ISO 22316:2017 pdf – Security and resilience — Organizational resilience — Principles and attributes.
1 Scope This document provides guidance to enhance organizational resilience for any size or type of organization. It is not specific to any industry or sector. This document can be applied throughout the life of an organization. This document does not promote uniformity in approach across all organizations, as specific objectives and initiatives are tailored to suit an individual organization’s needs. 2 Normative references The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO 22300, Societal security — Terminology 3? Terms? and? definitions For the purposes of this document, the terms and definitions given in ISO 22300 and the following apply. ISO and IEC maintain terminological databases for use in standardization at the following addresses: — ISO Online browsing platform: available at http:// www .iso .org/ obp — IEC Electropedia: available at http:// www .electropedia .org/ 3.1 management coordinated activities to direct and control an organization 3.2 interested party person or organization that can affect, be affected by, or perceive itself to be affected by a decision or activity Note 1 to entry: This can be an individual or group that has an interest in any decision or activity of an organization. 3.3 organizational culture collective beliefs, values, attitudes and behaviour of an organization that contribute to the unique social and psychological environment in which it operates 3.4 organizational resilience ability of an organization to absorb and adapt in a changing environment 3.5 values beliefs an organization adheres to and the standards that it seeks to observe
4 Principles 4.1 General The principles provide the foundation upon which a framework and strategy to achieve an enhanced state of organizational resilience can be developed, implemented and evaluated. An organization’s resilience: a) is enhanced when behaviour is aligned with a shared vision and purpose; b) relies upon an up-to-date understanding of an organization’s context; c) relies upon an ability to absorb, adapt and effectively respond to change; d) relies upon good governance and management; e) is supported by a diversity of skills, leadership, knowledge and experience; f) is enhanced by coordination across management disciplines and contributions from technical and scientific areas of expertise; g) relies upon effectively managing risk. 4.2 Coordinated approach The organization should develop a coordinated approach that provides: — a mandate to ensure its leaders and top management are committed to enhance organizational resilience; — adequate resources needed to enhance the organization’s resilience; — appropriate governance structures to achieve the effective coordination of organizational resilience activities; — mechanisms to ensure investments in resilience activities are appropriate to the organization’s internal and external context; — systems that support the effective implementation of organizational resilience activities; — arrangements to evaluate and enhance resilience in support of organizational requirements; — effective communications to improve understanding and decision making.
5.3? Understanding? and? influencing? context A comprehensive understanding of the organization’s internal and external environments will help the organization make more effective strategic decisions about the priorities for resilience. The organization should demonstrate and enhance the following: — the ability to think beyond current activities, strategy, and organizational boundaries; — understanding, collaborating and strengthening of relationships with relevant interested parties to support the delivery of the organization’s purpose and vision. The organization should prioritize and resource the following activities: a) monitor and evaluate the organization’s context, including interdependencies, political, regulatory environment and competitor activities under changing circumstances; b) maintain strong relationships with interested parties and foster co-operation at all levels; c) collaborate with interested parties that share the organization’s purpose and vision. 5.4 Effective and empowered leadership Organizational resilience is enhanced by leadership that develops and encourages others to lead under a range of conditions and circumstances, including during periods of uncertainty and disruptions. The organization should demonstrate and enhance the following: — effective leadership throughout the organization that encourages a culture supportive of resilience; — leadership that can adapt to changing circumstances; — leadership that utilizes a diverse set of skills, knowledge and behaviour within the organization to achieve organizational objectives. The organization should prioritize and resource the following activities: a) develop trusted and respected leaders who act with integrity and are committed to a sustained focus on organizational resilience; b) assign roles and responsibilities for enhancing organizational resilience; c) encourage the creation and sharing of lessons learned about success and failure and promote the adoption of better practice;