|
US$424.00 ยท In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 30146-2023: Security and resilience - Business continuity management systems - Requirements
Status: Valid GB/T 30146: Evolution and historical versions
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 30146-2023 | English | 424 |
Add to Cart
|
4 days [Need to translate]
|
Security and resilience - Business continuity management systems - Requirements
| Valid |
GB/T 30146-2023
|
| GB/T 30146-2013 | English | 1119 |
Add to Cart
|
5 days [Need to translate]
|
Social security -- Business continuity management systems -- Requirements
| Obsolete |
GB/T 30146-2013
|
PDF similar to GB/T 30146-2023
Basic data | Standard ID | GB/T 30146-2023 (GB/T30146-2023) | | Description (Translated English) | Security and resilience - Business continuity management systems - Requirements | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | A90 | | Classification of International Standard | 03.100.01 | | Word Count Estimation | 23,285 | | Date of Issue | 2023-03-17 | | Date of Implementation | 2023-10-01 | | Older Standard (superseded by this standard) | GB/T 30146-2013 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | GB/T 30146-2023: Security and resilience - Business continuity management systems - Requirements---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS03:100:01
CCSA90
National Standards of People's Republic of China
GB/T 30146-2023/ISO 22301:2019
Replacing GB/T 30146-2013
Security and Resilience Business Continuity Management System Requirements
(ISO 22301:2019, IDT)
Released on 2023-03-17
2023-10-01 implementation
State Administration for Market Regulation
Released by the National Standardization Management Committee
table of contents
Preface I
Introduction II
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Organizational environment 5
5 Leadership 6
6 Planning 7
7 supports 8
8 runs 10
9 Performance Evaluation 14
10 Improvement15
Reference 17
foreword
This document is in accordance with the provisions of GB/T 1:1-2020 "Guidelines for Standardization Work Part 1: Structure and Drafting Rules for Standardization Documents"
drafting:
This document replaces GB/T 30146-2013 "Requirements for Business Continuity Management System for Security and Resilience", and GB/T 30146-
Compared with:2013, except for structural adjustment and editorial changes, the main technical changes are as follows:
--- Changed the scope (see Chapter 1, Chapter 1 of the:2013 edition);
--- Deleted some terms and definitions (see 3:4, 3:5, 3:7, 3:12, 3:14, 3:17, 3:18, 3:20, 3:22, 3:23, 3:25,
3:26, 3:28, 3:30, 3:36, 3:37, 3:39, 3:43~3:45, 3:49~3:52, 3:54, 3:55);
--- Added the terms "interruption" and "impact" (see 3:10, 3:13);
--- Deleted "management commitment" (see 5:2 of the:2013 edition);
--- Added "planning for business continuity management system changes" (see 6:3);
---Changed the relevant content of "communication" (see 7:4, 7:4 of the:2013 version);
--- Change "archived information" to "documented information" (see 7:5, 7:5 of the:2013 edition);
--- Change "implementation" to "operation" (see Chapter 8, Chapter 8 of the:2013 edition);
---Changed the relevant content of "business continuity strategy" (see 8:3, 8:3 of the:2013 edition);
--- Added "business continuity documents and capability evaluation" (see 8:6);
---Change "performance evaluation" to "performance evaluation" (see Chapter 9, Chapter 9 of the:2013 edition);
--- Changed the relevant content of "monitoring, measurement, analysis and evaluation" (see 9:1, 9:1:1 of the:2013 edition);
--- Deleted the "evaluation of business continuity procedures" (see 9:1:2 of the:2013 edition);
--- Added "audit program" (see 9:2:2);
--- Changed the relevant content of "management review" (see 9:3, 9:3 of the:2013 version);
--- Changed the relevant content of "continuous improvement" (see 10:2, 10:2 of the:2013 edition):
This document is equivalent to ISO 22301:2019 "Requirements for Business Continuity Management System for Security and Resilience" (English version):
Please note that some contents of this document may refer to patents: The issuing agency of this document assumes no responsibility for identifying patents:
This document is proposed and managed by the National Standardization Technical Committee on Public Safety Basics (SAC/TC351):
This document was drafted by: North China University of Technology, China National Institute of Standardization, Alibaba Cloud Computing Co:, Ltd:, China Network Security Review Technology
and Certification Center, Suzhou Soda Education Service Investment Development (Group) Co:, Ltd:, State Grid Sichuan Electric Power Company, China Railway Shanghai Engineering Bureau Group
Co:, Ltd:, Shanghai Subang Information Technology Co:, Ltd:, Beijing Anchuangxinda Technology Co:, Ltd:, Hubei Provincial Institute of Standardization and Quality, Beijing
University of Science and Technology, Beijing Academy of Science and Technology, Institute of Urban Safety and Environmental Science, Beijing Academy of Science and Technology, Zhejiang Shengxue Leisure
Supplies Co:, Ltd:, Heye Health Technology Co:, Ltd:, Xiamen Jiuan Safety Testing and Evaluation Office Co:, Ltd:, China Household Appliances Research
Institute, Standard Joint Consulting Center Joint Stock Company:
The main drafters of this document: Qin Tingxin, Zhou Qian, Liu Changan, Li Jin, Xu Shukun, Sun Xiaokun, Wang Wan, Wei Jun, Dong Xiaoyuan, Shi Yuntao, You Qi,
Lu Qing, Chang Zhengwei, Wan Xingquan, Liu Yujie, Zhang Yinghua, Xu Fengjiao, Zhang Chao, Wang Jingjing, Deng Zhe, Zhang Zhuo, Dai Baoqian, Yang Jing, Gao Yukun, Liang Yugang,
Wan Yiping, Dong Zhe, Xu Ran, Yao Weihua, Qiu Youfu, Zhu Xiaohui, Fang Zhicai, Liao Zhongcai, Lu Chengxu:
The release status of previous versions of this document and the documents it replaces are as follows:
---First published as GB/T 30146-2013 in:2013;
--- This is the first revision:
Introduction
0:1 General
This document presents the structure and requirements for implementing and maintaining a Business Continuity Management System (BCMS), which establishes business continuity and organizational
Appropriate to the amount and type of impact that may or may not be acceptable after a disruption occurs:
The results of maintaining a BCMS depend on the laws and regulations of the organization's environment, organizational and industry requirements, the products and services offered, the adopted
process, size and structure of the organization, and interested party requirements:
BCMS emphasizes the importance of:
---Understanding the needs of the organization and the need to formulate business continuity policies and objectives;
--- Operate and maintain the process, capability and response framework to ensure that the organization withstands disruption;
--- Monitor and review the performance and effectiveness of the business continuity management system;
--- Continuous improvement based on qualitative and quantitative measurements:
Like other management systems, BCMS includes the following components:
a) Policy;
b) Personnel with clear responsibilities and corresponding capabilities;
c) management processes involving:
1) Policy;
2) Planning;
3) implementation and operation;
4) Performance evaluation;
5) Management review;
6) Continuous improvement:
d) documented information to support operational control and performance evaluation:
0:2 Benefits of a business continuity management system
The goal of a BCMS is to prepare, provide and maintain an organization's overall ability to continue operating during a disruption: To achieve this goal, the group
To weave:
a) From a business perspective:
1) support its strategic objectives;
2) Build a competitive advantage;
3) protect and enhance its reputation and credibility;
4) Promotes organizational resilience:
b) From a financial point of view:
1) Reduce legal and financial risks;
2) Reduce direct and indirect disruption costs:
c) From the perspective of interested parties:
1) protection of life, property and the environment;
2) take into account the expectations of interested parties;
3) Increase confidence in the organization's ability to succeed:
d) From an internal process perspective:
1) Improve the organization's ability to remain effective during business disruptions;
2) Demonstrate effective and efficient proactive risk control;
3) Solve the operational vulnerability:
0:3 Plan-implement-check-improve cycle
This document uses the planning (establish), implement (execute and operate), check (monitor and review) and improve (maintain and improve) (PDCA) cycle
To establish, maintain and continuously improve the effectiveness of the organization's BCMS:
This ensures compliance with other management bodies such as ISO 9001, ISO 14001, ISO /IEC :20000-1, ISO /IEC 27001 and ISO 28000
It provides a certain degree of consistency with system standards, thus supporting the consistent and integrated implementation and operation of related management systems:
According to the PDCA cycle, Chapters 4 to 10 include the following:
---Chapter 4 introduces the necessary requirements for the organization to establish the BCMS environment, needs, requirements and scope;
---Chapter 5 summarizes the requirements for the role of top management in the business continuity management system, and how the leadership adopts the policy statement
Articulate its expectations to the organization;
---Chapter 6 describes the requirements for formulating the strategic objectives and guiding principles of the entire BCMS;
---Chapter 7 supports the operation of the BCMS, while recording, controlling, maintaining and retaining the required documented information, establishes the ability to define
Establish communication with relevant parties regularly/as needed;
---Chapter 8 defines the business continuity requirements, determines how to address these requirements, and develops the management organization during the interruption
program;
---Chapter 9 summarizes the requirements for measuring business continuity performance, compliance of BCMS with this document, and management review;
---Chapter 10 identifies and corrects nonconformities of the BCMS, and continues to improve by taking corrective actions:
0:4 Contents of this document
This document complies with the requirements of the ISO management system standard: These requirements include high-level architecture, the same core content, and having core concepts
A generic term intended to benefit users implementing multiple ISO management system standards:
This document does not include requirements specific to other management systems, although elements of this document can be kept in line with those of other management systems:
consistent or integrated:
This document contains requirements that organizations can use to implement a BCMS and assess compliance: Organizations can demonstrate compliance with this document by:
--- Make self-determination and self-declaration;
--- Seek confirmation of conformity from parties having an interest in the organization (such as customers);
--- Seek confirmation of its self-declaration from a party outside the organization;
--- Seeking certification/registration of its BCMS by external organizations:
Chapters 1 to 3 of this document set forth the scope, normative references, and terms and definitions applicable to the use of this document:
Clauses 4 to 10 contain the requirements used to assess compliance with this document:
This document uses the following auxiliary verbs:
a) "shall" means a requirement;
b) "should" means a recommendation;
c) "may" means permission;
d) "Can" means possibility or ability:
Information marked "Note" is used to guide understanding or clarify related requirements: "Notes" used in Chapter 3 provide additional
information, which may contain provisions relating to the use of the term:
Security and Resilience Business Continuity Management System Requirements
1 Scope
This document specifies the requirements for implementing, maintaining and improving the management system in order to prevent and reduce the possibility of interruption events and to prepare for interruptions:
Prepare, respond and recover from it:
All requirements specified in this document are general and applicable to organizations or their constituent parts of all types, sizes and characteristics: these requirements
The scope of applicability depends on the operating environment and complexity of the organization:
This document is applicable to organizations of all types and sizes with the following needs:
a) implement, maintain and improve the BCMS;
b) ensure compliance with the organization's stated business continuity policy;
c) need to be able to continuously deliver products and services at an acceptable scheduled capacity during the interruption;
d) Attempt to enhance the resilience of BCMS through effective use:
This document can be used to assess an organization's ability to meet its own business continuity needs and responsibilities:
2 Normative references
The contents of the following documents constitute the essential provisions of this document through normative references in the text: Among them, dated references
For documents, only the version corresponding to the date is applicable to this document; for undated reference documents, the latest version (including all amendments) is applicable to
this document:
3 Terms and Definitions
The terms and definitions defined in ISO 22300 and the following apply to this document:
3:1
activity activity
A collection of one or more tasks that achieve a predetermined output:
[SOURCE: ISO 22300:2018, 3:1, with modifications, examples have been removed]
3:2
audit audit
Systematic, independent, and formal review of audit evidence to obtain and objectively evaluate it to determine the extent to which audit criteria are fulfilled
documented process (3:26):
Note 1 to entry: Audits can be internal (first-party audits) or external (secondary or third-party audits), or combined audits (combining two or two
above management system):
Note 2 to entry: Internal audits are carried out by the organization (3:21) itself or by external bodies acting on its behalf:
Note 3 to entry: "Audit evidence" and "audit criteria" are defined in ISO 19011:
Note 4: The basic element of the audit is to determine whether the object conforms to (3:7) whether the object is implemented according to the procedure by the person who is not responsible for the object being audited:
Note 5 to entry: Internal audits may be used for management review and other internal purposes and may form the basis for the organization's declaration of conformity: Independence can be checked by not assuming
activity (3:1) to justify: External audits include second-party and third-party audits: Second-party audits are carried out by stakeholders of the organization, such as
|