ISO/TC 223

Last updated January 17, 2022

ISO/TC 223 Societal security was a technical committee of the International Organization for Standardization formed in 2001 to develop standards in the area of societal security: i.e. protection of society from and response to incidents, emergencies, and disasters caused by intentional and unintentional human acts, natural hazards, and technical failures.^[1]

The sinking of the Russian submarine Kursk to the bottom of the Barents Sea in 2000 can be cited as a major impetus for the formation of ISO/TC 223. The international salvage operation that followed the accident provided painful evidence that the international community lacked the tools necessary to cooperate effectively in emergency situations, resulting in an initiative from the Russian standards organization, GOST, to establish ISO/TC 223. Originally titled Civil defence, the committee was created to standardize international emergency procedures.^[2]

The initiative lay dormant for some time. However, terrorist actions, including the 9/11 attacks on New York and Washington, as well as a surge in natural disasters in recent years, led ISO to conduct a large-scale assessment of the role of standardization in the security field. One important decision was to put ISO/TC 223 into action.

In 2005 the chairmanship of the committee was taken over by SIS, the Swedish Standards Institute. To better reflect its ambition to take a broader approach toward disruptive incidents that threaten the civil society, the committee was renamed Societal security.^[3]

ISO/TC 223 was actively developing a series of international standards for more than eight years. In 2014, the Technical Management Board of ISO decided to merge ISO/TC 223 with other committees in the area of security for better coordination. The new committee began on 1 January 2015 and is called ISO/TC 292 Security and resilience

Scope

ISO/TC 223 worked under the following scope:^[4]

ISO/TC 223 develops International standards that aim to increase societal security, i.e. protection of society from and response to incidents, emergencies, and disasters caused by intentional and unintentional human acts, natural hazards, and technical failures. An all-hazards perspective is used covering adaptive, proactive and reactive strategies in all phases before, during and after a disruptive incident. The area of societal security is multi-disciplinary and involves actors from both the public and private sectors, including not-for-profit organizations.

Leadership and organisation

Chair

2006-2012 Mr Krister Kumlin
2013-2014 Mrs Åsa Kyrk Gere

Secretary

2006 Mr Per Forsgren
2006-2013 Dr Stefan Tangen
2013 Mrs Sanna Edlund
2014 Mr Bengt Rydstedt

ISO/TC 223 established the following working groups: WG 1, WG 2, WG 3, WG 4, WG 5 and WG 6.^[5]

ISO/TC 223 became one of the larger committees in ISO with around 70 member countries.

Introduction to societal security

The term societal security was introduced as a political science concept developed by Nicholas Cringall in 1984. The definition of societal security for ISO/TC 223 is broader than just TO DEAL what might challenge the group's identity.

In recent years there have been many highly consequential natural disasters, terrorist attacks and severe crises, which have propelled the issue of crisis management to the top of the national agenda in many countries. As functions in society are shared there is a need to engage individuals, organizations, the private sector and the government in an inclusive discussion on how to better prepare, respond to and recover from crises.

Now and in the future, survival of nations and citizens concerns the security of critical functions of society, rather than only the classical focus on the security of the territory. This shift entails the ability of the government and civil society to function, critical infrastructures to be maintained, the democratic ability to govern, and to manifest certain basic values. Such abilities are put under pressure during severe crises. In societal security several elements that traditionally have been kept apart are becoming fused: procedures for peace and war merge, internal and external security are interlocked, and the ambitions of enhancing state security and providing citizen safety become blurred.

These are new and more complex challenges. These challenges have implications for what (concepts and) tools we need to enhance security, citizens safety and crisis management capacity in an increasingly interdependent and borderless world. Such trans-boundary challenges are not covered by the traditional concept of national civil defence.

Thus, the proposed umbrella-concept of societal security is aimed at countering the threats and vulnerabilities in society that require comprehensive crisis management and business continuity systems which are multi-sector, multi-national and multi-continental.

Increased societal security requires a capacity for holistic crisis management emphasizing interoperability and including all key phases of crises. This capacity should have an overall flexibility in order to be able to manage crises that include un-predicted and unexpected elements and events. The purpose is to build a greater overall resilience in the face of a broad range of societal vulnerabilities and disruptive challenges.

The ISO 22300 series

The following international standards and other publications have been developed by ISO/TC 223

ISO standards

ISO 22300:2012 Societal security – Terminology
ISO 22301:2019 Security and Resilience – Business continuity management systems – Requirements
ISO 22311:2012 Societal security – Video-surveillance – Export interoperability
ISO 22313:2012 Societal security – Business continuity management systems – Guidance
ISO 22315:2014 Societal security – Mass evacuation – Guidelines for planning
ISO 22317:2015 Societal security – Business continuity management systems – Guidelines for business impact analysis (BIA)
ISO 22320:2011 Societal security – Emergency management – Requirements for incident response
ISO 22322:2015 Societal security – Emergency management – Guidelines for public warning
ISO 22324:2015 Societal security – Emergency management – Guidelines for colour-coded alert
ISO 22397:2014 Societal security – Guidelines for establishing partnering arrangements
ISO 22398:2013 Societal security – Guidelines for exercises

Others forms of publications

ISO/TR 22312:2011 Societal security – Technological capabilities
ISO/TR 22351:2015 Societal security – Emergency management – Message structure for interoperability
ISO/PAS 22399:2007 Societal security – Guideline for incident preparedness and operational continuity management
ISO/TS 17021-6:2014 Conformity assessment - Requirements for bodies providing audit and certification of management systems - Part 6: Competence requirements for auditing and certification of business continuity management systems (Joint project with ISO/CASCO)

Related Research Articles

Business continuity planning Prevention and recovery from threats that might affect a company

Business continuity may be defined as "the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident", and business continuity planning is the process of creating systems of prevention and recovery to deal with potential threats to a company. In addition to prevention, the goal is to enable ongoing operations before and during execution of disaster recovery. Business continuity is the intended outcome of proper execution of both business continuity planning and disaster recovery.

Crisis management is the process by which an organization deals with a disruptive and unexpected event that threatens to harm the organization or its stakeholders. The study of crisis management originated with large-scale industrial and environmental disasters in the 1980s. It is considered to be the most important process in public relations.

Disaster recovery involves a set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster. Disaster recovery focuses on the IT or technology systems supporting critical business functions, as opposed to business continuity, which involves keeping all essential aspects of a business functioning despite significant disruptive events. Disaster recovery can therefore be considered a subset of business continuity. Disaster recovery assumes that the primary site is not recoverable and represents a process of restoring data and services to a secondary survived site, which is opposite to the process of restoring back to its original place.

The ISO/TC 215 is the International Organization for Standardization's (ISO) Technical Committee (TC) on health informatics. TC 215 works on the standardization of Health Information and Communications Technology (ICT), to allow for compatibility and interoperability between independent systems.

ISO 28000:2007 is an ISO standard published by International Organization for Standardization which includes requirements of a security management system particularly dealing with security assurance in the supply chain. The standard was developed by ISO/TC 8 on "Ships and maritime technology" and published in 2007. In 2015 the responsibility for the ISO 28000 series was transferred to ISO/TC 292 on "Security and resilience", who in 2019 decided to start a revision which is expected to take 3 years. A justification study for the revision has been accepted by ISO TMB.

Emergency management software is the software used by local, state and federal emergency management personnel to deal with a wide range of disasters and can take many forms. For example, training software such as simulators are often used to help prepare first responders, word processors can keep form templates handy for printing and analytical software can be used to perform post-hoc examinations of the data captured during an incident. All of these systems are interrelated, as the results of an after-incident analysis can then be used to program training software to better prepare for a similar situation in the future. Crisis Information Management Software (CIMS) is the software found in emergency management operation centers (EOC) that supports the management of crisis information and the corresponding response by public safety agencies.

ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC JTC 1/SC 27 develops International Standards, Technical Reports, and Technical Specifications within the field of information security. Standardization activity by this subcommittee includes general methods, management system requirements, techniques and guidelines to address information security, cybersecurity and privacy. Drafts of International Standards by ISO/IEC JTC 1 or any of its subcommittees are sent out to participating national standardization bodies for ballot, comments and contributions. Publication as an ISO/IEC International Standard requires approval by a minimum of 75% of the national bodies casting a vote. The international secretariat of ISO/IEC JTC 1/SC 27 is the Deutsches Institut für Normung (DIN) located in Germany.

ISO 22324:2015, Societal security — Emergency management — Guidelines for colour-coded alerts, is an international standard developed by ISO/TC 292 Security and resilience. This document provide guidelines for color codes to indicate severity of hazards in public warnings.

ISO/TC 292 Security and resilience is a technical committee of the International Organization for Standardization formed in 2015 to develop standards in the area of security and resilience.

ISO 22313:2020, Security and resilience - Business continuity management systems – Guidance to the use of ISO 22301, is an international standard developed by technical committee ISO/TC 292 Security and resilience. This document provides guidance for applying the requirements for a business continuity management system (BCMS) in accordance with the requirements set out in ISO 22301:2019.

ISO 22301:2019, Security and resilience – Business continuity management systems – Requirements, is a management system standard published by International Organization for Standardization that specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. It is intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization.

ISO 22300:2021, Security and resilience – Vocabulary, is an international standard developed by ISO/TC 292 Security and resilience. This document defines terms used in security and resilience standards and includes 360 terms and definitions. This edition was published in the beginning of 2021 and replaces the second edition from 2018.

ISO 22322:2015 is an international standard developed by the ISO/TC 292 Security and Resilience committee. It was published by the International Organization for Standardization (ISO) in 2015.

ISO 22320:2018, Security and resilience - Emergency management - Guidelines for incident management, is an international standard published by International Organization for Standardization that provide guidelines to be used for organizations that helps to mitigate threats and deal with incidents to ensure continuity of basic function of society. ISO 22320 can be used by all types and sizes of organizations, no matter whether they are private or public but it is mostly focused on national emergency management organizations

ISO 22319:2017Security and resilience - Community resilience - Guidelines for planning the involvement of spontaneous volunteers, is an international standard developed by ISO/TC 292 Security and resilience and published by the International Organization for Standardization in 2017. ISO 22317 gives various of recommendations on how to deal with spontaneous volunteers (SVs) that show up at the incident scene to help the official emergency management team. When emergencies happen, concerned citizens want to help out in many ways. Following a disaster or crisis, members of the public often show up and offer their help. These spontaneous volunteers are not usually part of an organized volunteer organization such Search and Rescue Teams or the Humanitarian groups and may not have any training or experience as a volunteer. However, these volunteers can make very valuable contributions to the emergency response. But they can also present challenges for the emergency managers who may not be prepared for these volunteers. The purpose of this standard is to help organizations plan for the participation of spontaneous volunteers and to manage their work effectively and safely. .

ISO 22395:2018Security and resilience -- Community resilience -- Guidelines for supporting vulnerable persons in an emergency, is an international standard developed by ISO/TC 292 Security and resilience and published by the International Organization for Standardization in October 2018. This document is a voluntary guidance standard for supporting vulnerable persons in an emergency.

ISO 22398:2013, Societal security – Guidelines for exercises, is an international standard published by International Organization for Standardization that provide guidelines to be used for organizations that want to plan, conduct and improve exercises. The guidelines can also be used for a full exercise programme.

ISO 22315:2014Societal security – Mass evacuation – Guidelines for planning, is an international standard developed by ISO/TC 292 Security and resilience and published by the International Organization for Standardization in 2014. ISO 22315 gives various of recommendations on how to plan for possible mass evacuations, for example a city. The standard includes guidance on the various phases of mass evacutation from how to prepare the public, take the decision for evacation to analyzing the evacuee movement and assessing the shelter where the evacuees is put.

ISO 22392:2020Security and resilience - Community resilience - Guidelines for conducting peer reviews, is an international standard developed by ISO/TC 292 Security and resilience and published by the International Organization for Standardization in 2020: ISO 22392 gives various of recommendations on how to conduct peer reviews of community resilience and design a peer review tool to assess community preparedness for disasters.

References

↑ "New Standards initiative from ISO aims to make a security and continuity difference". Continuityforum.org. 6 September 2014.
↑ "K-141 Kurst : ISO/TC 223 Societal Security" (PDF). Idrc.info. Retrieved 16 January 2022.
↑ "ISO Looks into Standards for Crisis Management". Securityinfowatch.com. Retrieved 16 January 2022.
↑ ^[dead link ]
↑ ^[dead link ]

External links

ISO/TC 292

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "New Standards initiative from ISO aims to make a security and continuity difference". Continuityforum.org. 6 September 2014.

[2] "K-141 Kurst : ISO/TC 223 Societal Security" (PDF). Idrc.info. Retrieved 16 January 2022.

[3] "ISO Looks into Standards for Crisis Management". Securityinfowatch.com. Retrieved 16 January 2022.

[4] [dead link ]

[5] [dead link ]

[1]

[2]

[3]

[4]

[5]