The Publicly Available Specification ISO/PAS 22399:2007, Societal security – Guideline for incident preparedness and operational continuity management, is based on best practice from five national standards from Australia, Israel, Japan, the United Kingdom and the United States.
Natural disasters, acts of terror, technology-related accidents and environmental incidents have clearly demonstrated that neither public nor private sectors are immune from crises, either intentionally or unintentionally provoked.
This has lead to a global awareness that organizations in the public and private sectors must know how to prepare for and respond to unexpected and potentially devastating incidents.
ISO/PAS 22399 is the first deliverable from ISO technical committee ISO/TC 223, Societal security, which is charged with developing standards in the area of crisis and continuity management.
Dr. Stefan Tangen, Secretary of ISO/TC 223, states: “ISO/PAS 22399 represents a major breakthrough in addressing emergency and disaster preparedness, response and continuity. It was unanimously passed by the 50 countries that participate in the committee and provides an international agreed upon benchmark for emergency and disaster management for individual organizations.”
ISO/PAS 22399 establishes the process, principles and terminology of incident preparedness and operational (business) continuity management (IPOCM) within the context of societal security. Mr. Ivar Jachwitz, the Convener of the Task Group that was responsible for drafting ISO/PAS 22399 explains: “The purpose of the guideline is to provide a basis for understanding, developing and implementing incident preparedness and operational continuity management within an organization and to provide confidence in organization-to-community, business-to-business and organization-to-customer/client dealings.
"The guideline is a tool to allow public or private organizations to consider the factors and steps necessary to prepare for an unintentionally, intentionally, or naturally caused incident (disruption, emergency, crisis or disaster) so that it can manage and survive the incident and take the appropriate actions to help ensure the organization’s continued viability”.
Organizational resilience requires proactive preparation for potential incidents and disruptions, in order to avoid suspension of critical operations and services, or if operations and services are disrupted, that they resume operations and services as rapidly as required by those who depend on them.
ISO/PAS 22399 describes a holistic management process that identifies potential impacts that threaten an organization and provides a framework for minimizing their effect.