SIST EN ISO 22300:2021

SLOVENSKI STANDARD
SIST EN ISO 22300:2021
01-maj-2021
Nadomešča:
SIST EN ISO 22300:2018
Varnost in vzdržljivost - Slovar (ISO 22300:2021)
Security and resilience - Vocabulary (ISO 22300:2021)
Sicherheit und Resilienz - Vokabular (ISO 22300:2021)
Sécurité et résilience - Vocabulaire (ISO 22300:2021)
Ta slovenski standard je istoveten z: EN ISO 22300:2021
ICS:
01.040.03 Storitve. Organizacija Services. Company
podjetja, vodenje in kakovost. organization, management
Uprava. Transport. and quality. Administration.
Sociologija. (Slovarji) Transport. Sociology.
(Vocabularies)
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
SIST EN ISO 22300:2021 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

Sécurité et résilience - Vocabulaire (ISO 22300:2021) Sicherheit und Resilienz - Vokabular (ISO 22300:2021)

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this

European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references

concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN

This European Standard exists in three official versions (English, French, German). A version in any other language made by

translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,

Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,

Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and

© 2021 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 22300:2021 E

European foreword ....................................................................................................................................................... 3

This document (EN ISO 22300:2021) has been prepared by Technical Committee ISO/TC 292 "Security

and resilience" in collaboration with Technical Committee CEN/TC 391 “Societal and Citizen Security”

This European Standard shall be given the status of a national standard, either by publication of an

identical text or by endorsement, at the latest by September 2021, and conflicting national standards

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. CEN shall not be held responsible for identifying any or all such patent rights.

According to the CEN-CENELEC Internal Regulations, the national standards organizations of the

following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,

Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,

Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of

North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the

The text of ISO 22300:2021 has been approved by CEN as EN ISO 22300:2021 without any modification.

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

3.1 Terms related to security and resilience .......................................................................................................................... 1

3.2 Terms related to counterfeiting tax stamps ................................................................................................................38

3.3 Terms related to supply chain .................................................................................................................................................43

3.4 Terms related to CCTV ...................................................................................................................................................................44

Bibliography .............................................................................................................................................................................................................................46

Index .................................................................................................................................................................................................................................................47

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

Any trade name used in this document is information given for the convenience of users and does not

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO’s adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/

This document was prepared by Technical Committee ISO/TC 292, Security and resilience, in

collaboration with the European Committee for Standardization (CEN) Technical Committee CEN/

TC 391, Societal and Citizen Security, in accordance with the Agreement on technical cooperation

This third edition cancels and replaces the second edition (ISO 22300:2018), which has been technically

— terms have been added from recent published documents and documents transferred to ISO/TC 292;

— the terminological entries have been separated into subclauses by subject matter.

Any feedback or questions on this document should be directed to the user’s national standards body. A

This document provides definitions of generic terms and subject-specific terms related to documents

produced by ISO/TC 292. It covers the ISO 22300 family of standards as well as some documents in the

It aims to encourage a mutual and consistent understanding and use of uniform terms and definitions

This document can be applied as a reference by competent authorities, as well as by specialists involved

in standardization systems, to better and more accurately understand relevant text, correspondences

The terms and definitions in 3.2, 3.3, 3.4 apply only to counterfeiting tax stamps standards, to supply

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

ability of the rights holders (3.1.214) to use or benefit (3.1.17) from a certain service or product

Note 1 to entry: Restrictions can be caused by distance to the source (e.g. water supply network does not reach a

certain neighbourhood) or unaffordability (e.g. service is too costly for a certain household or group of people),

location that has been impacted by a disruptive event (3.1.76) (incident, accident, disaster)

document (3.1.77) that records, describes and analyses the actual disruption (3.1.75) or exercise (3.1.97),

drawing on debriefs and reports from observers (3.1.163), and derives lessons from it

Note 1 to entry: The after-action report documents the results from the after-action review (3.1.211).

part of public warning (3.1.197) that captures attention of first responders and people at risk (3.1.176) in

naturally occurring event (3.1.96), human induced event (both intentional and unintentional) and

technology caused event with potential impact (3.1.118) on an organization (3.1.165), community

work location, other than the primary location, to be used when the primary location is not accessible

EXAMPLE Governance of risk management (3.1.224), assessment of risk, financial capacity, urban

development, climate change adaptation and ecosystem protection, institutional capacity, community (3.1.39)

and societal capacity, economic and business continuity (3.1.19), infrastructure (3.1.128), public health, recovering

set of interconnecting parts that work together to form and deliver an analysis area (3.1.10)

location that could be affected by a disruptive event (3.1.76) (incident, accident, disaster)

Note 1 to entry: Assets include but are not limited to human, physical, information (3.1.127), intangible and

systematic, independent and documented process (3.1.190) for obtaining audit evidence and evaluating

Note 1 to entry: An audit can be an internal audit (3.1.134) (first party) or an external audit (second party or third

Note 2 to entry: An internal audit is conducted by the organization (3.1.165) itself, or by an external party on

Note 4 to entry: The fundamental elements of an audit include the determination of the conformity (3.1.44) of an

object (3.1.161) according to a procedure (3.1.189) carried out by personnel (3.1.179) not being responsible for the

Note 5 to entry: An internal audit can be for management (3.1.144) review (3.1.211) and other internal purposes

and can form the basis for an organization’s declaration of conformity. Independence can be demonstrated

by the freedom from responsibility for the activity (3.1.2) being audited. External audits include second- and

third-party audits. Second-party audits are conducted by parties having an interest in the organization, such

as customers, or by other persons on their behalf. Third-party audits are conducted by external, independent

auditing organizations, such as those providing certification/registration of conformity or government agencies.

Note 6 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO

management system standards. The original definition has been modified by adding Notes 4 and 5 to entry.

set of services delivered in education, health and social areas, as a means to fulfil basic needs

measurable improvement resulting from the changes introduced as a result of a peer review (3.1.174)

Note 1 to entry: Benefits can be tangible or intangible, quantifiable or non-quantifiable, and financial or non-

variability among living organisms from all sources including land, marine and other aquatic ecosystems

Note 1 to entry: This includes diversity within species, between species and of ecosystems. Biodiversity is thus

not only the sum of all ecosystems, species and genetic material, but rather represents the variability within and

capability of an organization (3.1.165) to continue the delivery of products and services (3.1.192) within

part of the overall management system (3.1.146) that establishes, implements, operates, monitors,

Note 1 to entry: The management system includes organizational structure, policies, planning activities,

responsibilities, procedures (3.1.189), processes (3.1.190) and resources (3.1.207).

documented information (3.1.78) that guides an organization (3.1.165) to respond to a disruption (3.1.75)

and resume, recover and restore the delivery of products and services (3.1.192) consistent with its

ongoing management (3.1.144) and governance process (3.1.190) supported by top management (3.1.279)

and appropriately resourced to implement and maintain business continuity management (3.1.20)

Note 1 to entry: In ISO 22301:2019, this term has been replaced by business continuity management system (3.1.21)

process (3.1.190) of analysing the impact (3.1.118) over time of a disruption (3.1.75) on the organization

Note 1 to entry: The outcome is a statement and justification of business continuity (3.1.19) requirements (3.1.204).

combination of all the strengths and resources (3.1.207) available within an organization (3.1.165),

community (3.1.39) or society that can reduce the level of risk (3.1.215) or the effects of a crisis (3.1.60)

Note 1 to entry: Capacity can include physical, institutional, social, or economic means as well as skilled personnel

road freight vehicle, railway freight wagon, freight container, road tank vehicle, railway tank wagon or

surveillance system comprised of cameras, recorders, interconnections and displays that is used to

monitor activities in a store, a company or more generally a specific infrastructure (3.1.128) and/or a

contextual or environmental change that has the potential to impact (3.1.118) upon the ability and

capacity (3.1.25) of an urban system (3.1.285) to address emerging risks and opportunities

measures taken and systems implemented to preserve the lives and health of citizens, their properties

Note 1 to entry: Undesired events can include accidents, emergencies (3.1.85) and disasters (3.1.73).

wide range of individuals, groups of people, networks, movements, associations and organizations

(3.1.165) that manifest and advocate for the interests of their members and others

Note 1 to entry: It can be based on philanthropic, cultural, religious, environmental or political values and

Note 2 to entry: This definition excludes for-profit companies and businesses, academia and all government-

formal association in which society voluntarily organizes around shared interests

Note 1 to entry: It includes political, cultural, environmental and faith-based organizations, as well as non-profit

Note 2 to entry: CSOs are institutionalized organizations, bearing some form of legal status, that represent

entity (3.1.91) that hires, has formerly hired, or intends to hire an organization (3.1.165) to perform

security operations (3.1.249) on its behalf, including, as appropriate, where such an organization

Note 1 to entry: A client can be internal (e.g. another division) or external to the organization.

total or partial inability of a person to differentiate between certain hues (3.1.113)

activities (3.1.2) of target-orientated decision-making, including assessing the situation, planning

(3.1.180), implementing decisions and controlling the effects of implementation on the incident (3.1.122)

system that supports effective emergency management (3.1.88) of all available assets (3.1.13) in a

preparation, incident response (3.1.126), continuity (3.1.50) and/or recovery (3.1.201) process (3.1.190)

continual and iterative processes (3.1.190) that an organization (3.1.165) conducts to provide, share

or obtain information (3.1.127), and to engage in dialogue with interested parties (3.1.132) and others

Note 1 to entry: The information can relate to the existence, nature, form, likelihood (3.1.142), severity, evaluation

(3.1.95), acceptability, treatment or other aspects of the management of risk and security operations management

Note 2 to entry: Consultation is a two-way process of informed communication between an organization and

its interested parties or others on an issue prior to making a decision or determining a direction on that issue.

[SOURCE: ISO/Guide 73:2009, 3.2.1, modified — “interested parties and others” has replaced

group of associated organizations (3.1.165), individuals and groups sharing common interests

Note 1 to entry: Impacted communities are the groups of people and associated organizations affected by the

method to communicate information (3.1.127) to the public through established networks

Note 1 to entry: The warning system can consist of risk knowledge, monitoring (3.1.155) and warning service,

dissemination and communication, and response capability to avoid, reduce risks (3.1.215) and prepare

characteristics and conditions of individuals, groups or infrastructures (3.1.128) that put them at risk

Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO

condition of an organizational system with many diverse and autonomous but interrelated and

interdependent components or parts where those parts interact with each other and with external

Note 1 to entry: Complexity is the characteristic of a system where behaviour cannot be determined only as the

Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO

Note 1 to entry: A consequence can be certain or uncertain and can have positive or negative direct or indirect

Note 3 to entry: Any consequence can escalate through cascading and cumulative effects.

loss of life, damage to property or economic disruption, including disruption (3.1.75) to transport

systems, that can reasonably be expected as a result of an attack (3.2.4) on an organization in the supply

external and internal factors to be taken into account when undertaking a capability assessment

— the cultural, social, political, legal, regulatory, financial, technological, economic, natural and competitive

— key drivers and trends having an impact (3.1.118) on the objectives (3.1.162) of the organization (3.1.165);

— relationships with, and perceptions and values of, external interested parties (3.1.132).

— resources (3.1.207) and knowledge [e.g. capital, time, people, processes (3.1.190), systems and technologies];

Note 1 to entry: This constitutes one of the common terms and core definitions of the high level structure for ISO

strategic and tactical capability, pre-approved by management (3.1.144), of an organization (3.1.165) to

plan for and respond to conditions, situations and events (3.1.96) in order to continue operations at an

Note 1 to entry: Continuity is the more general term for operational and business continuity (3.1.19) to ensure

an organization’s ability to continue operating outside of normal operating conditions. It applies not only to for-

profit companies, but to organizations of all types, such as non-governmental, public interest and governmental.

Note 1 to entry: Controls include, but are not limited to, any process (3.1.190), policy (3.1.181), device, practice, or

Note 2 to entry: Controls cannot always exert the intended or assumed modifying effect.

process (3.1.190) of working or acting together for common interests and values based on agreement