Challenges to overcome when developing global standards

in a field with extreme national interest

Dr Stefan TangenSecretary of ISO/TC 223 Societal security

SIS, Swedish Standards InstituteStockholm, Sweden

stefan.tangen@sis.se+46 8 555 521 60

Agenda

• What is a ”good” standard?• How should a ”good” standard be developed?• Why become a standards developer • Current status of standards• Trends and news in ISO• ISO/TC 223

What is a standard?

What makes it good?

EN EN 1219512195--11 IMOIMO

How to achieve good?

General principles of ISO• Consensus• Voluentary• Equal footing• Market needs

Which requires• Participation• A slow process• Understanding of various views• Will to compromise

Leed or follow?

Standards followers• wait 3 years and buys standards• adapts to whatever comes out

Standards developers• joins a mirror committe• influenses the standard• makes sure to know everything before their competitors• have access to the best experts and knowledge in the

world

EN 12195-1:2003 and 2010

Current status on Management System Standards for Security, BCM, Organisational resilience

• More than 10 existing standards and several under development (NFPA 1600, BS 25999, SI 240001 etc)

• Extreme national interest, all standards wants to become THE standard

The ISO/TC 223 way:• Use input from all standards, not just one• First step ISO/PAS 22399 – Guidence on IPOCM • Second step: ISO 22301 – MSS with requirements• Third step: ISO 22323 – separate BCM from OR

Joint Technical Coordination Group

• Set up to align all existing and future MSSs• Will be applied to ISO 9001, 14001, 27001 etc• Identical highlevel structure, sub-clauses, texts and

definitions• For the management system only (not the disciplin)• For better understanding of MSS and easier intergration• Proposal ready for approval during 2011• ISO/TC 223 is an early adopter

K-141 Kursk

ISO/TC 223 Societal Security -secretariat

• Chair: Krister Kumlin• Secretary: Stefan Tangen • P-members: 42• O-members: 19• Working Groups: 5• Ad hoc group• DC contact group • Twinning• Work Items: 10• Deliverables: 2

Members

■Argentina ( IRAM ) ■Bolivia ( IBNORCA ) (Correspondent member)■Brazil ( ABNT ) ■Costa Rica ( INTECO ) ■Cyprus ( CYS ) ■Czech Republic ( UNMZ ) ■Ecuador ( INEN ) ■Ethiopia ( QSAE ) ■Greece ( ELOT ) ■Hong Kong, China ( ITCHKSAR ) (Correspondent member)■Ireland ( NSAI ) ■Kazakhstan ( KAZMEMST ) ■Mauritius ( MSB ) ■Poland ( PKN ) ■Slovakia ( SUTN ) ■Uganda ( UNBS ) (Correspondent member)■Ukraine ( DSSU )

■Australia ( SA ) ■Austria ( ASI ) ■Belgium ( NBN ) ■Cameroon ( ANOR ) ■Canada ( SCC ) ■China ( SAC ) ■Colombia ( ICONTEC ) ■Côte d'Ivoire ( CODINORM ) ■Denmark ( DS ) ■Egypt ( EOS ) ■Finland ( SFS ) ■France ( AFNOR ) ■Germany ( DIN ) ■Indonesia ( BSN ) ■Israel ( SII ) ■Italy ( UNI ) ■Jamaica ( BSJ ) ■Japan ( JISC ) ■Kenya ( KEBS ) ■Korea, Republic of ( KATS ) ■Libyan Arab Jamahiriya ( LNCSM ) ■Malaysia ( DSM ) ■Morocco ( SNIMA ) ■Netherlands ( NEN ) ■Nigeria ( SON ) ■Norway ( SN ) ■Peru ( INDECOPI ) ■Portugal ( IPQ ) ■Romania ( ASRO ) ■Russian Federation ( GOST R ) ■Serbia ( ISS ) ■Singapore ( SPRING SG ) ■South Africa ( SABS ) ■Spain ( AENOR ) ■Sri Lanka ( SLSI ) ■Sweden ( SIS ) ■Switzerland ( SNV ) ■Tanzania, United Republic of ( TBS ) ■Thailand ( TISI ) ■Trinidad and Tobago ( TTBS ) ■USA ( ANSI ) ■United Kingdom ( BSI )

P-members 42 O-members 19 Liaisons• ISO/TC 8, Ships and marine technology• ISO/TC 159/SC 4, Ergonomics of human-system interaction• ISO/IEC/JTC 1/SC 27, IT Security techniques • ASIS International• CEN/TC 391, Societal and citizen security• PMI, Project Management Institute• UN/DP, United Nations Development Programme• UN/FPA, United Nations Population Fund

• UN/ISDR, International Strategy for Disaster Reduction

9 plenary’s60 working group meetings and

workshops

Stockholm (2006) Bangkok (2006)

Paris (2009)

Seoul (2008)

Orlando (2007) The Hague (2007)

Stockholm (2010) Bali (2008)Ekurhuleni (2009)

Next event: Bangkok(2010)29 Nov - 3 Dec

ISO/TC 223 Scope

• ISO/TC 223 develops international standards that aim to increase societal security, i.e. protection of society from and response to incidents, emergencies, and disasters caused by intentional and unintentional human acts, natural hazards, and technical failures.

• An all-hazards perspective is used covering adaptive, proactive and reactive strategies in all phases before, during and after a disruptive incident.

• The area of societal security is multi-disciplinary and involves actors from both the public and private sectors, including not-for-profit organisations.

ISO/TC 223 Organization

ISO/TC 223Societal Security

WG 1Framework on

Societal Security Management

WG 2 Terminology

WG 3Command, Control, Coordination and

Cooperation

WG 5Video

surveillance

WG 4Preparedness and

Continuity

Ongoing work – the ISO 22300 series

WG 1

ISO/NP 22397 Public/Private partnershipsISO/CD 22398 Guidelines for exercises and testing

WG 2

ISO/DIS 22300 Vocabulary

WG 3

ISO/FDIS 22320 Emergency management – Requirements for command and control ISO/WD 22322 Emergency management – Public warning ISO/NP 22351 Emergency management – Shared situation awareness - under ballot until Nov 23

WG 4

ISO/DIS 22301 Business continuity management systems – Requirements – submitted to ISO/CS for ballotISO/CD 22399 Business continuity management systems – Guidelines ISO/NP 22323 Organisational resilience management systems – Requirements

WG 5

ISO/CD 22311 Video surveillance

The ISO process:1) New work item proposal (NP) 2) Working draft (WD)3) Committee draft (CD)4) Draft international standard (DIS)5) Final draft international standard (FDIS)6) ISO standard (IS)

First deliverable: ISO/PAS 22399:2007

Guideline for incident preparedness and operational continuity management

A ‘best of five’ document based on:

1. NFPA 1600:2004, Standard on disaster/emergency management and business continuity programs, National Fire Protection Association.

2. BS 25999-1:2006, Business continuity management - Code of practice, BSI British Standards.

3. HB 221:2004, Business continuity management, Standards Australia/Standards New Zealand, ISBN 0-7337-6250-6

4. INS 24001:2007, Security and continuity management systems – Requirements and guidance for use, Standards Institution of Israel.

5. Business Continuity Guideline, Central Disaster Management Council, Cabinet Office, Government of Japan, 2005

Available information sources

• ISOTC Portal: www.iso.org• ISO/IEC Directives

– Part 1, Procedures for the technical work– Part 2, Rules for the structure and drafting

• My ISO Job

• ISO/TC 223: http://www.iso.org/iso/standards_development/technical_committees/list_of_iso_technical_committees/iso_technical_committee.htm?commid=295786