53647.

4
2011/ISO/PAS
22399:2007

ISO/PAS 22399:2007
Societal security Guideline for incident preparedness and operational continuity
management
(IDT)

 53647.42011/ISO/PAS 22399:2007

27 2002 . 184- ,
1.02004 .


1 -
( ) , 4
2 10
3 1 2011 . 697-
4 ISO/PAS 22399:2007
. (ISO/PAS 22399:2007 Societal security Guideline for incident preparedness and operational
continuity management).
1.52004 ( 3.5).
,

5

, .
()
. ,

, 2012
,
II

 53647.42011/ISO/PAS 22399:2007

1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
() . . . . . 22
B () . . . 24
C () . . . . . . . . . . 26
D () . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
A ()
. . . . . . . . . . . . 29
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

III

 53647.42011/ISO/PAS 22399:2007

, (IPOCM1)) .
, ,
, , .
,
, (, , ) ,

.

.
, ,
, , , , - .
( )
/,
, , , , (. 1). ,
, .

1 IPOCM; 2 IPOCM

1 IPOCM

,
IPOCM, .
, ,
, , , .
1)

IPOCM Incident preparedness and operational (business) continuity management .

IV

 53647.42011/ISO/PAS 22399:2007
,
:
- , ,
;
- /
;
- ,
;
- , ;
- , , , /;
- ,
;
- , , ,
, ;
- .
, IPOCM
, . ,
/. /.

. .
, IPOCM , .
. , ,
, . .
: , , , , .
, .
,
IPOCM. IPOCM
. IPOCM , , .
. IPOCM
.
,
IPOCM.
() IPOCM.
.
,
, .
, .
IPOCM ( , - ,
V

 53647.42011/ISO/PAS 22399:2007
). , , ,
, , . ,
IPOCM , . IPOCM
IPOCM.
,
,
. ,

,
, , . , ,
, - ,
, . ,
.
,
, , .
.
, IPOCM, , ,
, ,
, / . ,
.

VI

 53647.42011/ISO/PAS 22399:2007

Business continuity management. Guideline for incident preparedness and operational continuity management

20121201

1

.
, , , . / .
,
, . :
- ;
- ;
- , , , /,
;
-
;
-
;
- , /, ;
- , ,
,
;
- , ;
- ;
-
();
- , .
. ,
, ,
, .
, ,

1

 53647.42011/ISO/PAS 22399:2007
. .

2
:
/ 73:2002 . . (ISO/IEC Guide 73:2002, Risk management. Vocabulary. Guidelines for
use in standards)1)

3
:
3.1 (critical activities): , , .
3.2 (consequence): .
1 .
2 , .
3 .
4
.

[ / 73]
3.3 (crisis): () , / ,
, .
3.4 (disaster): , .
3.5 , ( ) (disruption): , ,
, (, )
(, ) .
/ , .

3.6 2) (emergency): , , , .
, ,
.

3.7 (exercising): ,
() , , (, , ),
IPOCM3), , .
1)

/ 73:2002 73:2009
. (ISO Guide 73:2009 Risk management Vocabulary).
2)
22.0.0597 .
. , ,
, , , ,
.
: , , c , .
3)
IPOCM Incident preparedness and operational (business) continuity management (
).
2

 53647.42011/ISO/PAS 22399:2007
1 , , .
2
, , ,
,
.

3.8 (event): .
1 .
2 .
3 , , .
4 , , , .

[ / 73]
3.9 (hazard): ,
, .
3.10 (impact): , .
3.11 (impact analysis):
.
3.12 (incident): , / , , .
3.13 (incident management plan): ,
, ,
.
3.14 (incident preparedness): , , ,
,
, , .
3.15 (incident
preparedness and operational continuity management), IPOCM:
,
.
3.16 IPOCM (IPOCM policy):
, .
3.17 () (mitigation): .
3.18 (mutual aid agreement):
, ,
.
3.19 (operational continuity), OC:

, .
, , , .

3.20 (operational continuity management),

OCM: , , 3

 53647.42011/ISO/PAS 22399:2007
,
, , ,
.
,
, , , .

3.21 (operational continuity

management program): , ,
, ,
, , .
3.22 (operational
continuity management team): ,
,
.

, , .

3.23 (operational continuity plan), OCP:

, ,
.
3.24 (operational continuity
strategy): , , .
3.25 (operational continuity team):
, , ,
, , .
3.26 (organization):
, .
.
, , , , , , , , .

3.27 () (prevention): , ,
/ .
3.28 (probability): .
1 3534-1:1993 ( 1.1) :
0 1, .
, . .
2 .
3 , :
- /// ;
- / ////.

[ / 73]
4

 53647.42011/ISO/PAS 22399:2007
3.29 (recovery time objective); RTO: ,
/ .
3.30 (residual risk): , .
3.31 (resilience): , .
3.32 (response program): ,
, , ,
.
,
, , , ,
.

3.33 (risk): 1).

1
( / ).
2 ( , , . .) (, , ,
).
3
.
4 ( ) .
5 , , .

[ / 73]
3.34 (risk acceptance): .
1
.
2 .

[ / 73]
3.35 (risk assessment): ,
.
[ / 73]

, , , , ,
,
, .

3.36 (risk communication and

consultation): , ,
, .
1 , , , , , , , .

1)

, ,
27.12.2002 184-, , , , ,
.
5

 53647.42011/ISO/PAS 22399:2007
2

. :
- , , ;
- , , .

[ / 73]
3.37 (risk criteria): , .
1 , .
2 , , .

[ / 73]
3.38 (risk management):
.
, ,
.

[ / 73]
3.39 (risk reduction): ,
, .
3.40 (risk transfer): .
1 ,
.
2 .
3
.
4 .

3.41 (risk tolerance): ,

, .
3.42 (risk treatment): .
1 :
- ,
;
- ;
- ;
- / ;
- ;
- (
);
- .
2 ,
.
3 .

[ / 73]
6

 53647.42011/ISO/PAS 22399:2007
3.43 , (simulation exercise): ,
, , .
3.44 (source): , .
.

[ / 73]
3.45 1) ( ) (stakeholder (interested party)):
, .
, , , , , , ,
.

3.46 , (tabletop exercise): ,

, ,
, , , , , .
3.47 (testing): , () , ,
.
3.48 (threat): ,
, , .
3.49 (top management): , ,
, , , , ,
.

4
, 2. IPOCM ,
. , ,
. IPOCM
.

1)

/ 73 ,
, , .
, , .
7

 53647.42011/ISO/PAS 22399:2007

5
5.1

, . ,
.
.
, , , , . IPOCM
-, , ,
, .
8

 53647.42011/ISO/PAS 22399:2007
, , (,
, , ). IPOCM
/
.
, IPOCM :
IPOCM, .
5.2
, , , , .
,
, -, , , , , SWOT1) (, , ),
. . ,
.
IPOCM,
. :
- , ;
- ;
- / ;
- ;
- ;
- ;
- ;
- IPOCM.
IPOCM,
IPOCM
, .
() ,
,
. IPOCM
, ,
,
, .
5.3
IPOCM
. IPOCM .

IPOCM. .
5.4 IPOCM
IPOCM.
.
.
IPOCM , IPOCM.
.
:
1)

SWOT Strengths, Weakness, Opportunities and Threats.

9

 53647.42011/ISO/PAS 22399:2007
- IPOCM
;
- IPOCM;
- IPOCM ;
- , ,
IPOCM;
- IPOCM.
5.5 IPOCM
IPOCM :
- IPOCM;
- ;
- ;
- , , , , , , , , ;
- (, );
- .
IPOCM - , . IPOCM
.
5.6 IPOCM
IPOCM .
:
- ;
- ;
- , ;
- ;
- .
IPOCM, . IPOCM
, IPOCM, , IPOCM, ,
.
.
IPOCM.
IPOCM, .

6
6.1
, , , .
, / ( )
.
/ , /, . .

.
10

 53647.42011/ISO/PAS 22399:2007
6.2
, , , , , , .

,
.
IPOCM , , ,
IPOCM.
6.3
, .
6.4 , ,
, , ( ):
- , ,
, , /
(, ) ;
- ( ),
;
- , ( ).
.
. .
6.5
,
, , , , .

.

.
,
. , , , , , . ,
/ .
,
, . ,
, , .
6.6
/
, ,
(RTO) (. A).
/ ,
( ) :
- (
);
- ,
;
- ;
- , ;
- ;
- ;
11

 53647.42011/ISO/PAS 22399:2007
- ;
- (
);
- , ;
- .

.
, , , , . , ,
. , /, .
,
.
,
.
6.7
6.7.1
IPOCM IPOCM, , ,
, , , . IPOCM . IPOCM ,
, .
, IPOCM IPOCM :
- , ,
;
- .
, ,
, - , , . ,
, , ,
, .

IPOCM.
6.7.2

, .
, .
,
,
, -, .
. ( ) : , IPOCM,
, , IPOCM .

:
- ;
12

 53647.42011/ISO/PAS 22399:2007
- , ;
- , , ;
- ;
- , ,
, , , .
,
, , / , , .
. , ,
.
6.7.3
,
, ,
(, ), ,
. . , ,
:
- :
. ;
- :
,
, ;
- : ,
.
.
, :
- , ,
;
- , , ;
- ;
- .
. :
- ( );
- ( , . .);
-
(, , . .);
- .
, , , , .
, .
. . , /
.
6.7.4

(. B).
13

 53647.42011/ISO/PAS 22399:2007

. , ,
. :
- ;
- ;
- .
, , / ,
, .
(, ).
, .
. ,
,
.

,
. ,
, , , , , .

:
- (//);
- ,
;
- // .
. , .

,

. , .
.
,
.
,
.
, ,
.
. , , .
.
6.7.5

,
(. C).

,
(),
.
14

 53647.42011/ISO/PAS 22399:2007
,
, .
,
, .
, .
( , )
( , , ). , ,
, , ,
, (
).

,
, , , , .

, ,
.
, , ,
. ,
,
, .
, ,
.
6.7.6


.
/ , ,
, , , .

. , ,
, . ,
, , .
, .
, , ,
, :
- ;
- , ;
- ;
- ;
- , ;
- ;
- , .
15

 53647.42011/ISO/PAS 22399:2007

7
7.1 , ,
, , IPOCM
. (, ,
), , , , .
, , .
,
, IPOCM .
()
, (), ,
, :
- , IPOCM;
- , IPOCM
;
- IPOCM .
, , , , , ,
IPOCM.
, ,
:
- ( ), , , , ,
, ;
- , , , , ,
.
7.2 IPOCM
, IPOCM , IPOCM (. D). IPOCM
.
, IPOCM ,
. , ,
.
, IPOCM ,
, .

IPOCM.
, IPOCM . , IPOCM , . ,
, . , , IPOCM, ,
.
IPOCM IPOCM. IPOCM
.
IPOCM .
, , ,
.
/ .
.
16

 53647.42011/ISO/PAS 22399:2007
7.3 ,
, , ( )
, , , , ,
.
,
IPOCM.
. , , , IPOCM. .
, (, ) :
- , IPOCM;
- , , ,
, ;
- IPOCM;
- , , , /;
- .
7.4
, , , IPOCM ,
/. , ,
:
- ;
- ,
;
- , ,
;
- ,
;
- ;
- ;
-
;
- ,
;
- .
, ,
,
.
, , . ,
IPOCM.
,
:
- ;
- ;
- ;
- ;
17

 53647.42011/ISO/PAS 22399:2007
- ;
- .
,
IPOCM. , .
IPOCM .
7.5

IPOCM, , , , ,
. , , :
- , ;
- ;
- , ,
, , ( ).
,
, , ,
, , ,
. . .
,
.
,
.
IPOCM, , IPOCM.
7.6

IPOCM , .

. ( ) :
- IPOCM;
- , () ;
- ;
- ;
- .

8
8.1
, IPOCM , , , ,
. .
,
, IPOCM.
.
8.2
IPOCM, , 18

 53647.42011/ISO/PAS 22399:2007
, ,
.
. :
- , ;
- IPOCM;
- , IPOCM, IPOCM;
- () ,
IPOCM;
- ,
.
8.3
IPOCM. , , ,
. ,
.
. ,
IPOCM.
:
- , IPOCM , ;
- , IPOCM, ;
- IPOCM;
- , , ,
IPOCM;
- IPOCM ( );
- ;
-
.
( ) :
- ;
- ;
- ;
- ;
- ;
- , ;
- .
8.4
,

.
:
- ;
- , ,
;
- ,
, ;
19

 53647.42011/ISO/PAS 22399:2007
- ;
- .
,
. IPOCM.
8.5 IPOCM

IPOCM. IPOCM
( ), .
, IPOCM.
IPOCM :
- , ;
- , , , ,
IPOCM () IPOCM.
IPOCM :
- IPOCM ;
-
() ;
- ,
IPOCM;
- -
IPOCM;
- , IPOCM .
8.6

IPOCM ,
IPOCM.
.
, ,
. , , , . .
.
IPOCM , :
- IPOCM ;
- , , IPOCM ;
- IPOCM IPOCM

, , ;
- IPOCM , , ;
- IPOCM ;
- IPOCM , ,
,
;
- .

. .

20

 53647.42011/ISO/PAS 22399:2007

9
IPOCM , ,
. IPOCM, IPOCM. .
, :
- ,
;
- , ;
- ;
- ;
- ;
- , ;
- , ,
, , ;
- .

, , , IPOCM, IPOCM.

21

 53647.42011/ISO/PAS 22399:2007

()

A.1
, , , :
a) , ;
b) , ,
;
c) , / , , , .
.2
, , , , , :
a) .
, , .
. ,
, ;
b) .
,
.
;
c) .
, , , , , .
.
, ,
, , ;
d) (RTO). RTO
. RTO ,
, RTO. , , ,
,
. RTO , ,

;
e) , .

, , , ,
.
.1.

22

 53647.42011/ISO/PAS 22399:2007

.
.

.1

23

 53647.42011/ISO/PAS 22399:2007
B
()

B.1

, ,
( ):
- ;
- ;
- ;
-
;
- ;
- ;
- ;
- ;
- ( ).
B.2

, ( ):
- ( );
- ;
- ;
- ();
- , ;
- ( );
- / ;
- , ;
- ;
- ;
- ;
- (, . .).
,
, .
. , , . .
, , :
- , , , , , (, , , , , , );
- (, , .);
- (, , );
- (, );
- ;
- ;
- ;
- ;
- (, , ,
, , , , );
- (, ,
, );
24

 53647.42011/ISO/PAS 22399:2007
- , ;
- , , .
B.3
:
- , , , , ;
- , ( , , . .);
- ;
- ;
- , .

25

 53647.42011/ISO/PAS 22399:2007

()

C.1

( ):
- , , ;
- ;
- , ,
;
- ;
- ;
- , ;
- ;
- , ;
- , , ;
- ,
(, , : ,
; ;
);
- (, ,
, , );
- ;
- , .
C.2 ,
, ,
, , , , , , :
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- .
C.3
, :
- .
, ( ) ,
;
- . .
26

 53647.42011/ISO/PAS 22399:2007
, ,
, - .
, , ;
- . . , , . / (,
). , ;
- , . ,
, , . , , , . ,
;
- .
, (, , , ,
, ). , , . ,
, .

27

 53647.42011/ISO/PAS 22399:2007
D
()

D.1
IPOCM ( ):
- IPOCM,
IPOCM ;
- IPOCM,
;
- ;
- , IPOCM;
- , IPOCM,
;
- IPOCM (
) IPOCM ;
- .
, :
- IPOCM ;
- IPOCM , ;
- , IPOCM, ;
- IPOCM ;
- ,
IPOCM;
- IPOCM ;
- IPOCM , IPOCM .

28

 53647.42011/ISO/PAS 22399:2007

()

.1

73:2009

IDT

518972011/ 73:2009 .

:
- IDT .

29

 53647.42011/ISO/PAS 22399:2007

[1]
[2]

BS 25999-1:2006 Business continuity management Code of practice, BSI British Standards1)

[3]

SI 24001:2007 Security and continuity management systems Requirements and guidance for use, Standards
Institution of Israel
NFPA 1600:2004 Standard on disaster/emergency management and business continuity programs, National Fire
Protection Association (USA)
Business Continuity Plan Drafting Guideline, Ministry of Economy, Trade and Industry (Japan), 2005
Business Continuity Guideline, Central Disaster Management Council, Cabinet Office, Government of Japan, 2005

[4]
[5]
[6]

HB 221:2004 Business
ISBN 0-7337-6250-6

continuity

management,

Standards

Australia/Standards

New

Zealand,

1)

BS 25999-1:2006 53647.12009
. 1. .

658:562.014:006.354

03.100.01

59

: , , , , ,
, , , , , ,

..
..
..
..
06.08.2012.

30.08.2012.

. . . 4,18.

.-. . 3,60.

60 84 18.

124 .

. 740.

, 123995 , ., 4.
www.gostinfo.ru
info@gostinfo.ru
.
. , 105062 , ., 6.