ISO-22301业务连续性管理-2012

raisingstandardsworldwide™NOCOPYINGWITHOUTBSIPERMISSIONEXCEPTASPERMITTEDBYCOPYRIGHTLAWBSIStandardsPublicationSocietalsecurityBusinesscontinuitymanagementsystems–RequirementsBSISO22301:2012BIAStrategyPlanningExercisingImprovementLicensedcopy:MrRogerWang,BSIGlobalAssurance,Versioncorrectasof16/05/201213:14,(c)TheBritishStandardsInstitution2012BSISO22301:2012BRITISHSTANDARDNationalforewordThisBritishStandardistheUKimplementationofISO22301:2012.ItsupersedesBS25999-2:2007whichwillbewithdrawnon1November2012.TheUKparticipationinitspreparationwasentrustedtoTechnicalCommitteeBCM/1,Businesscontinuitymanagement.Alistoforganizationsrepresentedonthiscommitteecanbeobtainedonrequesttoitssecretary.Thispublicationdoesnotpurporttoincludeallthenecessaryprovisionsofacontract.Usersareresponsibleforitscorrectapplication.©TheBritishStandardsInstitution2012.PublishedbyBSIStandardsLimited2012ISBN9780580686801ICS03.100.01CompliancewithaBritishStandardcannotconferimmunityfromlegalobligations.ThisBritishStandardwaspublishedundertheauthorityoftheStandardsPolicyandStrategyCommitteeon31May2012.AmendmentsissuedsincepublicationDateTextaffectedLicensedcopy:MrRogerWang,BSIGlobalAssurance,Versioncorrectasof16/05/201213:14,(c)TheBritishStandardsInstitution2012BSISO22301:2012©ISO2012Societalsecurity—Businesscontinuitymanagementsystems—RequirementsSécuritésociétale—Gestiondelacontinuitédesaffaires—ExigencesINTERNATIONALSTANDARDISO22301Firstedition2012-05-15ReferencenumberISO22301:2012(E)Licensedcopy:MrRogerWang,BSIGlobalAssurance,Versioncorrectasof16/05/201213:14,(c)TheBritishStandardsInstitution2012BSISO22301:2012ISO22301:2012(E)ii©ISO2012–AllrightsreservedCOPYRIGHTPROTECTEDDOCUMENT©ISO2012Allrightsreserved.Unlessotherwisespecified,nopartofthispublicationmaybereproducedorutilizedinanyformorbyanymeans,electronicormechanical,includingphotocopyingandmicrofilm,withoutpermissioninwritingfromeitherISOattheaddressbeloworISO’smemberbodyinthecountryoftherequester.ISOcopyrightofficeCasepostale56•CH-1211Geneva20Tel.+41227490111Fax+41227490947E-mailcopyright@iso.orgWeb:14,(c)TheBritishStandardsInstitution2012BSISO22301:2012ISO22301:2012(E)©ISO2012–AllrightsreservediiiContentsPageForeword............................................................................................................................................................................iv0Introduction.....................................................................................................................................................................v0.1General..........................................................................................................................................................................v0.2ThePlan-Do-Check-Act(PDCA)model................................................................................................................v0.3ComponentsofPDCAinthisInternationalStandard......................................................................................vi1Scope......................................................................................................................................................................12Normativereferences.........................................................................................................................................13 Terms and definitions.........................................................................................................................................14Contextoftheorganization..............................................................................................................................84.1Understandingoftheorganizationanditscontext....................................................................................84.2Understandingtheneedsandexpectationsofinterestedparties.........................................................94.3Determiningthescopeofthebusinesscontinuitymanagementsystem...........................................94.4Businesscontinuitymanagementsystem.................................................................................................105Leadership...........................................................................................................................................................105.1Leadershipandcommitment.........................................................................................................................105.2Managementcommitment...............................................................................................................................105.3Policy....................................................................................................................................................................115.4Organizationalroles,responsibilitiesandauthorities........................................................................