Till innehåll på sidan

ISO 22316:2017 Security and resilience - Organizational resilience - Principles and attributes

This International Standard provides guidance to enhance organizational resilience for any size or type of organization. It is not specific to any industry or sector. ISO 22316 can be applied throughout the life of an organization. It does not promote uniformity in approach across all organizations, as specific objectives and initiatives are tailored to suit an individual organization's needs.

Organizational resilience is the ability of an organization to absorb and adapt in a changing environment to enable it to deliver its objectives and to survive and prosper. More resilient organizations can anticipate and respond to threats and opportunities, arising from sudden or gradual changes in their internal and external context. Enhancing resilience can be a strategic organizational goal, and is the outcome of good business practice and effectively managing risk.

An organization’s resilience is influenced by a unique interaction and combination of strategic and operational factors. Organizations can only be more or less resilient; there is no absolute measure or definitive goal.

A commitment to enhanced organizational resilience contributes to:

  • an improved ability to anticipate and address risks and vulnerabilities;
  • increased coordination and integration of management disciplines to improve coherence and performance; 
  • a greater understanding of interested parties and dependencies that support strategic goals, and objectives.


Brian Roylett (Australia), the project leader responsible for the development of ISO 22316, explains:

"There is no single approach to enhance an organization’s resilience. There are established management disciplines that contribute towards resilience but, on their own, these disciplines are insufficient to safeguard an organization’s resilience. Instead, organizational resilience is the result of the interaction of attributes and activities, and contributions made from other technical and scientific areas of expertise. These are influenced by the way in which uncertainty is addressed, decisions are made and enacted, and how people work together." 

ISO 22316 establishes the principles for organizational resilience. It identifies the attributes and activities that support an organization in enhancing its resilience. It includes:

  • principles providing the foundation for enhancing an organization’s resilience;
  • attributes describing the characteristics of an organization that allow the principles to be adopted;
  • activities guiding the utilization, evaluation and enhancement of attributes.

ISO 22316:2017, Security and resilience - Organizational resilience - Principles and attributes, is available from ISO national member institutes. It may also be obtained directly from the ISO Central Secretariat, respectively through the ISO Store or by contacting the Marketing, Communication & Information department.