ISO/TC 292 has now entered a phase where most efforts is spend on developing standards in the work programme as well as finding new projects for the committee to engage in. All six Working Groups of the committee met in parallel intensivelly discussing the various of projects on their agenda.
Progress of work
ISO 22300 Security and resilience - Vocabulary has been published which contains over 300 terms. However, since consistent terminology is an overarching objective for the committee with new terms comming up constantly it was decided to start a revision for a 3rd version.
When it comes to the area of BCM the revisions of ISO 22301 Security and resilience - Business continuity management systems – Requirements and ISO 22313 Security and resilience - Business continuity management systems – Guidance continiued and the committee is aiming for going to the DIS stage directly after the meeting. All receieved comments on the supporting document ISO/TS 22332 Security and resilience - Business continuity management systems - Guidelines for business continuity procedures were also resolved.
Much progress has been made when it comes to "Emergency Management" where three documents: ISO 22320 Security and resilience - Emergency management - Guidelines for incident managament, ISO 22326 Security and resilience - Emergency management - Guidelines for monitoring of facilities with identified hazards and ISO 22327 Security and resilience - Emergency management - Guidelines for implementation of a community-based landslide early warning system have been published. Two new projects have been initiated on: 1) providing guidelines on how to use social media during an emergency (ISO 22329) and 2) giving generic guidelines on early warning systmes for natural disasters (ISO 22328).
In the area "Authenticity, integrity and trust for products and documents" the committe has just published three documents:
- ISO 22380 Security and resilience – Authenticity, integrity and trust for products and documents – General principles for product fraud risk
- ISO 22381 Security and resilience – Authenticity, integrity and trust for products and documents – Guidelines for interoperability of product identification and authentication systems
- ISO 22382 Security and resilience – Authenticity, integrity and trust for products and documents – Guidelines for the content, security and issuance of excise tax stamps
During this meeting the focus was spent on the revision of ISO 12031 Performance criteria for authentication solutions used to combat counterfeiting of material goods, which will be renamed as ISO 22383. A working draft of ISO 22384 Security and resilience – Authenticity, integrity and trust for products and documents - Guidelines to establish and monitor a protection plan and its implementation were also developed.
The work regarding "Community resilince" is also proceeding. ISO 22395 Security and resilience - Community resilience - Guidelines for supporting vulnerable persons in an emergency were published just before the meeting. Comments were resolved on ISO 22396 Security and resilience - Community resilience - Guidelines for information sharing between organisations and ISO 22392 Security and resilience – Community resilience – Guidelines for conducting peer reviews which are both ready to go out for ballot. There is also a collaboration project with UN on ISO 22370 Security and resilience – Community resilience – Framework and principles for urban resilience which is expected to be published as a Technical Report in early 2019.
When it comes to "Protective security", it has been a slow start to find the focus of this area but the pace is now rapidly increasing and three work items has just been approved:
- ISO 22340 Security and resilience – Protective security – Guidelines for security architecture, framework and controls
- ISO 22341 Security and resilience – Protective security – Guidelines for crime prevention through environmental design
- ISO 22342 Security and resilience – Protective security – Guidelines for the development of a security plan for an organization
The justification study on ISO 28000 Specification for security management systems for the supply chain was finilized and will be subitted to TMB before the revision can start.
New project proposals
Several new project proposals were presented and discussed during the week and the following were agreed to be registered as preliminary work items:
- Security and resilience – Community resilience – Resource management
- Security and resilience – Emergency management – Framework
Concluding remarks
After its third year, much of ISO/TC 292 hard work has resulted in a record number of 11 publications in 2018. Numerous of new ideas for new standards have been presented and the members needs to decide what projects that should should set the agenda.