營運持續管理的國際標準-ISO 22301已於2012年5月15正式發布
Business continuity management the international standard -ISO 22301already in 2012May15 released
風險議題永遠受企業所關心，而營運持續管理（Business Continuity Management）更是近來眾所矚目的焦點。針對此項，各先進國家已發展出許多規範，其中廣為人知的是英國國家標準BS25999。但放眼國際，卻仍未能有一套可供檢視與驗證營運持續管理能力的標準。因應此狀況，國際標準組織（ISO，International Standard Organization）已於今年5月15發布營運持續管理國際標準－ISO 22301，這將使營運持續管理邁入國際標準的層次。
Risk issues are always enterprises concerned, and business continuity management ( Business Continuity Management ) is currently the focus of attention of the public. In view of this, the advanced countries have developed many code, which is known to the British national standard BS25999. But look at the international, but failed to have a set of available for inspection and authentication business continuity management capacity standard. In response to this situation, the international organization for Standardization ( ISO, International Standard Organization ) in the May 15release of business continuity management international standard ISO 22301, which will enable the business continuity management into international standards.
何謂ISO 22301
What is ISO22301
ISO 22301為第一份直接以營運持續管理（Business Continuity Management）為主題之國際標準。該標準之性質為「要求」（Requirements），因此將可用於稽核與認證。除了ISO 22301外，另有屬於「指引」（Guidance）的ISO 22313，已經編訂草案由各界進行回饋，並預計於年底發布，與ISO 22301合為具有完整架構的營運持續管理國際標準。對於各產業或機關來說，則等於具有一套依照國際共通語言、最佳實務與期望所訂定的規範得以遵循。
ISO 22301 is the first direct to business continuity management ( Business Continuity Management ) as the theme of international standard. The standard of the nature of" request" ( Requirements ), will therefore be available for audit and certification. In addition to ISO 22301, and belongs to the" guidelines" ( Guidance ) ISO 22313, were collected from all the draft feedback, and is expected to release by the end of22301, ISO has a complete framework for business continuity management of international standard. For each industry or authority, is to have a common language, in accordance with international best practices and expectations set by the specification to follow.
ISO 22301的特點
ISO22301 features
在ISO 22301版本中，該標準持續採用PDCA模式架構營運持續管理要求。同時，該版本強化了計畫階段的工作項目，加重對於組織內涵的理解、利害關係人需求的理解、管理階層承諾，使其更能以結構化的方式推展營運持續管理制度。此外，該版本尚有以下特點：
In ISO version 22301, the standard for using PDCA mode framework of business continuity management requirements. At the same time, this version of aggrandizement project project, increase the organizational understanding, stakeholder needs understanding, management commitment, making it more in a structured way to promote business continuity management system. In addition, this version has the following characteristics:
 著重溝通（Communication）機制的設計
emphasizes communication ( Communication ) mechanism design
必須清楚地定義溝通對象、時機與內容，務使溝通方式於事件發生時的持續有效。
We must clearly define the communication object, time and content, so that the communication way in the event lasts.
 增加營運持續策略的資源考量與供應商要求
·increased business continuity strategy resource considerations and requirements of suppliers
原先在BS 25999的要求中，所考量的資源種類僅包含場地、人員、科技、資訊、供應與利害關係人。而嶄新的國際標準中，則新增加了財務、交通等企業應變時的資源考量要項。此外，於供應商部分，也同時提及組織必須評鑑供應商的持續營運能力，使策略考量更加全面。
Originally in the BS 25999 requirements, considering the resources types containing only site,, science and technology, information, supply and stakeholders. The new international standard, added financial, transportation and other business considerations, strain resources. In addition, for suppliers, also mentioned organizations must evaluation supplier continuous operation ability, make the strategy more comprehensive.
 調整事件應變與業務復原時的規劃
* adjust incident and business recovery planning
在事件應變上，則定義為「警告與溝通」（Warning and Communication），並做出完整要求。舉凡自事件的偵測、乃至監控發生時的通報處理等，無不鉅細靡遺。而在業務復原上，除營運持續計畫外，另要求將復原至正常水準之程序加以書面化，以使該計畫方針成為詳盡且具體的標準流程。。
In the event of strain, defined as" a warning and communication" ( Warning and Communication ), and make a complete requirements. Since the event detection, and all control occurs when the notification process, all details. But in the service recovery, in addition to business continuity plan, the other will recover to the normal level of programs to be written, in order to make the planning policy become a detailed and concrete standard process..
 明訂營運持續管理績效評估（Performance Evaluation）的要求
It specifies the business continuity management performance evaluation ( Performance Evaluation ) requirements
在新標準中，要求組織必須設計指標，用以衡量營運持續管理系統實施的績效與有效性。過程中則必須檢視衡量與監控之標的，並設計監控、衡量、分析與評估的方法。才能使所有規劃發揮其最大效益。
In the new standard, organization must design index, used to measure the business continuity management system implementation of the performance and effectiveness of. In the process of measuring and monitoring must view a target, and the design of monitoring, measurement, analysis and evaluation method. Can make all the plans to develop its maximum efficiency.
從BS 25999到ISO 22301
From BS 25999to ISO 22301
既然已有更加全面的標準，許多已經取得BS 25999的組織，自然會關心後續如何發展。依據目前情況，ISO 22301為依據國際標準模式，調整內容章節、格式，並強化前述要求所成。其內容雖已幾乎包含了BS 25999內所有要求，但對於已取得BS25999之組織而言，則必須隨時注意新標準之發布時程以及改版期限，並須盡速評估差異部分，以期進行制度調整與改版驗證。
There has been a more comprehensive standard, many have made BS25999organization, nature will care about how to develop follow-up. On the basis of the current situation, according to the international standard ISO 22301mode, adjust the content, format and strengthen the chapters, the requirements of the. Though its content is already contains almost25999of all BS requests, but for BS25999 has been made of the organization, it must always pay attention to new standard release process as well as the revision period, and shall as soon as possible to assess differences, in order to undertake the system adjustment and revision of verification.
採用國際標準建立符合客戶或法令需求的制度
Adopt international standards established in accordance with customer demand of the system or law
由於該標準是經各國討論而認可的，故可預見當國家需要在特定領域中實施營運持續管理要求時，將必然引用本標準來做為遵循要求；而在產業供應鏈上，也將以本標準作為營運持續管理相互要求的準則。因此，對於想要積極建立營運持續管理機制，或證明營運持續管理能力的組織而言，此標準將會是後續遵循的不二方針。
Since the standard is discussed and approved by the countries, so predictable when the national needs in specific areas in the implementation of business continuity management requirements, will inevitably refer to this standard as follows the requirements; in the industry supply chain, also will be the standard for business continuity management are required standards. Therefore, for those who wish to actively establish a business continuity management mechanism, or proof of business continuity management capacity of the organization, this standard will be the only principle follow follow.