ARP5 (Colour)

© SABS.
This non-printable standard is exclusively for approved users of the SABS’ Complete Collection of Standards and Related Documents.
The standard must reside on a shared file server or intranet system and may only be used for reference purposes in compliance with
SABS copyright rules. The standard or parts thereof may not be distributed in any form without permission from the SABS.
ISBN 978-0-626-24463-7
ARP 5:2010
Edition 1
IWA 5:2006
Edition 1
SABS STANDARDS DIVISION
Recommended practice
Emergency preparedness
This recommended practice is the identical implementation of IWA 5:2006 and

is adopted with the permission of the International Organization for Standardization.
This document does not have the status of a South African National Standard.
Published by SABS Standards Division

1 Dr Lategan Road Groenkloof Private Bag X191 Pretoria 0001
Tel: +27 12 428 7911 Fax: +27 12 344 1568
www.sabs.co.za
© SABS
© SABS. This non-printable standard is exclusively for approved users of the SABS’ Complete Collection of Standards and Related Documents.
ARP 5:2010
Edition 1
IWA 5:2006
Edition 1
Table of changes
Change No. Date Scope
National foreword
This recommended practice was approved by National Committee SABS TC 223, National disaster
management, in accordance with procedures of the SABS Standards Division, in compliance with
annex 3 of the WTO/TBT agreement.
This document was published in July 2010.

ARP 5:2010
International Workshop
Agreement
IWA 5
****
État de préparation en cas de catastrophe
Reference number © ISO 2006

IWA 5:2006(E) All rights reserved
ARP 5:2010
IWA 5:2006(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.
© ISO 2006
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Printed in Switzerland
ii © ISO 2006 – All rights reserved

ARP 5:2010
Emergency preparedness IWA 5:2006(E)
Contents Page
Foreword............................................................................................................................................................ iv
Participation ....................................................................................................................................................... v
Background ..................................................................................................................................................... viii
Introduction ........................................................................................................................................................ix
Workshop Recommendations ...........................................................................................................................x
1 Scope ......................................................................................................................................................1
2 Workshop Proceedings.........................................................................................................................1
3 Potential Future Work ...........................................................................................................................3
4 Conclusion .............................................................................................................................................3
Annex A (informative) Final Agenda ISO International Workshop on Standardization for
Emergency Preparedness, 24-26 April 2006, Florence, Italy.............................................................5
Annex B (informative) Submitted Standards/Guidance Documents..............................................................7
Annex C (informative) Output from Breakout Session #1 on Emergency Management..............................8
Annex D (informative) Output from Breakout Session #2 on Business Continuity (6 phases of the
business continuity management system) .........................................................................................9
© ISO 2006 – All rights reserved iii

ARP 5:2010
IWA 5:2006(E) Emergency preparedness
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). ISO’s technical work is normally carried out through ISO technical committees in which
each ISO member body has the right to be represented. International organizations, governmental and
nongovernmental, in liaison with ISO, also take part in the work.
In order to respond to urgent market requirements, ISO has also introduced the possibility of preparing
documents through a workshop mechanism, external to its normal committee processes. These documents
are published by ISO as International Workshop Agreements. Proposals to hold such workshops may come
from any source and are subject to approval by the ISO Technical Management Board which also designates
an ISO member body to assist the proposer in the organization of the workshop. International Workshop
Agreements are approved by consensus amongst the individual participants in such workshops. Although it is
permissible that competing International Workshop Agreements exist on the same subject, an International
Workshop Agreement shall not conflict with an existing ISO or IEC standard.
An International Workshop Agreement is reviewed after three years, under the responsibility of the member
body designated by the Technical Management Board, in order to decide whether it will be confirmed for a
further three years, transferred to an ISO technical body for revision, or withdrawn. If the International
Workshop Agreement is confirmed, it is reviewed again after a further three years, at which time it must be
either revised by the relevant ISO technical body or withdrawn.
Attention is drawn to the possibility that some of the elements of this International Workshop Agreement may
be the subject of patent rights. ISO shall not be held responsible for identifying any or all such patent rights.
International Workshop Agreement IWA 5 was created via the discussions at a workshop organized jointly by
the American National Standards Institute (ANSI) and the New York University (NYU) International Center for
Enterprise Preparedness (InterCEP), and held in Florence, Italy, 24-26 April 2006.
iv © ISO 2006 – All rights reserved

ARP 5:2010
Participation
The following individuals, from organizations based in seventeen different countries, attended and participated
in the 24-26 April 2006 workshop meeting:
First Name Last Name Organization Country

David Adamson British Standards Institution United Kingdom
Azlan Adnan University of Technology Malaysia Malaysia
Isaac Akerman Standards Institution of Israel Israel
Eiji Aoki Cabinet Office of GOJ Japan
George Arnold ISO/IEC SAG on Security Chairman USA
Kevin Becker Organizational Resilience International USA
Mark Bezzina Standards Australia Australia
Lloyd Bokman NFPA 1600 Technical Committee USA
Timothy Bowen BearingPoint Inc USA
Keith Brannon International Organization for Standardization Switzerland
Jerry Brashear RAMCAP/ASME Innovative Technologies USA
Institute, LLC
Joseph Broz Midwest Research Institute USA
Karen Coyne CoVeris USA
Ihab Dana Credit Suisse USA
Matt Deane American National Standards Institute USA
Margaret Della New York University - International Center for USA
Enterprise Preparedness
Nicki Dennis British Standards Institution United Kingdom
Olivier Dreser Commissariat à l’Energie Atomique France
Manabu Eto Japanese Industrial Standards Committee Japan
Chris Green HBOS plc United Kingdom
Pamela Greenlaw U.S. Department of Homeland Security USA
Giulio Gullotta Federal Office of Civil Protection and Disaster Germany
Assistance
Levis Guy-Obiakor Private Citizen Trinidad and Tobago
Viktoria Hagelstedt Swedish Emergency Management Agency Sweden
Philip Handley Mason Communications United Kingdom
Wayne Harrop Coventry University United Kingdom
Gunnar Hem Directorate for Civil Protection and Emergency Norway
Planning
Kathleen Higgins National Institute of Standards and Technology USA
Eui-Sik Hwang Korean Standards Association Republic of Korea
Masaki Inoue Japanese Standards Association Japan
Graeme Jannaway Jannaway & Associates Canada
Martin Johanson Department of Fire Safety Engineering, Lund Sweden
University
Sungwook Jung Korean Standards Association Republic of Korea
Hong Kim Korean Standards Association Republic of Korea
© ISO 2006 – All rights reserved v

ARP 5:2010

Didier Kimmel CEA USA
Mary Jo Kuffner University of Illinois at Chicago-SPH-CADE USA
Krister Kumlin Swedish Emergency Management Agency Sweden
ZhongQuiang Li China National Institute of Standardization China
David Leslie Marsh Ltd United Kingdom
Andreas Malm 4C Strategies AB Sweden
Husam Mansour Canadian Standards Association Canada
Anders Mattson Saab Security Solutions Sweden
Thomas McKenna International Atomic Energy Agency Austria
Ron Meyers Canadian Standards Association Canada
Patricia Milligen U.S. Nuclear Regulatory Commission USA
Colleen Monahan University of Illinois at Chicago-SPH-CADE USA
Ichiro Nakajima Tohoku University Japan
Otto Nederlof Draeger Safety / CEN BT 161 WG EMS Netherlands
Peter Nilsson Lund University Department of Fire Safety Sweden
Engineering
Ove Njaa University of Stavanger Norway
Nick Okabe Tokio Marine & Nichido Risk Consulting Japan
Bruno Olsson Ericsson Microwave Sweden
Takahiro Ono Ministry of Economy Trade and Industry Japan
Michael Penders Environmental Security International USA
Brad Penuel New York University - Center for Catastrophe USA
Preparedness and Response
Reneaue Railton Cisco Systems USA
Bill Raisch New York University - International Center for USA
Gregory Sanders United Nations Development Programme USA
Herman Schipper Netherlands Standardization Institute Netherlands
Marc Siegel San Diego State University Israel
Lykke Silfwerbrand Saab Security Solutions Sweden
Richard Silitonga PT. Sucofindo Indonesia
Christian Sommade French High Committee for Civil Defence France
Donald Spellman Oak Ridge National Laboratory USA
Fredric Stany 4C Strategies Sweden
Matt Statler New York University - International Center for USA
Alice Sturgeon Treasury Board Secretariat, Government of Canada
Canada
Andrew Tait Core Systems Group, LLC USA
Stefan Tangen Swedish Standards Institute Sweden
David Trebisacci National Fire Protection Association USA
Sheena Vivian Langley Emergency Program Canada
Bob Vondrasek National Fire Protection Association USA
Jinyu Wang China National Institute of Standardization China
Kenji Watanabe Nagaoka University of Technology Japan
Jeffrey Weir Organizational Resilience International USA
vi © ISO 2006 – All rights reserved

ARP 5:2010

Claudia Werner DVGW German Technical and Scientific Germany
Association for Gas and Water
Beth Zimmerman Emergency Management Accreditation Program USA
© ISO 2006 – All rights reserved vii

ARP 5:2010
Background
The ISO Advisory Group on Security (AGS) was formed by the ISO Technical Management Board (TMB) and
was tasked to review ISO and other organizations’ existing work related to security, assess the needs of
relevant stakeholders, and recommend what additional standards work should be undertaken to support
international standardization needs related to security.
The ISO AGS issued its final report in January 2005. One of the report’s fifteen recommendations was that
ISO develop an International Workshop Agreement (IWA) on the subject of emergency preparedness. The
rationale for utilizing the IWA process was that it would allow for the production of an immediate ISO
deliverable, one that could further be evolved into an international standard by an ISO technical committee if
appropriate. The American National Standards Institute’s (ANSI) offer to serve as the lead member body for
this international workshop was accepted by ISO.
viii © ISO 2006 – All rights reserved

ARP 5:2010
Introduction
The IWA meeting announcement stated the purpose for this initiative:
No international standard currently exists for emergency preparedness. Yet, recent large-scale
disasters ranging from tsunamis and hurricanes to earthquakes and terrorism underscore the
importance of consensus guidance and international coordination in emergency readiness, response,
and recovery efforts. The purpose of the meeting will be to reach an International Workshop
Agreement (IWA), to be published by ISO, for emergency preparedness and operational continuity.
Given the urgency of the need and the significant time frame necessary to develop a deliverable from the
beginning, the decision was made to focus on existing, consensus-based national standards and guidance in
the area of emergency preparedness. All ISO member bodies were informed of this meeting and requested to
further publicize this event. The invitation further invited entities to submit existing standards for consideration
by the workshop participants. The envisioned process was to review and evaluate the submitted standards at
the IWA meeting, as well as their applicability for the IWA deliverable, to be published by ISO.
The New York University (NYU) International Center for Enterprise Preparedness (InterCEP) hosted the
meeting on behalf of the US national body, 24-26 April 2006 at the Villa La Pietra International Conference
Center of NYU in Florence, Italy. The Workshop Chairman was Bill Raisch of NYU InterCEP. The Workshop
Moderator was Alice Sturgeon of the Treasury Board of Canada and member of the ISO/IEC Strategic
Advisory Group on Security. The Workshop Secretariat was Matt Deane of ANSI.
© ISO 2006 – All rights reserved ix

ARP 5:2010
Workshop Recommendations
The workshop recommendations are presented at the outset of this International Workshop Agreement to
provide context for the rest of the report. The workshop participants reached consensus on the following
recommendations:
1. In accordance with the ISO TMB resolution, the workshop confirms that the appropriate ISO technical
committee to address this subject area further should be ISO/TC 223, Societal security.
2. For the purposes of this workshop, the participants understand emergency preparedness to include all
aspects of activity known generically as:
• Emergency planning
• Emergency management
• Operational continuity
• Business continuity management
3. The workshop recognizes there are common elements, but that the disciplines of emergency
preparedness/emergency management and business continuity management are distinct.
4. The workshop recommends to TC 223 that the common elements identified during this workshop (see
Table 1) form the basis of an international family of standards for emergency management and
business continuity.
The workshop recommends to TC 223 that NFPA 1600, BSI 25999, HB 221 and the work of the
Japanese Industrial Standards Committee and Standards Institution of Israel be included in the
international standards documents.
The workshop recommends to TC 223 that members nations be requested to submit detailed
tactical/implementation level documents that could provide direction and guidance specifically in the
area of emergency management.
ISO/IEC Guide 2 defines consensus as “General agreement, characterized by the absence of sustained
opposition to substantial issues by any important part of the concerned interests and by a process that
involves seeking to take into account the views of all parties concerned and to reconcile any conflicting
arguments. Consensus need not imply unanimity.”
The 77 workshop participants were not unanimous in their support of the four recommendations. In the limited
time during the workshop meeting, all viewpoints were given the opportunity to be heard and multiple attempts
were made to reconcile conflicting positions. The following disapprovals and/or abstentions were recorded at
the meeting for each of the four recommendations:
Recommendation #1 – 1 disapproval
Recommendation #2 – 7 disapprovals
Recommendation #3 – 1 disapproval
Recommendation #4 – 13 disapprovals, 6 abstentions
The remainder of this International Workshop Agreement will elaborate upon these recommendations, as well
as include further output from the workshop that is useful in the area of emergency preparedness.
x © ISO 2006 – All rights reserved

ARP 5:2010
1 Scope
This International Workshop Agreement (IWA)
• presents the consensus of the workshop participants on the subject of emergency preparedness in
the form of the workshop recommendations,
• provides recommendations and guidance to ISO/TC 223 as the first step in a process that may
eventually lead to the development of international standards on this subject, and
• provides the reader with some additional resources for further exploration of this area which is crucial
to all organizations and entities.
2 Workshop Proceedings
The final agenda from the meeting is presented in Annex A.
The five national standards and guidance documents that served as the focal point for the IWA discussions
were (see Annex B for further information) the following.
• NFPA 1600 - Standard on Disaster/Emergency Management and Business Continuity Programs

• HB 221 - Business Continuity Management
• BS25999 - Draft British Standard on Business Continuity Management
• Israeli Contributions on Security Management Systems: Management Standard and Accompanying
Family of Standards
• Japanese Position Paper for IWA and Proposal about Guidelines for the Establishment of Framework
on Emergency Preparedness
Following opening remarks from the ISO/TC 223 (Societal security) Chairman Designate that noted the
commitment from his technical committee as the appropriate home for the formal development of international
emergency preparedness standards, it was agreed that this IWA would be a one-time meeting and that the
work of the group would be completed within the two and a half day timeframe.
Due to the detailed nature of many of the key terms for emergency preparedness, and the limited meeting
time, the participants agreed that a comprehensive list of terms and definitions would not be included in this
International Workshop Agreement. However, this is a very important deliverable and one that ISO/TC 223
should consider undertaking. An internationally agreed upon list of terms and definitions would be very useful
to the preparedness community.
The workshop participants spent a significant amount of time discussing the meaning of emergency
preparedness and the disciplines that it encompasses, as well as how the five input standards/guidance
documents approach the subject matter. Breakout sessions were utilized to examine the workshop context
and approach for addressing emergency management/emergency planning and business continuity
management. Workshop participants agreed that while these are distinct disciplines (Recommendation #3), it
would be appropriate to include each in the scope of the workshop (Recommendation #2).
The workshop utilized two breakout sessions, (1) emergency management and (2) business continuity, to
discuss and determine the essential elements for each discipline. The output from each of these breakout
sessions can be found in Annexes C and D. The content contained in each of these annexes is presented
only for information and does not necessarily represent the consensus of each group as formal approval
processes were not exercised within the breakout sessions.
© ISO 2006 – All rights reserved 1

ARP 5:2010
A report from each breakout session was presented to the full workshop. Using the list from breakout session
#1 as the base, participants went through each item and identified the common elements of both emergency
management and business continuity management. Listed in Table 1 are the essential elements of both
emergency management and business continuity management, as identified by the workshop participants.
During the review exercise, there were no further differing elements identified at this high-level.
Table 1 -
Essential Elements of Emergency Management
and Business Continuity Management
• Program Management & Administration

o Establishment of Roles, Responsibilities & Authorities
o Coordination with Stakeholders
o Stakeholder Requirements
o “All Hazards Approach”
o Research
• Laws and Authorities
o Regulatory Considerations
• Hazard Identification, Risk Assessment and Impact Analysis
o Human Impact
o Hazard and threats
o Risk (or Probability)
o Vulnerability
o Consequence
o Intelligence
o Cost-Benefit Analysis
• Hazard Mitigation & Prevention
o Protection measures
• Resource Management
o Resourcing
o Operations Personnel / Human Resources
o Capacity Planning
• Mutual Aid / Memorandum of Understanding (MOU)
• Planning
• Direction, Control and Coordination
o Incident Management System
o Emergency Operations Centers
o Cooperation between Responding Agencies
• Communications and Warning
o Warning and Informing
• Operations and Procedures
o Mitigation
o Preparedness
o Response
o Recovery
• Logistics and Facilities
• Training
• Exercises, Evaluations and Corrective Actions including
o Quality Assurance
o Performance Evaluation
• Crisis Communications and Public Information
• Finance and Administration
2 © ISO 2006 – All rights reserved

ARP 5:2010
Throughout the workshop, participants discussed an international “family of standards” approach for
emergency management and business continuity, as well as how the five input standards/guidance
documents could potentially populate this “family.”
It was suggested that the family of standards approach could include a high-level framework standard that
outlines essential program elements, under which specific implementation standards would be utilized to
provide more detailed guidance to implement the program. However, the workshop participants were unable
to reach consensus on this or any other structure for the international family of standards approach, and
accordingly were unable to reach consensus on where the five input standards/guidance documents would be
placed in such a family structure.
Nonetheless, workshop participants did reach consensus that the five input standards/guidance documents
should be included in the family of standards work that occurs within ISO/TC 223. Further, they recommended
that ISO/TC 223 issue a call for additional detailed tactical/implementation level documents that could provide
direction and guidance, specifically in the area of emergency management (Recommendation #4).
3 Potential Future Work

On the final meeting day of the workshop, presentations were made on the following subjects, although there
was insufficient time for substantive discussion:
• Emergency Communications
• Emergency Preparedness for Nuclear and Radiological Emergencies
• Preparedness for Emergencies at Local Level
• Human Impact Preparedness
Despite the lack of substantive discussion, it was noted that ISO/TC 223 may wish to consider these elements
in their overall examination of emergency preparedness. It was further noted that human impact preparedness
was an important area that is not currently being addressed in the international standards arena.
Workshop participants also proposed the following suggestions to ISO/TC 223:
• Consideration should be given to establishing a liaison with the ISO special working group on Risk
Management to take advantage of the important work that they are doing in their risk
management standards efforts.
• Consideration should be given to issuing an ISO/TC 223 position paper on the relationship
between emergency preparedness and emergency management.
4 Conclusion
The ISO IWA meeting on emergency preparedness was at times challenging, but by the end of the session
some common ground was achieved as well as important input for the future work of ISO/TC 223.
Perhaps the biggest challenge facing the IWA was that the Florence meeting was the first time that a widely
diverse group of over seventy-five experts was coming together to discuss the subject of emergency
preparedness at the international level and trying to achieve consensus on an IWA solution within two and a
half days. Successful initiatives typically require a first meeting to share ideas and present possible solutions,
followed by time after the meeting to process the information received, collaborate, and reexamine proposed
solutions (and then a subsequent in-person meeting). The ISO IWA on emergency preparedness was
determined to be a one-time event due to the recent re-activation of ISO/TC 223 and to avoid having parallel
ISO efforts examining the same subject area over the longer term (especially since the formal ISO
standardization activity is to occur within ISO/TC 223). Therefore, the workshop did not have the luxury of time
following the initial meeting to work through issues and gradually build consensus.

ARP 5:2010
However, some good work was produced in the short amount of time afforded via this IWA initiative. This
included the following.
• The four workshop recommendations supported ISO/TC 223 as the appropriate home for further
standards work; provided a scope of emergency preparedness; and supported the family of standards
approach as a solution, identifying five key standards/guidance documents for the potential family.
• The essential elements table provides ISO/TC 223 with a starter list on the key elements that need to
be included in emergency management and business continuity standardization.
• Some of the challenging issues involved with emergency preparedness and international
standardization were observed first hand by the leadership of ISO/TC 223 and can be used as
lessons learned for the work within that technical committee.
• This IWA publication exists as an interim deliverable until formal ISO standardization is created on this
subject matter. It seeks to assist individuals needing emergency preparedness guidance by providing
some initial guidance and further resources that can be explored to meet the user’s needs.
Appreciation is extended to all the IWA participants and their organizations for their dedication to this
particular ISO initiative, participation in the spirited debate, and continued efforts to achieve international
standardization in the important area of emergency preparedness.

ARP 5:2010
Annex A
(informative)
Final Agenda ISO International Workshop on Standardization for

Emergency Preparedness, 24-26 April 2006, Florence, Italy
April 24, 2006
1. Opening Remarks
• Matt Deane, Workshop Secretariat
• Bill Raisch, Workshop Chairman
2. Introduction of participants
3. Workshop scope and goals

• Bill Raisch, Workshop Chairman
4. Background presentation on ISO and the IWA deliverable

• Matt Deane, Workshop Secretariat (on behalf of ISO)
5. Presentation from ISO/TC 223 -Societal Security

• Krister Kumlin, Chairman Designate
6. Presentations on Submitted Standards

30-minute presentation and Q&A session for each
• IWA N 03 – NFPA 1600 - Standard on Disaster/Emergency Management and Business
Continuity Programs; Presented by Lloyd Bokman
• IWA N 04 – HB 221 - Business Continuity Management; Presented by Mark Bezzina
• IWA N 17 - Israeli Contributions on Security Management Systems: Management Standard
and Accompanying Family of Standards; Presented by Marc Siegel
• IWA N 19 –N 21 - Japanese Position Paper for IWA and Proposal about Guidelines for the
Establishment of Framework on Emergency Preparedness; Presented by Kenji Watanabe
and Eiji Aoki
• IWA N 33 – BS25999 – Draft British Standard on Business Continuity Management;
Presented by Chris Green
7. General Discussion on Presented Standards and Review of Comment Contributions

Submitted Prior to the Meeting
• Alice Sturgeon, Workshop Moderator
• IWA N 27 - Supplemental Definitions of Terms for the IWA Meeting
• IWA N 30 - Third Draft Comparison Table of Input Standards/Documents for the IWA
• IWA N 31 - Chairman’s Contribution on the Summary of Input Documents to the Meeting and
a Proposed Model for a Family of Standards
8. Begin Discussion on IWA Deliverable and Workshop Recommendations

• IWA N 29 - Draft Proposal of a Potential Format for Final IWA Report

ARP 5:2010
April 25, 2006
1. Continued Discussion on IWA Deliverable and Workshop Recommendations

In addition to the full workshop discussions, breakout sessions were held on the following:
• Four breakout groups discussed focus and strategy for the remainder of the IWA meeting
• Two breakout groups examined the essential elements of emergency management and
business continuity
April 26, 2006
1. Continued Discussion on IWA Deliverable and Recommendations
2. Presentations and Discussion on Component/Related Standardization Needs

• ETSI Special Committee EMTEL - Requirements for Emergency Communications Network
Resiliency and Preparedness (TR 102 445), Presented by Philip Handley
• Emergency Preparedness for Nuclear and Radiological Emergencies (IAEA), Presented by
Tom McKenna
• Awareness and Preparedness for Emergencies at Local Level (APELL), Presented by
Richard Silitonga
• Human Impact Preparedness, Presented by Kevin Becker
3. Approval of Workshop Recommendations
4. Adjournment

ARP 5:2010
Annex B
(informative)
Submitted Standards/Guidance Documents
The following standards/guidance documents were reviewed during the IWA meeting.
Designation Title Source To obtain
BS25999 Draft British BSI E-mail: orders@bsi-global.com

Standard on www.bsi-global.com Tel: +44 (0)20 8996 9001
Business
Continuity
Management
HB 221 Business SA Can be purchased at:

Continuity www.standards.org.au www.saiglobal.com
Management
NFPA 1600 Standard on NFPA Freely available on NFPA website:

Disaster/Emerg www.nfpa.org http://www.nfpa.org/assets/files/pdf/nfpa1600.pdf
ency
Management
and Business
Continuity
Programs
Israeli SII E-mail: akermani@sii.org.il

Contributions www.sii.org.il Tel: +972 3 6467853
on Security
Management
Systems:
Management
Standard and
Accompanying
Family of
Standards
Japanese JISC E-mail: ono-takahiro@meti.go.jp

Position Paper www.jisc.go.jp Tel: +81-3-3501-9245
for IWA and
Proposal about
Guidelines for
the
Establishment
of Framework
on Emergency
Preparedness

ARP 5:2010
Annex C
(informative)
Output from Breakout Session #1 on Emergency Management
Note: This annex is presented only for information and does not necessarily represent the consensus of the
breakout session as formal approval processes were not undertaken.
The breakout session first attempted to classify the essential elements in phases, but then made the decision
to capture high-level elements without the phase categorization.
Essential Elements
• Program Management & Administration - including
o Establishment of Roles, Responsibilities & Authorities
o Coordination with Stakeholders
o Stakeholder Requirements,
o “All Hazards Approach”
o Research
• Laws and Authorities - including
o Regulatory Considerations
• Hazard Identification, Risk Assessment and Impact Analysis - including
o Human Impact
o Hazard and threats
o Risk (or Probability)
o Vulnerability
o Consequence
o Intelligence
o Cost-Benefit Analysis
• Hazard Mitigation & Prevention
o Protection measures
• Resource Management including
o Resourcing
o Operations Personnel / Human Resources
o Capacity Planning
• Mutual Aid / Memorandum of Understanding (MOU)
• Planning
• Direction, Control and Coordination - including
o Incident Management System
o Emergency Operations Centers
o Cooperation between Responding Agencies
• Communications and Warning - including
o Warning and Informing
• Operations and Procedures
o Mitigation
o Preparedness
o Response
o Recovery
• Logistics and Facilities
• Training
• Exercises, Evaluations and Corrective Actions including
o Quality Assurance
o Performance Evaluation
• Crisis Communications and Public Information
• Finance and Administration

ARP 5:2010
Annex D
(informative)
Output from Breakout Session #2 on Business Continuity

(6 phases of the business continuity management system)
Note: This annex is presented only for information and memorandum and does not necessarily represent the
consensus of the breakout session as formal approval processes were not undertaken.
Phase 1
Scope BC/Disaster Response Program, Understanding the Organization, Planning
• Seeking top management commitment
• Assemble team
• Define Scope
• Communicate the plan
• Describe the organization’s products and activities, resources, systems, sub-systems and processes
• Audit or GAP assessment in order to benchmark to understand what you have now
• Legal and other requirements
• Risks and threats
• Vulnerability
• Setting targets and objectives
• SWOT
Phase 2
BC Program Launch Strategy

Step-by-step task review
Global Business Continuity, Disaster Recovery - Level 0 Process Flow
Step 2
Understand BC / DR
Process
Business Strategy
Initiators
Impact Development
HB221:
BC & DR Strategy
Risk Exception Review and
Assessment Handling Approve
Emergency Response
Development Plan Update
&
Maintenance
Test
BC / DR Plan
Development
Engineering &
Implementation
Continuity Response
“Critical” and “Supporting Critical”
G LOBAL B USINESS CONTI NUITY & DISASTER RECOVERY
- LEVEL 0 PROCESS FLOW
PAGE 1 REVISION: 00.17 DATE OC T 15, 2003
processes & systems in priority/group order

Recovery Response
Alignment BS25999-1:
Strategic Strategies
NFPA 1600:
Activity Strategies
Strategic plan (Misson, vision, goals and objectives)
Human welfare Strategies
Emergency Op. plan
Asset resource Strategies
Mitigation plan
JISC:
Recovery plan (Short term, long term)
BC Policy:
Continuity plan
Annual BCP
ISRAEL Organisational structure and implementation
4.3.4 Security Management Program
1

ARP 5:2010
Phase 3
Global Business Continuity , Disaster Recovery - Level 0 Process Flow
Understand BC / DR
Process
Business Strategy
Initiators
Impact Development
Risk Exception Review and

Assessment Handling Approve
Plan Update
BC / DR Plan Engineering &
& Test
Development Implementation
Maintenance
GLOBAL BUSINESS CONTINUITY & D ISASTER R ECOVERY

- LEVEL 0 PROCESS F LOW
PAGE 1 R EVISION: 00.17 D ATE APR 24, 2006
10 Developing and implementing a BCM response
10.1 Incident management planning
10.1.1 Introduction and Scope

10.1.2 Ownership
10.1.3 Content of the crisis management plan
a) The crisis management team’s role
b) Invocation/ Mobilization
c) Command centre
d) Roles and responsibilities of team members
c) Lines of authority
d) situation analysis
e) Human Impacts - safety, health, and welfare
f) Action plans
g) Contact information
h) Stakeholder management
i) Annexes
10.2 Business continuity plans
10.2.1 Introduction
10.2.2 BC Plan contents
a) Purpose and scope
b) Roles and responsibilities
c) Lines of authority
c) Document owner and maintainer
d) Contact information
e) Action plans/ task lists
f) Resource requirements
g) Vital information
h) Forms and annexes
10.3 Recovery Plan contents

a recovery plan,

ARP 5:2010
Phase 4
● Embed in organization’s culture
● Education
● Awareness (different audiences)
● Training (different requirements)
11 Building and embedding BCM in the organization’s culture
11.1 General
Building, promoting and embedding a BCM culture within an organization ensures that it becomes part of the
organization’s core values and corporate governance. Effectively established it instils confidence with all
stakeholders in the ability of the organization to cope with major disruptions.
<MARGIN>COMMENTARY ON 11.1
Creating and embedding a BCM culture within an organization can however be a lengthy and difficult process.
It might encounter a level of resistance that was not anticipated.
To be successful BCM should be “owned” by everyone within an organization. All staff should be convinced
that business continuity management is a serious issue for the organization and that they have an important
role to play in maintaining the delivery of products and services to their clients and customers. It is essential
that awareness and training programmes be established as part of the overall introduction of BCM.
Each organization will have a level of management that is particularly sceptical about the introduction of new
initiatives; this is very often the middle management level. Particular emphasis must be given to gaining their
support if BCM is to become part of the organisational culture. This management level will also have a large
part to play in the initial charting of critical activities and processes, so gaining their support at an early stage
is vital.
Raising awareness with all the organization’s staff is important to ensure that they are aware that BCM is
being introduced and why. They will need to be convinced that this is a lasting initiative that has the support of
the leadership of the organization. They need to have confidence that their jobs will be protected whilst any
disruption is being contained. It is also critical that individuals named in the BC plans know what actions they
are required to take when plans are invoked.
New recruits to an organization should be made aware of the BCM policy and their part in any plans. This can
be done by incorporating BCM material into staff induction programmes.
Awareness of the overall BCM programme should be maintained. Methods may include internal newspapers,
emails, the organization’s intranet, team meetings and communications from senior management. These
might highlight examples where the organization successfully managed an incident or near-miss and praising
those involved. The organization may also draw upon lessons identified from external failures.
11.2 Key components of an embedded BCM culture
<MARGIN>NOTE The appropriate level of resource has to be determined in order to achieve the
embedding of a BCM culture.
To successfully embed a BCM culture, the following should be present.
— The acceptance by the organization’s board and leadership that BCM supports corporate values
and is an integral part of good governance.
— The publication of a clearly defined BCM policy statement agreed and “signed-off” by the
organization’s board and executive management.

ARP 5:2010
— An understanding of the culture that exists within and without the organization.
— The appointment of a senior executive to be accountable for and champion the implementation of
the organization’s BCM policy.
— A consultation process with middle managers, supervisors and operational staff throughout the
organization concerning the implementation of the BCM policy, which achieves their engagement in
the programme.
— Ownership of BCM across the organization (not just within facilities or IT) and the appointment of
BCM champions within the key business units within the organization.
— Education, awareness training and participation in exercises.
<MARGIN>NOTE Education, awareness training and exercises are used to effect real cultural change
based on a genuine understanding of the need for BCM and are designed to create corporate awareness and
enhance the skills, knowledge and experience required to implement, maintain, manage and execute BCM;
In addition, the following may be present.
— The integration of BCM into the organization’s reward and recognition process.
— The integration of BCM into the organization’s performance and appraisal process.
— The integration of BCM roles, accountabilities, responsibilities and authority within the
organization’s job descriptions and skills set.
— The inclusion of BCM as an agenda item at team meetings.
— Active participation by business users and senior executives in BCM rehearsals, exercises and
tests.
— A programme to ensure that key suppliers and distributors have a clear understanding of BCM
and have established appropriate in-house processes.
— The development of a BCM process to monitor the effectiveness of the educations, training and
awareness activities across the organisation.
Additional Phase 4 Input
Star
Management
Operational
Review
Continuity
Checking /
Corrective Action
Exercises & Testing Continual Planning
Nonconformance & I Risks and Threats
Corrective & Legal & Other
Preventive Action
Requirements
Implementation
Structure &
Responsibility
Training, Awareness,
Competence
Communication
Documentation

ARP 5:2010
Phases 4 and 5
The following diagram is meant to be illustrative rather than comprehensive.
Shared Processes/Activities/Environment
response, recovery, mitigation, prevention, planning,
validation, hazard identification, warning and informing, roles
and responsibility, impact assessment, cooperation between
responders, protection, regulatory, review, human aspects,
EP/EM BCM
Typically management of Typically management of
man made hazards and incidents impacting on the
natural hazards – processes/activities of an
protects life, organisation – protects
environment, critical shareholders, employees,
national infrastructure Linkages economy
Management of Civil Liaison Linked to emergency response
response to ‘incidents’ i.e. emergency evacuation
Internal response to an Crisis Management ie
incident reputation
Plans developed in response Business Recovery
to legislative requirements
(typically hazardous
sites/activites ie SVESO II
sites, nuclear)
Phase 6
Step 6 Program Management
Scoping
– Define materiality (Threshold identification)
– Define ‘Levels (do you have different service levels, how many thresholds)
– Define company vocabulary (example RTO, RPO)
– Identify escalation/ reporting process (Roles and responsibilities, Strategic framework
Policy
– Identify Sponsor(s)
– Identify Champion(s)
© SABS

This page has been left blank intentionally

SABS – Standards Division
The objective of the SABS Standards Division is to develop, promote and maintain South African
National Standards. This objective is incorporated in the Standards Act, 2008 (Act No. 8 of 2008).
Amendments and Revisions
South African National Standards are updated by amendment or revision. Users of South African
National Standards should ensure that they possess the latest amendments or editions.
The SABS continuously strives to improve the quality of its products and services and would
therefore be grateful if anyone finding an inaccuracy or ambiguity while using this standard would
inform the secretary of the technical committee responsible, the identity of which can be found in
the foreword.
Tel: +27 (0) 12 428 6666 Fax: +27 (0) 12 428 6928
The SABS offers an individual notification service, which ensures that subscribers automatically
receive notification regarding amendments and revisions to South African National Standards.
Tel: +27 (0) 12 428 6883 Fax: +27 (0) 12 428 6928 E-mail: sales@sabs.co.za
Buying Standards
Contact the Sales Office for South African and international standards, which are available in both
electronic and hardcopy format.
Tel: +27 (0) 12 428 6883 Fax: +27 (0) 12 428 6928 E-mail: sales@sabs.co.za
South African National Standards are also available online from the SABS website
http://www.sabs.co.za
Information on Standards
The Standards Information Centre provides a wide range of standards-related information on both
national and international standards, and is the official WTO/TBT enquiry point for South Africa. The
Centre also offers an individual updating service called INFOPLUS, which ensures that subscribers
automatically receive notification regarding amendments to, and revisions of, international
standards.
Tel: +27 (0) 12 428 6666 Fax: +27 (0) 12 428 6928 E-mail: info@sabs.co.za
Copyright
The copyright in a South African National Standard or any other publication published by the SABS
Standards Division vests in the SABS. Unless exemption has been granted, no extract may be
reproduced, stored in a retrieval system or transmitted in any form or by any means without prior
written permission from the SABS Standards Division. This does not preclude the free use, in the
course of implementing the standard, of necessary details such as symbols, and size, type or grade
designations. If these details are to be used for any purpose other than implementation, prior written
permission must be obtained.
Details and advice can be obtained from the Senior Manager.

Tel: +27 (0) 12 428 6666 Fax: +27 (0) 12 428 6928 E-mail: info@sabs.co.za

ARP5 (Colour)

Uploaded by

Copyright:

Available Formats

You might also like

ARP5 (Colour)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ARP5 (Colour)

Uploaded by

Copyright:

Available Formats

© SABS.

SABS STANDARDS DIVISION

This recommended practice is the identical implementation of IWA 5:2006 and

Published by SABS Standards Division

This document was published in July 2010.

État de préparation en cas de catastrophe

Reference number © ISO 2006

Adobe is a trademark of Adobe Systems Incorporated.

ii © ISO 2006 – All rights reserved

© ISO 2006 – All rights reserved iii

iv © ISO 2006 – All rights reserved

First Name Last Name Organization Country

© ISO 2006 – All rights reserved v

First Name Last Name Organization Country

vi © ISO 2006 – All rights reserved

First Name Last Name Organization Country

© ISO 2006 – All rights reserved vii

viii © ISO 2006 – All rights reserved

© ISO 2006 – All rights reserved ix

x © ISO 2006 – All rights reserved

• NFPA 1600 - Standard on Disaster/Emergency Management and Business Continuity Programs

© ISO 2006 – All rights reserved 1

• Program Management & Administration

2 © ISO 2006 – All rights reserved

3 Potential Future Work

Workshop participants also proposed the following suggestions to ISO/TC 223:

© ISO 2006 – All rights reserved 3

4 © ISO 2006 – All rights reserved

Final Agenda ISO International Workshop on Standardization for

April 24, 2006

3. Workshop scope and goals

4. Background presentation on ISO and the IWA deliverable

5. Presentation from ISO/TC 223 -Societal Security

6. Presentations on Submitted Standards

7. General Discussion on Presented Standards and Review of Comment Contributions

8. Begin Discussion on IWA Deliverable and Workshop Recommendations

© ISO 2006 – All rights reserved 5

April 25, 2006

1. Continued Discussion on IWA Deliverable and Workshop Recommendations

April 26, 2006

1. Continued Discussion on IWA Deliverable and Recommendations

2. Presentations and Discussion on Component/Related Standardization Needs

3. Approval of Workshop Recommendations

6 © ISO 2006 – All rights reserved

Submitted Standards/Guidance Documents

Designation Title Source To obtain

BS25999 Draft British BSI E-mail: orders@bsi-global.com

HB 221 Business SA Can be purchased at:

NFPA 1600 Standard on NFPA Freely available on NFPA website:

Israeli SII E-mail: akermani@sii.org.il

Japanese JISC E-mail: ono-takahiro@meti.go.jp

© ISO 2006 – All rights reserved 7

Output from Breakout Session #1 on Emergency Management

8 © ISO 2006 – All rights reserved

Output from Breakout Session #2 on Business Continuity

BC Program Launch Strategy

processes & systems in priority/group order

© ISO 2006 – All rights reserved 9