1 / 19

Standards Development: A Primer for RIMS Members

Standards Development: A Primer for RIMS Members. Sponsored by RIMS Standards and Practices Committee. Outline. What are standards? Standards development National standards institutes ANSI International organizations International Standards Organization (ISO)

eze
Télécharger la présentation

Standards Development: A Primer for RIMS Members

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Standards Development: A Primer for RIMS Members Sponsored by RIMS Standards and Practices Committee

  2. Outline • What are standards? • Standards development • National standards institutes • ANSI • International organizations • International Standards Organization (ISO) • How RIMS is influencing standards development

  3. What Are Standards? • A standard is a document, established by consensus that provides rules, guidelines or characteristics for activities or their results. (ISO/IEC Guide 2:2004) • May specify performance of products or personnel • May define terms to alleviate as much misunderstanding as possible • Examples: • Ensure that light bulbs fit into sockets • Ensure film fits into cameras that can be purchased anywhere in the world • Provide an international definition of “risk”

  4. What Standards Are Not • Mandated regulations • Controls • Necessarily “how to” documents • Certifications (nor require that an organization be certified to use a standard)

  5. Standards Development • Standards development is a method of documenting processes, principles, or technical requirements and recommendations that are established by authority, custom, or consent • Organizations who develop standards are called standards-setting organizations (SSOs) or standards-development organizations (SDOs) • Standards can be either regional, national, or international.

  6. Standards Development • Products of standards development can be • Informal • Are often referred to as “specifications” • Usually do not involve participation by a significant part of any industry, profession, or pertinent stakeholders • May not use a formal process during development • Over time may be accepted by stakeholders and then become the “de facto” standard, or may be submitted for formal standardization • Formal - Often referred to as “standards” - Based on a formal process • Usually consensus based incorporating viewpoints of several stakeholders • ISO 31000:2009 Risk Management-Principles and Guidelines is an example

  7. Approachin the United States Approach in many economies Two Primary Approaches to Standards Standards bodies coordinate standardization activities Bottom Up Independent Standards Development Organizations (SDO) drive standardization activities

  8. National Standards Institutes • Many countries have a national standards institute that represents the country in international and regional standards activities • Examples include • AFNOR (France) ANSI (US) • BSI (UK) DIN (Germany) • GOST R (Russia) IRAM (Argentina) • JISC (Japan) KEBS (Kenya) • SA (Australia) SAC (China) • SASO (Saudi Arabia) CSA (Canada) • SNZ (New Zealand) DGN (Mexico)

  9. National Standards Institutes Example: American National Standards Institute (ANSI) • Leading U.S. organization for coordinating and promoting voluntary consensus standards • U.S. representative in non-treaty international and regional standards-setting activities • Entity that provides accreditation for US SDOs • ANSI Essential Requirements outline rules of engagement • RIMS has applied to become an ANSI member [www.ansi.org]

  10. ANSI Membership Board of Directors Executive Committee Policy Committees National Policy Committee (NPC) ANSI ISO Council (AIC) US National Committee IEC Council (USNC) Board of Standards Review (BSR) ANSI ISO FORUM Technical Management Committee Executive Standards Council ANSI Structure: Standards Development View

  11. International Non-Governmental Organizations • International organizations usually considered to be those with country membership, e.g., • International Organization for Standardization (ISO) • European Committee for Standardization • International Electrotechnical Commission (IEC) • International Telecommunications Union (ITU)

  12. ISO • Developer of International Standards • Central coordination in Geneva, Switzerland • Network of national standards institutes of 162 countries, with one member per country • ANSI is the US representative to ISO • Involved with standardization of various technical areas, including risk management principles and processes • Risk management standards being developed in various technical committees and working groups, including • ISO Technical Committee 223 (TC 223), Societal Security • Technical Management Board (TMB) Working Group on risk management

  13. GENERAL ASSEMBLY Principal OfficersDelegates of: Member bodies Correspondent members Subscriber members Policy development committees Committees on Conformity assessment (CASCO) Consumer policy (COPOLCO) Developing country matters (DEVCO) TECHNICAL MANAGEMENT BOARD (TMB) COUNCIL CENTRAL SECRETARIAT Strategic and technical advisory groups and Committee on reference material (REMCO) Technical committees (TCs) Technical subcommittees (SCs) Technical working groups (WGs) ISO structure: Standards Development View

  14. ISO standards development • Three main phases • Need communicated to national member body who proposes the new work item to ISO. Technical scope defined in appropriate working group. • Draft international standard developed in working group, then elevated to the relevant technical committee for approval. The draft international standard (DIS) is then circulated to the countries through the national bodies for comments.

  15. ISO standards development • Requirements for formal approval of the final draft international standard (FDIS): • Approval by two-thirds of the ISO members that participated actively in the standards development • Approval by 75% of all members that vote. • Following approval, the document is published as an International Standard (IS). [www.iso.org]

  16. Standards Hierarchy AS/NZS 4360 ISO 31000 PRINCIPLES SAQ ONR 49001 FRAMEWORK AFNOR CN FD_X50-252 ISO GUIDE 73 ISO GUIDE 14050 TERMINOLOGY NFPA 101 ISO 9001 ISO 14001 REQUIREMENTS ANSI/ASHRAE 62 NFPA 75 OHSAS 18001 ISO/IEC 27001 HB 436 GUIDELINES ISO 10005 ISO/IEC 27002 CSA Q850 ISO/IEC 15408 TOOLS ISO 31010 RISK SAFETY QUALITY TECHNOLOGY ENVIRONMENTAL

  17. How RIMS Is Influencing Standards Development • Collaborating with existing SDOs who submit standards to ISO for adoption • Developing liaison relationships with ISO technical committees • Submitting comments through ANSI technical advisory groups (TAGs) to ISO technical committees that are in the process of developing standards • Educating RIMS Members

  18. Presentation Developed By: Yvette Ho Sang Risk Management Analyst IEEE Standards Association Member of RIMS Standards and Practices Committee y.hosang@ieee.org With contributions from members of RIMS Standards and Practices Committee If you have questions, please contact Nathan Bacchus at nbacchus@rims.org.

  19. Referenced Standards ISO 31000: 2009 Risk Management –Principles and Guidelines AS/NZS 4360:2004 Risk Management Australian/New Zealand Standard ISO GUIDE 73:2009 Risk Management –Vocabulary HB 436:2004 Risk Management Guidelines: a Companion to AS/NZS 4360:2004 CSA Q850-10 Risk Management – Implementation of CAN/CSA-ISO 31000 ISO 31010:2009 Risk Management –Risk Assessment NFPA 101:2009 Life Safety Code® ANSI/ASHRAE 62.1-2007 Standard on Ventilation for Acceptable Indoor Air Quality OHSAS 18001:2007 Occupational Health and Safety ISO 9001:2008 Quality Management Systems – Requirements ISO 10005:2005 Quality Management Systems –Guidelines for Quality Plans NFPA 75:2009 Standard for the Protection of Information Technology Equipment ISO/IEC 27001:2005 Information Security Management Systems – Requirements ISO/IEC 27002:2005 Information Technology – Code of Practice ISO/IEC 15408:2005/2008 (3 parts) Evaluation Criteria for IT Security ISO 14050:2009 Environmental - Vocabulary ISO 14001:2004 Environmental Management Systems - Requirements ISO 28000:2007 Security Management Systems for the Supply Chain ANSI / ASIS SPC.1:2009 Organizational Resilience: Security Preparedness, and Continuity Management Systems – Requirements with Guidance for Use

More Related