Sie sind auf Seite 1von 21

DIN stellt Normen für medizinische Ausrüstung bis auf Weiteres kostenlos bereit

Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN in Absprache mit der Europäischen
Kommission bis auf Weiteres verschiedene Normen für medizinische Ausrüstung kostenlos zur
Verfügung. Ziel ist es, dem wachsenden Mangel an Schutzmasken, -handschuhen und weiteren Produkten
zu begegnen, mit dem viele europäische Länder zu kämpfen haben. Mit der Bereitstellung der Normen soll
Unternehmen geholfen werden, die ihre Produktlinien umstellen wollen, um die so dringend
benötigte Ausrüstung kurzfristig herzustellen. Der Einsatz von Normen kann dabei unterstützen, die
Sicherheit von medizinischen Geräten und persönlicher Schutzausrüstung zu gewährleisten und Herstellern
bei der Produktion praktische Hilfestellung zu geben. Alle kostenfreien Normen für medizinische
Ausrüstung sind hier zu finden: www.beuth.de/go/kostenlose-normen

Warum sind Normen üblicherweise kostenpflichtig?


Normen sind grundsätzlich kostenpflichtige Produkte. Ihre Anwender profitieren von einer Reihe an
Vorteilen: unter anderem Effizienzsteigerung, Kosteneinsparung, erleichterter Marktzugang, Senkung des
Produkthaftungsrisikos. In Deutschland ist die Normung Selbstverwaltungsaufgabe der Wirtschaft. Dadurch
ist gewährleistet, dass die Anwender von Normen selbst entscheiden, welche Normen marktgerecht sind. Die
Anwender sorgen durch den Kauf von Normen dafür, dass die unabhängige, privatwirtschaftliche
und effiziente Organisation der Normungsarbeit durch DIN als gemeinnützigem Verein erhalten bleibt.

Wer erstellt Normen?


Normen entwickeln diejenigen, die sie später anwenden. Damit der Markt die Normen akzeptiert, sind eine
breite Beteiligung, Transparenz und Konsens Grundprinzipien bei DIN. Jeder kann einen Antrag auf
Normung stellen. Alle an einem Thema interessierten Kreise erhalten die Möglichkeit, mitzuwirken und ihre
Expertise einzubringen. Vor der Verabschiedung werden die Norm-Entwürfe öffentlich gemacht und zur
Diskussion gestellt. Die beteiligten Experten müssen sich über die endgültigen Inhalte grundsätzlich einig
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

sein. Spätestens alle fünf Jahre werden Normen auf den Stand der Technik hin überprüft.

Weitere Informationen unter www.din.de.


INTERNATIONAL ISO
STANDARD 22316

e
First edition
2017-03

ab
sg
au
Security and resilience —
Organizational resilience — Principles
and attributes

er
Sécurité et résilience — Résilience organisationnelle — Principes et
attributs
nd
So
te
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

s te
fri
Be

Reference number
ISO 22316:2017(E)

© ISO 2017
Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
ISO 22316:2017(E)

e
ab
sg
au
er
nd
So
te
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

s te
fri

COPYRIGHT PROTECTED DOCUMENT


© ISO 2017, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
Be

written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org

ii © ISO 2017 – All rights reserved


Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
ISO 22316:2017(E)

Contents Page

e
Foreword ........................................................................................................................................................................................................................................ iv
Introduction..................................................................................................................................................................................................................................v

ab
1 Scope ................................................................................................................................................................................................................................. 1
2 Normative references ...................................................................................................................................................................................... 1
3 Terms and definitions ..................................................................................................................................................................................... 1

sg
4 Principles ..................................................................................................................................................................................................................... 2
4.1 General ........................................................................................................................................................................................................... 2
4.2 Coordinated approach ...................................................................................................................................................................... 2
5 Attributes for organizational resilience....................................................................................................................................... 2

au
5.1 General ........................................................................................................................................................................................................... 2
5.2 Shared vision and clarity of purpose ................................................................................................................................... 2
5.3 Understanding and influencing context ............................................................................................................................ 3
5.4 Effective and empowered leadership .................................................................................................................................. 3
5.5 A culture supportive ve of organizational resilience..................................................................................................... 4
5.6
5.7
5.8
5.9
Shared inf

er
information and knowledge ..................................................................................................................................... 4
Availability of resources.................................................................................................................................................................. 4
Development and coordination of management disciplines........................................................................... 5
Supporting continual improvement ..................................................................................................................................... 5
5.10 Ability to anticipate and managing change .................................................................................................................... 5
nd
6 Evaluating the factors that contribute to resilience ........................................................................................................ 6
6.1 General ........................................................................................................................................................................................................... 6
6.2 Organizational requirements ..................................................................................................................................................... 6
6.2.1 General...................................................................................................................................................................................... 6
6.2.2 Determining mining gaps ............................................................................................................................................................ 7
So

6.3 Monitoring and assessment......................................................................................................................................................... 7


6.3.1 Methods and processes processes .............................................................................................................................................. 7
6.3.2 Review....................................................................................................................................................................................... 7
6.4 Reporting ..................................................................................................................................................................................................... 8
Annex A (informative) Relevant management disciplines ............................................................................................................ 9
te
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

Bibliography ............................................................................................................................................................................................................................. 10
s te
fri
Be

© ISO 2017 – All rights reserved iii


Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
ISO 22316:2017(E)

Foreword

e
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical

ab
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.

sg
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. Inn particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives
directives).
).

au
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents
patents).
).

constitute an endorsement.
er
Any trade name used in this document is information given for the convenience of users and does not

For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and
nd
expressions related to conformity assessment, as well as information about ISO’s adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following
URL: www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 292, Security and resilience.
So
te
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

s te
fri
Be

iv © ISO 2017 – All rights reserved


Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
ISO 22316:2017(E)

Introduction

e
Organizational resilience is the ability of an organization to absorb and adapt in a changing environment
to enable it to deliver its objectives and to survive and prosper. More resilient organizations can
anticipate and respond to threats and opportunities, arising from sudden or gradual changes in their

ab
internal and external context. Enhancing resilience can be a strategic organizational goal, and is the
outcome of good business practice and effectively managing risk.
An organization’s resilience is influenced by a unique interaction and combination of strategic and
operational factors. Organizations can only be more or less resilient; there is no absolute measure or

sg
definitive goal.
A commitment to enhanced organizational resilience contributes to:
— an improved ability to anticipate and address risks and vulnerabilities;

au
— increased coordination and integration of management disciplines to improve coherence and
performance;
— a greater understanding of interested parties and dependencies that support strategic goals, and
objectives.

er
There is no single approach to enhance an organization’s resilience. There are established management
disciplines that contribute towards resilience but, on their own, these disciplines are insufficient to
safeguard an organization’s resilience. Instead, organizational resilience is the result of the interaction
nd
of attributes and activities, and contributions made from other technical and scientific areas of
expertise. These are influenced by the way in which uncertainty is addressed, decisions are made and
enacted, and how people work together.
This document establishes the principles for organizational resilience. It identifies the attributes and
activities that support an organization in enhancing its resilience.
So

This document includes:


— principles providing the foundation for enhancing an organization’s resilience;
— attributes describing the characteristics of an organization that allow the principles to be adopted;
te
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

— activities guiding the utilization, evaluation and enhancement of attributes.


s te
fri
Be

© ISO 2017 – All rights reserved v


Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
e
ab
sg
au
er
nd
So
te
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

s te
fri
Be

Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
INTERNATIONAL STANDARD ISO 22316:2017(E)

e
Security and resilience — Organizational resilience —
Principles and attributes

ab
1 Scope
This document provides guidance to enhance organizational resilience for any size or type of

sg
organization. It is not specific to any industry or sector. This document can be applied throughout the
life of an organization.
This document does not promote uniformity in approach across all organizations, as specific objectives

au
and initiatives are tailored to suit an individual organization’s needs.

2 Normative references
The following documents are referred to in the text in such a way that some or all of their content

er
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 22300, Societal security — Terminology
nd
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 22300 and the following apply.
So

ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at http://www.iso.org/obp
— IEC Electropedia: available at http://
http://www
www.electropedia
www.electropedia.org/
3.1
te
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

management
coordinated activities to direct and control an organization
3.2
te

interested party
person or organization that can affect, be affected by, or perceive itself to be affected by a decision or
activity
s

Note 1 to ent
entry:
ry: Th
This
is can be an individual or group that has an interest in any decision or activity of an
organization.
fri

3.3
organizational culture
collective beliefs, values, attitudes and behaviour of an organization that contribute to the unique social
and psychological environment in which it operates
Be

3.4
organizational resilience
ability of an organization to absorb and adapt in a changing environment
3.5
values
beliefs an organization adheres to and the standards that it seeks to observe

© ISO 2017 – All rights reserved 1


Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
ISO 22316:2017(E)

4 Principles

4.1 General

e
The principles provide the foundation upon which a framework and strategy to achieve an enhanced

ab
state of organizational resilience can be developed, implemented and evaluated.
An organization’s resilience:
a) is enhanced when behaviour is aligned with a shared vision and purpose;

sg
b) relies upon an up-to-date understanding of an organization’s context;
c) relies upon an ability to absorb, adapt and effectively respond to change;
d) relies upon good governance and management;

au
e) is supported by a diversity of skills, leadership, knowledge and experience;
f) is enhanced by coordination across management disciplines and contributions from technical and
scientific areas of expertise;
g) relies upon effectively managing risk.

4.2 Coordinated approach


er
nd
The organization should develop a coordinated approach that provides:
— a mandate to ensure its leaders and top management are committed to enhance organizational
resilience;
So

— adequate resources needed to enhance the organization’s resilience;


— appropriate governance structures to achieve the effective coordination of organizational resilience
activities;
— mechanisms to ensure investments in resilience activities are appropriate to the organization’s
internal and external context;
te
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

— systems that support the effective implementation of organizational resilience activities;


— arrangements to evaluate and enhance resilience in support of organizational requirements;
te

— effective communications to improve understanding and decision making.

5 Attributes for organizational resilience


s
fri

5.1 General
An organization that has adopted the resilience principles will demonstrate common attributes
supported by activities, which guide their utilization, evaluation and enhancement. Such attributes
include those described in 5.2 to 5.10.
Be

5.2 Shared vision and clarity of purpose


Organizational resilience is enhanced by a clearly articulated and understood purpose, vision and
values to provide clarity to decision making at all levels of the organization.

2 © ISO 2017 – All rights reserved


Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
ISO 22316:2017(E)

The organization should prioritize and resource the following activities:


a) articulate its vision, purpose and core values to all interested parties to provide strategic direction,

e
coherence and clarity in all decision-making;
b) ensure individual goals and objectives are aligned with and committed to the organization’s

ab
purpose, vision and values;
c) monitor and review regularly the suitability of the organization’s strategies and their alignment
with purpose, vision, core values and objectives;

sg
d) recognize the need to reflect on and, if necessary, revise the organization’s purpose, vision and core
values in response to external and internal changes;
e) seek out and promote new and innovative ideas to achieve and develop its strategic objectives.

au
5.3 Understanding and influencing context
A comprehensive understanding of the organization’s internal and external environments will help the
organization make more effective strategic decisions about the priorities for resilience.
The organization should demonstrate and enhance the following:

er
— the ability to think beyond current activities, strategy, and organizational boundaries;
— understanding, collaborating and strengthening of relationships with relevant interested parties to
nd
support the delivery of the organization’s purpose and vision.
The organization should prioritize and resource the following activities:
a) monitor and evaluate the organization’s context, including interdependencies, political, regulatory
environment and competitor activities under changing circumstances;
So

b) maintain strong relationships with interested parties and foster co-operation at all levels;
c) collaborate with interested parties that share the organization’s purpose and vision.

5.4 Effective
e and empowered leadership
te
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

Organizational resilience is enhanced by leadership that develops and encourages others to lead under
a range of conditions and circumstances, including during periods of uncertainty and disruptions.
te

The organization should demonstrate and enhance the following:


— effective leadership throughout the organization that encourages a culture supportive of resilience;
— leadership that can adapt to changing circumstances;
s

— leadership that utilizes a diverse set of skills, knowledge and behaviour within the organization to
fri

achieve organizational objectives.


The organization should prioritize and resource the following activities:
a) develop trusted and respected leaders who act with integrity and are committed to a sustained
Be

focus on organizational resilience;


b) assign roles and responsibilities for enhancing organizational resilience;
c) encourage the creation and sharing of lessons learned about success and failure and promote the
adoption of better practice;
d) empower all levels of the organization to make decisions that protect and enhance the resilience of
the organization.

© ISO 2017 – All rights reserved 3


Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
ISO 22316:2017(E)

5.5 A culture supportive of organizational resilience


A culture that is supportive of organizational resilience demonstrates a commitment to, and existence

e
of, shared beliefs and values, positive attitudes and behaviour.
The organization should prioritize and resource the following activities:

ab
a) determine the beliefs, values and behaviour within the organization that define organizational
culture;
b) identify core values and behaviour that enhance organizational resilience and establish criteria

sg
that can be applied to assess individual performance;
c) engage people at all levels to promote the organization’s values;
d) foster creativity and innovation that enhances organizational resilience;

au
e) empower people to identify and communicate threats and opportunities and to take action that
will benefit the organization;
f) monitor and review organizational culture to detect any changes that may influence organizational
resilience.

5.6 Shared information and knowledge


er
Organizational resilience is enhanced when knowledge is widely shared where appropriate and applied.
nd
Learning from experience and learning from each other is encouraged.
The organization should demonstrate and enhance the following:
— information, knowledge, and learning is valued;
So

— learning is drawn from all available sources (uses what it has and learns from others).
The organization should ensure that knowledge and information is:
a) accessible, understandable and adequate to support the organization’s objectives;
te

b) effectively shared to enable decision-making;


Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

c) recognized as a critical resource of the organization;


d) created, retained and applied through established systems and processes;
te

e) shared in a timely manner with all relevant interested parties;


f) applied in organizational learning.
s

5.7 Availability of resources


fri

The organization should develop and allocate resources, such as people, premises, technology, finance
and information, to address vulnerabilities, providing the ability to adapt to changing circumstances.
The organization should prioritize and resource the following activities:
Be

a) take appropriate decisions on resourcing and capacity, diversification, replication and redundancy
to avoid single points of failure and respond to incidents and change, so that core services are
maintained at an acceptable, pre-determined level;
b) select and develop employees with a diverse set of skills, knowledge and behaviour that can
contribute to the organization’s ability to respond and adapt to change;

4 © ISO 2017 – All rights reserved


Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
ISO 22316:2017(E)

c) develop an ability to identify and respond to change in a flexible manner; including modifying
and redeploying capabilities, arrangements, structures, activities and behaviour to adjust to new
conditions;

e
d) routinely review the suitability, availability and allocation of resources, taking account of the
impact of any changes in the organization and its context.

ab
5.8 Development and coordination of management disciplines
The design, development and coordination of management disciplines and their alignment with the
organization’s strategic objectives are fundamental to enhancing organizational resilience.

sg
NOTE Annex A provides a sample list of management disciplines.

The organization should demonstrate and enhance the following:

au
— the management disciplines are coordinated so that they individually and collectively contribute to
the organization’s purpose and the protection of what it values;
— the organization manages the effect of uncertainty on its objectives across management disciplines.

a)
er
The organization should prioritize and resource the following activities:
identify and design management disciplines that contribute toward the organization’s resilience;
b) regularly assess how each management discipline contributes to the overall resilience of the
nd
organization, and address weaknesses where these are found;
c) build flexibility into the management disciplines so that the organization can absorb and adapt
to change;
d) enhance communication, coordination, and cooperation between management disciplines of the
So

organization to build a coherent approach.

5.9 Supporting continual improvement


improvement
Organizational resilience is improved when organizations continually monitor their performance
te

against pre-determined criteria to learn and improve from experience and take advantage of
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

opportunities. Organizations create and encourage a culture of continual improvement across all
employees.
The organization should demonstrate and enhance the following:
te

— a culture of continual improvement that ensures organizational objectives, strategies and procedures
can be kept relevant and appropriate in supporting the changing needs of the organization;
s

— a commitment to validate and continually improve organizational resilience activities and


capabilities.
fri

The organization should prioritize and resource the following activities:


a) implement performance monitoring and evaluation mechanisms to support continual improvement;
b) ensure that performance management criteria are responsive to changes that impact on
Be

organizational objectives.

5.10 Ability to anticipate and managing change


Organizational resilience is enhanced when an organization has the ability to anticipate, plan, and
respond to change.

© ISO 2017 – All rights reserved 5


Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
ISO 22316:2017(E)

The organization should demonstrate and enhance the following:


— the ability to deliver consistently on its commitments under changing circumstances and adapting

e
its operations accordingly;
— the ability to absorb and adapt to the impacts of sudden and unexpected incidents;

ab
— preparation to respond to change, or influence change if necessary.
The organization should prioritize and resource the following activities:
a) remain aware of situations that are likely to influence change;

sg
b) adapt itself when needed without significant impact to its products and services;
c) commit to protection, performance and adaptation but with the ability to shift focus without
compromising its visions and core values;

au
d) ensure that the management disciplines are sufficiently robust and effective to respond to changes.

6 Evaluating the factors that contribute to resilience

6.1 General
er
Evaluation activities provide intelligence and management information on how strategies and
nd
objectives for organizational resilience continue to meet the needs of the organization, or where there
are opportunities for improvement.
The organization should:
— establish processes to allow it to continuously measure and monitor the factors that contribute to
So

organizational resilience as an aid to management decisions;


— target measurement and monitoring activities to the specific attributes of the organization that
enhance its resilience;
— evaluate the effectiveness of its resilience approach and objectives against these attributes.
te
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

6.2 Organizational requirements

6.2.1 General
te

Performance measures used in the evaluation process are likely to be selected on the basis of the sector
in which the organization operates, the criteria determined by top management and the organizational
culture.
s

Most organizations already collect performance data that can be applied to an assessment of their
fri

resilience. Sources may include existing management information and internal audit reports, business
review processes and project reporting.
Top management should:
Be

— determine the appropriate objectives for organizational resilience;


— develop measurement criteria to be used to monitor and evaluate the status of the organization‘s
resilience attributes;
— monitor and evaluate the organization’s overall resilience maturity and performance;
— identify what needs to be evaluated and monitored, and the methods that will produce valid results
and a continuous assessment of organizational resilience;

6 © ISO 2017 – All rights reserved


Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
ISO 22316:2017(E)

— determine the thresholds at which the output from the evaluation will be considered acceptable;
— decide how evaluation and monitoring arrangements will parallel, support or be integrated into

e
existing monitoring processes;
— establish how the results from monitoring and measurement will be analysed, evaluated and

ab
reported.

6.2.2 Determining gaps

The initial assessment of organizational resilience can be used to inform any work that is required

sg
urgently, and reinforce the concept of organizational resilience with interested parties.
The organization should:
— undertake a review, applying the agreed metrics to determine the organization’s resilience before

au
implementing a monitoring process;
— determine if resilience is acceptable to top management or falls short of the organization‘s
requirements;

er
— consider appropriate strategies to address any significant gaps that are found in the assessment.

6.3 Monitoring and assessment


nd
6.3.1 Methods and processes

Monitoring and assessing organizational resilience helps to identify the signs of an emerging issue or an
opportunity that requires attention. Failure to identify these signs could limit an organization‘s ability
to address issues before they have an impact, and could limit the effectiveness and increase the costs of
any mitigating actions.
So

The organization should:


— apply existing monitoring methods and processes to evaluate attributes that contribute to their
resilience;
te
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

— monitor the effectiveness of initiatives established for the management of risk, including those
managed by established management disciplines;
— consider the use of employee and customer surveys that provide indicators of resilience within the
te

organization;
— seek to understand what data are required to make an assessment of resilience and ensure there is
an evaluation process to support this.
s

6.3.2 Review
fri

Top management should carry out a periodic review to ensure the organization’s resilience continues to
meet expectations. The review should consider changes in the organization’s context, including:
— changes in organizational vision, strategy or objectives;
Be

— major structural or business model changes, including mergers, acquisitions and divestments;
— new markets or territories that the organization has entered;
— newly introduced products and services;
— significant staff changes, including top management;
— the effectiveness of improvements made since the previous review;

© ISO 2017 – All rights reserved 7


Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
ISO 22316:2017(E)

— feedback on the effectiveness of the organization’s resilience;


— change in risks that need to be addressed.

e
Top management should:

ab
— compare the outputs from the organizational resilience evaluation process against other related
review processes, such as the results from related internal audits, incident debriefs, strategy
planning, near misses and regulatory compliance;
— confirm that monitoring arrangements are appropriate and provide input to the identification and

sg
treatment of issues before their impacts become too damaging or an opportunity is missed.

6.4 Reporting
The outputs from monitoring organizational resilience may include summary reporting, giving top

au
management an assessment of resilience against the attributes most relevant to the organization.
Top management should:
— use on-going monitoring reports to track trends in the data that have been used to evaluate
organizational resilience;

er
— confirm that current information management systems provide essential data to support the input
required for an organization’s resilience monitoring;
nd
— use the output of the reporting process to develop action plans to enhance organizational resilience.
So
te
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

s te
fri
Be

8 © ISO 2017 – All rights reserved


Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
ISO 22316:2017(E)

Annex A
(informative)

e
Relevant management disciplines

ab
Management disciplines that can support the guidance given in 5.8 include the following:

sg
— asset management;
— business continuity management;
— crisis management;

au
— cyber security management;
— communications management;
— emergency management;
— environmental management;
— facilities management;
er
nd
— financial control;
— fraud control;
— governance;
So

— health and safety management;


— human resources management;
— information security management;
te
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

— information, communications and technology;


— physical security management;
te

— quality management;
— risk management;
— supply chain management;
s

— strategic planning.
fri
Be

© ISO 2017 – All rights reserved 9


Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
ISO 22316:2017(E)

Bibliography

e
[1] ISO 22301, Societal security — Business continuity management systems --- Requirements

ab
[2] ISO 22398, Societal security — Guidelines for exercises
[3] ISO 31000, Risk management — Principles and guidelines
[4] ISO/IEC 38500, Information technology — Governance of IT for the organization

sg
[5] ISO Guide 73, Risk management — Vocabulary

au
er
nd
So
te
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

s te
fri
Be

10 © ISO 2017 – All rights reserved


Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
e
ab
sg
au
This page is intentionally blank.

er
nd
So
te
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

s te
fri
Be

Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
e
ab
sg
au
This page is intentionally blank.

er
nd
So
te
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

s te
fri
Be

Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
e
ab
sg
au
This page is intentionally blank.

er
nd
So
te
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

s te
fri
Be

Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.
ISO 22316:2017(E)

e
ab
sg
au
er
nd
So
te
Normen-Download-Beuth-Robert Koppensteiner-ID.AJ6ZHCKV6NQGQCSORXQ0YWLK.2-2020-04-21 17:35:19

s te
fri
Be

ICS 03.100.01
Price based on 10 pages

© ISO 2017 – All rights reserved


Um die Herausforderungen der Corona-Krise zu bekämpfen, stellt DIN diese Fassung der Norm bis auf Weiteres kostenlos bereit.
Weitere aktuell kostenlose Normen für medizinische Ausrüstung unter www.beuth.de/go/kostenlose-normen.