ISO publishes Technical Specification giving guidelines for complexity analysis

The International Organization for Standardization has published a new Technical Specification: ISO/TS 22375:2018 Security and resilience - Guidelines for complexity analysis process

This document gives guidelines for the application of principles and a process for a complexity assessment of an organization’s systems to improve security and resilience. A complexity assessment process allows an organization to identify potential hidden vulnerabilities of its system and to provide an early indication of risk resulting from complexity.

Ivano Roveda (Italy), the project leader responsible for the development of ISO 22375, explains: Ivano

"Complexity is a fundamental property of many systems. An appropriate level of complexity is required for systems operation but a high degree of complexity can weaken the system, particularly during turbulent times. High system complexity is an obstacle to security, resilience, effectiveness and efficiency of all organizations. As organizational systems, products, processes, technologies, organizational structures, and contracts become more complex, organizations may fail to pay sufficient attention to the introduction and proliferation of more complex and less secure systems that then become unsustainable and lose their integrity."

ISO/TS 22375 is applicable to all sizes and types of organization systems, such as critical assets, strategic networks, supply chains, industrial plants, community infrastructures, banks and business companies. Therefore it is extremely important to give an appropriate answer to a concrete problem of contemporary industrial activities. Hence it scores a good result of normative governance of wich ISO activity is the international expression. Adarosa Ruffini

It is to be noted that one example provided in the Annex ISO/TS 22375 is a thesis of master degree in management engineering at Pisa University developed by a student (Claudio Perissinotti) in the Course held by Professor Adarosa Ruffini. It represents a significant cooperation between the standardization world and the accademic one.

ISO/TS 22375:2018, Security and resilience - Guidelines for business complexity process, is available from ISO national member institutes. It may also be obtained directly from the ISO Central Secretariat, respectively through the ISO Store or by contacting the Marketing, Communication & Information department.

Upcoming events

28 Feb, Zoom
Working Group 1

5 March, Zoom
Communication Group meeting

[tbd], 2024
11th ISO/TC 292 plenary meeting

Topics

Authenticity, integrity and trust for products and documents
Business continuity management
Community resilience
Crisis management
Emergency management
Event management
Organizational resilience
Protective security
Supply chain security
Terminology

This website has been developed by Swedish Civil Contingencies Agency in collaboration with ISO and Swedish Institute for Standards responsible for the ISO/TC 292 secretariat

An overview of ISO/TC 292 can also be found at the ISO webpage.

ISO

SIS