ISO 22392:2020

INTERNATIONAL ISO
STANDARD 22392
First edition
2020-02
Security and resilience — Community
resilience — Guidelines for conducting
peer reviews
Sécurité et résilience — Résilience des communautés — Lignes
directrices pour mener des examens par des pairs
Reference number
ISO 22392:2020(E)
©
ISO 2020

---------------------- Page: 1 ----------------------
ISO 22392:2020(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2020
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 22392:2020(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Plan the peer review . 2
4.1 General . 2
4.2 Decide the level of administration to be peer reviewed. 3
4.3 Agree the expected benefits of the peer review . 3
4.4 Agree the objectives of the peer review . 3
4.5 Agree the high-level timeline for the peer review . 4
4.6 Decide whether a self-assessment will be completed before the peer review . 4
4.7 Consider the cost/benefit of hosting the peer review . 4
4.8 Identify parties who are interested in the peer review . 5
4.9 Select the analysis areas to be peer reviewed . 5
4.10 Appoint an organization to coordinate the peer review . 5
4.11 Agree the terms of the peer review . 5
4.12 Select personnel from the host to provide information to the reviewers . 6
4.13 Appoint reviewers . 6
5 Conduct the peer review . 7
5.1 General . 7
5.2 Identify the attributes of conducting the peer review . 7
5.3 Plan the peer review process . 8
5.4 Prepare personnel to provide information to reviewers. 9
5.5 Provide information to reviewers about each analysis area . 9
5.5.1 General. 9
5.5.2 Information on the strategy, vision and leadership for each analysis area .10
5.5.3 Information on the collection and use of intelligence for each analysis area .10
5.5.4 Information on the management of processes, systems, planning and
audits for each analysis area .10
5.5.5 Information on the coordination and communication of operations for
each analysis area .11
5.5.6 Information on the delivery of operations for each analysis area .11
5.6 Prepare and ask questions about each analysis area .11
5.7 Record observations and views about each analysis area .11
5.8 Analyse the information and form an opinion about each analysis area .12
5.9 Deliver consolidated feedback on each analysis area .12
6 Assess the impact of the peer review .12
6.1 General .12
6.2 Assess impact during the peer review .13
6.3 Assess impact after the peer review.13
6.3.1 General.13
6.3.2 Assess impact on practice using a quantitative approach .13
6.3.3 Assess impact on practice using a qualitative approach .14
7 Improve the process of the peer review .14
7.1 General .14
7.2 Identify improvements to the peer review process .14
7.3 Identify improvements to how the impact of the peer review process is assessed .15
Annex A (informative) Example tasks to be conducted before, during and after the peer
review visit .16
Annex B (informative) Descriptions of analysis areas to be peer reviewed .17
© ISO 2020 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 22392:2020(E)

Annex C (informative) Example of an evidence-recording template .25
Annex D (informative) Example peer review visit timetable .31
Annex E (informative) Generic discussion points and questions to ask about each analysis area .33
Annex F (informative) Example form for reviewer to record information .34
Bibliography .35
iv © ISO 2020 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 22392:2020(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO’s adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/
iso/ foreword .html.
This document was prepared by Technical Committee ISO/TC 292, Security and resilience.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2020 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO 22392:2020(E)

Introduction
A peer review to enhance community resilience is a unique and privileged opportunity for a host
country, region, city or community to engage in a constructive process to reflect on its activities with a
team of independent professionals, e.g. on disaster risk reduction (DRR). It encourages conversations,
promotes the exchange of good practice, and examines the performance of the entity being reviewed
to enhance mutual learning and so can be of value to those who seek to further develop their practices.
It can enhance preparedness for an incident and support learning from incidents and exercises. It is
different to an audit in that a peer review may be optional, and an organization can design it according
to its needs.
A peer review can be a catalyst for change and can enrich learning through bringing together a multi-
disciplinary panel of trusted and competent experts from a range of technical, political and cultural
backgrounds to concentrate on the host’s situation. In the most beneficial peer reviews, both the
host and the reviewers benefit by collecting and analysing the latest intelligence (understanding and
information about the context), discussing the current situation, generating ideas, and exploring new
opportunities to further strengthen activities in their own context. Mutual learning is facilitated by
sharing good practice, identifying alternative approaches to policy and operations, and exploring
critical questioning to consider how similar challenges are confronted elsewhere. Trusted relationships
can form that can facilitate the development of innovative solutions to challenges.
These benefits are one reason why conducting peer reviews is consistent with the Sendai Framework
[7]
for Disaster Risk Reduction 2015–2030 and its global target to have more countries with national
and local strategies for DRR by 2020. Conducting peer reviews to enhance DRR also complements the
United Nations’ Sustainable Development Goal 11 to make cities and human settlements inclusive, safe,
[4]
resilient and sustainable , as it seeks to align entities through an integrated approach and sharing
learning and benchmark information between hosts and reviewers. The guidelines in this document
can also contribute to enhancing resilience and risk reduction.
The entities that can benefit from peer reviews include national, regional, local and organizational levels
of governance, which may voluntarily engage with a peer review, or do so as part of a wider initiative of
improvement. The peer review process for enhancing community resilience described in this document
is not intended to be used as means for comparing one entity with another. Instead, it encourages cross-
border cooperation to understand and improve performance. Since every host and team of reviewers
are different, the outcome of each review will be too. The key to success is having one question at the
forefront of the peer review: What will most help us all to enhance our performance?
Figure 1 provides an overview of how to conduct a peer review.
vi © ISO 2020 – All rights reserved

---------------------- Page: 6 ----------------------
ISO 22392:2020(E)

Figure 1 — Overview of the process to conduct a peer review
© ISO 2020 – All rights reserved vii

---------------------- Page: 7 ----------------------
INTERNATIONAL STANDARD ISO 22392:2020(E)
Security and resilience — Community resilience —
Guidelines for conducting peer reviews
1 Scope
This document gives guidelines for organizations to design, organize, conduct, receive feedback from
and learn from a peer review of their disaster risk reduction (DRR) policies and practices. It is also
applicable to other community resilience activities. It is intended for use by organizations with the
responsibility for, or involvement in, managing such activities including policy and preparedness,
response and recovery operations, and designing preventative measures (e.g. for the effects of
environmental changes such as those from climate change).
It is applicable to all types, structures and sizes of organizations, such as local, regional and national
governments, statutory bodies, non-governmental organizations, businesses, and public and community
groups. It is applicable before or after an incident or exercise.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 22300, Security and resilience — Vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 22300 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
peer review
process used by a reviewer (3.3) to examine the performance of a host (3.2), provide feedback on an
analysis area (3.4) and learn lessons that are transferable to its own context
Note 1 to entry: A peer review may cover multiple analysis areas.
Note 2 to entry: The host may replace “review” with a synonym such as “assessment”, “appraisal” or “analysis” to
better describe the activity.
3.2
host
entity that receives feedback from a reviewer (3.3) as part of a peer review (3.1)
Note 1 to entry: The entity may be an organization, partnership, community, city, region, country or other body.
© ISO 2020 – All rights reserved 1

---------------------- Page: 8 ----------------------
ISO 22392:2020(E)

3.3
reviewer
entity that provides feedback as part of a peer review (3.1) with expert knowledge and experience in the
analysis area (3.4)
Note 1 to entry: The entity may be an organization, partnership, community, city, region, country or other body.
3.4
analysis area
subject matter that has been selected to be peer reviewed (3.1)
EXAMPLE Governance of risk management, assessment of risk, financial capacity, urban development,
climate change adaptation and ecosystem protection, institutional capacity, community and societal capacity,
economic and business continuity, infrastructure, public health, recovering and rebuilding.
3.5
analysis system
set of interconnecting parts that work together to form and deliver an analysis area (3.4)
3.6
review visit
participation by reviewers (3.3) in peer review (3.1) activities at the host (3.2) location(s)
Note 1 to entry: Review visit activities include presentations, individual interviews, focus groups, site visits, and
the observation of live and table-top exercises.
3.7
benefit
measurable improvement resulting from the changes introduced as a result of a peer review (3.1)
Note 1 to entry: Benefits can be tangible or intangible, quantifiable or non-quantifiable, and financial or non-
financial.
4 Plan the peer review
4.1 General
It is important that the host plans effectively for the peer review so that its delivery (see Clause 5) is
successful. Planning the peer review will put in place the arrangements so that the reviewers have a
maximum clarity of purpose from the host, and vice versa.
This clause describes planning for the peer review, including to:
— decide the level of administration to be peer reviewed (see 4.2);
— agree the expected benefits of the peer review (see 4.3);
— agree the objectives of the peer review (see 4.4);
— agree the high-level timeline for the peer review (see 4.5);
— decide whether a self-assessment will be completed before the peer review (see 4.6);
— consider the cost/benefit of hosting the peer review (see 4.7);
— identify parties who are interested in the peer review (see 4.8);
— select the analysis areas to be peer reviewed (see 4.9);
— appoint an organization to coordinate the peer review (see 4.10);
— agree the terms of the peer review (see 4.11);
2 © ISO 2020 – All rights reserved

---------------------- Page: 9 ----------------------
ISO 22392:2020(E)

— select personnel from the host to provide information to the reviewers (see 4.12);
— appoint reviewers (4.13).
4.2 Decide the level of administration to be peer reviewed
Peer reviews can be an effective approach to reflect on the activities being conducted at any level of
administration. The host should decide whether the peer review should focus on the national, regional,
local or organizational levels.
More than one level of administration may be the focus of the peer review, in which case, the amount of
time available for the peer review should be increased to reflect the added complexity.
4.3 Agree the expected benefits of the peer review
The peer review should have expected benefits for the host and for reviewers and these should be agreed
before organizing the peer review to provide clear expected impacts from the outcomes of the review.
There should be expected benefits for each selected analysis area (see 4.9) to ensure clarity of the
measurable improvement being sought.
The host and reviewers should define each of their expected benefits. This should:
— agree with their interested parties the benefits they expect from participating in the review (e.g.
benefits to their performance, analysis areas, or other benefits such as learning or networking);
— describe each benefit and identify the benefit owner who is responsible for it (i.e. who will: plan
the timing of changes to deliver the benefit; prepare the context for the changes; implement the
changes; manage the changes to avoid negative side-effects);
— define the objectives (see 4.4) that support each benefit;
— identify a measure of each benefit, including a current value for the measure and a target change in
the value as a result of the peer review; if a benefit is not measurable directly, then a proxy measure
should be identified;
— communicate information on benefits to each other (i.e. the reviewers should communicate their
expectations to the host, and vice versa);
— consider these expectations when planning the peer review process (see 5.3) to ensure all
expectations are addressed.
4.4 Agree the objectives of the peer review
The host should agree clear objectives for the peer review in terms of how it will deliver the benefits
(see 4.3) and strengthen its performance in selected analysis areas (see 4.9). Objectives should include
how the peer review should enhance analysis areas in terms of:
— strategy, vision and leadership; this should include developing the culture and strategies;
— collection and use of information; this should include developing the analyses of external and
internal data and information, building strategic collaborations, exploring the wider environment,
and foreseeing future risks;
— management of systems, processes, planning and audits; this should include developing the
management structure, planning processes, sustainable resource management, analysing corporate
risks, functions that support operational delivery, business continuity, performance measurement,
external audits, and learning from itself and others;
© ISO 2020 – All rights reserved 3

---------------------- Page: 10 ----------------------
ISO 22392:2020(E)

— coordination of, and communication with, operations; this should include developing the coordination
of resources and partners, sharing information effectively internally and externally, and notifying
senior leaders when situations change with significant implications;
— delivery of operations; this should include developing the structure of delivering operations,
managing effective and efficient on-site delivery, autonomy of delivery units, and adapting to
feedback from beneficiaries and other interested parties during operational delivery.
These elements are the five analysis systems, which are used in 5.5.1 to review the performance of each
analysis area.
4.5 Agree the high-level timeline for the peer review
To enable initial planning, the host should agree an anticipated timeline for the delivery of the peer
review, including:
— the official start date of the peer review period;
— when the review visit should take place;
— the delivery date of the consolidated report from the reviewers (see 5.9).
A detailed timeline should be developed in the delivery phase of the peer review, see Annex A.
4.6 Decide whether a self-assessment will be completed before the peer review
The host should consider whether they will complete a self-assessment as a preparation for the peer
review. Options for a self-assessment include a document review (e.g. of risk register, strategy, plans),
internal dialogues (e.g. discussions between staff and interested parties), and self-evaluation of current
performance and costs.
A self-assessment takes time and effort, but its potential benefits include:
— enabling the host to gather evidence of activities in a structured way;
— enabling the host to establish its own view of its activities;
— providing benchmarks for the peer review;
— informing the selection of benefits and measures of the peer review (see 4.3);
— assisting in selecting analysis areas that would be most beneficial to be peer reviewed;
— providing additional information to reviewers as part of background information.
[6]
An option for self-assessment is the UNISDR Preliminary Disaster Resilience Scorecard for Cities .
4.7 Consider the cost/benefit of hosting the peer review
The host should consider the cost of conducting the peer review (e.g. travel costs, meeting costs,
administration costs, opportunity costs). As the initiator of the review and the major beneficiary, the
host should expect to pay all costs associated with the review unless another source of funding is
available.
Using information on the costs and the benefits (see 4.3) of the review, the host should assess if there is
a sufficient return on investment from conducting the peer review. The assessment should be used to:
— judge the case for conducting the peer review;
— judge the case for the scale of the peer review;
— calibrate the breadth and depth of the peer review to ensure a sufficient return on investment.
4 © ISO 2020 – All rights reserved

---------------------- Page: 11 ----------------------
ISO 22392:2020(E)

4.8 Identify parties who are interested in the peer review
The host should identify organizations and individuals, groups and partners with an interest in the
process or outcome of the peer review to consider if they should be involved in the design and delivery
of the review. The host should:
— identify parties with an interest in enhancing performance (e.g. elected officials, those indirectly
or directly affected by the review, those wishing to learn from the review, citizens and their
representatives);
— consider the implications of involving or not involving interested parties in the peer review process;
— decide if and how interested parties should be involved in the peer review process;
— review who are the important interested parties once the analysis areas have been selected (see 4.9).
Examples of interested party groups include government officials, responders, private sector staff,
academics, citizens, citizen representatives and elected officials.
4.9 Select the analysis areas to be peer reviewed
With the influential interested parties (see 4.8) and, potentially, the reviewers (see 4.13) and, if
conducted, using the results of the self-assessment (see 4.6), the host should select the analysis areas to
be reviewed according to its preferences and the agreed objectives (see 4.4). See Annex B for potential
analysis areas. As each analysis area is estimated to take one day of a review visit (plus activities
before the visit), the host should decide on the number, depth and specificity of the analysis areas to be
reviewed.
Risk management and assessment of risk are two important analysis areas that should be included in
every peer review to provide sufficient background information to reviewers. If these two analysis
areas are not included, then information of sufficient detail on these topics should be provided to
reviewers.
The host should select the analysis areas to be reviewed. Descriptions of the options are provided in
Annex B. The selection of analysis areas will depend on the duration of the review visit. Some analysis
areas are of a strategic nature while others are operational.
Not every peer review should cover all the analysis areas in Annex B. In addition to those in Annex B,
the host should consider if there are any other analysis areas that should be reviewed. The design of
those should follow those outlined in Annex B.
4.10 Appoint an organization to coordinate the peer review
Once the interested parties (see 4.8), benefits (see 4.3) and objectives (see 4.4) have been identified, the
host should appoint an organization to coordinate the peer review, including to:
— project-manage the delivery of the peer review to achieve the objectives of the review and support
the benefit owners;
— conduct the administrative arrangements of the pee
...