‘alert al-nazards ‘uct 8 business impact analysis c capacity CCTV system hil protection ‘command and contra competence contingency ‘co-ordination ‘ontormiy ‘continual improvernent eorrection corroetve action isis D eacter sastor risk reduetion eal dynamic meta data E ettecivensss emergency ‘emergency management ‘evaluation event exercise ‘exercise annual plan exercise coordinator exercise programme ‘exercise safety officor F forensic full-scale exorcise functional exercise H hazard ' improvization inadont 263 251 Bate 2222 Index Incident command incident response injoct Interested party (preferred term) L logical structure ™ ‘managamant system metadata ‘mitigation ‘monitoring ‘mutual aid agreement N ‘ponconformily ° objective observer ‘operational information organization Pe partnership performance policy| Post exorcise report Driortized activities probability protection R rwellence recovery residual risk miigation tisk tisk assessmant tisk owner risk souree role player s saety scenario script security sensive information sheltor in place societal secunty societal secunty framework 254 253 242 212 262 228 206 24.17 247 2213 22.47 Pagina 1 de 1 IsovbIs 22300 http://images.slidesharecdn.com/isodis22300-1 107291 55942-phpapp02/95/slide-16-728,... 05/07/2012Pagina 1 de 1 Iso/DIs 22300 stakeholder (admitied term) 212 stralegic exercise 2413 state metadata 267 T test 238 testing 239 threat 21s top management 224 training 237 v validation 22.26 verification 22.23 video survetance 285 wuinerabilty 232 w warning 252 work environment 231 http:/images.slidesharecdn.com/isodis22300-110729155942-phpapp02/9S/slide-17-728. 05/07/2012