Embed Size (px)
Citation preview
Standards Development: A Primer for RIMS Members
Sponsored by RIMS Standards and Practices Committee
Outline
What are standards?Standards developmentNational standards institutes– ANSI
International organizations– International Standards Organization
(ISO)
How RIMS is influencing standards development
11-Feb-102
What Are Standards?A standard is a document, established by consensus that provides rules, guidelines or characteristics for activities or their results. (ISO/IEC Guide 2:2004)May specify performance of products or personnelMay define terms to alleviate as much misunderstanding as possibleExamples:– Ensure that light bulbs fit into sockets– Ensure film fits into cameras that can be purchased
anywhere in the world– Provide an international definition of “risk”
Apr 18, 20233
What Standards Are Not
Mandated regulationsControlsNecessarily “how to” documentsCertifications (nor require that an organization be certified to use a standard)
Apr 18, 20234
Standards DevelopmentStandards development is a method of documenting processes, principles, or technical requirements and recommendations that are established by authority, custom, or consentOrganizations who develop standards are called standards-setting organizations (SSOs) or standards-development organizations (SDOs)– Standards can be either regional, national, or
international.
Apr 18, 20235
Standards Development
Products of standards development can be– Informal
- Are often referred to as “specifications”- Usually do not involve participation by a significant part of any
industry, profession, or pertinent stakeholders- May not use a formal process during development - Over time may be accepted by stakeholders and then become the “de
facto” standard, or may be submitted for formal standardization
– Formal- Often referred to as “standards”- Based on a formal process- Usually consensus based incorporating viewpoints of several
stakeholders- ISO 31000:2009 Risk Management-Principles and Guidelines is an
example
6 Apr 18, 2023
Bottom Up
Independent Standards Development Organizations (SDO)
drive standardization activities
Bottom Up
Independent Standards Development Organizations (SDO)
drive standardization activities
Standards bodies coordinate standardization
activities
Standards bodies coordinate standardization
activities
Approach in many
economies
Approachin the United
States
Two Primary Approaches to Standards
7 Apr 18, 2023
National Standards Institutes
Many countries have a national standards institute that represents the country in international and regional standards activitiesExamples include
AFNOR (France) ANSI (US) BSI (UK) DIN (Germany) GOST R (Russia) IRAM (Argentina) JISC (Japan) KEBS (Kenya) SA (Australia) SAC (China) SASO (Saudi Arabia) CSA (Canada) SNZ (New Zealand) DGN (Mexico)
Apr 18, 20238
National Standards Institutes
Example: American National Standards Institute (ANSI)
Leading U.S. organization for coordinating and promoting voluntary consensus standards – U.S. representative in non-treaty international and
regional standards-setting activities– Entity that provides accreditation for US SDOs
ANSI Essential Requirements outline rules of engagement
– RIMS has applied to become an ANSI member
[www.ansi.org]
9
ANSI Structure: Standards Development View
Apr 18, 202310
ANSI Membership
Board of Directors
Executive Committee
Policy Committees
National Policy Committee (NPC)
Board of Standards Review (BSR)
Executive Standards Council
ANSI ISO Council (AIC)
ANSI ISO FORUM Technical Management Committee
US National Committee IEC Council (USNC)
International organizations usually considered to be those with country membership, e.g.,– International Organization for Standardization
(ISO)– European Committee for Standardization– International Electrotechnical Commission (IEC)– International Telecommunications Union (ITU)
International Non-Governmental Organizations
Apr 18, 202311
ISODeveloper of International Standards– Central coordination in Geneva, Switzerland– Network of national standards institutes of
162 countries, with one member per country ANSI is the US representative to ISO
– Involved with standardization of various technical areas, including risk management principles and processes
Risk management standards being developed in various technical committees and working groups, including
– ISO Technical Committee 223 (TC 223), Societal Security– Technical Management Board (TMB) Working Group on
risk management
Apr 18, 202312
ISO structure: Standards Development View
Apr 18, 202313
GENERAL ASSEMBLY
Principal OfficersDelegates of:
Member bodies Correspondent members
Subscriber members
COUNCIL
CENTRAL SECRETARIAT
TECHNICAL MANAGEMENT BOARD (TMB)
Strategic and technical advisory groups and Committee on reference material (REMCO)
Technical committees (TCs)
Policy development committees
Committees on Conformity assessment (CASCO) Consumer policy (COPOLCO) Developing country matters (DEVCO)
Technical subcommittees (SCs)
Technical working groups (WGs)
ISO standards development
Three main phases– Need communicated to national member body
who proposes the new work item to ISO. Technical scope defined in appropriate working group.
– Draft international standard developed in working group, then elevated to the relevant technical committee for approval. The draft international standard (DIS) is then circulated to the countries through the national bodies for comments.
Apr 18, 202314
ISO standards development
– Requirements for formal approval of the final draft international standard (FDIS):
Approval by two-thirds of the ISO members that participated actively in the standards development
Approval by 75% of all members that vote.
– Following approval, the document is published as an International Standard (IS).
[www.iso.org]
Apr 18, 202315
Standards Hierarchy
TOOLS
GUIDELINES
REQUIREMENTS
TERMINOLOGY
FRAMEWORK
RISK QUALITY TECHNOLOGY ENVIRONMENTAL
ISO GUIDE 73
ISO 14001
ISO/IEC 27001
ISO/IEC 15408
OHSAS 18001
ISO 31010
NFPA 101
NFPA 75ANSI/ASHRAE 62
HB 436
AS/NZS 4360
ISO 9001
ISO GUIDE 14050
ISO/IEC 27002ISO 10005
SAFETY
CSA Q850
SAQ ONR 49001
AFNOR CN FD_X50-252
ISO 31000 PRINCIPLES
16 Apr 18, 2023
How RIMS Is Influencing Standards Development
– Collaborating with existing SDOs who submit standards to ISO for adoption
– Developing liaison relationships with ISO technical committees
– Submitting comments through ANSI technical advisory groups (TAGs) to ISO technical committees that are in the process of developing standards
– Educating RIMS Members
Apr 18, 202317
Presentation Developed By:
Yvette Ho SangRisk Management AnalystIEEE Standards Association
Member of RIMS Standards and Practices [email protected]
With contributions from members of RIMS Standards and Practices Committee
If you have questions, please contact Nathan Bacchus at [email protected].
Apr 18, 202318
ISO 31000: 2009 Risk Management – Principles and Guidelines
AS/NZS 4360:2004 Risk Management Australian/New Zealand Standard
ISO GUIDE 73:2009 Risk Management – Vocabulary
HB 436:2004 Risk Management Guidelines: a Companion to AS/NZS 4360:2004
ISO 31010:2009 Risk Management – Risk Assessment
NFPA 101:2009 Life Safety Code®
ANSI/ASHRAE 62.1-2007 Standard on Ventilation for Acceptable Indoor Air Quality
OHSAS 18001:2007 Occupational Health and Safety
ISO 9001:2008 Quality Management Systems – Requirements
NFPA 75:2009 Standard for the Protection of Information Technology Equipment
ISO/IEC 27001:2005 Information Security Management Systems – Requirements
ISO/IEC 27002:2005 Information Technology – Code of Practice
ISO/IEC 15408:2005/2008 (3 parts) Evaluation Criteria for IT Security
ISO 14001:2004 Environmental Management Systems - Requirements
ISO 14050:2009 Environmental - Vocabulary
CSA Q850-10 Risk Management – Implementation of CAN/CSA-ISO 31000
ISO 10005:2005 Quality Management Systems – Guidelines for Quality Plans
ISO 28000:2007 Security Management Systems for the Supply Chain
ANSI / ASIS SPC.1:2009 Organizational Resilience: Security Preparedness, and Continuity Management Systems – Requirements with Guidance for Use
Referenced Standards
