ISO publishes Technical Specification giving guidelines for complexity analysis
The International Organization for Standardization has published a new Technical Specification: ISO/TS 22375:2018 Security and resilience - Guidelines for complexity analysis process
This document gives guidelines for the application of principles and a process for a complexity assessment of an organization’s systems to improve security and resilience. A complexity assessment process allows an organization to identify potential hidden vulnerabilities of its system and to provide an early indication of risk resulting from complexity.
Ivano Roveda (Italy), the project leader responsible for the development of ISO 22375, explains:
"Complexity is a fundamental property of many systems. An appropriate level of complexity is required for systems operation but a high degree of complexity can weaken the system, particularly during turbulent times. High system complexity is an obstacle to security, resilience, effectiveness and efficiency of all organizations. As organizational systems, products, processes, technologies, organizational structures, and contracts become more complex, organizations may fail to pay sufficient attention to the introduction and proliferation of more complex and less secure systems that then become unsustainable and lose their integrity."
ISO/TS 22375 is applicable to all sizes and types of organization systems, such as critical assets, strategic networks, supply chains, industrial plants, community infrastructures, banks and business companies. Therefore it is extremely important to give an appropriate answer to a concrete problem of contemporary industrial activities. Hence it scores a good result of normative governance of wich ISO activity is the international expression.
It is to be noted that one example provided in the Annex ISO/TS 22375 is a thesis of master degree in management engineering at Pisa University developed by a student (Claudio Perissinotti) in the Course held by Professor Adarosa Ruffini. It represents a significant cooperation between the standardization world and the accademic one.
ISO/TS 22375:2018, Security and resilience - Guidelines for business complexity process, is available from ISO national member institutes. It may also be obtained directly from the ISO Central Secretariat, respectively through the ISO Store or by contacting the Marketing, Communication & Information department.