ISO 22313-2020中文简译(下)

From 8.3 业务连续性策略和解决方案 To 10.2 持续改进 (因中英文对照翻译内容较长，故将其分为上下两部分发布)

写在前面：众所周知，ISO 22301系列国际标准是当前业务连续性管理最佳实践的集大成者。本中文简译稿是为了方便关注业务连续性管理最佳实践的朋友们了解、学习业务连续性管理体系的最新国际标准—ISO 22313:2020，由多名专业人员组成的公益翻译团队共同翻译完成。2020年初，在翻译完ISO 22301:2020后，我就一直在关注ISO 22313新版的发布时间。ISO 22313:2020在2月底正式发布，4月1日我开始在知识星球和朋友圈征集公益翻译人员，很快由林丽玲、刘凌子、劉歆軼、刘宇、鲁荣丹、马骏、王晨、汪洁瑾、王鹏飞、孙书强、姚昊、姚修杰、张楠、张松滨、朱汉乐、苏瑛等专业人员组成了翻译团队。在6月已完成翻译初稿，但由于我个人时间原因，直到8月底才排出时间，在部分参考GB/T 31595-2015(等同采用ISO 22313:2012)等的基础上对全文进行统一审校定稿。

以下是公益翻译团队成员 (排名不分前后，按姓氏拼音排序)： 林丽玲(台湾，Lorton Lin) 刘凌子(175340811@qq.com) 劉歆軼(markjlord@msn.com) 刘宇(13316880733@189.cn) 鲁荣丹(2637807046@qq.com) 马骏(patrick.ma2018@outlook.com) 苏瑛(369188992@qq.com) 王晨(Wesley Wang) 汪洁瑾(Gin Wang) 王鹏飞(6181.wang@163.com) 孙书强(HSDJL2@126.com) 姚昊(239712415@qq.com) 姚修杰(yaoxiujie@foxmail.com) 张楠(zhang4@hotmail.com) 张松滨(306589775@qq.com) 朱汉乐(rebmeced@163.com)

感谢公益翻译团队的各位专业人员在疫情期间抽出个人休息时间进行翻译工作。如译文中有任何不准确或理解错误的地方，都是由于我的原因造成，与诸位翻译人员无关。如对译文有意见或修改建议，请给我留言。

另，《ISO 22301白皮书》将于近期同步进行更新，请关注ISO 22301系列国际标准的朋友们继续关注本公众号(ID:bcmplus)。

王曙(kevinwang) 2020.09

8.3 业务连续性策略和解决方案Business continuity strategies and solutions

8.3.1 总则 General

业务连续性策略是组织满足其业务连续性需求的可能方法。 — 业务连续性策略 宜 至少包含一个业务连续性 解决 方案，但可能需要多个 解决 方案来满足业务连续性要求。 — 业务连续性解决方案包括可用于实施业务战略的方法(途径)、安排、方法、程序、处置方法和措施。 解决 方案可用于多种策略。 Business continuity strategies are possible ways for the organization to meet its business continuity requirements. — Business continuity strategies should be comprised of at least one business continuity solution but may require more than one solution to meet business continuity requirements. — Business continuity solutions include approaches, arrangements, methods, procedures, treatments and actions that can be put in place to implement business strategies. Solutions can be used for more than one strategy.

业务连续性策略和 解决 方案： a) 使组织能够在要求的时间范围内以可接受的能力重续业务运营； b) 确定组织可以实施并随时间改进、用来缓解中断相关风险的能力。 Business continuity strategies and solutions: a) enable the organization to resume business operations within the required time frames and at an acceptable capacity; b) identify capabilities that the organization can implement and improve over time to mitigate disruption-related risks.

业务连续性策略的确定和业务连续性 解决 方案的选择 宜 基于业务影响分析(见8.2.2)和风险评估(见8.2.3)，并考虑相关的成本。 The identification of business continuity strategies and the selection of business continuity solutions should be based on the business impact analysis (see 8.2.2) and the risk assessment (see 8.2.3), taking into consideration the associated costs.

组织 宜 制定程序来确定和选择业务连续性策略和 解决 方案，包括评审和批准建议的 解决 方案。组织 宜 考虑可在中断之前、期间及之后实施的选项。 The organization should have in place procedures for identifying and selecting business continuity strategies and solutions, including review and approval of recommended solutions. The organization should consider options that can be implemented before, during and after a disruption.

8.3 . 2 确定策略和解决方案 Identification of s tr ategies and solutions 8.3 . 2.1 总则 General

大多数策略都需要一个或多个 解决 方案，但是对于某些组织活动，不采取措施或推迟重续 可能 是可接受的策略。 Most strategies require one or more solutions but, for some of the organization’s activities, doing nothing or deferring resumption may be acceptable strategies.

例如，用于重续活动的迁移策略可由若干 解决 方案组成，包括“紧急运输”，“网络重定向”和“替代人员配置”。这些解决方案也可以成为“延长工作时间”策略的一部分。 For example, a relocation strategy for resuming activities can be made up of a number of solutions including “emergency transport”, “network redirection” and “alternate staffing”. These solutions can also form part of the strategy “extending working hours”.

类似的，保护优先活动的生产策略可以由多个 解决 方案组成，包括“将产品A30％的制造从地点A转移到地点B”或“将产品A的制造拆分到地点C和地点D”。 Similarly, a production strategy for protecting prioritized activities can, for example, be made up of a number of solutions including “moving the manufacture of 30% of Product A from Location A to Location B” or “splitting the manufacture of Product A between Location C and Location D”.

为确保业务连续性计划(参见8.4.4)的运行不会受到中断的不利影响，组织可能需要采取预防措施，例如，将团队和要恢复的ICT系统分散到多个地点。但是并非总能实现各种规模和类型中断的分离，有必要认识到这种方式的局限性并与最高管理者达成一致。局限性可以用距离、最少人员或严重程度来表示，并会受到公共机构对严重或大范围的中断的响应的影响。 To ensure that the operation of business continuity plans (see 8.4.4) is not adversely affected by the disruption, the organization may need to take precautions, for example, separating teams and recovered ICT systems across multiple locations. Total separation for all scales and types of disruption is not always achievable and it may be necessary to identify limitations and agree them with top management. Limitations can be expressed in terms of distance, minimum personnel or severity, and can be influenced by the response of public agencies to severe or widespread disruptions.

组织 宜 确定适宜的策略和 解决 方案以： — 保护优先活动； — 稳定、连续、重续和恢复优先活动； — 缓解、响应和控制影响。 The organization should identify appropriate strategies and solutions for: — protecting prioritized activities; — stabilizing, continuing, resuming and recovering prioritized activities; — mitigating, responding to and managing impacts.

组织 宜 准备确定和选择业务连续性策略和 解决 方案的机制，包括批准和实施推荐的 解决 方案(见8.3)。 The organization should have in place a mechanism for determining and selecting business continuity strategies and solutions, including the approval and implementation of recommended solutions (see 8.3).

ISO/TS 22331提供了确定和选择业务连续性策略和 解决 方案的进一步指导。 ISO/TS 22331 provides further guidance on the determination and selection of business continuity strategies and solutions.

8.3 . 2.2 保护优先活动Protecting prioriti ze d activities

保护优先活动可以通过以下方式实现： — 降低活动受到中断影响的风险； — 将活动转给第三方(但责任仍由组织承担)。 Protection of prioritized activities may be achieved by: — reducing the risk of the activities being impacted by a disruption; — transferring activities to a third party (though the responsibility remains with the organization).

或者，如有切实可行的替代，可以改变活动的执行方式。 Alternatively, it can be possible to change how activities are performed if viable alternatives are available.

在确定保护优先活动的策略和 解决 方案时，组织 宜 考虑： — 已发觉的活动的脆弱性以及该活动停止可能产生的影响； — 措施的成本与预期收益的比较； — 该活动的紧迫性，由于只有较少的时间来解决问题； — 它们整体的可行性和适用性。 When identifying strategies and solutions for protecting prioritized activities, the organization should consider: — the perceived vulnerability of the activity and the impacts that would arise if the activity were to stop; — the cost of measures compared to the anticipated benefits; — the urgency of the activity, since there will be less time to resolve the issue; — their overall feasibility and suitability.

8 . 3.2 . 3 稳定、连续、重续和恢复优先活动 Stabilizing, conti nuin g, r esuming and r ecove rin g p ri oriti zed act i v itie s

为以议定的能力重续优先活动而设置的RTO，使组织能够确定策略以缩短中断时间、减少影响并及时恢复优先活动。 Setting RTOs for resuming prioritized activities at agreed capacity enables the organization to identify strategies to shorten the period of interruption, reduce impacts and enable the timely recovery of prioritized activities.

为确保优先活动能够在其RTO内重续， 宜 为其依赖关系和支持资源设定相匹配的RTO。组织还 宜 确定需要重续的依赖关系和支持资源的能力。设定这些RTO时，组织可能需要考虑： — 在需要全面恢复之前提供不同服务的可能性； — 确保有效动员人员； — 在必要时，鼓励和支持人员重返工作； — 推迟重续支持资源的依赖关系的临时方案(如手工过程)； — 积压和恢复丢失信息所需的时间； — 恢复要求的复杂性和规模，或对交付时间长的专业设备的需求。 To ensure that prioritized activities can be resumed within their RTOs, compatible RTOs should also be set for the dependencies and supporting resources. Organizations should also determine the capacities at which dependencies and supporting resources would need to be resumed. When setting these RTOs, the organization may need to consider: — the possibility of providing a different service until the point when full resumption is required; — ensuring that people are mobilized effectively; — providing encouragement and support for people returning to work at time of need; — workarounds (such as manual processes) that defer the need for resuming the dependency of supporting resources; — backlogs and time needed to recover lost information; — the complexity and scale of recovery requirements or the need for specialist equipment with a long lead time.

业务连续性策略可以包括： a) 活动迁移：一部分或所有活动转移到组织内部的其他部分，或者转移给组织外部的第三方，可以独立进行也可以通过互惠互助协议来进行。在确定重续活动的地点时， 宜 考虑受损/受影响的 站点 和未受损的备用 站点 ； b) 资源迁移或再分配：资源，包括员工在内，转移到组织内的另一地点或活动，或转给外部第三方； c) 替代过程和备用能力：建立替代过程或在过程和/或库存上创建冗余/备用能力； d) 临时应对方案：为在有限时间提供可接受的结果，一些活动可能会采用不同的工作方式。临时应对方案可能更加费时和/或费力(如，手工操作不同于自动化系统)。因此，临时应对方案通常仅适用于短期或推迟返回正常的情况。 Business continuity strategies may include the following. a) Activity relocation: The transfer of some or all activities either internally to another part of the organization or externally to a third party, either independently or through a reciprocal or mutual aid agreement. When determining locations at which to resume an activity, damaged/affected sites and undamaged alternate sites should be considered. b) Resource relocation or reallocation: Resources, including staff, are transferred to another location or activity within the organization, or externally to a third party. c) Alternate processes and spare capacity: Establishing alternate processes or creating redundancy/spare capacity in processes and/or inventory. d) Temporary workaround: Some activities may adopt a different way of working that provides acceptable results for a limited time. It is probable that the workaround will be more time-consuming and/or labour-intensive (e.g. a manual operation as opposed to an automated system). For these reasons, workarounds are generally only suitable for short periods of time or deferring a return to business as usual.

策略的例子包括： — 在备用地点提供备用生产能力； — 为关键人员提供远程工作能力。 Examples of strategies include: — providing spare manufacturing capacity at an alternate location; — providing remote working capabilities for key staff.

8.3.2.4 缓解、响应和控制影响 Mi t i ga tin g, r es pondin g to a nd m anag in g imp acts

缓解、响应和控制中断影响的策略可能包括： a) 保险：购买保险可为某些损失提供一定的经济补偿，但不能弥补所有费用(如，未投保风险、品牌，声誉、相关方价值、市场份额、对人力的影响)。单靠财务结算并不能完全保护组织并满足相关方的期望。保险范围更可能与其他 解决 方案结合使用； b) 资产修复：与专业公司签订后备服务合同，在资产损坏后清理或修复； c) 声誉管理：发展有效的预警和沟通能力(见8.4.3), 制定有效的事件沟通程序(参见8.4.4.5)。 Strategies for mitigating, responding to and managing the impacts of a disruption may include the following. a) Insurance: The purchase of insurance can provide some financial recompense for some losses but will not meet all costs (e.g. uninsured perils, brand, reputation, interested parties value, market share, human consequences). A financial settlement alone will not fully protect the organization and satisfy interested parties’ expectations. Insurance cover is more likely to be used in conjunction with other solutions. b) Asset restoration: Contracting the stand-by services of companies that specialize in the cleaning or repair of assets following their damage. c) Reputation management: Developing an effective warning and communication capability (see 8.4.3) and establishing effective incident communications procedures (see 8.4.4.5).

对于已确定需要处置的风险，组织 宜 根据其对风险的总体态度，考虑降低可能性、缩短时间和限制中断影响的方法。 For identified risks requiring treatment and in line with its overall attitude to risk, the organization should consider ways of reducing the likelihood, shortening the period and limiting the impacts of a disruption.

如果存在组织无法控制且可能会严重破坏组织的特定危害(如，地震或洪水)，组织 宜 酌情： — 确定策略，实施 解决 方案以限制其潜在影响； — 确定负责监测危害的外部机构； — 联系外部机构以了解其通知协议； — 分析通知协议，以确定它们是否符合组织的需求。 If there is a specific hazard over which the organization has no control and which could significantly disrupt the organization (e.g. earthquake or flooding), the organization should , where appropriate: — identify strategies and implement solutions for limiting its potential impact; — identify the external body responsible for monitoring the hazard; — contact the external body to understand its notification protocols; — analyse the notification protocols to determine if they align with the needs of the organization.

3 . 3 选择策略和解决方案Selec tion of s trat e gies and s olution s

业务连续性策略的选择 宜 基于其对以下的程度： a) 使优先活动能够在业务影响分析中确定的时间范围内以商定的能力重续(见 8.2.2 )； b）与组织可以承担或不可承担的风险的数量和类型相一致； c) 以可管理且合理的成本提供收益。 The selection of business continuity strategies should be based on the extent to which they: a) enable prioritized activities to be resumed at agreed capacity within time frames identified during the business impact analysis (see 8.2.2); b) are in line with the amount and type of risk that the organization may or may not take; c) deliver benefits at manageable and reasonable cost.

当组织的运营变化后，组织 宜 重新检查所有的 解决 方案。 The organization should re-examine all solutions when changes are made to the operation of the organization.

用于稳定、连续、重续或恢复优先活动的业务连续性 解决 方案往往成本高昂。如果组织认为存在这种情况， 宜 选择可接受且满足其业务连续性目标的替代 解决 方案，或根据4.3.3，将受影响的产品和服务视为BCMS范围外的删减。 Business continuity solutions for stabilizing, continuing, resuming or recovering a prioritized activity can often be prohibitively expensive. Where the organization estimates this to be the case, it should either select alternative solutions that are acceptable and meet its business continuity objectives or treat affected products and services as exclusions from the scope of the BCMS in accordance with 4.3.3.

当组织估计一个威胁极不可能发生或保护优先活动的成本过高时，组织可以选择接受风险，并作为持续BCMS绩效评估的一部分(见第9章)对其重新评估。接受风险还可能要求将受影响的产品或服务从BCMS的范围中删除。 Where the organization estimates a threat to be extremely unlikely or the cost of protecting a prioritized activity to be prohibitively expensive, it may choose to accept the risk and re-evaluate it as part of its ongoing BCMS performance evaluation (see Clause 9). Accepting the risk can also require the affected products or services to be removed from the scope of the BCMS.

8.3.4 资源要求 Re s ource r e quirem e nts

8.3 . 4.1 总则 Genera l

组织 宜 确定资源要求以实施所选 解决 方案。 The organization should determine the resource requirements to implement selected solutions.

组织 宜 建立： — 具有适当权限的适宜的团队或个人(对小规模组织而言)来监管事件的准备、响应和恢复； — 为服务、人员、资源、材料、生产或捐赠的设施进行定位、获取、存储、分配、维护、测试及记账的后勤保障能力和程序； — 财务、后勤和行政程序以支持在事件发生之前、期间、之后的业务连续性安排；这些程序 宜 ： — 确保财务决策可迅速做出； — 与已建立的职权等级、治理和会计原则相一致； — 响应时间、人员、设备、培训、设施、资金、保险、债务控制、专业知识、材料的资源管理目标，以及需要从组织资源库和任何供应商那里获取每种资源的时间表； — 与相关方协助、沟通、战略联盟和互惠互助的程序。 The organization should establish: — appropriate teams or, for smaller organizations, individuals with the appropriate authority to oversee incident preparedness, response and recovery; — logistical capabilities and procedures to locate, acquire, store, distribute, maintain, test and account for services, personnel, resources, materials and facilities produced or donated; — financial, logistical and administrative procedures to support the business continuity arrangements before, during and after an incident; these procedures should : — ensure that financial decisions can be expedited; — be in accordance with established authority levels, governance and accounting principles; — resource management objectives for response times, personnel, equipment, training, facilities, funding, insurance, liability control, expert knowledge, materials and the time frames within which each will be needed from organization’s resources and from any suppliers; — procedures for interested party assistance, communications, strategic alliances and reciprocal or mutual aid.

8.3.4.2 人员Peop l e

8.3. 4. 2 . 1 总则 General

组织 宜 配备有能力响应和管理事件的人员，参与重续优先活动。 The organization should have people with the competency to respond to and manage incidents, and participate in the resumption of prioritized activities.

8.3.4.2 .2 事件响应Incid e nt re s pon se

组织 宜 指定具有管理事件所需责任、权限和能力的事件响应人员。 The organization should nominate incident response personnel with the necessary responsibility, authority and competence to manage an incident.

事件响应人员 宜 组成一个小组，负责管理对组织产生重大影响或可能产生重大影响的任何中断。 The incident response personnel should form a group that is responsible for managing any disruption that significantly impacts or has the potential to significantly impact the organization.

可根据人员具有的能力将他们分配到团队中，例如： — 事件/战略管理(见8.4.4.4)； — 沟通(见 8 .4.4.5)； — 安全和福利(见8.4.4.6)； — 救助和安保(见8.4.4.7)； — 重续活动(见8.4.4.8)； — ICT系统的恢复(见8.4.4.9)。 Personnel may be assigned to teams according to their demonstrated competence in, for example: — incident/strategic management (see 8.4.4.4); — communications (see 8.4.4.5); — safety and welfare (see 8.4.4.6); — salvage and security (see 8.4.4.7); — resuming activities (see 8.4.4.8); — recovery of ICT systems (see 8.4.4.9).

这些小组中的所有人员均 宜 明确规定在中断之前、期间和之后具有的责任和权限。 All personnel who are in these groups should have clearly defined responsibilities and authorities that apply before, during and after a disruption.

适用于事件响应和业务恢复人员的培训包括： — 事件评估； — 疏散和避难场所的管理，如适用于此范围; — 替代生产场所的安排； — 有效处理内部和外部沟通的技巧； — 处理人员方面的问题(见ISO/TS 22330)。 Training appropriate for incident response and business recovery personnel includes: — incident assessment; — evacuation and shelter in place management, if applicable to the scope; — arrangements at alternate worksites; — techniques for handling internal and external communications effectively; — dealing with people aspects (see ISO/TS 22330).

整个组织的响应技能和能力 宜 通过实践培训，包括积极参与演练来发展。 Response skills and competence throughout the organization should be developed by practical training, including active participation in exercises.

响应和恢复团队 宜 接受有关其责任的教育和培训，包括与第一响应者和其他相关方的互动。团队 宜 定期接受培训，新成员加入响应结构时 宜 接受培训。这些团队还 宜 接受防止事件升级为危机的培训。 Response and recovery teams should receive education and training about their responsibilities and duties including interactions with first responders and other interested parties. Teams should be trained at regular intervals and new members should be trained when they join the response structure. These teams should also receive training on prevention of incidents that could escalate into crises.

8.3.4.2.3 重续活动 R es umption of acti viti es

组织 宜 确定适宜的措施，以维护和扩大可用的核心技能和知识，使活动能够在工作人员减少的情况下重续。在事件发生时，人们可能不会按预期作出响应，可能需要鼓励、安慰和支持。拥有广泛专业技能和知识的员工、承包商和其它相关方都 宜 包括在内。保护或提升这些技能的方法可包括： — 后备技术专家的名单及征集计划； — 员工和承包方的多技能培训； — 分散核心能力以减少事件的影响，包括把掌握核心技能的员分配在多个地点； — 第三方的使用； — 继任计划； — 记录过程，其它形式的知识保留和管理。 The organization should identify appropriate measures to maintain and widen the availability of core skills and knowledge to enable activities to be resumed with reduced staff availability. People may not respond as expected during an incident and may need encouragement, reassurance and support. Employees, contractors and other interested parties who possess extensive specialist skills and knowledge should all be included. Techniques to protect or enhance these skills may include: — a list of back-up skilled specialists and a call up plan; — multi-skill training of staff and contractors; — separation of core skills to reduce the impact of an incident, including physical separation of staff with core skills at more than one location; — use of third parties; — succession planning; — documenting processes and other forms of knowledge retention and management.

事件发生后对员工重新安置的程序需考虑： — 员工到另一地点的交通； — 员工在替代 站点 的需求，如： — 住宿； — 餐饮设施； — 个人和家庭承诺； — 不同设备的培训； — 家庭办公带来的挑战。 Procedures that rely on the relocation of staff after an incident may need to consider: — transportation of staff to another location; — staff needs at the alternate site, such as: — accommodation; — catering facilities; — personal and family commitments; — training on different equipment; — challenges posed by home working.

专家角色可包括： — 安保； — 交通后勤； — 福利和应急。 Specialist roles may include: — security; — transportation logistics; — welfare and emergency.

为鼓励和安慰响应中断所需的人员，组织 宜 提供实际建议、风险意识培训、交通 解决 方案以及与家庭相关的支持。 To encourage and reassure people who will be required to respond to a disruption, the organization should provide, for example, practical advice, risk awareness training, transport solutions and family-related support.

ISO/TS 22330提供了关于业务连续性的人员方面的进一步指导。 ISO/TS 22330 provides further guidance on the people aspects of business continuity.

8.3.4.3 信息和数据 Information a nd d a t a

“信息”和“数据”在日常使用中可以互换使用。本标准使用“信息”表示经过处理、组织和关联以产生意义的数据。因此，信息是从数据中产生的。这些数据包括，例如，事实，以电子形式保存、可在计算机上存储和使用的数统计数据和数字。 The words “information” and “data” are used interchangeably in everyday use. This document uses “information” to mean data that has been processed, organized and correlated to produce meaning. Information is therefore created from data, which includes, for example, facts, statistics and numbers held manually and in an electronic form that can be stored and used on a computer.

在中断时可从数据重新创建信息，但是这样做的处理时间可能很长，方法也不一定可行。因此，组织 宜 考虑活动对信息和数据的要求。如果一项活动(不只是优先活动)所需的信息或数据彻底丢失，将无法重续该活动。 It is possible for information to be recreated from data during a disruption, but the processing time to do so can be very long and the means to do so may also not be available. Organizations should therefore consider activities’ requirements for both information and data. If information or data required by an activity (not just a prioritized activity) is/are irretrievably lost, it could be impossible for the activity to be resumed.

宜 根据业务影响分析中确定的时间范围保护对组织运营至关重要的信息和数据。在确定数据存储和恢复的安排时，组织 宜 了解适用的法律要求。 Information and data vital to the organization’s operation should be protected and recoverable according to the time frames identified during the business impact analysis. When determining the arrangements for storage and recovery of data, the organization should be aware of applicable legal requirements.

组织响应和恢复所需的任何信息或数据都 宜 有适当的： — 机密性(如，活动迁移至另一地点)； — 完整性：信息和数据可靠、可信； — 可用性：信息和数据在活动需要时尽快可用(如在活动的RTO以内)。响应过程中需要的信息和数据可能要求立即获得，而其他信息和数据可能在事件发生后才需要； — 时效性：按要求及时更新，以使活动运行(见8.2.2)—不过因事件丢失的信息可能需要重新创建，并且可能需要复原数据。 Any information or data required to enable the organization’s response and recovery should have appropriate: — confidentiality (e.g. if the activity is moved to another location); — integrity: that information and data are reliable and can be trusted; — availability: that information and data are available as quickly as the activity requires it (i.e. within the activity’s RTO); information and data required during the response can be required immediately while other information and data may not be required until after the incident; — currency: as up to date as required enabling the activity to operate (see 8.2.2), though information lost due to the incident may need to be recreated and data may need to be restored.

信息和数据复制可以采取各种不同的方法，包括虚拟(电子)格式(如磁盘、云、磁带)和物理(硬拷贝)格式(如缩微胶片、影印，在生产时就创建双份)。 Where information and data are copied, various methods may be used, including virtual (electronic) formats (e.g. disk, cloud, tape) and physical (hardcopy) formats (e.g. microfiche, photocopies, creating dual copies at the time of production).

信息和数据恢复 解决 方案中那些未复制或备份至安全地点的， 宜 记录在案。 Information and data solutions for the recovery of information and data that has not yet been copied or backed-up to a safe location should be documented.

如果信息或数据副本与其原始信息距离太近，中断可能会损坏其完整性或阻止对其存取。但是，距离过远可能阻止信息/数据在需要可用。最好有书面证据证明这些相互矛盾的问题是如何解决的。 If copied information or data is/are stored too near to the original, the disruption could compromise the integrity or prevent access to it. However, a long distance can prevent information/data from being available when needed. It would be appropriate to have written evidence as to how these conflicting concerns have been resolved.

本节提及的信息和数据可包括： — 联系信息; — 供应商、相关方和相关方的详细信息； — 法律文件(如合同、保单、所有权证书)； — 其他服务文件(如合同、服务水平协议)； — 元数据(即以明确格式描述音视频内容和数据本质的信息)； — 作为事件响应措施的通知和警报消息； — 关于谁有权调用程序的指引和标准。 Information and data referred to in this subclause may include: — contact information; — supplier, interested parties and interested party details; — legal documents (e.g. contracts, insurance policies, title deeds); — other services documents (e.g. contracts, service level agreements); — metadata (i.e. information to describe audio-visual content and data essence in a defined format); — notification and alert messages disseminated as an incident response measure; — guidelines and criteria regarding who has the authority to invoke procedures.

8.3 . 4.4 建筑物、工作场所和相关公共设施 Buildings, workplac es and assoc i ated utilities

生产场所 解决 方案的差别可能很大，选择范围也很广。不同类型的事件或威胁可能要求实施不同的或多个生产场所选项。适用的战术部分取决于组织的规模、行业和活动分布情况，以及相关方和地理位置。例如，公共机构需要维护在其社区中的一线服务交付，而有些组织却可以在不同的国家或大洲进行运营。 Worksite solutions can vary significantly and a range of options can be available. Different types of incidents or threats could require the implementation of different or multiple worksite options. The appropriate tactics will in part be determined by the organization’s size, sector and spread of activities, by interested parties, and by geographical base. For example, public authorities will need to maintain a frontline service delivery in their communities whereas some organizations could operate from a different country or continent.

组织 宜 设计 解决 方案来降低正常生产场所不能使用带来的影响。该方案可能包括以下一种或几种： — 组织内部的备用 场地 (地点)，包括取代其他活动； — 其他组织提供的备用 场地 (不论其是否属于互助协议)； — 指挥中心； — 第三方专业机构提供的备用 场地 ； — 家庭办公或远程办公； — 其他商定的适宜的 场地 ； — 在已建立的 站点 中使用备用人力。 The organization should devise a solution that reduces the impact of the unavailability of its normal worksite(s). This may include one or more of the following: — alternative premises (locations) within the organization, including displacement of other activities; — alternative premises provided by other organizations (whether or not these are reciprocal arrangements); — command centres; — alternative premises provided by third-party specialists; — working from home or at remote sites; — other agreed suitable premises; — use of an alternative workforce in an established site.

备用 场地 宜 认真选择，考虑地理位置是否可能受到同一事件的影响。事件，如自然灾害，可能会导致大范围地区的损毁，影响基础服务，如电力、燃气、供水和通讯。如果存在这种风险，备用 场地 就 宜 远离这种可能受影响的区域。 Alternative premises should be carefully selected by taking account of a geographical area that could be affected by the same incident. An incident such as a natural disaster can cause damage in wide areas and affect essential services such as electricity, gas, water and communication. If such a risk is expected, alternative premises should be distant from such a possible affected zone.

如果员工要转移到备用 场地 ， 宜 适当考虑： — 确保 场地 不太近，以免有可能受到同一事件的影响； — 确保 场地 足够近，从而使员工愿意并能够到达那里； — 事件可能造成的困难。 If staff are to be moved to alternative premises, due consideration should be given to: — making sure that the premises are not so close that they are likely to be affected by the same incident; — making sure that the premises are close enough that staff are willing and able to travel there; — possible difficulties that could be caused by the incident.

为连续性目的使用的备用 场地 ， 宜 对备用 场地 内要求的资源是否为组织专用进行明确的说明。如果备用 场地 是与其他组织共享， 宜 制定并编写相关计划以减轻这些 场地 不可用的情况。 The use of alternative premises for continuity purposes should be supported by a clear statement as to whether the resources required in the alternative premises are for the exclusive use of the organization. If the alternative premises are shared with other organizations, a plan to mitigate the non-availability of these premises should be developed and documented.

在某些情况下(如，生产线，呼叫中心或RTO较短)，转移工作任务可能比转移员工合适。这可能要求替代 站点 具有备用容量或额外的员工(不管是通过加班或者招募)，以及可用的其他资源。 In some situations (e.g. a manufacturing line, a call centre or if the RTO is short), it can be appropriate to move the workload rather than the staff. This can require spare capacity at the alternate site or additional staff (whether by overtime or recruitment) and other resources to be made available.

8.3.4.5 设备和易耗品 Equipment a nd consumab l es

组织 宜 确定和维护库存以支持其优先活动的核心供给品。 The organization should identify and maintain an inventory of the core supplies that support its prioritized activities.

有些设施或机器由于非常昂贵(需要很长时间来批准)或者交付时间很长，可能难以获得。提供这种资源的 解决 方案需要考虑这些问题。改变商业惯例，例如库存控制或建筑管理，可能提供解决方案。 Some facilities and machinery can be difficult to acquire, be very expensive (requiring a long time for authorization) or have long lead times. Solutions for providing such resources may need to take such issues into account. Changing business practices, such as stock control or building management, can provide solutions.

提供这些的方法可能包括： — 在另一地点存储额外供给品； — 与第三方签订协议，确保可在短期内供货； — 将零库存交付产品分散到其它地点； — 在仓库或货运站存储物资； — 把部件装配业务转移到有物资供给的备用地点； — 确定备用或替代供给品； — 确定各阶段所需的设施和设备，并制定多种备选供货方案。 Techniques for providing these may include: — storage of additional supplies at another location; — arrangements with third parties for delivery of stock at short notice; — diversion of just-in-time deliveries to other locations; — holding of materials at warehouses or shipping sites; — transfer of sub-assembly operations to an alternative location that has supplies; — identification of alternative/substitute supplies; — identification of facilities and equipment and multi-option planning by phases.

如果有些活动依赖专门的供给品，组织 宜 确定优先活动依赖的供应商，尤其是单一货源的供给品。管理供应连续性的解决方案可包括： — 增加供应商的数量； — 鼓励或要求供应商具备业务连续性； — 与关键供应商签订合同或服务水 平协议； — 确定有能力的备选供应商。 Where activities are dependent upon specialist supplies, the organization should identify the suppliers on which the prioritized activities depend, especially where there is a single source of supply. Solutions to manage the continuity of supply may include: — increasing the number of suppliers; — encouraging or requiring suppliers to have business continuity; — contractual and/or service level agreements with suppliers; — the identification of alternative, capable suppliers.

如果迁移活动， 宜 确认供应商可以高效地把他们的产品和服务送到备用地点。 Where activities are being relocated, it should be verified that suppliers are able to provide their products or services effectively at the alternate location.

8.3.4.6 ICT系统 I CT syste m s

在许多组织中，没有ICT系统活动就无法执行，在活动重续之前，ICT系统需要先行复原。在可能的实际情况中，组织进行ICT系统复原时，可能需要手动的临时方案。 In many organizations, activities cannot be performed without ICT systems and they need to be reinstated before activities can be resumed. Where it is possible and practical, the organization may need to implement manual workarounds while its ICT systems are being reinstated.

技术策略取决于所用技术的性质及其与活动之间的关系，但基本上是下列的一种或多种组合： — 组织内部自建； — 第三方提供给组织的服务； — 组织订阅的外部服务。 Technology options will depend on the nature of the technology employed and its relationship to activities, but will typically be a combination of the following: — provision made within the organization; — services delivered to the organization by a third party; — external services to which the organization subscribes.

提供优先活动所需ICT系统的方法 可以 包括： — 在地理上将它们分散布局(如，在不会受到同一中断影响的不同地点维持同样的技术)； — 保留较老的设备，作为紧急情况下的替代品或备用品； — 签署供应设备或恢复服务的合同。 Techniques for providing ICT systems required by prioritized activities may include: — spreading them geographically (e.g. maintaining the same technology at different locations that will not be affected by the same disruption); — holding older equipment as emergency replacement or spares; — contracted provision of equipment or recovery services.

由于所用支持技术的复杂性，ICT系统经常需要复杂的安排以确保能够及时恢复。因此 宜 注意以下事项： — 技术站点的位置和它们之间的距离； — 跨越分散站点的分布式技术； — 为远程访问用户的增加提供足够的设施； — 设置无人(暗)站点及有人站点； — 改进通讯的连通性并提高冗余线路的等级； — 采用自动“故障切换”替代要求人工手动干预方式恢复ICT系统； — 考虑ICT系统的过时。 Because of the complexity of the technologies that support them, ICT systems frequently need complex arrangements to ensure that they can be recovered in a timely manner. Attention should therefore be given to: — the location of technology sites and the distance between them; — distributing technology across separate sites; — providing adequate facilities for increased numbers of users with remote access; — setting up un-staffed (dark) sites as well as staffed sites; — improving telecommunications connectivity and increasing levels of redundant routing; — providing automatic “failover” instead of requiring manual intervention to reinstate ICT systems; — accommodating the obsolescence of ICT systems.

如果组织在不止一个场所拥有ICT 系统，那就可能有机会实施如下 解决 方案：每一场所的规模应可容纳多个场所ICT系统合并后的容量要求。 If an organization hosts its ICT systems at more than one site, there could be an opportunity to implement a solution whereby each site is sized to accommodate the combined ICT systems capacity of more than one site.

如果组织使用了非常专业化或定制的技术，而且交付周期很长，就可能需要考虑通过为替换或复原作出特定规定来加强对其ICT系统的保护。 If an organization uses very specialized or custom-built technologies with long lead times, it may need to consider increasing the protection of its ICT systems by making special provisions for replacement or restoration.

ISO/IEC 27031提供了有关ICT的业务连续性准备的进一步指导。 ISO/IEC 27031 provides further guidance on ICT readiness for business continuity.

8.3.4 . 7 交通运输和物流 Tran sportatio n a nd lo gist i cs

事件发生后，可能需要为员工提供交通运输服务： — 当员工平时所乘交通工具不可用时，送员工回家； — 将员工迁移到备用工作地点； — 运送各地所需资源。 Transportation may need to be provided after an incident for: — staff sent home if their normal means of transport is unavailable; — staff re located to an alternative work location; — resources needed at a different location.

组织 宜 预先确定提供中断后可能需要的替代交通运输工具的选择，这些可能包括： — 确定物流中断的可能情景，包括由事件或异常情况直接导致的； — 保护替代交通运输工具和路线，以应对异常交通状况； — 与备选交通运输服务商签署的协议。 The organization should determine in advance options for providing alternative means of transport that could be required following a disruption. These may include: — identifying possible scenarios of logistic disruptions, including those caused directly by an incident or unusual situation; — securing alternative means of transportation and routes to deal with unusual traffic conditions; — agreements with alternative transport providers.

8 . 3 . 4.8 财务 Finan ce

组织 宜 确定在中断期间和之后能够确保提供必要财务服务的选项，可以包括： — 提供紧急采购资金，例如食物、住所、设施、消耗品及交通工具； — 员工费用补贴； — 重大支出，例如，租赁或购买办公楼和设备。 The organization should determine options for ensuring that the necessary finance is available during and following a disruption. This may include: — providing funds for emergency purchases, such as food, accommodation, facilities, consumables and transport; — reimbursement of staff expenses; — major expenditures on, for example, the rental or purchase of buildings and equipment;

为防范滥用保险或便利保险索赔，可能有必要证明有效的财务控制，例如，规定在中断期间以及之后对所有花费进行正式记录。 To protect against abuse or facilitate insurance claims, it may be necessary to demonstrate effective financial controls, by, for example, providing for the formal recording of expenses during and following a disruption.

8.3.4.9 合作伙伴和供应链 Partners a nd the s upply chain

商业网络和供应链通常是广泛、复杂和相互依存的，有多个层次。了解供应链及其给组织带来的风险至关重要。在分析业务影响时(见8.2.2)，组织 宜 与相关供应商一起，对优先活动所依赖的供应链进行分析。反过来， 宜 要求供应商将分析逐级传递给他们的供应商。 Business networks and supply chains are often broad, complex and interdependent, with multiple tiers. It is essential to understand the supply chain and the risks it poses to the organization. When analysing business impacts (see 8.2.2), the organization should undertake, jointly with relevant suppliers, an analysis of supply chains on which prioritized activities depend. Suppliers, in turn, should be required to cascade the analysis to their suppliers.

供应链分析 宜 以组织制定的一系列标准为基础，提供一种共同的组织方法，以评估对供应链和其中具体供应商的依赖程度，并了解寻找替代安排的时间表。 The supply chain analysis should be based on a set of criteria developed by the organization, giving a common organizational approach to assess the level of dependency on the supply chain and specific suppliers within it and to understand the timescales of finding alternative arrangements.

获得保证和评估供应商和合作伙伴的业务连续性的方法可以包括： — 在投标书和合同中详细说明业务连续性要求； — 定期审核供应商的计划； — 评审演练和维护方案； — 参与业务连续性联合演练。 Techniques for obtaining assurance and evaluating suppliers’ and partners’ business continuity may include: — specifying business continuity requirements in tenders and contracts; — periodic auditing of supplier plans; — reviewing exercise and maintenance programmes; — participating in joint business continuity exercises.

即使产品、服务或活动已外包,但该产品、服务或活动的责任仍由组织承担。 If a product, service or activity has been outsourced, the accountability for that product, service or activity remains with the organization.

当优先活动或业务连续性解决方案依赖于一家供应商的产品和服务时，组织 宜 评估该供应商的业务连续性，以确保该供应商对这些产品和服务有有效的业务连续性安排，例如，通过检查演练结果。 Where prioritized activities or business continuity solutions rely on products and services from a supplier, the organization should evaluate the suppliers’ business continuity to obtain assurance that the supplier has effective business continuity arrangements in place for these products and services, for example, by examining the results of exercises.

组织可将其工作侧重于未能交付产品和服务的供应商，因为这些供应商会最快地破坏优先活动。 The organization may wish to concentrate its efforts on suppliers whose failure to deliver products and services would disrupt prioritized activities most quickly.

8.3.5 实施 解决方 案 Impl e m en t a tion of so l ut i ons

选定的解决方案 宜 持续实施和维护。 Selected solutions should be implemented and maintained over time.

在选择业务连续性解决方案后，管理层 宜 参与选择业务连续性资源(如工作区、人员、设备、供给品)。 宜 注意确保这些资源在事件发生时可用。 Following the selection of business continuity solutions, management should be involved in selecting business continuity resources (e.g. workspace, people, equipment, supplies). Care should be taken to ensure these resources will be available at the time of the incident.

为确保重续和缓解策略是可实现的，组织 宜 定义并实施在中断前需要到位的所有解决方案。如果启用解决方案的准备时间超过业务连续性要求，组织 宜 在中断前实施所选的解决方案。 To ensure that resumption and mitigation strategies are achievable, the organization should define and implement all solutions that need to be in place before a disruption. If the lead time for activating a solution exceeds business continuity requirements, the organization should implement the selected solution in advance of the disruption.

8.4 业务连续性计划和程序Business continuity plans and procedures

8.4.1 总则General

组织 宜 建立一个由业务连续性计划和程序支持的响应结构，以： — 控制对中断的响应； — 与相关方进行有效沟通； — 利用业务连续性解决方案在RTO内重续活动。 The organization should have a response structure supported by business continuity plans and procedures for: — controlling the response to the disruption; — communicating effectively with interested parties; — utilizing business continuity solutions to resume activities within their RTOs.

一个计划包括一个或多个程序。整体而言，计划和程序 宜 ： — 确定应立即采取的步骤，并协助及时决策； — 足够灵活，以适应意外的威胁和多变的情况； — 集中关注中断的预期影响； — 与组织选定的业务连续性解决方案保持一致，以尽量减少影响； — 为所有要执行的任务清晰地确定角色并分配责任。 A plan comprises one or more procedures. Collectively, plans and procedures should : — identify the immediate steps to be taken and assist with timely decision-making; — be sufficiently flexible to accommodate unanticipated threats and changeable situations; — focus on the anticipated impacts of disruptions; — align with the business continuity solutions selected by the organization to minimize impacts; — clearly identify roles and assign responsibilities for all tasks to be undertaken.

8.4.2 响应结构Response structure

8.4.2.1 目的Purpose

有效的响应结构使组织能够检测事态、确定事件并确定它们是否可能导致中断。组织 宜 制定一个事件响应结构，对中断提供有效的响应，无论事件成因如何。如果没有商定和记录在案的结构，组织很可能无法有效响应中断，也无法在必要的时间范围内重续中断的活动。 An effective response structure enables organizations to detect events, identify incidents and determine whether or not they are likely to lead to disruption. The organization should develop an incident response structure that will provide an effective response to disruptions, regardless of cause. If there is no agreed and documented structure in place, it is likely that the organization will be incapable of responding effectively to disruption and will not be able to resume disrupted activities within the necessary time frames.

8.4.2.2 设计Design

事件响应结构 宜 清晰确定： — 负责应对事件和重续活动的团队； — 团队层级； — 团队的角色和责任。 The incident response structure should clearly identify: — the teams responsible for responding to incidents and resuming activities; — the team hierarchy; — the roles and responsibilities of the teams.

响应结构 宜 简单，可快速形成。它还 宜 提供机制，确保及时沟通信息和决策。 The response structure should be simple and capable of being formed quickly. It should also provide mechanisms that ensure the timely communication of information and decisions.

不存在一个适用于所有组织的事件响应结构。每个组织 宜 设计自己的结构，并考虑以下因素： — 现有的管理结构； — 组织的性质、文化、规模、复杂性和过程基础设施； — 选定的业务连续性解决方案； — 组织的业务连续性要求； — 所有已发觉的对组织的威胁。 There is no single incident response structure that is suitable for all organizations. Each organization should design its own structure, considering the following: — the existing management structure; — the organization’s nature, culture, scale, complexity and process infrastructure; — the business continuity solutions selected; — the organization’s business continuity requirements; — any perceived threats to the organization.

较大或复杂的组织可能需要为事件的不同方面建立单独的团队。在较小的组织中，由一个团队来处理一个事件是可行的，但决不 宜 是单个个人的责任。 Larger or complex organizations may need to establish separate teams to focus on different aspects of the incident. In smaller organizations, it can be feasible for one team to handle an incident, but it should never be the responsibility of a single individual.

8.4.2.3 团队能力Team capabilities

整体而言，团队 宜 能够： — 评估中断的性质和程度及其潜在影响； — 根据预定义的影响阈值测量事件的潜在影响，以确定正式响应是否合理； — 开始对中断的适当响应，启动计划，动员响应团队，确保所需资源的可用性； — 策划所有要采取的行动； — 确定所有行动的优先顺序，把生命安全放在第一位； — 监督事件如何发展以及组织在处理影响和后果时响应的有效性； — 启用适当的业务连续性解决方案； — 有效地指挥和控制组织对事件的响应，并随着情况的发展对变化做出响应； — 与相关方沟通，特别是员工、受影响的家庭成员、访客、当局和媒体。 Collectively, the teams should be capable of: — assessing the nature and extent of the disruption and its potential impact; — measuring the potential impacts of the incident against predefined impact thresholds in order to determine whether or not a formal response is justified; — initiating an appropriate response to a disruption, activating plans, mobilizing response teams and ensuring the availability of required resources; — planning all actions to be undertaken; — establishing priorities for all actions, giving first priority to life safety; — monitoring how the incident unfolds and the effectiveness of the organization’s response in dealing with impacts and consequences; — activating suitable business continuity solutions; — providing an effective command and control of the organization’s response to the incident and responding to changes as the situation evolves; — communicating with interested parties including, in particular, the workforce, affected family members, visitors, authorities and the media.

8.4.2.4 团队组成和指导Team composition and guidance

每个团队 宜 具备： a) 确定的团队成员和候补成员，他们有必要的责任、权限和能力使团队能够履行其角色和责任； b) 指导团队行动的成文程序(见8.4.4)。 Each team should have: a) identified team members and alternates who have the necessary responsibility, authority and competence to enable the team to fulfil its role and responsibilities; b) documented procedures for guiding the team’s actions (see 8.4.4).

8.4.3 预警和沟通Warning and communication

8.4.3.1 总则General

从中断一开始就有效地处理最初的沟通会对组织响应的有效性产生巨大的影响。只有当组织清楚沟通内容、沟通时机、沟通对象以及如何沟通时，才能实现有效的沟通。因此，组织 宜 为预警和沟通相关的措施制定成文程序，并确定负责执行的人员： — 组织内部不同层级和职能之间的沟通，包括响应结构内部的沟通； — 提醒相关方并接收、记录和回复与他们的沟通(包括员工的紧急联系人)； — 确保通信设备和设施可用； — 促进与应急响应人员的结构化沟通； — 管理组织对媒体的反应，并确保其符合组织的传播策略； — 记录关于事件的重要信息、采取的行动和作出的决定。 Handling initial communications effectively from the outset of a disruption can make a huge difference to the effectiveness of the organization’s response. Effective communication can only be achieved if the organization is clear on what, when, with whom and how to communicate. The organization should therefore establish documented procedures for the following warning and communication-related actions and identify who will be responsible for performing them: — internal communication between different levels and functions within the organization, including within the response structure; — alerting interested parties and receiving, documenting and responding to communications from them (this can include emergency contacts of employees); — ensuring that communication equipment and facilities are available; — facilitating structured communication with emergency responders; — managing the organization’s response to the media and ensuring that it aligns with the organization’s communications strategy; — recording vital information about the incident, actions performed and decisions taken.

组织 宜 确保建立有效的程序和设施，以接收、记录和响应来自国家或地区的风险通告系统或类似系统发出的预警、警报和外部通信。一些组织可能需要在离受影响 场所 足够远的地方建立专用或临时设施，使其运营不受事件影响。对有特殊需要的人(如老年人和残疾人)需要特殊安排。警报传播方面的指导，包括信息内容和通信渠道，请参考ISO 22322。 The organization should ensure that effective procedures and facilities are in place for receiving, documenting and responding to warnings, alerts and external communications from national or regional risk advisory systems or equivalent. Some organizations may need to establish dedicated or ad hoc facilities located sufficiently far from the affected site that their operation will not be impeded by the incident. Special arrangements can be required for those with specific needs (e.g. the elderly and those with disabilities). For guidance on the dissemination of warnings, including information content and communication channels, refer to ISO 22322.

通信设备可能会受到中断的影响，因此可能需要有多种替代方案，例如： — 扩音器； — 公共广播系统； — 备用移动电话； — 卫星电话； — 双向无线电。 Communications equipment can be affected by disruptions, so a variety of alternatives may need to be available, for example: — loud-hailers; — public address systems; — spare mobile phones; — satellite phones; — two-way radios.

8.4.3.2 告警相关方Alerting interested parties

在有些情况下，相关方可能会受到已经开始或即将发生的中断的影响。例如，从事危险作业或储存有毒产品的组织发生中断，可能会导致该组织的近邻处于危险之中。这些组织 宜 考虑： — 建立能够监控危险的程序； — 预先决定在中断期间可能需要提供的公共预警信息； — 确定可能需要发送公共警报信息的地理区域； — 科学地评估危害严重性的可能等级； — 明确发布预警的科学依据标准，并确保有程序向负有公共预警责任的组织传递预警信息； — 与负责潜在受影响区域的外部机构建立关系。 ln some circumstances, interested parties can be impacted by a disruption that has already started or is imminent. For example, disruptions at an organization that undertakes hazardous operations or stores toxic products could result in the organization’s neighbours being put in danger. Such organizations should consider: — establishing procedures that would enable hazards to be monitored; — determining in advance public warning information that they may need to provide during a disruption; — identifying geographical areas to which public warning information may need to be sent; — evaluating scientifically potential levels of seriousness of hazards; — defining scientifically based criteria for issuing warnings and ensuring that there are procedures in place for transferring warning information to organizations with public warning responsibilities; — establishing relationships with external bodies responsible for potentially affected areas.

这些组织也有必要： — 与负有公共预警责任的外部组织建立关系； — 确保他们的近邻了解警报是如何发出的以及如何响应的。 It can also be necessary for such organizations to: — establish a relationship with an external organization with public warning responsibilities; — make sure that their neighbours understand how alarms are issued and how to respond.

预警和沟通程序 宜 作为组织演练方案的一部分进行演练(见8.5)。 Warning and communications procedures should be exercised as part of the organization’s exercise programme (see 8.5).

8.4.4 业务连续性计划Business continuity plans

8.4.4.1 总则General

业务连续性计划规定了团队将如何应对BCMS范围内的中断并重续活动。 Business continuity plans set out how teams will respond to disruptions and resume activities within the scope of the BCMS.

由于不同组织之间的术语不同，而且在许多情况下，具体术语可以互换使用，因此必须清楚地说明团队的角色和责任，并且支持团队的成文程序清楚地说明团队的目的、范围和目标(见表5)。 Because terminology differs between organizations and, in many instances, specific terms are used interchangeably, it is essential that the roles and responsibilities of teams are clearly stated, and the documented procedures supporting them clearly state their purpose, scope and objectives (see Table 5).

表5 – 团队、角色和责任示例 Table 5 - Examples of teams and possible roles and responsibilities 团队 Team 角色 Role 责任 Responsibilities 现场应急响应 Site emergency response 设施管理 Facilities management 安保 Security 应急响应 Emergency response 生命安全 Life safety 损失限制 Damage limitation 损失评估 Damage assessment 损失评估 Damage assessment 损失评估 Damage assessment 事件管理 Incident management 事件管理和控制 Incident management and control 事件管理 Incident management 危机管理 Crisis management 高层管理 Senior management 战略决策 Strategic decision-making 事件期间沟通 Communication during incident 战略管理 Strategic management 危机管理 Crisis management 沟通 Communications 公共关系 Public relations 沟通 Communications 事件期间沟通 Communication during incident 沟通 Communications 公共关系 Public relations ICT恢复 ICT recovery 恢复ICT系统和基础设施 Recovering ICT systems and infrastructure ICT灾难恢复 ICT disaster recovery NOTE Guidance on JCT procedures can be found in ISO/IEC 27031. 财务管理 Finance Administrative 总务和财务管理 General and financial administration 财务和行政 Finance and administration 人力资源 Human resources 职业健康 Occupational health 福利和特殊需要 Welfare and special needs 相关方福利 Interested party well-being 人力资源 Human resources 安全和福利 Safety and welfare 救援 Salvage 安保 Security 设施 Facilities ICT ICT 设施、ICT系统和数据抢救 Salvage of facilities, ICT systems and data 安保 Security 救援和安全 Salvage and security 业务连续性 Business continuity 重续中断活动 Resume disrupted activities 协调重续 Coordinate resumption 管理资源 Manage resources

8.4.4.2 范围Coverage

8.4.4.2.1 总则General

整体而言，业务连续性计划 宜 应对事件响应的所有方面， 宜 针对将要使用它们的团队。因此，它可能有益于： — 让广泛的人员，包括专家团队，参与业务连续性计划的制定； — 利用演练反馈，并从中断中吸取经验教训。 Collectively, business continuity plans should address all aspects of responding to an incident and should be specific to the teams that will use them. It may therefore be beneficial to: — involve a wide range of personnel, including specialist teams, in the development of business continuity plans; — use feedback from exercising and draw on lessons learned from disruptions.

时间表和绩效水平 宜 基于业务影响分析(见8.2.2)期间收集的信息和选择的业务连续性策略和解决方案(见8.3.3)。 Timescales and performance levels should be based on the information gathered during the business impact analysis (see 8.2.2) and the selection of business continuity strategies and solutions (see 8.3.3).

8.4.4.2.2 响应事件Responding to incidents

在处理事件时，可能需要考虑许多措施。这些 宜 纳入成文程序中，包括： a) 响应和评估事件，包括：

1. 确定发生了什么以及怎么发生；
2. 确定组织的哪些部分和哪些相关方已经或可能受到影响；
3. 设法预测事件的持续时间和可能的影响；
4. 评估事件是否由日常管理措施应对；
5. 根据预定义的阈值判断事件是否会引起中断； b) 管理事件的直接后果，适当考虑受影响人员(包括团队成员)的福利问题和对环境的影响，考虑应对事件的备选方案，并防止进一步的损失或损害； c) 根据每个程序的启用标准评价事件评估； d) 当满足启用标准时，宣布事件并启用程序； e) 调动事件响应人员组成团队，进行稳定、连续性和恢复活动； f) 设立一个中央指挥部，供团队管理和控制事件使用； g) 对管理事件及其影响要做的事项和活动排定优先顺序； h) 控制和协调所有激活的程序； i) 为复原IT或其它基础设施和组织活动的临时运行，启用或建立备用 站点 ； j) 监控事件的进展情况； k) 根据不断变化的情况评审和调整计划； l) 随着可持续能力的重建，降级、退出并返回日常运营； m) 进行事后总结并找到学习机会； n) 确保在事件管理和恢复期间生成文件的良好治理、整理和安全性。 When dealing with an incident, there are number of actions that may need to be considered. These should be included in documented procedures and include: a) responding to and assessing the incident, including:
6. determining what happened and how it occurred;
7. identifying which the parts of the organization and interested parties have been or could have been affected;
8. trying to anticipate the duration of the incident and the likely impacts;
9. assessing whether the incident will be managed by routine management arrangements;
10. judging by reference to pre-defined thresholds whether the incident could lead to disruption; b) managing the immediate consequences of the incident, giving due regard to the welfare issues of affected persons (including team members) and impacts on the environment, considering options for responding to the incident, and preventing further loss or damage; c) evaluating the incident assessment against activation criteria for each of the procedures; d) declaring an incident and activating the procedures when activation criteria have been met; e) mobilizing the incident response personnel in teams for stabilization, continuity and recovery activities; f) establishing a central location for use by the team managing and controlling the incident (command centre); g) prioritizing issues and activities to be under taken in managing the incident and its impacts; h) controlling and coordinating all activated procedures; i) activating or establishing alternate sites for the restoration of IT or other infrastructure capability and for the temporary operation of the organization’s activities; j) monitoring the incident as it progresses; k) reviewing and adapting plans in response to changing circumstances; I) de-escalating, standing down and returning to routine operations as sustainable capability is reestablished; m) conducting a debrief and identifying learning opportunities; n) ensuring good governance and the collation and security of documentation generated during the management and recovery from the incident.

为及时重续组织产品和服务的交付，重续每项活动的成文程序 宜 ： — 满足支持产品或服务的活动的RTO； — 足够可靠。 To achieve the timely resumption of the organization’s delivery of products and services, the documented procedures for resuming each activity should : — meet the RTO of the activity that supports that product or service; — be sufficiently reliable.

这可以通过以下方式实现： — 拥有或控制制定程序的方法和资源； — 与第三方签订合同、协议或服务等级。 This may be achieved by: — ownership or control of the means and resource to enact the procedure; — contracts, agreements or service levels with third parties.

8.4.4.3 内容和易用性Content and usability

8.4.4.3.1 总则General

每个业务连续性计划 宜 以 使用该计划的团队清楚的形式确定其目的、范围和目标。 宜 明确说明与其他要求或相关的成文程序或文件的链接，并说明获取和访问它们的方法。业务连续性计划还 宜 包括： — 启用标准和程序； — 实施程序； — 沟通要求和程序； — 内部和外部的相互依赖和相互作用； — 资源要求； — 报告要求； — 信息流和编制过程。 Each business continuity plan should identify its purpose, scope and objectives in a form that is clear to the teams that use it. Links to other required or relevant documented procedures or documents should be clearly stated and the method of obtaining and accessing them described. The business continuity plan should also include: — activation criteria and procedures; — implementation procedures; — communication requirements and procedures; — internal and external interdependencies and interactions; — resource requirements; — reporting requirements; — information flow and documentation processes.

8.4.4.3.2 指导和支持信息Guidance and supporting information

每个计划 宜 包括： a) 角色、责任和权限：

1. 为使用计划的人员和团队确定角色、责任和权限；
2. 关于谁有权调用计划以及在什么情况下启用(这可能包含在已定义的升级阶段)的指引和标准； b) 启用标准：
3. 启动组织对中断响应的过程，以及在每个成文程序中，启用标准和程序(可以考虑是在正常工作时间之内还是正常工作时间之外)；
4. 有合适替代方案的会议地点； c) 操作参数：
5. 确定要执行的行动和任务，特别是与组织将如何在预定的时间范围内继续或恢复其优先活动有关的；
6. 相关的资源需求(见8.3.4)；
7. 记录有关事件、采取的行动和所做决定的信息的方式； d) 协调和沟通的支持信息：
8. 团队成员和其他具有角色和责任的人员的联系信息；组织 宜 了解与信息保护有关的适用法律要求，并 宜 保留合规证据；
9. 可能需要的任何相关机构、组织和资源的联系和调动细节； e) 退出标准：
10. 事件过去后的退出机制； 2）要遵循的指令。 Each plan should include: a) roles, responsibilities and authorities:
11. defined roles, responsibilities and authorities for people and teams who will use the plan;
12. guidelines and criteria regarding who has the authority to invoke the plan and under what circumstances (this may include defined escalation stages); b) activation criteria:
13. a process for activating the organization’s response to a disruption and, within each documented procedure, its activation criteria and procedures (it can be relevant to consider whether this is within or outside normal working hours);
14. meeting locations with suitable alternatives; c) operation parameters:
15. identification of actions and tasks to be performed, particularly in relation to how the organization will continue or will recover its prioritized activities within predetermined time frames;
16. relevant resource requirements (see 8.3.4);
17. the means for recording information about the incident, actions taken and decisions made; d) supporting information for coordination and communication:
18. contact details for team members and others with roles and responsibilities; the organization should be aware of applicable legal requirements in relation to the protection of information and should retain evidence of compliance;
19. contact and mobilization details for any relevant agencies, organizations and resources that could be needed; e) standing-down criteria:
20. mechanisms for standing down once the incident has passed;
21. instructions to be followed.

8.4.4.3.3 易用性Usability

与任何形式的成文信息(见7.5.3)一样，组织 宜 确保业务连续性计划在任何需要的时间和地点易用，可用。为确保业务连续性计划的运行不会受到中断的不利影响，组织可能需要采取预防措施(如将团队和要恢复的ICT系统分散到多个地点)。 但是并非总能实现各种规模和类型中断的分离，有必要认识到这种方式的局限性并与最高管理者达成一致。局限性可以用距离、最少人员或严重程度来表示，并会受到公共机构对来严重或大范围中断的响应的影响。 As with any form of documented information (see 7.5.3), the organization should ensure that business continuity plans are usable and available whenever and wherever they are needed. To ensure that the operation of business continuity plans is not adversely affected by the disruption, the organization may need to take precautions (e.g. separating teams and recovered ICT systems across multiple locations). Total separation for all scales and types of disruption is not always achievable and it may be necessary to identify limitations and agree them with top management. Limitations can be expressed in terms of distance, minimum personnel or severity and may be influenced by the response of public agencies to severe or widespread disruptions.

8.4.4.4 事件/战略管理Incident/strategic management

事件管理的目的是确保组织在战略层面有效地应对中断。 The aim of incident management is to ensure that the organization’s response to a disruption is effective at a strategic level.

程序 宜 包括管理事件期间组织面临的所有可能问题的基础，包括与相关方有关的问题，并 宜 解决管理事件的团队和其他响应团队可能需要的所有设施。 The procedures should include the basis for managing all possible issues facing the organization during an incident, including those related to interested parties, and should address all facilities that the team managing the incident and other response teams could need.

8.4.4.5 沟通Communications

沟通程序可以包括在事件管理或其他团队的响应程序中。如果有多个团队，他们 宜 密切合作。 Communications procedures may be included in incident management or other team’s response procedures. If there are multiple teams, they should work in close cooperation.

宜 管理和协调事件期间将要传递和接收的沟通。程序 宜 包括： a) 组织将如何以及在什么情况下与员工及其亲属、其他相关方和紧急联系人进行沟通的详细信息； b) 组织在事件发生后媒体响应的详细信息，可以包括：

1. 事件沟通策略；
2. 与媒体的首选接口；
3. 起草媒体声明的指引或模板；
4. 有权向媒体发布信息的适当数量的、训练有素、称职的发言人。 Communications that will be delivered and received during the incident should be managed and coordinated. Procedures should contain: a) details on how and under what circumstances the organization will communicate with employees and their relatives, other interested parties and emergency contacts; b) details on the organization’s media response following an incident, which may include:
5. the incident communications strategy;
6. preferred interface with the media;
7. a guideline or template for drafting a statement for the media;
8. appropriate numbers of trained, competent spokespeople authorized to release information to the media.

重要的是，内部和外部沟通的时间和内容是一致的。要建立信心、信任和动力，首先要进行内部沟通。 It is important that the timing and content of internal and external communications is consistent. To build confidence, trust and motivation, internal communication is a priority.

在事件的早期阶段，预先准备的信息尤其有用，它使团队在事件细节仍在确定的情况下，能够提供有关组织及其业务活动的详细信息。 Pre-prepared information can be especially useful in the early stages of an incident. It will enable the team to provide details about the organization and its business activities while details of the incident are still being established.

以下是适当的： — 建立与媒体或其它相关方团体联络的适当场所； — 设立适当数量能胜任、训练有素的人员回答媒体的电话询问； — 使用对组织开放的所有沟通渠道，包括社交媒体； — 准备关于组织及其运营的背景材料(此信息 宜 事先同意发布)。 It may be appropriate to: — establish a suitable venue for liaising with the media or other groups of interested parties; — establish an appropriate number of competent, trained people to answer telephone enquiries from the media; — use all communication channels open to the organization, including social media; — prepare background material about the organization and its operations (this information should be pre-agreed for release).

还需要考虑组织可能会承受的压力或那些对组织有较大影响力的社会团体。 Pressure or community action groups who collectively have power or influence over the organization may also need to be considered.

宜 包括确定与其他关键相关方沟通并确定其优先级的过程，可能有必要制定一个单独的程序来管理相关方，提供设定优先顺序的标准，并预先为每个相关方或相关方团体分配人员。 A process for identifying and prioritizing communications with other key interested parties should be included. It may be necessary to develop a separate procedure for managing interested parties, provide criteria for setting priorities and make provisions for allocating persons to each stakeholder or group of stakeholders.

8.4.4.6 安全和福利Safety and welfare

当事件对生命、生活和福利造成直接风险时，组织有义务照顾员工、承包商、访客和客户。需要特别注意有身体和学习障碍或其他特殊需要(如怀孕、因受伤而暂时残疾)的所有群体。预先策划以满足这些要求，可以降低风险，让受影响的人安心。事件所带来的长期影响不容低估。组织 宜 制定适当的解决方案，包括考虑有关的社会和文化问题，以促进组织内的身心理康复。 Organizations have a duty of care to employees, contractors, visitors and customers where an incident poses a direct risk to life, livelihood and welfare. Special attention will need to be paid to any groups with physical and learning disabilities or other specific needs (e.g. pregnancy, temporary disability due to injury). Planning in advance to meet these requirements can reduce risk and reassure those affected. The long-term impacts of incidents cannot be underestimated. The organization should develop appropriate solutions, including consideration of relevant social and cultural issues, to promote physical and psychological recovery within the organization.

福利应对 宜 包括如下的要素： — 现场疏散(包括内部的就地避难活动)和集合点； — 调动安全、急救或疏散援助团队； — 对现场或附近的人员进行定位和清点。 The following elements of welfare response should be included: — site evacuation (inclusive of internal shelter-at-site activities) and assembly points; — mobilization of safety, first aid or evacuation-assistance teams; — locating and accounting for those who were on site or in the immediate vicinity.

还可以包括： — 翻译服务； — 交通援助，包括必要的指示； — 紧急服务、相关机构和急救人员的指定联络人和联系信息； — 安置被转移的劳动力或承包商； — 管理电话求助热线； — 身体康复和心理支持。 The following may also be included: — translation services; — transport assistance including directions, as required; — designated liaisons and contact information for emergency services, appropriate agencies and first responders; — locating displaced workforce or contractors; — managing telephone helplines; — physical rehabilitation and psychological support.

宜 具体确定所需的资源。资源 宜 及时提供，并 宜 满足具有执行其预期功能的能力。 Required resources should be specifically identified. A resource should be available in a timely manner and should have the capability to do its intended function.

8.4.4.7 救助和安保Salvage and security

组织可编制成文程序，以解决救助和安保问题，并包括以下指导： — 设施、设备(包括ICT系统)和成文信息(考虑信息安全和隐私要求)的抢救优先顺序； — 紧急服务部门移交场地的安保。 The organization may prepare documented procedures that address salvage and security and include guidance on: — salvage priorities for facilities, equipment (including ICT systems) and documented information (taking into consideration information security and privacy requirements); — security of the premises once handed over by the emergency services.

组织可在事件发生前指定专业救助承包商。有效地抢救设施、设备和成文信息可以限制影响，并使业务更快地恢复正常。 The organization may appoint specialist salvage contractors in advance of the incident. Effective salvage of facilities, equipment and documented information can limit impacts and enable a more rapid return to business as usual.

8.4.4.8 重续优先活动Resumption of prioritized activities 宜 制定程序规定： — 需要重续的优先活动； — 重续的时间表； — 优先活动要恢复到的能力； — 该程序适用的情形。 There should be procedures that specify: — the prioritized activities to be resumed; — the timescales within which they are to be resumed; — capacities at which prioritized activities are to be resumed; — the situations in which the procedure may be utilized.

在适宜的情况下，每个程序 宜 详细说明为实现目标在不同时间点所需的资源。可包括： — 资源数量； — 技能与资格； — 技术设备； — 通讯设施； — 通过签订互助协议可利用的资源，或其它可能获得的资源。 Each procedure should detail, where appropriate, the resources required at different points in time to achieve the objectives. This may include: — resource numbers; — skills and qualifications; — technical equipment; — telecommunications facilities; — the availability of resources contracted, agreed through mutual aid or likely to be available.

8.4.4.9 ICT系统ICT systems

重续活动的程序 宜 确定重续所依赖的ICT系统， 宜 参考现有的所有ICT连续性程序。 The procedures for resuming activities should identify the ICT systems on which their resumption relies and should reference any ICT continuity procedures that exist.

ICT连续性程序(如有)，至少 宜 解决： — 调用所需ICT响应，并部署ICT人员； — 访问备份数据并获取替代服务提供； — 复源数据、信息服务、通信和支持； — 允许活动满足其RTO的可用性和容量要求的时间表。 ICT continuity procedures, if any, should address, at minimum: — invocation of the required ICT response and deployment of ICT personnel; — accessing back-up data and acquiring alternative service provision; — restoration of data, information services, communications and support; — the timetable of availability and capacity requirements allowing activities to meet their RTOs.

ISO/IEC 27031提供进一步指导。 1S0/IEC 27031 provides further guidance.

8.4.5 恢复Recovery

组织 宜 预先确定中断后如何恢复正常运营，并 宜 制定成文程序，以恢复和从事件期间采取的临时措施返回业务运营。这些 宜 处理相关的审计和公司治理要求。 The organization should pre-determine how it will return to business as usual following a disruption and should have documented procedures to restore and return business operations from the temporary measures adopted during an incident. These should address relevant audit and corporate governance requirements.

恢复的目的是在中断后重建业务活动，以支持正常工作。返回正常业务运行可通过以下措施实现： — 修复事件造成的损害； — 将业务运行从临时场地迁回修复后的主业务地点； — 转移至新地点。 The purpose of recovery is to re-establish business activities to support normal working following a disruption. Returning to business as usual may be achieved by: — repairing the damage resulting from the incident; — migrating operations from temporary premises back to the restored primary business location; — moving to a new location.

如何最好地返回正常工作将取决于事件造成损害的严重程度以及对建立必要设施所需时间的估算。 How best to return to business as usual will depend on the severity of the damage caused by the incident and estimates of how long it could take to establish the necessary facilities.

成文程序 宜 提供对事态及其影响的详细评估，以及为了恢复所确定的任务和步骤。在恢复期间，组织可能需要： — 建立恢复资源和基础设施； — 在恢复设施运营； — 修复受损设施； — 保障紧急采购和资金； — 抢救受损设施中的设备； — 根据已有保单进行索赔； — 增加额外人力来支持恢复工作； — 选择修复和返回正常工作的方案； — 恢复丢失的成文信息； — 以适当的频次与有关的相关方沟通； — 在修复设施中进行正常运营； — 开展恢复后的评审； — 根据审核和公司治理要求进行尽职调查。 The documented procedures should provide for a detailed assessment of the situation and its impact, the determination of tasks and steps for recovery. During recovery, the organization may need to: — establish recovery resources and infrastructure; — operate at recovery facilities; — restore damaged facilities; — secure emergency procurement and funding; — salvage equipment in damaged facilities; — make claims against existing insurance policies; — obtain additional people to support the recovery effort; — select options for restoring and returning to business as usual; — migrate operations to recovery facilities; — recover lost documented information; — communicate with relevant interested parties at appropriate frequencies; — normalize operations at the restored facilities; — conduct a post-recovery review; — conduct due diligence on audit and corporate governance requirements.

这些成文的恢复程序 宜 包括要恢复的全部活动而不只那些确定为优先活动的活动。这表明那些较低优先级的活动需要在某个时间点重续并且也有需要满足的资源要求。 The documented procedures for recovery should include provision for the resumption of all activities and not just those identified as prioritized activities. This recognizes that activities with a lower priority need to be resumed at some point in time and have resource requirements that need to be met (see 8.3.4).

8.5 演练方案Exercise programme

8.5.1 总则General

组织的业务连续性程序和安排只有经过演练并保持最新才被认为是可靠的。演练可以培养团队精神、能力、信心和知识，并 宜 包括那些可能需要使用程序的人员。 An organization’s business continuity procedures and arrangements cannot be considered reliable until exercised and unless their currency is maintained. Exercising develops teamwork, competency, confidence and knowledge, and should include those who could be required to use the procedures.

8.5.2 演练方案设计Design of the exercise programme

即使在设计良好的程序中，稳健和现实的演练也能找出需要改进的地方。组织 宜 设计一个演练方案，随着时间的推移，验证其业务连续性策略、解决方案、计划和程序的有效性。 Robust and realistic exercises identify areas for improvement even in well-designed procedures. The organization should design an exercise programme that validates over time the effectiveness of its business continuity strategies and solutions, plans and procedures.

制定演练方案可以采取协调一致的办法建设、发展和完善组织的能力。方案 宜 涵盖有助于实现组织战略目标的独立计划、人员(包括来自外部组织的)、能力和资源。 Establishing an exercise programme allows for a coordinated approach to building, evolving and maturing the organization’s capabilities. The programme should cover individual plans, people (including those from external organizations), capabilities and resources that contribute to the organization’s strategic objectives.

最高管理者 宜 确保制定演练方案目标，并指派一名称职人员管理演练方案。演练方案的范围 宜 基于组织进行演练的规模和性质，以及所演练计划和能力的范围、功能、复杂性和成熟程度。在方案的早期阶段，演练和测试可能仅限于使用检查表、操练和意识演练。随着方案的成熟，可扩展到桌面演练和全面实战模拟。 Top management should ensure that exercise programme objectives are set and a competent person is assigned to manage the exercise programme. The scope of an exercise programme should be based on the size and nature of the organization undertaking exercising, and the scope, functionality, complexity and the level of maturity of the plans and capabilities being exercised. At early stages of maturity, exercising and testing may be limited to the use of checklists, drills and awareness exercises. As the programme matures, it may extend to include table-top exercises and full-scale live simulations.

演练方案 宜 具有灵活性，需要考虑组织的变化和前期演练的结果。组织发生重大变化时可能会启动演练计划，以审查修订后的安排。 The exercise programme should be flexible, considering changes within the organization and the outcome of previous exercises. A significant change in the organization may trigger the scheduling of an exercise to examine the revised arrangements.

演练方案 宜 考虑所有参与者的角色，包括第三方服务商、供应商以及其他预计要参与恢复活动的人员。组织安排的演练可包含上述各方，同时也可以参加由他们所组织的演练。 The exercise programme should consider the roles of all parties, including third-party providers, suppliers and others who would be expected to participate in recovery activities. An organization may include such parties in its exercises and may participate in exercises that they organize.

为确保演练方案在规定的时间范围有效和高效地进行，演练方案 宜 包含以下方面： — 需求分析； — 最高管理者的认可； — 清晰的目标； — 演练的范围、数量、类型、时长、地点和时间表； — 适当的人员以支持演练方案； — 必要的资源和预算； — 处理机密性、信息安全、健康安全和其他类似事项的过程。 To ensure that exercises are conducted effectively and efficiently within specified time frames, the exercise programme should include the following: — needs analysis; — endorsement by top management; — clear objectives; — the extent, number, types, duration, locations and schedules of exercises; — appropriate personnel to support the programme; — necessary resources and budget; — processes for handling confidentiality, information security, health and safety, and other similar matters.

演练方案 宜 保证，随着时间的推移，组织的总体响应将是有效的。方案在实施时， 宜 ： — 演练程序的技术、后勤、行政、程序和其他运营方面的工作； — 演练程序中承担责任的所有人员，包括外部组织的人员； — 演练业务连续性安排和基础设施(例如，包括指挥中心和工作区)； — 验证技术和通信恢复，包括员工的可用性和重新安置； — 演练响应团队以管理供应链中断造成的影响。 The exercise programme should provide assurance over time that the organization’s overall response will be effective. The programme, when implemented, should : — exercise the technical, logistical, administrative, procedural and other operational aspects of the procedures; — exercise all persons with responsibilities within the procedures, including those from external organizations; — exercise the business continuity arrangements and infrastructure (including, for example, command centres and work areas); — validate the technology and telecommunications recovery, including the availability and relocation of staff； — exercise response teams in the management of impacts arising from disruption of the supply chain.

组织 宜 监视和测量演练方案的执行以确保实现目标。演练方案 宜 评审以确定改进。 The organization should monitor and measure the implementation of the exercise programme to ensure that its objectives are achieved. The exercise programme should be reviewed to identify improvements.

8.5.3 演练业务连续性计划Exercising business continuity plans

演练，包括测试，是经过设计的活动，用来检查组织面临特定中断情景时响应、恢复和持续有效地完成指定业务功能的能力。组织 宜 使用演练及演练的记录结果，以确保其业务连续性计划的有效性和准备就绪。 Exercises, including tests, are activities designed to examine the organization’s ability to respond, recover and continue to perform assigned business functions effectively when faced with specific disruptive scenarios. The organization should use exercises and the documented results of exercises to ensure the effectiveness and readiness of its business continuity plans.

每次演练和测试都 宜 确定清晰的目的和目标,基于一个适合实施它们的场景。 Every exercise and test should have clearly defined aims and objectives and be based on a scenario that is appropriate to meeting them.

演练可以： — 预期一个预定的结果(如预先策划和确定范围)； — 允许组织开发创新的解决方案。 Exercises may: — anticipate a predetermined outcome (e.g. are planned and scoped in advance)； — allow the organization to develop innovative solutions.

演练 宜 切合实际、认真设计并获得相关参与方的认可，以将由该演练直接导致事件发生并造成活动中断的风险降到最低。这可以通过在受控和隔离的环境中进行演练来实现，前提是这样做不会损害测试目标的完整性。 Exercises should be realistic, carefully planned and agreed with relevant parties, so that there is minimum risk of activities being disrupted and of an incident occurring as a direct result of the exercise. This may be achieved by undertaking the exercise within a controlled and isolated environment provided this does not jeopardize the integrity of the objectives being tested.

组织 宜 设计满足演练目标的演练场景，可以使用风险评估中确定的威胁或之前中断获得的信息。 The organization should design exercise scenarios that satisfy the objectives of the exercise and may use threats identified in the risk assessment or information obtained from previous disruptions.

业务连续性某些方面的有效性要求特定人员或担任特定职位的人员具备特定的知识、技能和意识。这些都 宜 在演练前准备好，使参与者将它们应用在相关的场景和模拟中。 The effectiveness of some aspects of business continuity will require that particular individuals or those occupying specific positions have particular knowledge, skills and understanding. These should be in place before the exercise, allowing the participants to apply them to relevant scenarios and simulations.

演练的设计和执行 宜 提供以下一项或几项： — 验证活动RTO(详见8.2.2)以及优先活动的依赖关系和支持资源的RTO(详见8.3.2.3)是否可实现； — 确信活动所需的信息和数据是适当的最新信息(见8.3.4.3)； — 提高对供应商和其他相关方业务连续性的依赖关系的理解； — 提高对组织环境及优先事项的认识； — 确信活动所需的信息和数据是适当最新的； — 提高对供应商和其他相关方业务连续性的依赖关系的理解； — 提高对组织环境和优先顺序的认识； — 提高对业务连续性程序内容和使用的理解； — 提高应对事件的信心； — 改进能力的机会； — 业务连续性解决方案的实用性和适用性评估； — 对已开发的能力和资源分配是否充分的评估； — 管理中断时用到的、之前未成文的要求和实践； — 有机会找出书面业务连续性程序及其实施中的任何其他不足之处； — 确保业务连续性程序在需要时能够执行； — 提高相关方对组织准备工作的信心； — 一种满足监管、合同或组织治理要求的方法。 Exercises should be designed and conducted so that they provide one or more of the following: — verification that activity RTOs (see 8.2.2) and RTOs for the dependencies and supporting resources of prioritized activities (see 8.3.2.3) are achievable; — confidence that information and data required by activities are appropriately current (see 8.3.4.3); — improved understanding of dependencies on the business continuity of suppliers and other interested parties; — improved awareness of the organizational context and priorities; — improved understanding of the content and use of business continuity procedures; — improved confidence in responding to incidents; — an opportunity to improve capabilities; — an assessment of the utility and applicability of business continuity solutions; — an evaluation of the adequacy of developed capabilities and resource allocations; — an identification of previously undocumented requirements and practices employed in managing disruptions; — an opportunity to identify any other inadequacies in the written business continuity procedures and their implementation; — assurance that business continuity procedures are capable of being implemented when required; — improved confidence of interested parties regarding the organization’s preparedness; — a means of fulfilling regulatory, contractual or organizational governance requirements.

演练可以有很多不同的形式。决定演练类型是否合适取决于若干因素，包括： — 组织环境； — 演练目标； — 演练方案的成熟度； — 参与者的经验； — 预算； — 参与者参与程度； — 组织对举行演练造成运营中断的容忍度。 Exercises may be in a variety of different formats. The decision as to the suitability of the type of exercise will depend upon a number of factors, including: — the context of the organization; — the objectives for the exercise; — the maturity of the exercise programme; — the participants’ experience; — budget; — participant availability; — the tolerance of the organization to operational disruption caused by holding the exercise.

组织 宜 根据其演练结果采取行动，实施经批准的变更和改进。 The organization should act on the results of its exercising to implement approved changes and improvements.

对可以进行的不同类型的演练有许多不同的名称，但它们通常分为以下几类。 — 讨论：基于讨论的演练旨在让参与者在低压力环境下熟悉业务连续性计划和程序。 — 模拟：基于行动的演练旨在更加真实和富有挑战性。它们可以在正常的操作环境、备用场地或指挥中心进行。 Many different names are given to the different types of exercises that can be carried out, but they generally fall into the following categories. — Discussion: Discussion-based exercises are designed to familiarize participants with business continuity plans and procedures in a low stress environment. — Simulation: Operations-based exercises are designed to be more realistic and challenging. They can be carried out in the normal operational environment, alternative premises or command centres.

示例见表6。 Examples are provided in Table 6.

表6-演练方法示例说明Table 6 - Sample descriptions of exercise methods 类别 Category 方法 Method 描述 Description Discussion 讨论 Simulation 模拟 计划评审 Plan review 计划评审是对计划和程序的非正式评审，用于使参与者熟悉新的或更新的内容。当计划和程序首次制定或对其进行重大修订时，它们可作为一个起点。计划评审通常用时1小时到2小时。 Plan reviews are informal reviews of plans and procedures that are used to familiarize participants with new or updated content. They are useful as a starting point when plans and procedures are first developed or when they are revised significantly. A plan review can typically be conducted in 1 h to 2 h. 桌面演练(现场) Table-top (on-site) 现场桌面演练使用简单的场景让参与者在低压力环境下熟悉计划和程序。它们还可以用于评审业务连续性策略和解决方案，以进行验证和改进。现场桌面演练通常是组织进行的第一种类型的正式演练，通常用时2小时到3小时。 On-site table-top exercises use simple scenarios to familiarize participants with plans and procedures in a low-stress environment. They can also be used to review business continuity strategies and solutions for validation and improvement. An on-site table-top exercise is usually the first type of formal exercise conducted by an organization and can typically be conducted in 2 h to 3 h. 桌面演练(场外) Table-top (off-site) 场外桌面演练通常在备用场地或指挥中心进行，旨在审查业务连续性计划和程序。该演练通常使用简单的场景。与现场桌面演练的主要区别在于，审查是在正常运营环境之外进行。场外桌面演练通常用时2到3个小时，不包括交通运输时间。 Off-site table-top exercises are usually conducted at alternative premises or at a command centre with the purpose of reviewing business continuity plans and procedures. The exercise typically uses a simple scenario. The key difference from an on-site table-top is that the review takes place away from the normal operational environment. An off-site table-top exercise can typically be conducted in 2 h to 3 h excluding transportation time. 研讨会(一个或多个计划) Workshop(single or multiple plans) 基于计划的研讨会通常在场外的备用场地进行，使用合理的复杂场景。根据演练的范围，参演者展示一个计划或多个计划。这样做的目的是让团队在压力更大的时间范围内练习合作和决策。涵盖多个计划的研讨会演练通常用时3小时到5小时，具体取决于计划和场景的复杂性。 Plan-based workshops are usually conducted off-site at alternative premises using reasonably complex scenarios. Exercise participants may represent a single plan or multiple plans depending upon the scope of the exercise. The purpose is for teams to practise working together and making decisions under more stressful time frames. A workshop exercise covering multiple plans can typically be conducted in 3 h to 5 h depending on the complexity of the plans and the scenario. 研讨会(一个或多个位置) Workshop(single or multiple locations) 基于位置的研讨会通常在场外的备用场地进行，使用影响一个或多个位置的场景。这个演练的目的是让来自不同位置的团队练习合作和共同决策。涵盖多个位置的研讨会演练通常用时3小时到5个小时，具体取决于参与位置的数量和场景的复杂性。 Location-based workshops are usually conducted off-site at alternative premises using scenarios that impact one or more locations. The purpose of the exercise is for teams from different locations to practise working together and making joint decisions. A workshop exercise covering multiple locations can typically be conducted in 3 to 5 h depending on the number of locations involved and the complexity of the scenario. 全组织的研讨会(全面) Workshop for the entire organization (full scale) 全面演练旨在让参与者做好准备，应对影响整个组织并需要启用业务连续性计划的中断。这是复杂的、高压力的演练，要精心策划和控制，以确保实现目标和不造成中断。全面演练可能用时半天到一周中的任何时长，取决于其复杂性和参演人员数量。 Full-scale exercises are designed to prepare participants for disruptions that impact the entire organization and require activation of the business continuity plan. They are complex, high-stress exercises that are carefully planned and controlled to ensure that they achieve their objectives and do not cause a disruption. A full-scale exercise can take any time between half a day and a week depending on its complexity and the number of people involved.

作为演练的一部分， 宜 安排时间让所有参演人员对业务连续性程序进行审查，讨论存在的问题和经验教训。该信息 宜 被记录在案并按要求对程序进行更新。 As part of the exercise, a review should be scheduled with all participants to discuss the issues and lessons learned. This information should be documented and updates made to the procedures as required.

组织 宜 在演练后进行总结和分析，考虑演练目的和目标的达成情况。演练总结报告 宜 包括改进建议及执行时间表。 The organization should undertake a post-exercise debriefing and analysis that considers the achievement of the aims and objectives of the exercise. A post-exercise report should be produced that contains recommendations and a timetable for their implementation.

从演练和经历的真实事件中得到的经验教训 宜 在以后的演练中再次得到检验。那些发现了严重缺陷和程序错误的演练, 宜 在纠正措施完成后再次进行演练。 Lessons from exercises and actual incidents experienced should be re-examined during future exercises. Exercises that show serious deficiencies or inaccuracies in the procedures should be rerun after corrective actions have been completed.

演练和测试的好处包括: — 验证假设、业务连续性解决方案和业务连续性计划的范围； — 确信技术设施和资源正确有效； — 确信备用设施的能力； — 提高效率，减少完成过程所需的时间(如通过重复训练缩短响应时间)； — 提高相关方的意识； — 提高参演人员的能力和意识。 The benefits of exercising and testing include: — validation of assumptions, business continuity solutions and the scopes of business continuity plans; — assurance of the correct functioning of technical facilities and resources; — assurance of the capacity of the alternate facilities; — increased efficiency and reductions in the time needed to complete processes (e.g. using repeated — drills to shorten response times); — interested parties’ improved awareness; — development of participants’ competency and awareness.

ISO 22398提供了演练类型、演练方案策划、实施和改进的进一步指导。 ISO 22398 provides further guidance on the types of exercise as well as guidance on planning, conducting and improving exercise programmes.

8.6 业务连续性文档和能力评估Evaluation of business continuity documentation and capabilities

8.6.1 总则General

组织 宜 对其业务影响分析、风险评估、策略和解决方案、业务连续性计划和程序进行评估，以确保其持续的适宜性、充分性和有效性。 The organization should conduct evaluations of its business impact analysis, risk assessment, strategies and solutions, business continuity plans and procedures in order to ensure their continuing suitability, adequacy and effectiveness.

宜 通过评估演练结果、事后审查、组织环境的变化，考虑是否需要对BCMS的方针、目标和其它要素进行变更。 The evaluations should address the possible need for changes to the policy, objectives and other elements of the BCMS based on, for example, the exercise results, post-incident reviews and changing organizational circumstances.

评估工作可采用如内部或外部审核，或自评估的形式。评审的频率和时间间隔可能会受到法律法规的影响，取决于组织的规模、性质和法律责任。还可能受到相关方要求的影响。 Evaluations may take the form of internal or external audits, or self-assessments. The frequency and timing of reviews can be influenced by laws and regulations, depending on the size, nature and legal status of the organization. They can also be influenced by the requirements of interested parties.

评估 宜 验证： — 所有产品和服务，以及支持这些产品和服务的活动和资源均已被确定，并包含在组织的业务连续性解决方案中； — 组织的业务连续性方针、解决方案和业务连续性程序准确地反映其优先事项和业务要求； — 人员的能力和组织的业务连续性是有效且与其目的相适应的，能使组织管理、指挥、控制和协调对中断的响应； — 组织的业务连续性解决方案是有效的，最新的、与其目的相适应的； — 组织的演练和维护方案得到有效执行； — 业务连续性解决方案和程序包含了在事件和演练中以及在维护方案中确定的改进； — 组织具有持续开展业务连续性培训和意识的方案； — 业务连续性程序已有效地传达给相关员工，且这些员工了解他们的角色和责任； — 供应商和合作伙伴为优先活动依赖关系制定的业务连续性安排是适当和充分的； — 组织充分遵守适用的法律法规要求和行业最佳实践，并符合业务连续性方针和目标； — 变更控制过程到位并有效运行。 Evaluations should verify that: — all products and services and their supporting activities and resources have been identified and included in the organization’s business continuity solutions; — the organization’s business continuity policy, solutions and business continuity procedures accurately reflect its priorities and business requirements; — the competence of persons and the organization’s business continuity are effective and fit-for-purpose and will permit management, command, control and coordination of the organization’s response to a disruption; — the organization’s business continuity solutions are effective, up-to-date and fit-for-purpose; — the organization’s exercising and maintenance programmes have been effectively implemented; — business continuity solutions and procedures incorporate improvements identified during incidents and exercises and in the maintenance programme; — the organization has an ongoing programme for business continuity training and awareness; — business continuity procedures have been effectively communicated to relevant staff, and that these staff understand their roles and responsibilities; — the business continuity arrangements that suppliers and partners have in place for dependencies of prioritized activities are appropriate and adequate; — the organization is sufficiently compliant with applicable legal and regulatory requirements, and industry best practices, and is in conformity with business continuity policy and objectives; — change control processes are in place and operate effectively.

8.6.2有效性测量 Measuring effectiveness

测量业务连续性计划、程序和能力有效性 宜 包括外包活动的业务连续性安排，以及优先活动依赖的供应商和合作伙伴的业务连续性。 Measuring the effectiveness of business continuity plans, procedures and capabilities should include the business continuity arrangements for outsourced activities and the business continuity of suppliers and partners that prioritized activities depend on.

可用于测量有效性的指标示例包括： — 备份数据足以以在规定的RTO内重续活动和资源； — 备用地点有所需的居住设施和设备，以便恢复和重续活动； — 已证明具有在规定RTO内重续优先活动所需的能力； — 已证明具有应对和管理事件所需的能力。 Examples of metrics that may be used for measuring effectiveness include: — backup data are sufficiently current to resume activities and resources within specified RTOs; — the required accommodation and equipment are available at alternate location(s) to enable recovery and resumption of activities; — the required competences to resume the prioritized activities within the specified RTO have been demonstrated; — the required competences to respond to and manage incidents have been demonstrated.

当组织经历中断时， 宜 进行评审。这可以包括： — 确定中断的性质和原因； — 评估管理层响应的充分性； — 评估组织在满足其RTO方面的有效性； — 评估业务连续性安排在员工应对事件方面的充分性； — 确定业务连续性安排有待改进之处； — 将实际影响与业务影响分析(见8.2.2)中的考虑进行比较； — 从相关方和参与响应的人员那里获得反馈。 When the organization experiences a disruption, a review should be undertaken. This may include: — identifying the nature and cause of the disruption; — assessing the adequacy of management’s response; — assessing the organization’s effectiveness in meeting its RTOs; — assessing the adequacy of the business continuity arrangements in preparing employees for an incident; — identifying improvements to be made to the business continuity arrangements; — comparing actual impacts with those considered during the business impact analysis (see 8.2.2.); — obtaining feedback from interested parties and those who have participated in the response.

8.6.3 结果Outcomes

表明有效的业务连续性计划、程序和能力的结果，可包括： — 具备事件管理能力并提供有效响应； — 组织对自身及其与其他组织、相关监管机构或政府部门、地方当局和应急服务部门关系的理解得到适当发展、记录和充分理解； — 定期演练确保员工已接受培训，以有效应对中断； — 相关方的要求得到理解并能得到满足； — 中断期间员工能得到足够的支持和沟通； — 组织声誉得到保护； — 遵守法律法规的证明； — 在事件整个过程中保持财务控制； — 组织能向其客户和其他相关方证明其增强的韧性水平。 Outcomes indicative of effective business continuity plans, procedures and capabilities may include the following: — an incident management capability is enabled and provides an effective response; — the organization’s understanding of itself and its relationships with other organizations, relevant regulators or government departments, local authorities and the emergency services is properly developed, documented and understood; — regular exercising ensures that staff are trained to respond effectively to a disruption; — the requirements of interested parties are understood and able to be delivered; — staff receive adequate support and communications during a disruption; — the organization’s reputation is protected; — a demonstration of legal and regulatory compliance; — financial controls are maintained throughout an incident; — the organization can demonstrate an enhanced level of resilience to its customers and other interested parties.

与所有评估及其结果相关的成文信息 宜 作为证据保存。 Documented information relating to all evaluations and their results should be maintained as evidence.

9 绩效评估Performance evaluation

9.1 监视、测量、分析和评价Monitoring, measurement, analysis and evaluation

9.1.1 总则General

BCMS的有效性和绩效监视、测量、分析和评价的程序 宜 包括： a) 确定监视、测量、分析和评价的方式，包括：

1. 详细说明监视和测量的内容；
2. 确定如何、何时和 宜 由谁进行监视和测量；
3. 设定绩效指标，包括适于组织并确保有效结果的定性和定量测量；
4. 记录数据和结果以促进后续的纠正措施分析； b) 审查历史证据； c) 监视组织业务连续性方针和目标的实现程度； d) 测量BCMS是否符合适用的法律法规要求； e) 监视不符合和其它BCMS绩效不足的证据。 Procedures for monitoring, measuring, analysing and evaluating the performance and the effectiveness of the BCMS should include: a) determining the methods for monitoring, measurement analysis and evaluation, including:
5. specifying what is to be monitored and measured;
6. identifying how, when and by whom the monitoring and measuring should be performed;
7. setting performance metrics, including qualitative and quantitative measurements that are appropriate to the organization and ensure valid results;
8. recording data and results to facilitate subsequent corrective action analysis; b) examining historical evidence; c) monitoring the extent to which the organization’s business continuity policy and objectives are met; d) measuring compliance of the BCMS with applicable statutory and regulatory requirements; e) monitoring nonconformity and other evidence of deficient BCMS performance.

9.1.2 证据保留Retention of evidence

组织 宜 为所有定期评估及其结果保留适宜的成文信息。 The organization should retain appropriate documented information of all periodic evaluations and their results.

9.1.3 绩效评价Performance evaluation

组织 宜 使用绩效指标评估BCMS及其结果的绩效和有效性，以确定成功之处和需要纠正或改进的地方。获得的数据可用于识别模式并让组织获得有关BCMS绩效的信息。 The organization should use performance indicators to evaluate the performance and effectiveness of the BCMS and its outcomes in order to identify successes and areas requiring correction or improvement. The data obtained can be used to identify patterns and to enable the organization to obtain information regarding the performance of the BCMS.

9.2 内部审核Internal audit

9.2.1 总则General

组织 宜 定期开展内部审核，以评估BCMS的绩效。 The organization should conduct internal audits at planned intervals to assess the performance of the BCMS.

BCMS的内部审核提供了一种机制，用于衡量BCMS实现其目标的程度、是否符合其计划的安排、是否得到适当的实施和维护，以及确定改进的机会。BCMS的内部审核 宜 定期进行，为最高管理者确定BCMS适宜性和有效性提供信息，也为制定持续改进BCMS绩效的目标提供依据。 Internal audits of the BCMS provide a mechanism for measuring the extent to which the BCMS is achieving its objectives, conforms to its planned arrangements, and has been properly implemented and maintained, and for identifying opportunities for improvement. Internal audits of the BCMS should be conducted at planned intervals to determine and provide information to top management on the appropriateness and effectiveness of the BCMS as well as to provide a basis for setting objectives for continual improvement of BCMS performance.

9.2.2 审核方案Audit programme(s)

组织 宜 建立审核方案(见ISO 19011)来指导审核的计划和实施，并确定完成审核目标需要哪些审核。方案 宜 根据组织活动的性质、风险评估和影响分析、以往的审核结果及其他有关因素来确定。 The organization should establish an audit programme (see ISO 19011) to direct the planning and conduct of audits, and to identify the audits needed to meet the programme objectives. The programme should be based on the nature of the organization’s activities, in terms of its risk assessment and impact analysis, the results of past audits and other relevant factors.

内部审核方案 宜 基于BCMS的全部范围，但每次审核并不必同时覆盖整个体系。只要审核方案能够确保所有组织单位、职能、活动、体系要素和BCMS的全部范围在组织规定的审核周期内完成，审核可分为若干较小部分。 Internal audit programmes should be based on the full scope of the BCMS, however, each audit need not cover the entire system all at once. Audits may be divided into smaller parts, so long as the audit programme ensures that all organizational units, functions, activities, system elements and the full scope of the BCMS are audited in the audit programme within the auditing period designated by the organization.

BCMS内部审核的结果可以报告的形式提供，并用于纠正或预防具体的不符合，并为开展管理评审提供输入。 The results of an internal BCMS audit may be provided in the form of a report and used to correct or prevent specific nonconformities and to provide input to the conduct of the management review.

BCMS内部审核可以由组织内部的人员进行，也可以由组织选定的外部人员代表组织进行。无论哪种情况，进行审核的人员都 宜 是称职的，并能保证公证客观。在较小的组织里，审核员的独立性可以通过审核员不负责所审核的活动来证明。 Internal audits of the BCMS may be performed by personnel from within the organization or by external persons selected by the organization, working on its behalf. In either case, the persons conducting the audit should be competent and able to do so impartially and objectively. In smaller organizations, auditor independence may be demonstrated by an auditor being free from the responsibility for the activity being audited.

9.3 管理评审Management review

9.3.1 总则General

最高管理者 宜 定期评审组织的BCMS，从而保证其持续的适用性、充分性和有效性，包括其业务连续性程序和能力的有效运行。 Top management should review the organization’s BCMS, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness, including the effective operation of its continuity procedures and capabilities.

9.3.2 管理评审输入Management review input

管理评审输入 宜 包括评价： — 以往评审后行动的状态； — 管理体系的绩效，包括不符合和纠正措施的明显趋势、监视和测量结果以及审核发现； — 供应链的变化和供应链连续性安排的有效性； — 组织及其环境(见4.1)的其他变化，以及可能影响管理体系的相关方的反馈(见4.2)； — 持续改进的机会。 Management review input should include appraisal of: — the status of actions from previous reviews; — the performance of the management system, including trends apparent from nonconformities and corrective actions, the results of monitoring and measurement, and audit findings; — changes to the supply chain and effectiveness of supply chain continuity arrangements; — other changes to the organization and its context (see 4.1) and feedback from interested parties (see 4.2) that could impact the management system; — opportunities for continual improvement.

管理评审为最高管理者提供了评估管理体系持续适宜性、充分性和有效性的机会。管理评审 宜 覆盖BCMS的范围及任何删减，但不必在一次评审中同时包含所有要素，评审过程可能会持续一段时间。 Management review provides top management with the opportunity to evaluate the continuing suitability, adequacy and effectiveness of the management system. The management review should cover the scope of the BCMS and any exclusions (see 4.3.), although it is not necessary to review all elements at once and the review process may take place over a period of time.

最高管理者 宜 定期安排和评估BCMS的实施和结果。虽然进行中的体系审查是可取的，但正式的评审 宜 是结构化的，并在适当的基础上进行适当的记录。参与实施BCMS及并分配资源的人员 宜 参与管理评审。 Review of the implementation and outcomes of the BCMS by top management should be regularly scheduled and evaluated. While ongoing system review is advisable, formal review should be structured and appropriately documented and scheduled on a suitable basis. Persons who are involved in implementing the BCMS and allocating its resources should be involved in the management review.

除了定期的管理体系评审之外，以下因素可触发评审，一时安排评审， 宜 评审： a) 部门/行业发展趋势：有重大部门/行业计划时， 宜 启动BCMS评审。部门/行业内和业务/运营连续性规划技术的一般趋势和最佳实践可用于基准制定。 b) 监管要求：新的监管要求可能需要对BCMS进行评审。 c) 事件经验：在一次中断响应后，不论是否启用了响应程序，都 宜 开展评审。如果启用了响应程序，评审 宜 考虑响应程序的历史、其工作原理以及启用原因。如果未启用响应程序，评审 宜 检查为什么不启用以及这是否是正确的决策。评审影响同一部门和类似行业的其他组织的中断也是有益的。 In addition to the regularly scheduled management system reviews, the following factors may trigger a review and should otherwise be examined once a review is scheduled. a) Sector/industry trends: Major sector/industry initiatives should initiate a BCMS review. General trends and best practices in the sector/industry and in business/operational continuity planning techniques may be used for benchmarking purposes. b) Regulatory requirements: New regulatory requirements can require a review of the BCMS. c) Incident experience: A review should be performed following a response to a disruption, even if the response procedure was not activated. If activated, the review should consider the history of the response procedure, how it worked and why it was activated. If the response procedure was not activated, the review should examine why it wasn’t and whether this was the correct decision. It may also be beneficial to review disruptions affecting other organizations in the same sector and similar industries.

9.3.3 管理评审输出Management review outputs

9.3.3.1 BCMS改进Improvement of the BCMS

管理评审 宜 促进BCMS效率、绩效和效用的改进，并可能导致以下变化： — 范围变更； — 业务连续性策略和解决方案的更新； — 控制措施和有效性测量方法的变更。 A management review should result in improvements to the efficiency, performance and effectiveness of the BCMS and can result in the following changes: — variations to the scope; — updates to business continuity strategies and solutions; — changes to controls and how their effectiveness is measured.

9.3.3.2 成文信息保存Retention of documented information

组织 宜 保存成文信息作为管理评审结果的证据，并 宜 ： — 就管理评审结果与相关方进行沟通； — 针对评审结果，采取适当的行动。 The organization should retain documented information as evidence of the results of management reviews and should : — communicate the results of management review to relevant interested parties; — take appropriate action relating to these results.

10 改进Improvement

10.1 不符合和纠正措施Nonconformity and corrective action

10.1.1 总则General

组织 宜 确定改进BCMS的机会并实施必要的措施，以实现预期结果 The organization should determine opportunities for improving the BCMS and implement the actions necessary to achieve its intended outcomes.

10.1.2 不符合出现Occurrence of nonconformity

组织 宜 确定不符合，采取措施进行控制、遏制和纠正，处理后果并评估消除原因需要的措施。 The organization should identify nonconformities, take action to control, contain and correct them, deal with their consequences and evaluate the need for action to eliminate their causes.

组织 宜 建立有效的程序以确保确定： — 未满足的要求； — 无效的策划方法； — BCMS相关的薄弱环节。 The organization should establish effective procedures to ensure the identification of: — the non-fulfilment of a requirement; — an ineffective planning approach; — weaknesses associated with the BCMS.

一旦识别， 宜 及时采取行动，防止事态进一步发生，并查明和解决根本原因。程序 宜 能持续检测、分析和消除不符合的实际和潜在原因。 Once identified, these should be acted upon in a timely manner to prevent further occurrence of the situation, as well as to identify and address root causes. The procedures should enable ongoing detection, analysis and elimination of actual and potential causes of nonconformities.

宜 及时识别和处理不符合，并 宜 采取纠正措施进行应对。纠正措施可以源于明确的不符合声明，该声明清晰地阐述了存在的问题并能被理解。 Nonconformities should be identified and dealt with in a timely manner, as should the corrective actions that address them. The corrective actions may originate from a well-defined nonconformity statement that clearly states the problem and is understood.

在识别不符合后， 宜 调查根本原因，并制定纠正措施计划以解决该问题。措施计划 宜 缓解所有后果，确定为纠正这种情况、重建正常运营和消除原因所需的变更，以防止问题再次出现。措施的性质和时间安排 宜 与不符合的规模、性质及潜在后果相适应。 When any nonconformity is identified, an investigation into its root cause should be conducted and a corrective action plan developed for immediately addressing the problem. The action plan should be designed to mitigate any consequences and identify changes to be made to correct the situation, restore normal operations and eliminate the cause(s) in order to prevent the problem from recurring. The nature and timing of actions should be appropriate to the scale and nature of the nonconformity and its potential consequences.

组织 宜 改进BCMS的绩效和效率，即使没有不符合的证据。改进可以包括纠正，纠正措施，创新和重组。 The organization should improve the performance and effectiveness of the BCMS even when there is no evidence of nonconformity. lmprovements can include correction, corrective action, innovation and re-organization

建立解决实际或潜在不符合的程序，并持续地采取纠正措施，有助于确保BCMS的可靠性和有效性。程序 宜 规定在策划和实施纠正措施时的责任、权限和步骤。最高管理者 宜 确保纠正措施得以实施，并对其有效性进行系统地跟进。 Establishing procedures for addressing actual and potential nonconformities and for taking corrective actions on an ongoing basis helps to ensure the reliability and effectiveness of the BCMS. The procedures should define responsibilities, authority and steps to be taken in planning and carrying out corrective actions. Top management should ensure that corrective actions are implemented and that there is systematic follow-up to evaluate their effectiveness.

10.1.3 成文信息保存Retention of documented information

组织 宜 保存成文信息作为以下的证据： — 不符合的性质，和随后采取的行动(如有)； — 纠正措施的结果(如有)。 The organization should retain documented information as evidence of the: — nature of the nonconformities and subsequent actions, if any, taken; — results of corrective actions, if any, taken.

10.2 持续改进Continual improvement

就BCMS的适宜性、充分性和有效性而言，持续改进在PDCA循环的所有层面运行，并 宜 由业务连续性方针和目标、审核结果、中断分析、管理评审、志向和期望的成熟度水平来驱动。 Continual improvement, in terms of the suitability, adequacy and effectiveness of the BCMS, operates at all levels within the PDCA cycle and should be driven by the business continuity policy and objectives, audit results, analysis of disruptions, management review, ambitions and the desired maturity level.

持续改进需要一个识别机会的过程和一个管理机会的过程。持续改进过程 宜 遵循与纠正措施相同的基本过程，并 宜 包括以下： — 确定需要解决什么问题及其现状(改进空间)； — 确定当前的过程和控制； — 决定要做出什么变化(改进)。 Continual improvement requires a process that identifies opportunities and a process to manage them. The continual improvement process should follow the same basic process as used for corrective actions and should include the following: — identify what to address and the present condition (room for improvement); — identify the present process and controls; — determine what changes to implement (improvement).

纠正措施解决BCMS的缺陷，并确保其按预期工作，而持续改进使BCMS达到更高的效率和效果。 Corrective actions address deficiencies in the BCMS and ensure that it functions as intended, while continual improvement takes the BCMS to a higher level of efficiency and effectiveness.

组织能通过BCMS过程的有效应用实现改进，如领导力(见第5章)、策划(见第6章)和绩效评估(见第9章)。最高管理者还 宜 考虑BCMS的改进机会，包括以下方面的变化： — 组织环境(如竞争对手的失败)； — 组织内部结构(如获得额外的地点或员工)； — 生产或交付方式(如技术变革、基础设施改进)； — 不断发展的方法论或可用的新恢复方法(如新的备用设施或网络技术)； — 技术和实践，包括新的工具和技术。 宜 对这些进行评估，以确定它们对组织的潜在收益。 The organization can achieve improvement through the effective application of BCMS processes, such as leadership (see Clause 5), planning (see Clause 6) and performance evaluation (see Clause 9). Top management should also consider opportunities for improvement in the BCMS, which can come from changes in: —the context of the organization (e.g. failure of a competitor); —the internal structure of the organization (e.g. acquisition of additional locations or staff); —the means of production or delivery (e.g. technological change, infrastructure improvements); —evolving methodologies or the availability of new recovery methods (e.g. new standby facilities or network technology); —technology and practices, including new tools and techniques. These should be evaluated to establish their potential benefit to the organization.

---

原文发表于公众号”业务连续性+” | 原文链接