Beruflich Dokumente
Kultur Dokumente
4
2011/ISO/PAS
22399:2007
ISO/PAS 22399:2007
Societal security Guideline for incident preparedness and operational continuity
management
(IDT)
53647.42011/ISO/PAS 22399:2007
27 2002 . 184- ,
1.02004 .
1 -
( ) , 4
2 10
3 1 2011 . 697-
4 ISO/PAS 22399:2007
. (ISO/PAS 22399:2007 Societal security Guideline for incident preparedness and operational
continuity management).
1.52004 ( 3.5).
,
5
, .
()
. ,
, 2012
,
II
53647.42011/ISO/PAS 22399:2007
1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
() . . . . . 22
B () . . . 24
C () . . . . . . . . . . 26
D () . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
A ()
. . . . . . . . . . . . 29
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
III
53647.42011/ISO/PAS 22399:2007
, (IPOCM1)) .
, ,
, , .
,
, (, , ) ,
.
.
, ,
, , , , - .
( )
/,
, , , , (. 1). ,
, .
1 IPOCM; 2 IPOCM
1 IPOCM
,
IPOCM, .
, ,
, , , .
1)
53647.42011/ISO/PAS 22399:2007
,
:
- , ,
;
- /
;
- ,
;
- , ;
- , , , /;
- ,
;
- , , ,
, ;
- .
, IPOCM
, . ,
/. /.
. .
, IPOCM , .
. , ,
, . .
: , , , , .
, .
,
IPOCM. IPOCM
. IPOCM , , .
. IPOCM
.
,
IPOCM.
() IPOCM.
.
,
, .
, .
IPOCM ( , - ,
V
53647.42011/ISO/PAS 22399:2007
). , , ,
, , . ,
IPOCM , . IPOCM
IPOCM.
,
,
. ,
,
, , . , ,
, - ,
, . ,
.
,
, , .
.
, IPOCM, , ,
, ,
, / . ,
.
VI
53647.42011/ISO/PAS 22399:2007
Business continuity management. Guideline for incident preparedness and operational continuity management
20121201
1
.
, , , . / .
,
, . :
- ;
- ;
- , , , /,
;
-
;
-
;
- , /, ;
- , ,
,
;
- , ;
- ;
-
();
- , .
. ,
, ,
, .
, ,
1
53647.42011/ISO/PAS 22399:2007
. .
2
:
/ 73:2002 . . (ISO/IEC Guide 73:2002, Risk management. Vocabulary. Guidelines for
use in standards)1)
3
:
3.1 (critical activities): , , .
3.2 (consequence): .
1 .
2 , .
3 .
4
.
[ / 73]
3.3 (crisis): () , / ,
, .
3.4 (disaster): , .
3.5 , ( ) (disruption): , ,
, (, )
(, ) .
/ , .
3.6 2) (emergency): , , , .
, ,
.
3.7 (exercising): ,
() , , (, , ),
IPOCM3), , .
1)
/ 73:2002 73:2009
. (ISO Guide 73:2009 Risk management Vocabulary).
2)
22.0.0597 .
. , ,
, , , ,
.
: , , c , .
3)
IPOCM Incident preparedness and operational (business) continuity management (
).
2
53647.42011/ISO/PAS 22399:2007
1 , , .
2
, , ,
,
.
3.8 (event): .
1 .
2 .
3 , , .
4 , , , .
[ / 73]
3.9 (hazard): ,
, .
3.10 (impact): , .
3.11 (impact analysis):
.
3.12 (incident): , / , , .
3.13 (incident management plan): ,
, ,
.
3.14 (incident preparedness): , , ,
,
, , .
3.15 (incident
preparedness and operational continuity management), IPOCM:
,
.
3.16 IPOCM (IPOCM policy):
, .
3.17 () (mitigation): .
3.18 (mutual aid agreement):
, ,
.
3.19 (operational continuity), OC:
, .
, , , .
53647.42011/ISO/PAS 22399:2007
,
, , ,
.
,
, , , .
3.27 () (prevention): , ,
/ .
3.28 (probability): .
1 3534-1:1993 ( 1.1) :
0 1, .
, . .
2 .
3 , :
- /// ;
- / ////.
[ / 73]
4
53647.42011/ISO/PAS 22399:2007
3.29 (recovery time objective); RTO: ,
/ .
3.30 (residual risk): , .
3.31 (resilience): , .
3.32 (response program): ,
, , ,
.
,
, , , ,
.
[ / 73]
3.34 (risk acceptance): .
1
.
2 .
[ / 73]
3.35 (risk assessment): ,
.
[ / 73]
, , , , ,
,
, .
1)
, ,
27.12.2002 184-, , , , ,
.
5
53647.42011/ISO/PAS 22399:2007
2
. :
- , , ;
- , , .
[ / 73]
3.37 (risk criteria): , .
1 , .
2 , , .
[ / 73]
3.38 (risk management):
.
, ,
.
[ / 73]
3.39 (risk reduction): ,
, .
3.40 (risk transfer): .
1 ,
.
2 .
3
.
4 .
[ / 73]
6
53647.42011/ISO/PAS 22399:2007
3.43 , (simulation exercise): ,
, , .
3.44 (source): , .
.
[ / 73]
3.45 1) ( ) (stakeholder (interested party)):
, .
, , , , , , ,
.
4
, 2. IPOCM ,
. , ,
. IPOCM
.
1)
/ 73 ,
, , .
, , .
7
53647.42011/ISO/PAS 22399:2007
5
5.1
, . ,
.
.
, , , , . IPOCM
-, , ,
, .
8
53647.42011/ISO/PAS 22399:2007
, , (,
, , ). IPOCM
/
.
, IPOCM :
IPOCM, .
5.2
, , , , .
,
, -, , , , , SWOT1) (, , ),
. . ,
.
IPOCM,
. :
- , ;
- ;
- / ;
- ;
- ;
- ;
- ;
- IPOCM.
IPOCM,
IPOCM
, .
() ,
,
. IPOCM
, ,
,
, .
5.3
IPOCM
. IPOCM .
IPOCM. .
5.4 IPOCM
IPOCM.
.
.
IPOCM , IPOCM.
.
:
1)
53647.42011/ISO/PAS 22399:2007
- IPOCM
;
- IPOCM;
- IPOCM ;
- , ,
IPOCM;
- IPOCM.
5.5 IPOCM
IPOCM :
- IPOCM;
- ;
- ;
- , , , , , , , , ;
- (, );
- .
IPOCM - , . IPOCM
.
5.6 IPOCM
IPOCM .
:
- ;
- ;
- , ;
- ;
- .
IPOCM, . IPOCM
, IPOCM, , IPOCM, ,
.
.
IPOCM.
IPOCM, .
6
6.1
, , , .
, / ( )
.
/ , /, . .
.
10
53647.42011/ISO/PAS 22399:2007
6.2
, , , , , , .
,
.
IPOCM , , ,
IPOCM.
6.3
, .
6.4 , ,
, , ( ):
- , ,
, , /
(, ) ;
- ( ),
;
- , ( ).
.
. .
6.5
,
, , , , .
.
.
,
. , , , , , . ,
/ .
,
, . ,
, , .
6.6
/
, ,
(RTO) (. A).
/ ,
( ) :
- (
);
- ,
;
- ;
- , ;
- ;
- ;
11
53647.42011/ISO/PAS 22399:2007
- ;
- (
);
- , ;
- .
.
, , , , . , ,
. , /, .
,
.
,
.
6.7
6.7.1
IPOCM IPOCM, , ,
, , , . IPOCM . IPOCM ,
, .
, IPOCM IPOCM :
- , ,
;
- .
, ,
, - , , . ,
, , ,
, .
IPOCM.
6.7.2
, .
, .
,
,
, -, .
. ( ) : , IPOCM,
, , IPOCM .
:
- ;
12
53647.42011/ISO/PAS 22399:2007
- , ;
- , , ;
- ;
- , ,
, , , .
,
, , / , , .
. , ,
.
6.7.3
,
, ,
(, ), ,
. . , ,
:
- :
. ;
- :
,
, ;
- : ,
.
.
, :
- , ,
;
- , , ;
- ;
- .
. :
- ( );
- ( , . .);
-
(, , . .);
- .
, , , , .
, .
. . , /
.
6.7.4
(. B).
13
53647.42011/ISO/PAS 22399:2007
. , ,
. :
- ;
- ;
- .
, , / ,
, .
(, ).
, .
. ,
,
.
,
. ,
, , , , , .
:
- (//);
- ,
;
- // .
. , .
,
. , .
.
,
.
,
.
, ,
.
. , , .
.
6.7.5
,
(. C).
,
(),
.
14
53647.42011/ISO/PAS 22399:2007
,
, .
,
, .
, .
( , )
( , , ). , ,
, , ,
, (
).
,
, , , , .
, ,
.
, , ,
. ,
,
, .
, ,
.
6.7.6
.
/ , ,
, , , .
. , ,
, . ,
, , .
, .
, , ,
, :
- ;
- , ;
- ;
- ;
- , ;
- ;
- , .
15
53647.42011/ISO/PAS 22399:2007
7
7.1 , ,
, , IPOCM
. (, ,
), , , , .
, , .
,
, IPOCM .
()
, (), ,
, :
- , IPOCM;
- , IPOCM
;
- IPOCM .
, , , , , ,
IPOCM.
, ,
:
- ( ), , , , ,
, ;
- , , , , ,
.
7.2 IPOCM
, IPOCM , IPOCM (. D). IPOCM
.
, IPOCM ,
. , ,
.
, IPOCM ,
, .
IPOCM.
, IPOCM . , IPOCM , . ,
, . , , IPOCM, ,
.
IPOCM IPOCM. IPOCM
.
IPOCM .
, , ,
.
/ .
.
16
53647.42011/ISO/PAS 22399:2007
7.3 ,
, , ( )
, , , , ,
.
,
IPOCM.
. , , , IPOCM. .
, (, ) :
- , IPOCM;
- , , ,
, ;
- IPOCM;
- , , , /;
- .
7.4
, , , IPOCM ,
/. , ,
:
- ;
- ,
;
- , ,
;
- ,
;
- ;
- ;
-
;
- ,
;
- .
, ,
,
.
, , . ,
IPOCM.
,
:
- ;
- ;
- ;
- ;
17
53647.42011/ISO/PAS 22399:2007
- ;
- .
,
IPOCM. , .
IPOCM .
7.5
IPOCM, , , , ,
. , , :
- , ;
- ;
- , ,
, , ( ).
,
, , ,
, , ,
. . .
,
.
,
.
IPOCM, , IPOCM.
7.6
IPOCM , .
. ( ) :
- IPOCM;
- , () ;
- ;
- ;
- .
8
8.1
, IPOCM , , , ,
. .
,
, IPOCM.
.
8.2
IPOCM, , 18
53647.42011/ISO/PAS 22399:2007
, ,
.
. :
- , ;
- IPOCM;
- , IPOCM, IPOCM;
- () ,
IPOCM;
- ,
.
8.3
IPOCM. , , ,
. ,
.
. ,
IPOCM.
:
- , IPOCM , ;
- , IPOCM, ;
- IPOCM;
- , , ,
IPOCM;
- IPOCM ( );
- ;
-
.
( ) :
- ;
- ;
- ;
- ;
- ;
- , ;
- .
8.4
,
.
:
- ;
- , ,
;
- ,
, ;
19
53647.42011/ISO/PAS 22399:2007
- ;
- .
,
. IPOCM.
8.5 IPOCM
IPOCM. IPOCM
( ), .
, IPOCM.
IPOCM :
- , ;
- , , , ,
IPOCM () IPOCM.
IPOCM :
- IPOCM ;
-
() ;
- ,
IPOCM;
- -
IPOCM;
- , IPOCM .
8.6
IPOCM ,
IPOCM.
.
, ,
. , , , . .
.
IPOCM , :
- IPOCM ;
- , , IPOCM ;
- IPOCM IPOCM
, , ;
- IPOCM , , ;
- IPOCM ;
- IPOCM , ,
,
;
- .
. .
20
53647.42011/ISO/PAS 22399:2007
9
IPOCM , ,
. IPOCM, IPOCM. .
, :
- ,
;
- , ;
- ;
- ;
- ;
- , ;
- , ,
, , ;
- .
, , , IPOCM, IPOCM.
21
53647.42011/ISO/PAS 22399:2007
()
A.1
, , , :
a) , ;
b) , ,
;
c) , / , , , .
.2
, , , , , :
a) .
, , .
. ,
, ;
b) .
,
.
;
c) .
, , , , , .
.
, ,
, , ;
d) (RTO). RTO
. RTO ,
, RTO. , , ,
,
. RTO , ,
;
e) , .
, , , ,
.
.1.
22
53647.42011/ISO/PAS 22399:2007
.
.
.1
23
53647.42011/ISO/PAS 22399:2007
B
()
B.1
, ,
( ):
- ;
- ;
- ;
-
;
- ;
- ;
- ;
- ;
- ( ).
B.2
, ( ):
- ( );
- ;
- ;
- ();
- , ;
- ( );
- / ;
- , ;
- ;
- ;
- ;
- (, . .).
,
, .
. , , . .
, , :
- , , , , , (, , , , , , );
- (, , .);
- (, , );
- (, );
- ;
- ;
- ;
- ;
- (, , ,
, , , , );
- (, ,
, );
24
53647.42011/ISO/PAS 22399:2007
- , ;
- , , .
B.3
:
- , , , , ;
- , ( , , . .);
- ;
- ;
- , .
25
53647.42011/ISO/PAS 22399:2007
()
C.1
( ):
- , , ;
- ;
- , ,
;
- ;
- ;
- , ;
- ;
- , ;
- , , ;
- ,
(, , : ,
; ;
);
- (, ,
, , );
- ;
- , .
C.2 ,
, ,
, , , , , , :
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- .
C.3
, :
- .
, ( ) ,
;
- . .
26
53647.42011/ISO/PAS 22399:2007
, ,
, - .
, , ;
- . . , , . / (,
). , ;
- , . ,
, , . , , , . ,
;
- .
, (, , , ,
, ). , , . ,
, .
27
53647.42011/ISO/PAS 22399:2007
D
()
D.1
IPOCM ( ):
- IPOCM,
IPOCM ;
- IPOCM,
;
- ;
- , IPOCM;
- , IPOCM,
;
- IPOCM (
) IPOCM ;
- .
, :
- IPOCM ;
- IPOCM , ;
- , IPOCM, ;
- IPOCM ;
- ,
IPOCM;
- IPOCM ;
- IPOCM , IPOCM .
28
53647.42011/ISO/PAS 22399:2007
()
.1
73:2009
IDT
518972011/ 73:2009 .
:
- IDT .
29
53647.42011/ISO/PAS 22399:2007
[1]
[2]
[3]
SI 24001:2007 Security and continuity management systems Requirements and guidance for use, Standards
Institution of Israel
NFPA 1600:2004 Standard on disaster/emergency management and business continuity programs, National Fire
Protection Association (USA)
Business Continuity Plan Drafting Guideline, Ministry of Economy, Trade and Industry (Japan), 2005
Business Continuity Guideline, Central Disaster Management Council, Cabinet Office, Government of Japan, 2005
[4]
[5]
[6]
HB 221:2004 Business
ISBN 0-7337-6250-6
continuity
management,
Standards
Australia/Standards
New
Zealand,
1)
BS 25999-1:2006 53647.12009
. 1. .
658:562.014:006.354
03.100.01
59
: , , , , ,
, , , , , ,
..
..
..
..
06.08.2012.
30.08.2012.
. . . 4,18.
.-. . 3,60.
60 84 18.
124 .
. 740.
, 123995 , ., 4.
www.gostinfo.ru
info@gostinfo.ru
.
. , 105062 , ., 6.