a

Volume 3, No. 5, May 2012, ISSN 2226-1095

Managing crises • Medair CEO : “ Our teams rely on International Standards ”

• Orange Business Services and ISO/IEC 20000 a

Contents Comment

Comment Sadao Takeda, ISO Vice-President (Policy) ISO standards – An essential resource when disaster strikes ...... 1 ISO standards

ISO Focus+ is published 10 times a year World Scene (single issues : July-August, An essential resource when disaster strikes November-December). International events and international standardization ...... 2 It is available in English and French. Guest Interview he recent sinking by the US Coast Guard in the Gulf of Alaska of following an incident might include the Bonus articles : www.iso.org/isofocus+ Jim Ingram – CEO of Medair ...... 3 T ISO Update : www.iso.org/isoupdate a drifting ship, a Japanese fishing vessel unmoored by the tsunami participation of public and private organiza- tions working at the international, national Special Report caused by 2011’s Great East Japan earthquake, coincided with the The electronic edition (PDF file) ofISO and regional levels. Coordinating efforts Focus+ is accessible free of charge on the ISO standards – Preventing and managing crises ...... 8 first anniversary of the event which devastated my home country. The helps to ensure that action is effective, and ISO Website www.iso.org/isofocus+ Get ready, set, go ! – Managing disruptions in emergency situations ...... 10 ship was a haunting reminder of the tragedy Mother Nature (and man) that all relevant parties are kept updated. An annual subscription to the paper edition have wrought on our planet in recent years. The human, economic, This minimizes the risk of misunderstand- costs 38 Swiss francs. Emergency management – Global best practice for an incident response system..... 13 social and environmental consequences are incalculable and will bur- ing and ensures a more effective use of Nuclear criticality – Mitigating the consequences of an accident...... 16 combined resources. den our communities for decades to come. Publisher Are you ready ? – ICT readiness and business continuity ...... 19 ISO standards help ensure timely, relevant ISO Central Secretariat and accurate operational information by (International Organization for The “ international ” language – How safety signs and graphical symbols In 2010 alone, a volcano in Iceland played to the World Bank). A year later, thousands specifying process, systems of work, data Standardization) help reduce risks to people ...... 22 havoc with air travel ; massive earthquakes are still missing. capture and management. 1, chemin de la Voie-Creuse in Chile, Indonesia and New Zealand caused 2011 had not finished exacting its cruel ISO standards help to reduce impact and CH – 1211 Genève 20 The Great East Japan Earthquake – Could better crisis management hundreds of casualties and widespread dam- toll on Asia. Following severe monsoon risk through proactive measures taken before Switzerland and ISO 24511 wastewater guidelines have helped ? ...... 26 Tel. : +41 22 749 01 11 age. Haiti was hit by a killer earthquake flooding in Thailand that took the lives of an emergency occurs. They provide criteria Fax : +41 22 733 34 30 Attention water utilities ! – Future ISO guidelines for crisis management ...... 28 (which destroyed infrastructure and led more than 800 people, “ Washi ”, a late- for the establishment and the implementation E-mail : [email protected] to polluted water supplies and a cholera season tropical cyclone, resulted in over of actions that will mitigate the consequences Centre-fold outbreak), and by flood waters generated 1 200 fatalities in the Philippines. of natural or accidental disasters. Manager : Roger Frost Be prepared ! ...... 24-25 by Hurricane Tomas. Conflicting estimates International Standards encourage com- Editor in Chief : Elizabeth Gasiorowski-Denis of the death toll range from 200 000 to over munity participation in the development Assistant Editor : Maria Lazarte Planet ISO 300 000 Haitian lives lost. ISO standards help and implementation of incident response Communication Officer : Sandrine Tranchard News of the ISO system ...... 32 Tornadoes in the USA, born in “ Tornado handle incident response measures, to ensure that a response is not Artwork : Xela Damond, Pierre Granier Alley ” and beyond, left destruction and chaos only tailored to the needs of the affected and Alexane Rosa in a crisis. Management Solutions in their wake including some 350 deaths. population, but also culturally appropriate. Translation : Translation Services, And when Mother Nature relented, Catastrophes will always happen, but I ISO Central Secretariat IT service management – ISO/IEC 20000 eases transition to cloud computing man-made disasters did not : an explosion When disaster strikes, it is already too late hope ISO standards will increasingly help for Orange ...... 34 on the Deepwater Horizon in the Gulf of to mitigate impact and better prepare the Subscription enquiries : Sonia Rosas Friot to put together a system of response. The Mexico started an oil spill that destroyed world’s citizens to manage emergencies, ISO Central Secretariat Greenhouse gas emissions – ISO 14067 to enable worldwide comparability ultimate purpose of emergency management improve coordination and cooperation to Tel. : +41 22 749 03 36 of carbon footprint data ...... 37 lives, livelihoods and the environment. is to save lives, preserve the environment and ensure that precious time is not lost when Fax : +41 22 749 09 47 The world was riveted by the spectacle protect property and the economy. Emergency disaster strikes.  E-mail : [email protected] Standards in Action of the desperate (and ultimately successful) management is comprised of interdependent attempt to save the lives of 33 miners in risk-based functions : preparedness, prevention/ Rebuilding from rubble – Lessons learned help New Zealand be better prepared ... 39 © ISO, 2012. All rights reserved. Chile following a cave-in (due to poorly mitigation, response and recovery. maintained mine structures). 360° ISO, in cooperation with international The contents of ISO Focus+ are copyrighted And then, on 11 March 2011, the most organizations, associations, governments, and may not, whether in whole or in part, Safety first – Global regulations protecting lives and property ...... 42 powerful earthquake ever to hit Japan, a business, manufacturing, academia and be reproduced, stored in a retrieval system or ISO 26000 in China – A new way of doing business ...... 46 magnitude 9.0 undersea megathrust earth- consumer groups, is working to develop transmitted in any form or by any means, elec- quake, struck off the coast of Tohoku and a effective standards to prepare and respond tronic, mechanical, photocopying or otherwise, New Releases chain reaction was set off. Tsunami waves to emergencies. without written permission of the Editor. were triggered, reaching heights up to 40 Adobe Extensible Metadata Platform (XMP) – Now an ISO standard ...... 48 ISO International Standards are valuable, The articles in ISO Focus+ express the views metres, some travelling up to 10 km inland. capacity-building tools. They outline global of the authors, and do not necessarily reflect Coming Up 49 After the earthquake, three of the reactors best practice to establish command centres, the views of ISO or of any of its members. at the Fukushima Daiichi nuclear power oversee organizational structures and proce- plant experienced meltdown, and several dures, support decision making and promote ISSN 2226-1095 hydrogen explosions occurred. traceability and information management. Printed in Switzerland Almost 17 000 people lost their lives in In the midst of disaster, harmonized what became the natural disaster causing the international guidance such as that provided Cover photo : ISO, 2012 greatest economic loss in history (according by ISO standards is essential. Response Sadao Takeda, ISO Vice-President (Policy).

ISO Focus+ May 2012 1 a World Scene Guest Interview

Measuring everything “ Quantities and units enable every aspect of our lives. Without the metric system con- Jim Ingram tained in International Standards, a whole range of activities, from shopping at the supermarket to industrial production, to sci- Some species have become extinct and it Medair entific research, to international trade, would is estimated that between 30 % to 35 % of be at best extremely haphazard,” says ISO critical maritime habitats such as seagrasses, Secretary-General Rob Steele in the foreword mangroves and coral reefs have been destroyed. of the latest edition of Metric Standards for The Convention on Biological Diversity aims “ I think we are only starting the journey Worldwide Manufacturing. to protect this rich heritage. Marine biodiversity towards safety right now,” said ISO Deputy Jim Ingram was appointed is therefore the theme of the 2012 International Secretary-General, Kevin McKinley, “ We Medair CEO in June 2011. Day for Biological Diversity (IDB) are getting global, and we are bridging public held on 22 May. The event is an and private sectors much better than we ever opportunity to raise awareness have. Use of standards like ISO 22000 on Mr. Ingram was raised in and take action. food safety is growing every year in leaps Ontario, Canada, where he The ocean covers 71 % of the and bounds, and people are seeing the benefits surface area of the globe, and con- of finally having one consistent approach for spent nine years in univer- stitutes over 90 % of the habitable managing food safety in their organizations sity, getting a number of space on the planet. From 2000 to that is becoming more and more accepted. So I think this is just the start.” degrees. His studies includ- Weights and measures have been fun- 2010, an unprecedented worldwide Watch the videos : www.youtube.com/ damental to commerce, production and collaboration by scientists around ed mathematics, computer the world set out to try and determine FoodSafetyConference technology since ancient times. The Treaty science, economics, and phi- of the Metre in 1875 laid the basis for how much life is in the sea. Known today’s international metric system – the SI as the “ census of marine life ”, it World Water Forum losophy. He spent some time involved 2 700 scientists from over International Standards maintain the science ISO solutions to vital water challenges working for the Canadian of measurement at the state of the art and help 80 countries, participating in 540 expeditions around the world. were at the heart of a workshop held in March create confidence in products and services. th Government before begin- Although scientists are still working through 2012 in conjunction with the 6 World Water Today, the international metric system is Forum (WWF), in Marseille, France. ning his career at L’Abri defined in International Standards developed the results, it is believed an estimated 250 000 by ISO technical committee ISO/TC 12 and species inhabit the ocean, though the census Fellowship Foundation in team suggested it could be at least a million. the International Electrotechnical Commis- Switzerland. From 1980 sion’s IEC/TC 25, both of which are entitled Some think the figure could be twice as high. Quantities and units. In 2009, ISO and IEC ISO standards for environmental manage- until 2003, he worked at ment, maritime environmental protection, completed a new, harmonized, International L’Abri as a teacher, counsel- Standard, with the ISO and IEC designation fisheries and aquacultures can help. Examples 80000, Quantities and units, with 14 parts. include standards for risk assessment of anti- lor, treasurer, and as direc- fouling in ships, oil spill responses, environ- The metric system is subject to continual tor. For 15 years, he was the improvement. Recent developments include mental monitoring of finfish farms’ impact, telebiometrics, which increases the reliability and fish-in/fish-out ratios, to name a few. Executive Director of Swiss of biometric data, used extensively in security L’Abri. He was the trustee and health care applications. Together for food safety of six L’Abri foundations Rob Steele concludes, “ The metric sys- Advancing global food safety through col- tem defined in International Standards is laboration was the theme of the 2012 Global WWF mobilizes creativity, innovation, around the world, and was indispensable for manufacturing in a world Food Safety Conference, which brought competence and know-how in favour of water. instrumental in opening a networked by global supply chains. Metric together more than 900 leading food safety It gathers all stakeholders around today’s Standards for Worldwide Manufacturing will experts and decision makers from over 50 local, regional and global issues to tackle the branch in his home country. be extremely useful for engineers, scientists, countries, in Orlando, USA. technical writers, teachers and students.” challenges our world is facing and to push water high on all political agendas. More In 2004, Jim began work- How much life in the sea ? than 35 000 participants attended the event. ing for Medair and he has The workshop, “ How can ISO standards Fishing, shipping, tourism and other human address global water challenges ?,” focused been an integral part of the activities are having disastrous consequences on ISO’s tools for the assessment, improve- organization ever since. on marine biodiversity. ment and management of service activities for drinking water and wastewater systems He has served as Director and for asset management, which can help of Finance, Interim CEO, water authorities and operators meet the expectations of consumers and the principles and as a key voice on the This year’s conference was the largest and of sustainable development. Executive Leadership Team most successful yet. Attendees represented the It also looked at water management during whole spectrum of the supply chain including crisis conditions, and at ISO’s most recent (ELT). As a member of the growers, manufacturers and retailers, along work on the reuse of treated wastewater for ELT, he has been involved with public and private entities and both inter- irrigation, which aims to prevent any adverse national and local stakeholder organizations. impacts on public health and the environment. in all the major decisions A series of videos were prepared for the The workshop was organized by ISO and about Medair’s mission and conference featuring various key stakeholders facilitated by AFNOR (ISO member for in the industry, including ISO. France). its implementation.

2 ISO Focus+ May 2012 ISO Focus+ May 2012 3 a

Guest Interview

ISO Focus+ : Medair has been certified those indicators and adjusting our activities and Zimbabwe – how do International Stan- to ISO 9001 since 2001. Could you please when necessary. dards help you in such diverse situations ? Medair explain why a quality management system Jim Ingram : We provide relief and recov- ISO Focus+ : How has it evolved over is important for Medair. What added value ery/rehabilitation in response to sudden the years ? At what levels does it con- Medair’s mission is to seek out and serve does it bring your association ? natural disasters, like the 2010 earthquake in tribute – operational, top management, the vulnerable women, children, and Jim Ingram : First and foremost, Medair Haiti, to slower onset emergencies such as strategic, etc. ? men in crisis who live in often difficult- the drought in the Horn of Africa last year, has always been focused on and committed to-access regions in Africa, Asia, and Jim Ingram : Our QMS is dynamic and and to people in need because of conflicts, to the people we serve and work alongside other areas with extreme need. Medair of, our beneficiaries. Medair has embraced seeks to promote a culture of improvement. as in the Democratic Republic of Congo and brings life-saving relief and rehabilitation quality since we were founded in 1988. Today, we actually speak less of the certi- South Sudan. The nature of each crisis or in disasters, conflict areas, and other Quality at Medair has three dimensions : fication. That is because over the years, we emergency leaves people affected in differ- satisfying the needs of our beneficiaries ; have incorporated the ISO QMS principles ent ways, which means our response must crises by working alongside the most professionalism in how we work; and a into a Medair organizational management adapt to these specific needs. vulnerable. constant focus on improvement. system, adapting the ISO standards to meet The first step in any response is to identify Medair is a non-governmental organization our internal requirements, while remain- the people who are most vulnerable and (NGO), with internationally recruited staff ing aligned with external, internationally affected and then decide on how we will who are motivated to care for people in Medair’s work recognized standards of practice. intervene. To do this, our programming, need. Its work is compassionate and has made a profound For example, we recently reviewed logistics and technical advisory teams procedures in our QMS to better identify practical, providing life-saving care and : Miguel Samper difference for millions internal control points and related risks. support that upholds the dignity and of people. Photo These improvements contributed to suc- independence of those served, regardless Dispatching emergency kits following an outbreak of dysentery in the Democratic Republic of Congo. cessful audits of our internal control system, of race, religion, gender, age, or politics. which were conducted as part of relatively Since 1989, Medair’s work has made Medair made a strategic decision in of Medair humanitarian activities. Our beneficiaries, donors, and staff to help us new requirements for Swiss non-profit a profound difference for millions of 2000 to demonstrate a commitment to QMS helps keep our beneficiaries central better respond to changes in our operating organizations to demonstrate operational quality and our beneficiaries by putting to our mandate. environment. control systems. people, enabling lives to be saved and in place a quality management system Quality is about performance to standard Our certification brings added value by From a strategic perspective, we looked sustained for a better future. Together (QMS) based on ISO 9001. When Medair and continuous improvement. At Medair, providing a solid framework and an adapt- at lessons learned from our emergency with its donors and partners, Medair is achieved the ISO 9001:2000 quality cer- we strive to do this by following a disci- able context for planning our humanitarian response in Haiti in 2010, and are devel- unwavering in its commitment to bring tification, we named the beneficiaries as plined cycle of planning, doing, evaluat- interventions, setting standards and indica- oping our capacity for a more rapid and hope to the world’s most vulnerable. the primary stakeholder or “ customer ” ing and improving – using input from our tors, measuring our performance against improved response through a dedicated emergency response team at headquarters. At the same time, Medair continues to address emergencies as part of our ongoing programming in the health, nutrition and water/sanitation/hygiene (WASH) sectors, through outbreak preparedness including pre-positioning of supplies, training and capacity building of local staff.

Our QMS helps keep our beneficiaries central to our mandate.

Our certification is worldwide and encom- passes our field operations, headquarters and affiliate offices. Medair is fully committed to quality in our work from field activities in remote and hard-to-reach places, to senior management and our International Board of Trustees.

ISO Focus+ : Medair implements a wide variety of relief and rehabilitation projects in disaster, and conflict areas, ranging from : Jan Joseph Stok sanitation to shelter, to water, in countries Photo such as Afghanistan, D.R. Congo, Haiti, Mother and child in a Medair clinic in Somaliland. Madagascar, Somalia, Sudan, South Sudan Clean water from a Medair-designed hand pump system in cyclone-flooded Madagascar.

4 ISO Focus+ May 2012 ISO Focus+ May 2012 5 a

Guest Interview

clearly established processes and emergency protocols in place across Medair to be able to execute rapidly once we make the deci- sion to intervene. Here again, International : Jaco Klamer

Standards provide a framework for having Photo in place the processes and protocols we need to execute with quality and deliver aid to our beneficiaries.

ISO Focus+ : On your Website, you say : “ We are focused on using our funds with integrity, ensuring maximum efficiency and accountability for all our programmes ”. How does certification affect your fund- raising efforts vis-à-vis institutional and private donors ? Jim Ingram : Quality is intrinsically linked to two of our core values – account- ability and integrity. We are committed to employ best practices in our management and operations, pursuing excellence in all we do. Funding partners, both public and private, entrust us with their money. They expect effectiveness and professionalism. : Colin O’Connor We are accountable to them for what we

Photo do with it and we seek to provide a clear and accurate account of what we have done Getting feedback from a beneficiary in Haiti. in relation to what we said we would do, rely on International Standards, such as regardless of the amount of the donation. the Sphere standards which represent Medair’s funding Medair’s funding comes in large part from sector-wide consensus on best practice in institutional donors. They have rigorous humanitarian response. comes in large part requirements for reporting on how we use Technical standards provide us with from institutional donors. their funds – as they should. We have seen guidance that can be adapted operationally a steady increase in the number of required to these diverse situations, while the larger Nutritional assessment in Somaliland. QMS creates the framework for planning, implementing, managing and measuring audits at various stages of our projects. were developed, and used as they are recognized standards and initiatives, not our responses. It gives us a strong set of Within our QMS, we have established sys- today. We adapted the ISO standards to our duplication. ISO management system tools for putting quality in context for each tems that allow us to meet their reporting context. However, there are now dedicated standards can continue to be a framework project we undertake. requirements and have mechanisms in place standards to help the humanitarian com- for implementing processes and operating to follow-up on the audit recommendations. munity improve accountability, quality principles to achieve those standards. ISO Focus+ : Medair brings emergency While certification is not a goal in and performance in humanitarian action. Some adaptation, however, is required to relief and rehabilitation to more than two itself, it can be an indicator to a donor Key groups such as the Sphere Project, fit non-profit organizations, as Medair has million people a year in some of the most that Medair can be trusted, because it People-In-Aid and HAP (Humanitarian done and will continue to do. vulnerable countries in the world, employ- signifies that we are proactively engaged Accountability Partnership) and ALNAP Another important work item that ISO ing well over one thousand international in ensuring the best possible results with (Active Learning Network for Account- can develop will be continued guidance and national staff. How do International the money entrusted to us. ISO 9001 is ability and Performance in Humanitarian around social responsibility, a topic that Standards help in Medair’s work processes just one certification that is relevant for Action) are seeking how to work even is getting a lot of attention these days. for emergency preparedness ? us. Private donors in Switzerland, where more closely together in this area. From our donors to the beneficiaries we are based, are familiar with and trust Jim Ingram : Emergency preparedness we serve, our stakeholders have expec- the ZEWO label and what it represents in involves more than just a dedicated team to tations regarding our actions toward our fundraising practices. assess and plan an intervention. The entire ISO 26000 is relevant social responsibility. The core subjects organization must be ready to contribute for humanitarian of ISO 26000:2010, Guidance on social ISO Focus+ : What are your expectations to the relief effort – from the team that responsibility – human rights, labour and needs for future ISO standards ? organizations like Medair. actually goes in, to the teams carrying out practices, the environment, fair operating various support activities that are required Jim Ingram : Medair chose the route of practices, consumer issues and community to make it work, such as human resources, the ISO 9001 certification before many Any ISO work to further the development involvement and development – are plainly communications and fundraising, finance and of the major humanitarian quality and of internationally accepted parameters in relevant for humanitarian organizations information services. This means we need South Sudanese children with measles vaccination cards. accountability initiatives and standards the non-profit sector should contribute to like Medair. 

6 ISO Focus+ May 2012 ISO Focus+ May 2012 7 a Special Report

ISO standards Preventing and managing crises

by Sandrine Tranchard

On 11 April 2012, a powerful earthquake with a magnitude of 8.6 struck off the Indonesian island of Sumatra. Lessons had been learned in the aftermath of the December 2004 earthquake (with a magni- tude of 9.0) that had generated cataclysmic tsunamis and resulted in 230 000 deaths.

Back in 2004, there were no sea-level but preparedness is the key to limiting the monitoring instruments in the Indian Ocean. toll that must be paid. But by April 2012, a large network of The theme of this Special Report addresses seismographic centres, coastal and deep- crisis management and features articles on ocean stations had been created to detect how International Standards protect and potential tsunamis. Centres issue watches, if support stakeholders involved in preparing necessary, to national bodies in the region. for, and managing, emergencies. It is then the responsibility of each national Topics range from keeping the water agency to alert its population, by whatever supply clean to the safe maintenance of means they have at their disposal. nuclear reactors, how to manage risk and This time, warnings of the threat of a IT preparedness for business continuity and tsunami could be broadcast across the disaster recovery. An article also outlines Indian Ocean in real time. Thankfully, a global best practices for establishing an tsunami never materialized, but the system incident response system contained in a had shown that it worked, giving safeguards new emergency management standard, for the future. helping both the public and private sectors That such a sophisticated, early-warning system had come into being in the wake of to prepare and implement an effective 26 December 2004 was due to a colossal, incident response. multinational effort spearheaded by the Inter- This issue also presents examples governmental Oceanographic Commission. of lessons learned in the aftermath The speed of transmission of information of disasters in Japan and New Zea- had to be accelerated if real-time warnings land, to illustrate how International were to become reality. Standards can help in the manage- Earthquakes, tornadoes, tsunamis, hur- ment of crises, their consequences ricanes, wildfires that burn out of control, and put communities, countries and floods that wash away human lives and the world on the road to recovery. property: add to those natural disasters Whatever the issue that might arise the ones man creates intentionally (crimi- prior to, during, and after a disaster, ISO nal acts, terrorism) and unintentionally has many essential roles to play. The fol- through accidents, negligence, a lack of lowing pages showcase a handful of such preparedness for unexpectedly catastrophic examples and how ISO standards are valu- circumstances (a tsunami invading a able, capability-building tools in handling nuclear reactor and leading to equipment incident response to any crisis.  failures, a nuclear meltdown and the release of radioactive materials). Managing the Sandrine Tranchard is a Communication Officer, aftermath of these crises is a huge task, ISO Central Secretariat.

8 ISO Focus+ May 2012 ISO Focus+ May 2012 9 a

Special Report

There are sound practical, social and Such a document will be used by : those There is no need to address the entire risk economic reasons for having such an responsible for emergency preparedness management framework or the risk man- approach to the conduct of emergency risk policies, plans and procedures ; those agement process as outlined in ISO 31000. assessments. These include : accountable for ensuring disruption-related However, because the focus is on the assess- • Improving the understanding of risk is effectively managed in a community ment of risks from emergency events, the Get ready, set, go ! emergency risk issues and ensuring or organization ; specialist risk practition- management of emergency risks is directed that risk treatment measures provide ers who must apply the methodology ; towards, and in line with, International a sound return on investment in terms those who evaluate the effectiveness of Standards for risk management. Managing disruptions of knowledge, skills and resources (for emergency preparedness practices ; and The resulting document should produce in emergency situations example, capital, time, people, pro- other stakeholders. a risk assessment methodology that : cesses, systems and technologies) • Facilitates a focus on risks in small • Standardizing risk assessments and the Not all emergency events (e.g., organizational or municipal) or development of alternative risk reduc- are caused by nature. large (regional and/or national and/or tion proposals so that all involved global) areas speak the same language of risk • Is useable for both risk from and risk • Increasing transparency so that assess- The methodology needs to focus on to (e.g., risk from flood, typhoon, ment processes can be followed easily, emergency events and be concerned with tsunami and wildfire; and risk to checked or modified in the light of the risk assessment of events that require buildings or infrastructure from all or improved knowledge or information the development of effective emergency specific sources of disruption-related preparedness plans. Although the focus • Improving consistency to allow mean- risk) ingful comparisons between different should not be on risk management, risk by Kevin W. Knight AM* • Uses a scenario-based approach disruption-related risks. mitigation or addressing business continuity processes and practices, these can benefit • Samples risk across a range of credible ffective responses to a frequently wide range of disruption-related To meet the challenges of disruption- from the methodology’s outputs. consequence levels E related risks, the above objectives must be risks require a concerted approach to the management of emergency addressed in the development of emergency preparedness. preparedness plans. In this way, individual, organizational, municipal, regional, national and global needs can be met.

This can be achieved by applying • Test and measure the probable out- an organization’s proactive provision of Understanding risk ISO 31000:2009, Risk management – come of controls and other mitigation resources to ensure that critical societal Principles and guidelines, to the develop- strategies (identifying and quantifying or business objectives continue to be met To achieve these goals, responsible organi- ment of emergency preparedness plans residual risk) in the face of any disruption-related risk. zations should develop an appropriately contextualized emergency risk assessment and processes. • Determine how the organization will Resource, time and capability constraints methodology consistent with ISO 31000. Disruption-related risks are a result of continue to achieve these objectives will usually mean that any plan has to Given the complexity and severity of natural, biological, technological, industrial should additional disruption-related focus its emergency preparedness plans possible outcomes as a result of emergency and other human activities, and can lead to risks occur. on key deliverables. This may mean the significant social and economic costs for disruption of critical activities for defined events, the guidelines need to generate an individuals, organizations, municipalities, These key aspects apply to all private and periods. Following this, other objectives integrated, comprehensive and objective regions and countries. public organizations required to develop and more extended disruption timelines understanding of emergency risks. This Specific effects include : damage to an effective emergency preparedness can be addressed. will inform the emergency preparedness property, infrastructure and facilities ; programme. plans required. financial costs and indirect economic losses ; Risk-assessment methodology Outputs from risk assessments under- fatalities, injuries and illness ; impairment taken using the resultant methodology must of ecosystems and loss of biodiversity ; and There is a need for Those charged with producing emergency seek to improve decision making about social and cultural losses. a concerted approach preparedness plans and processes therefore the allocation of scarce resources for risk To respond effectively to these chal- to the management need to develop a risk assessment methodol- treatment and emergency preparedness ogy to clearly understand the objectives that plans and procedures. lenges, effective emergency preparedness of emergency plans must : need to be addressed by The emergency risk assessment methodol- preparedness. the emergency pre- ogy developed must be scalable, capable of • Understand what the body developing paredness plan. being used for assessing emergency risks the plan must achieve – the critical arising from any hazard and able to be objectives With little modification, these same used from an individual to a global level. • Identify possible barriers or inter- aspects can be applied to address the Depending on the context of its application, ruptions in trying to achieve these needs of even the smallest organization or any study conducted using the methodol- objectives municipality. There is no need to approach ogy will necessarily focus on particular emergency preparedness as a monolithic hazards of significance and impact for the * Member of the General Division programme. More than solely the writ- community in question. of the Order of Australia. ing of a plan, emergency preparedness is

10 ISO Focus+ May 2012 ISO Focus+ May 2012 11 a

Special Report

• Identifies current risk under existing The result of a need for a standard based controls, and residual risk assuming on international experience, ISO 22320 implementation of additional controls HEAD PROTECTOR CELLULAR PHONE outlines global best practice for establish- or control improvements ing an incident response system. While it • Provides base-line qualitative risk does not touch on legal regulation, it defines ADHESIVE minimum requirements for the single- and assessments and triggers for more TAPE detailed analysis multi-organizational collaboration of parties involved in preparing and implementing • Allows risk evaluation at varying EMERGENCY effective incident responses. levels of confidence NUMBERS • Provides comparable outputs which GAUZE Emergency management rate risk and suggest ways to reduce SMALL explained risk. FLASHLIGHT ANTISEPTIC “ Emergency management ” can be defined EXTRA OINTMENT differently according to the language, Applicable to all emergencies BATTERIES nationality, organization or legal regula- In many jurisdictions, emergency pre- tions involved. For ISO 22320, emergency paredness planning focuses on the sudden FIRST AID KIT management is the overall approach for onset of natural hazards. These include GAUZE PADS preventing and managing emergencies. As earthquake, flood, storm, hurricane, storm shown in Figure 1, emergency management surge, debris flow, tsunami and wildfire. consists of all three phases of a disruptive DISPOSABLE COLD PACK event (before, during and after) and vari- Of course, not all emergency events are GLOVES caused by nature. However, consequences ous activities. from emergency events may be similar, Incident response comprises actions to regardless of the trigger involved. It is BAND AIDS stop the causes of an imminent hazard, and/ RUNNING therefore imperative that the final document Emergency or mitigate the consequences of destabilizing adopt an all-hazards approach and provides SHOES or disruptive events, and/or recover. These a method that is suitable for considering events include natural disasters, terrorist other sources of risk. These include disease threats, poor IT security or an industrial management fire disrupting the product chain. The main (human, animal and plant), insect/vermin plague, and those risks arising from tech- activities of an incident response are : nological and other human sources, unless preparedness plans have the required man- process – including concerns – can be Global best practice • Warning, alerting and activation of specific risk assessment techniques have date and commitment from top management considered, captured in the risk register incident response been developed for the detailed analysis to facilitate their activities. and assessed through to the risk evaluation. for an incident response system • Command and control, information, of particular hazards. Above all, effective emergency prepared- coordination and cooperation ness requires a fundamental cultural change Defining scope by Ernst-Peter Döbbeling • The response to the incident to save in a society or organization, including an lives and mitigate negative effects. Outputs from risk The scope of the risk assessment needs acceptance of uncertainty and imperfection. assessments must seek to be adequately considered to define the People and organizations need to appreciate In the public and private sectors, a key task is minimizing the impact The warning of the population at risk is a required data. Because the management to improve decision that risk is inherent in every decision and of the disasters and crises that follow natural, negligent or intentional key part of incident response. An ISO stand- of risks from emergencies could involve activity, and that part of this risk has the incidents. When major incidents occur, they regularly demonstrate the ard currently in development, ISO 22322, making. multiple hazards, the definition of scope potential to create disruption. As a result, importance of an effective response. Fortunately, ISO 22320:2011, Societal security – Emergency management must address the range of hazards for a they need to consider how they will manage – Public warning, will cover this. single event or multiple events, the relevant any resultant disruptions to their activities. Societal security – Emergency management – Requirements for “ Command and control ” has its origin in ISO 31000 states that the success of risk community including its geographical or There is no single solution for engender- incident response, enables organizations to respond efficiently and military and police terminology. It is now management depends on “ …the effectiveness jurisdictional boundaries, and relevant ing the required cultural change, although effectively. a more generic term for target-orientated of the management framework providing the timelines. Accordingly, consideration needs appropriate communication certainly helps foundations and arrangements that will embed to be given to determine : the emergency to achieve success.  At first it might be surprising to see the it throughout the organization at all levels ”. event(s) ; the sources of risk (describing publication of an International Standard for An appropriate methodology ensures that the hazards) ; and the impact categories Before incident During incident After incident About the author incident response. This is because emergency information on disruption-related risks will (describing the elements at risk). be adequately reported and used at relevant Consideration may also be given to the management is widely seen as a matter Resilience Prevention Preparedness levels in decision making with respect to fact that emergencies can have beneficial Kevin W. Knight for public or governmental organizations Incident response emergencies and the development of effec- long-term consequences for the relevant AM is Chair of operating within a legal framework. ISO/PC 262, Risk Warning Mitigation tive emergency preparedness plans. These community, which might (partially) offset But today, incident response has become a activation CCICC* of effects are to protect individuals, organizations, immediate or short-term detrimental impacts. management, and broader multi-organizational, multinational municipalities, regions and countries, and Also, consequences beyond the region or was Convenor of concern in which private and public actors Business continuity Recovery are also applicable globally, as required. jurisdiction of concern may increase or the ISO working collaborate. Following business continuity * Command and Control, Information, Coordination and Cooperation It ensures that those charged with devel- reduce those within the region. In general, group responsible analysis, many companies have identified oping, testing and implementing emergency any issue raised during the risk identification for ISO 31000:2009. the requirement for a response system. Figure 1 : Phases of emergency management.

12 ISO Focus+ May 2012 ISO Focus+ May 2012 13 a

Special Report

implementation of an ongoing process • Preparation and implementation of a for providing operational information, logistic support network. Incident including necessary activities, as shown in Figure 3. It also explains how information Cooperation is an agreement to work can be integrated, evaluated and interpreted or act together for common interests and to create operational information which values. The complexity of national and Implementation Feedback fulfills quality criteria. All professionals international public and private collabora- of decisions and control in incident response are aware of the high tion has produced new ways of working importance of information processing and together in incident response. Private-public documentation. partnership or contract-based company partnerships have partly replaced traditional systems. An example is public emergency services combined with private services Information ISO 22320 applies supplying food, energy or shelter. gathering to all private- and public- and sharing Private companies implement mutual sup- sector organizations. port to avoid service interruption and ensure opportunities for effective and economical A good reaction to disruptive situations business continuity. They agree in advance incident response planning. Cooperation is driven essentially by information avail- by contract or arrangements to contribute Decision can reduce or share costs and improve ability and information exchange. The Assessment with their resources to incident response. making of situation and Another process in energy management business continuity and recovery. standard outlines the information process and sharing forecast is coordination. Often, many organizations and the relevant quality criteria. have to respond to an incident and interact. Incident response Benefits to all In incident response today, collabora- For example, public emergency services comprises actions tion between organizations, companies interact with private industry services, indus- ISO 22320 applies to all the private- and or governments is based on coordination, Planning try interacts with energy or water suppliers, to stop the causes public-sector organizations that can be cooperation and public-private partnership. and police interact with fire and ambulance of an imminent hazard. involved in incident response. An organi- In many countries, the hierarchical struc- services. Each organization has its own line zation can use this standard to identify its ture is still the only way of handling incident Figure 2 : Example of the command and control process in a single hierarchical organization of hierarchy, command and information. with limited coordination needs. individual performance requirements and response in emergency management. For Coordination is the way in which such Cooperation has to be assessed, pre- organize decision making in crises when them, this standard presents a wider view different organizations work together to pared, established and tested in advance on normal hierarchical decision making is for preparedness in incident response. decision making in which decisions are taken example. This process changes due to the achieve a common objective. The chal- the basis of risk analysis. This facilitates interrupted. For developing countries, this stand- under time pressure and with incomplete impact of response measures (positive) or lenge is to integrate individual responses ard is a neutral best praxis document for information. It is more effective when a to the evaluation of the incident (negative). to achieve synergy to the extent that the planning and implementing a complete, structured command and control system is Operational information provides the incident response has a unified objective well-structured incident response system. implemented. This ensures, for example : basis for situational assessment and decision Incident and a consensus decision-making process. An ISO standard-based incident response making. The production, integration and • A common understanding of aims and Without coordination, organizations have system offers the opportunity for trans- dissemination of operational information purpose difficulties in identifying a common inci- border collaboration. It also facilitates good are essential elements in command and • A common operational picture of the dent response goal and accepting strategic Implementation Feedback incident response coordination between control. In an emergency or crisis, normal implementation. and control situation of decisions governmental organizations and industry.  information paths can be interrupted and ISO 22320 lays out the principles for a • Links with other organizations outside the information itself can be subjective, multi-organizational command and control the line of command intentionally manipulated or wrong. process with an enhanced need for coordina- • The appointment of relevant managers. ISO 22320 supports the definition and tion and information sharing, as shown in About the author implementation of effective incident Figure 4. Following a best praxis analysis, Coordinated In the standard, command and control information processing. It describes the effective coordination is shown for the : information gathering can be organized for public emergency and sharing Prof. Ernst-Peter services as well as for private industries. • Setting of boundaries (geographical Döbbeling is Pro- The standard gives examples for typical EVALUATION and areas of responsibility) between fessor of security roles and responsibilities ; but of course the different organizations and safety engi- Dissemination Organization A Organization B these must be adapted to the local frame- • Interoperability of communication, neering at Furtwan- and Coordinated Coordinated work of incident response and to the types integration geographic and information manage- decision making Field of coordination assessment of gen University, of possible incident. Analysis and Planning ment networks and sharing and information sharing situation and Germany. He is The standard also describes how to : production and forecast also Convenor MISSION direction • Identification of common and transpar- identify and define incident response levels; ent decision-making procedures Organization C Organization D of ISO technical structure command and control according to committee ISO/TC 223, Societal security, • Implementation of an information political, strategic and tactical needs ; and Processing working group WG 3, Emergency man- and sharing and situational awareness create a response system which is scalable Collection agement. exploitation policy to different incident types and sizes. Coordinated He has previously been Chief Fire Officer planning The command and control process fol- • Implementation of a communica- at CERN (European Organization for A CK lows the principle of Plan-Do-Check-Act. ND FEEDBA tion flow plan and communication Nuclear Research), Geneva, Switzerland, guidelines Adapted to incident response, the process Figure 3 : The process of providing Figure 4 : Circular chart for a multiple hierarchical command and control process and Director of Fire and Rescue at Lud- includes four steps as shown in the Figure 2 operational information. • Division of operational tasks with enhanced relevance of coordination. wigshafen on Rhine, Germany.

14 ISO Focus+ May 2012 ISO Focus+ May 2012 15 a

Special Report

Non-reactor nuclear facilities with operations, processes, storage, handling and on-site transport of significant quanti- Enrichment Fuel fabrication ties of fissionable materials are required to maintain a nuclear criticality safety (NCS) Conversion programme for the prevention of nuclear For natural uranium fuels criticality accidents, in accordance with ISO 1709:1995, Nuclear energy – Fissile materials – Principles of criticality safety Milling Recycle in storing, handling and processing. NCS programmes determine the need for nuclear MOX fuel fabrication Nuclear criticality accident alarm systems. An evaluation is performed for all activi- ties having inventories of fissionable materi- als in individual unrelated areas exceeding Reprocessing Power plant criticality 235 233 700 g of U, 520 g of U, 450 g of the Electricity fissile isotopes of plutonium or 450 g of any combination of these isotopes. Mining

SS0059AB. 1 2012-04-18 15:15:12 Preparedness and response Implicit to the evaluated need for a HLW Spent fuel storage nuclear criticality accident alarm system is the requirement for the implementation of emergency preparedness and response plans. In consideration of such a need, Mitigating the consequences ISO 11320:2011, Nuclear criticality safety – Spent fuel Emergency preparedness and response, was disposal of an accident developed. The new standard is designed Source : International Atomic Energy Agency. to mitigate a nuclear criticality accident’s impact on human health and safety, quality Figure 1 : Domain of nuclear criticality safety standards for non-reactor nuclear facilities (outside the red bounded areas). of life, property and the environment. It was developed by ISO technical commit- storage, handling, and on-site transportation tee ISO/TC 85, Nuclear energy, nuclear of fissionable materials before and after Safety record technologies, and radiological protection. their use in nuclear reactors. NCS analysis for the international trans- Various ISO standards exist and are devel- Although the world’s non-reactor nuclear facilities have had an excellent 60-year safety portation of fissionable material packages oping to assist facility NCS programmes record overall, there have been 22 nuclear criticality accidents. The first was in 1954, is required and governed by International in the prevention of nuclear criticality and the most recent was in 1999 (see Figure 2 on next page). accidents. Atomic Energy Agency (IAEA) Safety Standards (TS-R-1). Requirements for Worldwide non-reactor nuclear facility criticality accidents have resulted in localized national and international transportation of impacts on people and almost no physical damage to facilities. Nine fatalities occurred It is essential to fissionable material packages in the public in seven of the 22 accidents and four individuals were seriously injured from radiation domain provide for safety even under the exposure. Every one of the seriously injured or fatally irradiated individuals had been respond quickly. most extreme conditions. within two metres of the unshielded criticality accidents. Apart from public transportation, the emergency preparedness and response to The duration of criticality accidents has varied greatly, from low-power fission densities Such NCS programmes are primarily a criticality accident at non-reactor nuclear and long durations (minutes to hours) to high-power fission densities and short and directed at avoiding nuclear criticality facilities processing significant quantities self-limiting durations (seconds to minutes). Irrespective of the anticipated duration of accidents. However, the possibility of of fissionable materials lies elsewhere. It is a criticality accident, the presence of a criticality accident emergency preparedness and such accidents exists and the consequences generally under the purview of the national by Calvin M. Hopper response plan is a vital part of a nuclear criticality safety programme. can be life-threatening. For facilities that competent authority and the responsibility of are judged to have a credible criticality the non-reactor nuclear facility performing A nuclear criticality accident is the occurrence of a self- accident risk, there is an expectation for fissionable material operations, processing, sustaining neutron chain reaction that is either unplanned or advance planning, practice in planned storage, handling and on-site transportation. emergency responses and verification behaves unexpectedly. Only a few special nuclear materials of readiness. Rapid response such as enriched uranium or plutonium are capable of support- The domain of NCS programmes at ing a self-sustaining neutron chain reaction, hereinafter called non-reactor nuclear facilities and activities The emergency preparedness and nuclear criticality. is shown outside the red bounded areas in response plan is required to minimize Figure 1. The activities of the unbounded consequences due to a nuclear criticality areas include all operations and processing, accident. ISO 11320 therefore specifies

16 ISO Focus+ May 2012 ISO Focus+ May 2012 17 a

Special Report

Russian Federation USA United Kingdom Japan

1945 50 55 60 65 70 75 80 85 90 95

Figure 2 : Chronology of process criticality accidents. the responsibilities of organizational man- evacuation paths. This will help personnel agement, technical staff and individuals A criticality accident to avoid unnecessary radiation exposure to that end. It further requires that an emergency when exiting to predetermined emergency evaluation of credible criticality accident assembly stations. locations and characteristics be considered preparedness and If a nuclear criticality accident occurs at for establishing accident alarm locations, response plan is vital. a nuclear facility, it is essential to respond immediate evacuation zones and emergency quickly, and even more important to have prepared an emergency response. ISO 11320 provides criteria for establishing and implementing actions that will effectively mitigate a potential accident’s consequences Nuclear criticality accidents for human health and safety, quality of life, property and the environment. Such Nuclear criticality results in the same reactions that occur in a nuclear reactor. The emergency preparedness and response plans products of nuclear criticality are heat, radiation, and radioactive materials called fission can also mitigate unnecessary public angst Are you ready ? products. Nuclear reactors are designed so that: about the hazard and its limited impacts on operating personnel, facilities, the public • Nuclear criticality is controlled and can be terminated and the environment in the rare event of a ICT readiness and business continuity nuclear criticality accident.  • Fission products are contained and managed to protect people from their radiation by Edward Humphreys • The heat produced may be beneficially used, for example to boil water, make steam, drive a generator and produce electricity About the author Are you vulnerable to an information and communication tech- (such as performance criteria, design and • Some of the radiation produced may be used to produce beneficial products such as nology (ICT) cyber-attack, and would you cope if it happened ? implementation) for improving an organiza- medical isotopes or for research, but in all cases arrangements such as shielding are Calvin M. Hopper If you are concerned, ISO and IEC have a solution. tion’s ICT readiness for business continuity present to protect people from radiation. (IRBC). It applies to any organization of retired from the ISO/IEC 27031:2011, Information technology – Security tech- Special nuclear materials must be handled and processed, often on an industrial scale, Oak Ridge National any size developing an IRBC programme niques – Guidelines for information and communication technol- and requiring its ICT services / infrastructure outside nuclear reactors. Industrial work with these special nuclear materials includes Laboratory in 2008 ogy readiness for business continuity, can help any organization to be ready to support operations during the manufacture of nuclear reactor fuel, chemical processing to concentrate, purify or as a development and design engineer prepare for incidents, respond to security compromises and be less disruption to business continuity, includ- change their form for various industrial applications, and various defence-related activities. ing for security reasons. It also enables in ORNL’s Nuclear susceptible to disruption. A prime consideration in the design, construction, and operation of industrial facilities to Science and Tech- an organization to measure IRBC-related process special nuclear materials is the prevention of nuclear criticality. Unfortunately, if nology Division. performance parameters in a consistent and recognized way. special nuclear materials are improperly handled outside a nuclear reactor, it is possible Now, as a consultant for ORNL, he sup- In the middle of the night, a hacker gains These and many other incidents are for a nuclear criticality accident to occur in the workplace. ports the US Department of Energy, US access to an organization’s servers. He dis- real, and can happen in any market sector. Nuclear Regulatory Commission and Oak connects 15 minutes later, taking 100 Gbyte It is crucial that organizations know how The immediate result of a nuclear criticality accident is the production of an uncontrolled Ridge Y-12 National Security Complex. of data and, in exchange, leaves a piece of to defend themselves against any security ISO/IEC 27031 aims and unpredictable radiation source that can be harmful, even lethal, to people who are Since 1995, he has participated in ISO/ malware. The next day the organization’s attacks and swiftly respond and recover to lessen the effects nearby. In the workplace, nuclear criticality accidents last from a fraction of a second TC 85, Nuclear energy, nuclear technolo- operations are in chaos. any business systems to avoid longer-term of business disruption. up to several minutes, but may persist for much longer times, depending upon the gies, and radiological protection, SC 5, In another organization, it is mid-afternoon damage and disruption. specific conditions. Nuclear fuel cycle, WG 8 on nuclear criti- and a disgruntled employee decides he cality safety and is the group’s convenor. has had enough. He submits his letter of Improved readiness A nuclear criticality accident itself provides various mechanisms that tend to terminate He is overall advisor for ISO/TC 85/ resignation, sabotages a server and goes Just as ISO/IEC 27001:2005, Informa- the accident, and workplace personnel can also take actions to terminate persistent SC 5 of the American National Standards home. His actions take immediate effect ISO/IEC 27031 helps organizations be tion technology – Security techniques accidents. One accident that occurred in an experimental facility persisted for over six Institute (ANSI) Nuclear Technology Ad- as the accounting system grinds to a halt. prepared, respond to security compromises – Information security management sys- days before it was terminated by facility personnel. visory Group, and has chaired the ANSI How quickly can organizations get their and lessen the effects of business disruption. tems – Requirements, addresses the issue, N16 Standards Consensus Committee on systems up and running, minimize disruption It provides a framework of methods and “ Are my information systems secure ? ”. Nuclear Criticality Safety. and resume normal operations ? processes to identify and specify all aspects ISO/IEC 27031 addresses the issue, “ Is my

18 ISO Focus+ May 2012 ISO Focus+ May 2012 19 a

Special Report

early warning, detection and prediction Level of processes. This ensures that when an incident operations incident does occur, there is a gradual rather than Time Zero a sudden and drastic drop in operations. tolerable period of disruption normal level Facing threats head-on Prevention & IRBC Prevention & IRBC MTO implementation Detection Response Recovery DR Operation Restoration improvement Figure 2 shows how implementing BCM and IRBC systems can reduce disruption. By using ISO/IEC 27031, the organiza- Business continuity (BC) tion can ensure that its ICT infrastructure, Recovery time objective (RTO) V systems and services are resilient and robust minimum level (per product, service or activity) enough to support business continuity. This involves the organization implementing Recovery ICT DR ICT supports a system to prevent, predict and manage point Invocation ICT recovery time BC user arrangement migration back objective ICT incidents and deal with any resulting Detection decision objective (RTO) acceptance supports onging from recovery time (RPO) time time (per ICT service) test BC activities mode MTO - Maximum tolerable outage RTO period to resume disruptions in an effective and timely way. RTO - Recovery time objective normal activities Getting ICT functioning as soon as possible can therefore contribute towards restoring Figure 1 : Incident causing operational disruption. normal business operations. Time of events Figure 3 shows how IRBC elements help ICT capable of responding to a threat to • Respond and recover from incidents/ to reduce overall response and recovery ! ! my information systems ? ” In the context disasters and failures. time. The diagram highlights several points. of the business continuity management Decision ICT ICT Last good data Disruption Service loss taken to Business services Return to (BCM) process, IRBC refers to a system infrastructure application Users access ISO/IEC 27031 enables Implementation and prevention backup occurs experienced involve ICT recovery recovery restored ICT fully recovered (new) normal which complements and supports an organi- recovery complete complete services operations zation’s BCM and information security any organization to face ICT infrastructure and services need to management systems (ISMS) programme. threats head-on. be protected to prevent compromise from Improved readiness enables an organi- threats, such as environmental and hard- zation to : ware failures, operational errors, malicious Figure 1 shows the general situation when • Respond to the constantly changing attack and natural disasters. This is critical Figure 3 : IRBC elements supporting activities in a typical ICT disaster recovery timeline. an incident occurs and normal activity falls risk environment below the minimum level needed for normal to maintaining the organization’s desired Prevention and improvement • Ensure continuation of critical busi- operations. This illustrates the situation in systems availability. ness functions which no BCM or IRBC system is in place. Since it is vital to learn from experience, The organization can reduce business dis- • Get ready to act and respond before an Detection incidents should be documented, analyzed ICT service disruption occurs ruption and recovery times by implementing and reviewed. Lessons learnt will help the Detecting incidents early will minimize organization to be better prepared, fully the impact to services, reduce the recovery in control and avoid repetitions. effort and preserve service quality. Whatever the incident, be it a cyber attack, After implementation of a physical or environmental disaster or an Operational Status early detection and response capabilities to prevent sudden and Response internal employee problem, it is better to be drastic failure and enable gradual ready. Fortunately, ISO/IEC 27031 enables deterioration of operational status An incident response should be carried any organization to face threats head-on.  100 % and further shorten recovery time out to: ensure efficient, effective recovery and restoration; minimize disruption and downtime; and reduce the risk of escalation z % into an emergency or crisis. About the author

y % Recovery and restoration Prof. Edward Humphreys x% Identifying and implementing the proper is Chair of the Time T= 0 T= i T= j T= k T= l recovery strategy will ensure the timely working group restoration of ICT infrastructure and responsible for the Before implementation of BCM services and maintain data integrity and development and availability. It is important to understand maintenance of the After implementation of BCM and set the suitable recovery priorities to ISO/IEC 27000 After implementation of early detection and response reinstate the most critical services first, family of standards. capabilities to enhance ICT readiness and others later. Involved in information security for 37 ICT recovery can then support the years, he has many achievements and Figure 2 : Concept of readiness for business continuity. resumption of normal business operations. awards to his name.

20 ISO Focus+ May 2012 ISO Focus+ May 2012 21 SS0285AB.pdf 1 2012-04-18 15:15:57

SS0256AB.pdf 1 2012-04-18 15:15:33 SS0034AB.pdf 1 2012-04-18 15:13:45 SS0051AB.pdf 1 2012-04-18 15:14:49 SS0002AB.pdf 1 2012-04-18 15:12:53

SS0045AB.pdf 1 2012-04-18 15:14:34 SS0059AB.pdf 1 2012-04-18 15:15:12 SS0039AB.pdf 1 2012-04-18 15:14:04

SS0026AB.pdf 1 2012-04-18 15:13:21

a

Special Report

Safety signs from ISO 7010. Water signs from ISO 20712-1.

Types of safety signs Prohibition signs warn that a specific behaviour is forbidden. Safety signs are a combination of colour, Fire equipment signs let people know the shape and graphical symbol. The colour and equipment’s location and/or identification. shape help users to recognize the type of sign. Mandatory action signs indicate that a spe- SD0244BB.pdf 1 2012-04-18cific action 15:12:30 has to Graphical symbols be taken and tend to contribute to the appear in workplaces. well-being of people For example, signs cov- worldwide. ering personal protection equipment instruct oper- Example of a tsunami evacuation route atives to wear appropriate sign in Mataushima, Japan. The clothing suchSD0087BB.pdf as head or 1 2012-04-18 14:54:17 Warning signs highlight potential hazards eye protection. Although controls such as windscreen wipers and enable people to take appropriate action. people should have safety and horn, increasing road safety. In The registered safety signs in ISO 7010:2011, instructions, the graphical the workplace and at home, we ben- “ international ” Graphical symbols – Safety colours and symbols remind them of efit from the globally recognizable safety signs – Registered safety signs, when and where safety symbols on equipment. include the warning sign for electricity, seen equipment should be worn. in workplaces and in public areas, and the Safe condition signs cover For the benefit of all language radioactive material sign. The water-safety emergency evacuation and Example of an escape plan from ISO 23601. Together with its subcommittees, signage standard ISO 20712-1:2008, Water safety equipment, for exam- ISO/TC 145 takes its role seriously to safety signs and beach safety flags –Part 1: ple the location of first-aid equipment. safe route in an emergency could make the make sure graphical symbols contribute How safety signs Specifications for water safety signs used difference between life and death. to the well-being of people worldwide. in workplaces and public areas, indicates Similarly, ISO 16069:2004, Graphical Emergency evacuation ISO/TC 145 has also developed standards potential hazards such as underwater symbols – Safety signs – Safety way guid- and graphical symbols help for design principles to ensure the best obstructions. Perhaps some of the most important ance systems (SWGS), covers safety-way possible results. examples of safety signs are those used for guidance systems, combining safety signs reduce risks to people All safety signs and symbols are available emergency evacuation. When a fire breaks out with route and doorway markings. via the ISO Online Browsing Platform.  or a tsunami occurs, it is essential that people ISO 20712-3:2008, Water safety signs by Barry Gray can find their way to a place of safety via a and beach safety flags – Part 3: Guidance safe, clearly signed route. Well positioned, for use, covers tsunami evacuation and standardized signing is vital to ensure that About the author rossing language and cultural barriers, internationally understood the optimum use of water safety signs and C those at risk evacuate in an orderly, calm and beach safety flags. safety signs and graphical symbols can mitigate risks and avoid safe manner, even in an unfamiliar country Barry Gray is Chair of ISO/TC potentially dangerous situations. where the language is not understood and Other ways symbols are used panic is possible. 145, Graphical Other types of graphical symbol also help symbols, having ISO technical committee ISO/TC 145, In our globalized world, internationally to increase understanding and reduce risk. previously been Graphical symbols, in particular subcom- standardized graphical symbols enable Chair of ISO/ Graphical symbols enable Covered by ISO 7000, graphical symbols for mittee 2, works hard in this area, ensuring everyone to recognize and react rapidly to use on equipment can have the same virtues TC 145/SC 1, these signs and symbols contribute to hazardous situations. everyone to recognize of recognizability. For example, symbols Public informa- increased safety in the workplace, home, Secondly, graphical symbols can be easier and react rapidly to in our cars enable us to quickly understand tion symbols. He car and elsewhere. to display and be more obvious and visible hazardous situations. is Convenor of two working groups in than a written message. A simple text-free ISO/TC 145 and contributes to the work Used locally, message can be more obvious and visible. of other technical committees in ISO and understood globally The symbol can also be larger than a sign the European Committee for Standardiza- with words. As shown in ISO 23601:2009, Safety tion (CEN). In addition, he carries out Why is a sign’s graphical symbol so Thirdly, people who find it difficult to read identification – Escape and evacuation similar roles for The British Standards In- important ? words or letters often find symbols easier to plan signs, signs also appear on escape stitution. He has chaired the Sign Design Firstly, graphical symbols are interna- understand. Similarly, well-designed graphical and evacuation plan signs in places such as Society and was formerly Signing and tional as they do not rely on language. symbols can assist those with vision problems. Example of a beach sign from ISO 20712-3. hotels, factories and offices. Knowing the Equipment symbols from ISO 7000. Design Manager for Network Rail.

22 ISO Focus+ May 2012 ISO Focus+ May 2012 23 a Be prepared !

Earthquakes, tsunamis, tornadoes, floods, fires, ISO standards help manage crises by offering terrorist attacks, accidents or IT hacking attacks global best practice and knowledge in all can happen at any time – with catastrophic situations, from keeping the water supply clean consequences. Although it is nearly impossible to the safety of nuclear reactors. to predict when the next disaster will strike, being prepared can significantly limit the damage and speed up recovery.

And the winner is…

Anna Pfenniger To build awareness of the importance of being ready for any incident, ISO organized a photo competition through As a medical doctor and Facebook (www.facebook.com/isostandards) and Twitter (www. research scientist, Anna twitter.com/isostandards). has developed an acute Participants were invited sense of observation. When to send images showing outside the hospital, she emergency readiness, a enjoys finding beauty and disaster or its aftermath. humor in the most unex- We received creative pected places – be it an submissions from around urban jungle, a vegetable the world. But the winner or an uncommon face. comes from Switzerland ! Through photography, she Anna Pfenniger took attempts to capture and this captivating photo share these often over- showing emergency looked gems, hoping to

preparedness in action. Photo: Anna Pfenniger transmit the sense of awe Congratulations Anna ! that she felt. Life jackets on Staten Island Ferry, New York City.

ISO Focus+ May 2012 ISO Focus+ May 2012 a

Special Report

in the water utility’s management system. Standardization is one of the most power- ful tools to use in applying such lessons to an organization’s management system. In the case of the Minamigamo wastewater treatment plant, or indeed any water utility, The Great East the most urgent and appropriate standard is ISO 24511:2007, Activities relating to drinking water and wastewater services - Guidelines for the management of waste- Japan Earthquake water utilities and for the assessment of wastewater services. ISO 24511 was developed by ISO/TC 224, Service activities relating to drinking water supply systems and wastewater sys- tems – Quality criteria of the service and performance indicators. The International Standard provides guidelines for publicly and privately owned and operated waste- water facilities. It addresses wastewater systems in their entirety, and is applicable to systems at any level of development – e.g., pit latrines, on-site systems, networks and treatment facilities.

Employees watch in horror as the tsunami floodwaters, over 10.4 metres higher than normal, New crisis management system inundate the Minamigamo wastewater treatment plant in Sendai City, Japan. standard

The necessity of asset and risk manage- In particular, the technical commit- Water authorities in Japan are contribut- ment in the event of natural disasters is tee encourages broad implementation of ing to the development of the new standard explicitly stated in the standard as one of management systems that enable water and to the effectiveness of a crisis manage- the components of managing a wastewater utilities to deal with disasters through ment system for water utilities by drawing utility. ISO/TC 224 continues to take a close standardization. For example, ISO/TC 224/ on the experience of the recent disaster. interest in the asset and crisis management WG 7, Crisis management of water utilities, The aim is to improve the capability of the Could better crisis management and ISO 24511 of water utilities, and is involved in new is currently drafting a crisis management water industry to apply countermeasures projects related to drinking water supply system standard that is expected to provide against disasters through ISO and relevant wastewater guidelines have helped ? and wastewater systems. valuable guidance in the event of a disaster. standards.  by Tetsuya Mizutani About the author

t 14:46 on 11 March 2011, the Great East Japan Earthquake hit Tetsuya Mizutani A As a result of our emergency work, there is Manager of the the largest city in the Tohoku Region of Japan’s east coast. About one were not any major wastewater overflows Asset Management hour later, many houses, factories and rice paddies in the coastal area in our city. We finished the survey of our Strategy Office in were swept away by the destructive tsunami, triggered by the offshore 4500 km pipe thanks to help from other the Business Plan- major cities of Japan. Our restoration has earthquake. 704 people were killed in Sendai City alone, and 26 are still ning Section of the advanced steadily and we are ready to share Sewerage Manage- missing. The damage to Sendai City has been estimated at over USD 16 the lessons of our experience with others. ment Department billion (JPY 1.3 trillion). of Sendai City, Lessons learned Japan. He heads a project to apply an asset Minamigamo, the largest wastewater to the earthquake-proof administrative management system to the city’s sewage treatment plant in the city, located just building – the only happy outcome of The disaster has highlighted the need for works, and is a member of the national 300 m from the sea, was also devastated the disaster. better risk, asset and crisis management in committee for ISO/TC 224, Service ac- by the tsunami. Waves over 10.4 metres The Minamigamo plant, which had been the future. It was evident that many water tivities relating to drinking water supply above normal sea level hit the pumping treating 300 000 m3 of wastewater per day, utilities in Japan had not implemented a risk systems and wastewater systems – Quality facility closest to the shore. All cars and came to a standstill. Rebuilding of the plant management system, and that the concept of criteria of the service and performance ground equipment were washed away and and full restoration of services is expected risk management was not fully understood. indicators, WG 6, Asset management, and the entire treatment plant was inundated. to take five years, at a cost of some USD Lessons learned from the recent Minami- The damage to the wall of the Minamigamo pumping facility was caused not by the Great East to ISO/PC 251, Asset management, WG 2, Fortunately, all plant employees escaped 0.86 billion (JPY 70 billion). gamo experience must now be reflected Japan Earthquake, but by the pressure of the tsunami that followed. Requirements and applications guidelines.

26 ISO Focus+ May 2012 ISO Focus+ May 2012 27 a

Special Report Attention water utilities ! Future ISO guidelines for crisis management

by Bruno Tisserand, Jacobo Sack, Thomas Zenz and Yaron Ben-Ari

While water is vital for life, in many countries there remains a lack of knowledge about the crisis management of drinking water and wastewater services. To address this issue, ISO is preparing globally applicable guidelines to ensure water utilities respond successfully to any crisis situation – the future ISO 11830 on the crisis management ISO 11830 will use the Plan-Do-Check- Act approach and will consider the following Relevant of water utilities. Phase Description Linkage in its process : Clauses • Ensure water supply and the removal In the short term, impairment of drinking in preparing the water utility for a crisis and treatment of wastewater water services can seriously compromise situation (pre-crisis phase). The Pre-Crisis Phase is carried out during • Cooperate with all the other authorities routine operations and under normal the quality of life for many people; and in ISO 11830 will provide a general guide management. It includes, for example, Clause 5 concerned the medium term, it can threaten their abil- on how a crisis should be dealt with (the decisions on the structure of the crisis Preparedness • Consider the natural environment as ity to survive. The continuous and orderly crisis phase), on how to re-establish services Pre-Crisis management team and training for the well as the impact on the health and designated personnel. supply of clean and potable water is of (post-crisis phase) and on the best way to Phase well-being of the population paramount importance. draw conclusions and revise procedures for This phase is the transition from normal • Effectively communicate with the pub- Also important is the removal and safe future events. Figure 2 (page 31) illustrates management to crisis management and preparation for the implementation of the Clause 6 lic to mitigate or prevent panic. disposal of sanitary wastewater and drainage how recovery activities can commence Crisis Phase. during the crisis phase to begin restoring Response storm-water. This prevents epidemics and Attention water utilities poisoning of the public by contamination service to parts of the system. The Crisis Phase begins by declaring a state of crisis and assembling the crisis and urban inundation. It also protects the management team. It comprises crisis The future ISO 11830 will aim to meet environment. Crisis control activities. It is terminated when Clause 7 water utilities’ needs for guidance on pre- the end of a crisis is declared and the paring and coping with possible crises. It Phase crisis management team is dissolved. Recovery Crisis management The normal management team begins to normal will make it easier for national regulators the Post-Crisis Phase. This phase is operation to adopt a national policy for reducing Crisis management starts before the characterized by a high level of activity. risk and increasing resilience in the water onset of a crisis and requires comprehen- industry, and prioritizing these in policy sive preparation during routine operations. The Post-Crisis Phase is the complete Clause 8 implementation. ISO 11830 will therefore Figure 1 shows the different phases of a change over from crisis management to Monitoring and contribute to the effective implementation crisis management process. normal management including normal supply of the water utility’s services. Part review of the of emergency management tools. The future ISO 11830 standard on crisis of this phase is carried out under crisis implementation management will describe the fundamentals management and part under normal of the crisis management. of a crisis management system. It will include Post-Crisis The continuous andmanagement ISO standards are Part of the normal management activity system recommendations for water utilities and Phase orderly supply of clean intended to be used in examples of relevant national authorities’ is the operational recovery of the water utility facilities and includes the experience in crisis management. and potable water is any water utility around monitoring and review of actions to be Clause 9 ISO 11830 will be the first of its kind: taken by management as a resulttherefore of the of paramount the world. documents have been published on water crisis. This is carried out when importance.the water Management safety before, but none deals with crisis utility has returned to normal operational mode. Review management in water utilities. It will deal Water utilities management will be in with situations in which the normal supply charge of implementing the future ISO 11830 of potable water, or the removal and treat- standard. Regulators, local authorities or ment of wastewater, are interrupted. It will water utilities directorates will be respon- also enumerate steps that should be taken Figure 1 : Phases of a crisis management process. sible for follow-up.

28 ISO Focus+ May 2012 ISO Focus+ May 2012 29 a

Special Report

Crisis Phase Pre-Crisis Phase (CMT inactive) (CMT active) Post-Crisis Phase (CMT inactive)

Routine operations Phase I Phase II Phase III Routine operations Activity

Recovery activities

Ascertaining Declaring a state Declaring an end Changeover to Time the fault of crisis of crisis routine operations

Intensity of activity

Figure 2 : Recovery activities, to restore service to parts of the system, begin during the crisis phase.

The necessary investments and resources issues by establishing a crisis management Progress in implementation will be for the implementation of the guidelines team. Poorly equipped utilities will need to do measured by the number of countries depend on : much more though, and might need to invest adopting the guidelines as mandatory or • The level of utilities development 10 % or 20 % of their total budget. promoting the application as voluntary, and • The likelihood of a large-scale crisis by the number of water utilities starting to scenario being considered. implement the guideline recommendations The continuous and in their management systems. Well-developed utilities usually have most orderly supply of clean More than 35 countries are participants of the equipment and facilities needed, and and potable water is in working group WG 7, Crisis manage- have established emergency processes for crisis ment of water utilities, and many others situations in their daily operations (such as therefore of paramount registered as observers. Formal publica- Pioneering work repairs to broken pipes). If this is the case, it importance. tion as ISO guidelines is expected by the is worthwhile to concentrate on organizational end of 2013.  ISO technical committee ISO/TC 224, Service activities relating to The suite of ISO standards : drinking water supply systems and wastewater systems – Quality • Are universally recognized as they are applied to developing criteria of the service and performance indicators, was launched in and existing services (such as in Burkina Faso and Argentina, About the authors 2001 to develop standards providing guidelines for service activities respectively) related to drinking water supply systems and wastewater sewerage systems. It has developed pioneering water- and wastewater- • Add value to the widely known management system standards ISO related standards such as : 9001 for quality management and ISO 14001 for environmental management • ISO 24510:2007 for the improvement and assessment of the service to users • Support the objectives of the Organisation for Economic Co- operation and Development (OECD) to meet the challenge of • ISO 24511:2007 for the management of wastewater utilities financing water and sanitation and for the assessment of wastewater services • Bring service stakeholders together to decide governance and the • ISO 24512:2007 for the management of drinking water utilities essential technical elements for efficient operations. Stakeholders Bruno Tisserand is Chair of Jacobo Sack is Co- Thomas Zenz is Co- Yaron Ben-Ari is Secretary and for the assessment of drinking water services. can then discuss service objectives and evaluate performance. ISO/TC 224, Service activi- convenor of ISO/TC 224, convenor of ISO/TC 224, of ISO/TC 224, working These system standards were designed to be globally relevant ties relating to drinking water working group WG 7, Crisis working group WG 7, Crisis group WG 7, Crisis supply systems and wastewater management of water utilities. for all water utilities. Since the standards are guidelines, they are management of water utilities. management of water systems – Quality criteria of [email protected] not used for certification. Their main function is to describe good [email protected] utilities. the service and performance [email protected] practice in the management of water and wastewater utilities. indicators. [email protected]

30 ISO Focus+ May 2012 ISO Focus+ May 2012 31 a

Planet ISO Planet ISO

standards bodies and ISO members, and to staff motivation, were identified as leadership of standards that had an important role in sup- review ISO’s intellectual property right (IPR) goals. Some CEOs were concerned that stand- porting innovation and even created further policies. ISO Secretary-General, Rob Steele, ards bodies are perceived as a “training ground” opportunities for innovation. and ISO Director Marketing, Communication for the public sector with staff head-hunted Mr. Steele stressed three important areas & Information, Nicolas Fleury, facilitated after a year or two. SABS Human Capital where academics should get involved with the meeting. Executive, Mercy Mathibe, demonstrated how standards. SABS IPR Specialist Samantha Harding the balanced scorecard could support learning Firstly, by getting standards into curricula highlighted the challenges faced by SABS and development in organizations. so that students entering the workplace are when protecting ISO intellectual property, CEOs discussed the role of the different aware of standards, their importance, how name, logo, etc. Mr. Steele said that work is sub-groups in the African region and how they are developed, and why they should get under way to align the different policies and these could be reinforced to strengthen involved in standardization. procedures, including dealing with national relationships, exchange ideas, and discuss Secondly, implementing standards can adoptions of ISO Standards. challenges and concerns. For example, ISO help training institutions to gain advantage Ian Thomas, a motivational speaker, cap- and Southern African Development Com- from the body of knowledge and best practice tivated the audience with a presentation on The late Anders J Thor. munity Cooperation in Standardization have guidelines to better manage their business (e.g., “ Power of the pride ”, where he illustrated signed an agreement to enhance collaboration, ISO 9001 on quality, ISO 14001 on environ- Anders Thor passes away how lions worked together to achieve a goal. especially in training. ment, and ISO/IEC 17025 on requirements He made the analogy to teamwork. for testing laboratories) Anders J Thor, a long-standing contributor Participants also discussed learning and South Africa full throttle Finally, by participating in standards devel- to technical committee ISO/TC 12, Quanti- development as well as the way forward. opment through national and international ties and units, passed away on 7 April 2012. Emphasis was put on the sustainability of While in South Africa, ISO Secretary- committees as a way of applying academic A staunch and passionate supporter of NSBs. General Rob Steele actively participated in a research. standardization, Mr. Thor was Secretary of To overcome these barriers, leaders must talk number of initiatives organized by the South The ISO Secretary-General concluded by Participants at tyre plenary, in Kyoto, Japan. ISO/TC 12 from 1982 until 2009, when he the language of government, and understand African Bureau of Standards (SABS), ISO noting the ongoing research to measure the was appointed Chair of the committee – a what the customer wants, said Mr. Steele, member body for the country. economic benefits of standards which, he with key stakeholders such as the UN Eco- • Tools will be developed to help SMEs position he held until his passing. Mr. Thor drawing attention to case studies in Canada, Mr. Steele delivered the keynote address noted, is critically important for standards nomic Commission for Europe (UNECE) apply the standards had also been Secretary of ISO/TC 203, France and Germany that demonstrated a at SABS’ first Academic Open Day in March developers to get companies to not only use, Technical energy systems, since 1991. He World Forum for Harmonization of Vehicle • A list of frequently asked questions will direct link between the economic impact of 2012, highlighting the role that standards play but really commit to standardization. held many other leadership and expert posi- Regulations (WP.29) GRRF (working party on be developed standards and the growth of GDP. in innovation, and dispelling the notion held During his visit, Mr. Steele attended the tions in standardization, including convenor- brakes and running gear) and GRB (working • All types of stakeholders will be represented Customer focus, governance, training and by many that the two worlds do not belong signing ceremony of a Memorandum of Under- ships in a number of ISO working groups, party on noise). in the work of the committee retention of staff, as well as skills transfer and together. He did this through several examples standing between SABS and the Technology among others. Participants came from Canada, France, • The ISO Committee on conformity assess- Innovation Agency (TIA). Under this agree- Mr. Thor believed in the importance of Germany, India, Italy, Japan, Thailand, the ment (ISO/CASCO) and other relevant ISO ment, the SABS standards and conformity finding common ground in quantities and United Kingdom, and the USA. TCs/SCs will be invited to joint working assessment services will be offered to young units. He transmitted this passion through his groups when relevant. entrepreneurs and school graduates who have work, several articles that he authored for ISO pre-qualified for TIA funding under the Youth Food safety looks ahead Focus+, as well as scientific publications and other texts. He was also appreciated by the Technology Innovation Fund. It applies to a In 2010, food safety management stand- thousands of students he taught at the KTH, variety of sectors including chemicals, electro- ard ISO 22000:2005 saw an increase of Royal Institute of Technology, on the basics technical, food and health, biotech, mechanical 34 % in certifications, the highest of all of mechanics. and materials, mining and minerals, services ISO management standards according to Per Forsgren, Group manager at the Swed- and transportation. the ISO survey of certifications. ish Standards Institute (SIS) where Mr. Thor Finally, the ISO Secretary-General visited As the use of the ISO 22000 family Megawatt Park, ESKOM’s headquarters (an worked says, “ Our thoughts go primarily of standards continues to grow, the ISO energy giant). Addressing the ESKOM Sus- to Anders’ family and relatives, who very subcommittee responsible – SC 17, tainability Committee, Mr. Steele emphasized suddenly lost a loved one and a friend. At Management systems for food safety, the benefits of standardization for promoting SIS, many of us will remember his tireless, within ISO/TC 34, Food products – non-negotiable, hard work and commitment sustainability. He drew attention to some new areas of development such as coal-bed methane, is ensuring success by planning its to have SIS project management use stand- strategy for the next five years. ardized and established quantities and units biogas, etc. ESKOM gave an overview of their The subcommittee would like to in standardization work.” implementation of ISO 9001, ISO 14001 and increase knowledge and use of the In addition to standards, Mr. Thor had ISO 50001 (energy management). ISO 22000 family of standards. Fol- other passions. He was a two-time Swedish The ISO Secretary-General concluded his basketball champion in the 1950s and played visit to SABS with a presentation at a work- lowing a survey conducted amongst for many years after that. shop for small, medium and micro enterprises food industry experts and other Our deepest condolences to his wife and (SMME), where he stressed the importance stakeholders, SC 17 developed the three children. His knowledge and friendship of standards for enhancing business. 2011-2015 Strategic Plan to ensure will be missed by all who knew him. that work progresses in a structured Tyres on a roll manner and meets user needs. African CEOs in standards safari The main objectives of the Experts from around the world came together 2011-2015 strategy are : in Kyoto, Japan for the plenary meeting of CEOs of various African national standards • ISO 22000 should be the leading standard bodies (NSBs) came together at a forum ISO technical committee ISO/TC 31, Tyres, for food safety worldwide for organizations organized by ISO and the South African rims and valves, in March 2012. Overall, the key objectives can be of all types and sizes Bureau of Standards (SABS) in Pilanesberg Progress was made on run-flat tyre stand- summarized as : accessibility, applicability, Game Reserve, North West Province of South ards, snow grip performance on trucks and • Cooperation with the Codex Alimentarius involvement, transparency and dynamic Africa in February 2012. buses and noise reduction among other topics. Commission will be strengthened response on market needs. The event was an opportunity to discuss Participants at the CEO Forum organized by ISO and the South African Bureau of Standards The meeting was also an opportunity to • Tools facilitating use of the standards should For more information about ISO 22000 CEO responsibilities as leaders of national (SABS) in Pilanesberg Game Reserve. highlight and reinforce close coordination be easily accessible to users see : www.myiso22000.com.

32 ISO Focus+ May 2012 ISO Focus+ May 2012 33 a

Management Solutions Management Solutions

speaking the same language as the majority governance model that applies worldwide. of our multinational customers globally. The model is under the stewardship of global This strategic process baseline, necessary process sponsors and owners, as well as the to deliver ICT services successfully, provides corporate quality organization. IT service a stable launch pad for cloud computing services. These standards have helped us improve our processes, performance and Finding an ISO/IEC management quality of delivery. 20000-certified provider Without such a solid process baseline, is one way to ease the complexities of cloud computing would be difficult to attain. For example, we must doubts. ISO/IEC 20000 master change and configuration manage- ment in a standard IT environment before eases transition launching into the cloud, and our product These processes underpin the delivery of to cloud computing development processes must work well. our services, and together these roles ensure : Orange that the business and performance objec- Photo Integrating certifications for tives are met through a system of controls, Axel Haentjens is Vice President of Cloud for Orange Computing at Orange Business Services. greater impact regular review and process scorecards. The evolution and improvement of the processes He was previously Head of Marketing, Brand by Axel Haentjens & External Communications for Orange and Orange Business Services is a global are defined in process roadmaps, in terms Head of Strategy and Business Development organization delivering services in more of operational objectives, performance, for Equant. Before the merger between Cloud computing – the delivery of computation, software appli- than 220 countries and territories with a quality and security. Equant and Global One, Mr. Haentjens was industry. However, some hesitate when physical presence in 166. To deliver services This governance model is underpinned Head of Marketing for Global One, having cations, data access, management and storage resources “ from the moved from France Telecom Data Networks considering the promise of cloud computing. on such a global scale, we operate seamless by our ISO 9001 quality, ISO/IEC 20000 and Services where he served as Vice cloud ”, i.e from infrastructure at a remote location, has grown into Trust and cloud computing adoption go global processes managed under a corporate IT service and ISO/IEC 27001 information President. a multi-billion euro market since its birth in 2007. Finding a global hand-in-hand. Migrating to the cloud raises questions and concerns for enterprise cus- information and communications technology (ICT) provider certified Cloud computing is an evolution of IT managed services. It allows any IT resource to be consumed as a tomers, particularly related to their secure, utility, from simple applications to a complete server infrastructure, and be delivered as on-demand services to ISO/IEC 20000-1:2011, Information technology – Service man- over a network. This lets enterprises benefit from advanced IT services without extensive capital investment, business-critical applications. Finding an skilled staff and ongoing operational headaches. Computing resources become elastic, scaling up and down future clouds to suit seasonal demand, always with the latest upgrades, security and performance features. It can be agement – Part 1: Service management system requirements, is one ISO/IEC 20000-certified ICT provider is one implemented as “public cloud” open to any Internet users; as a “virtual private cloud,” which is a shared service but delivered over a service provider's private network; or as a “private cloud,” which utilizes vertical way to mitigate the doubts and fears of organizations evaluating their way to ease the doubts of those companies resources dedicated to the enterprise. clouds This infographic charts how cloud computing technology has evolved and where it is heading. community inter clouds entrée into the world of cloud computing. considering the transition. clouds

By 2014, sales of cloud computing ISO/IEC 20000 open Some hesitation cloud journey clouds personal clouds products and services are expected to key to customer trust how IT is evolving generate nearly EUR 43 billion in annual Thanks to cloud computing, organizations ISO/IEC 20000 implementation and revenue, and the cloud computing model can have access to powerful and flexible certification is the logical objective of a will propel IT growth and expansion for computing capabilities – and with more global ICT provider like Orange Business the next 20 years, according to market Internet flexibility than ever, they can externalize all Services. The release of the latest 2011 2013 2014 2015 there were smartphone sales intelligence provided by the International or part of their information systems, work- 100 million active increased 74% in 2010 approximately 60% of server 90% of organizations will Morgan Stanley version of the International Standard com- Web sites on the Internet to 295 million devices workloads will be virtualized support corporate applications estimates that the Data Corporation (IDC). Today, the model spaces, servers, applications and storage. at the beginning of 2011 10% of total number of physical on personal devices mobile Web will be pletes our alignment with ITIL V3 (2011) mobility servers sold will be virtualized per month: 5.1 exabytes of business bigger than desktop promises enterprises great benefits in terms with an average of 10 virtual machines Internet traffic, Internet This allows organizations to personalize IT qualifications, and enables us to validate per physical server sold 2.3 exabytes business managed 10 virtual machines per physical host IP traffic, of IT agility, flexibility, scalability and Web 2.0 computing infrastructures to their needs our alignment with the widely adopted 177 million active Skype users means 80-100 million VM per year 0.7 exabytes business mobile data 110 million tweets per day 2010 2011 2012 cost reductions. and to the specific requirements of their virtualization 156 million public blogs ITIL IT service management approach by you 500 million active Facebook are 80% of enterprises users the number of physical servers mobile malware targeting per month: 3.7 exabytes of now have a virtualization in the world: 50 million Android and jailbroken iPhones; business Internet traffic, here cloud program one-third of Intel-based servers in 48 million tablets sold 1.7 exabytes business enterprises are virtualized managed IP traffic, 300,000 Web sites hosted on 0.1 exabytes business business challenges Amazon EC2 mobile data inflexibility globalization emerging markets are you planning to build 20% a private cloud infrastructure? have no plans top concerns for implementing top reasons for adopting public cloud services cloud computing 50% moving to yes 30% lower implementation costs 53% cloud services are thinking security 37% about it lower ongoing costs 48% 1 build a catalog of services network availability 23% 2 visualize future use new features faster 46% 3 perform discovery and analysis service levels 19% 4 build a proof of concept better support for mobile workers 34% 5 right-source the services supplier lock-in 8% per-use pricing matches volatility 30% 6 plan for transition 7 execute 0% 10% 20% 30% 0% 10% 20% 30% 40% 50% 8 optimize – and start again

Sources: Netcraft, Berg Insight, Skype, Nielson, Gartner, JP Morgan, F-Secure, Cisco, Orange Business Services, Orange Labs

Photo : Orange A graphic projection of the evolution of cloud computing from 2010 to 2015 and beyond illustrates the great promise of the cloud computing model Orange Business Services’ new Cloud Data Centre in Val de Reuil, France. in terms of IT agility, flexibility, scalability and cost reductions. Photo : Orange

34 ISO Focus+ May 2012 ISO Focus+ May 2012 35 a

Management Solutions security management system certifications – and the common governance requirements and continuous improvement loops inherent Greenhouse gas in all three standards. A decision was made from the beginning to introduce these standards progressively and in an integrated manner, based on the emissions Orange Business Services governance model, and built on our initial corporate ISO 9001 certification. This gives Orange a regularly audited and certified quality management system based on best practice ICT service management processes, underpinned by a standard set of security controls.

Orange Business Services delivers services in more than 220 countries and territories. ISO 14067 to enable worldwide : Jérôme Galland – Getty Images for Orange.

Photo comparability of carbon footprint data We have even gone a step further than the ISO management system standards, by State-of-the-art hardware at Orange’s Cloud Data Centre is operated in accordance with ISO/IEC 20000 IT service management system requirements. integrating ISAE 3402, the new international standard for service organization assurance engagements, into our governance model. For example, we have developed and Orange Business Services encourages To be clear, these standards are integrated optimized the operation of our change advi- enterprise customers to assess providers by by Herbert Hirner at the process and operational level, given sory board and our problem management looking at the certifications they hold that that the underlying audit system is not process to take advantage of these manage- address the challenges of cloud computing. livelihoods because of anthropogenic CO harmonized across ISO and ISAE. Fur- ment system certifications. The improved By choosing an ISO/IEC 20000-certified In 2010, over 30 billion tonnes of carbon dioxide were released 2 emissions. thermore, from 2013 we plan to integrate productivity and customer satisfaction that provider, enterprises can have the assur- into the atmosphere worldwide – that is an enormous amount of the In 1972 – already 40 years ago – the our ISO 14001 environmental management results go hand-in-hand with the targeted ance they need to take the first step in the greenhouse gas emissions that cause global warming. The upcoming Club of Rome alarmed the public with its system as well. growth we are seeking. cloud computing journey. As a result, they will achieve clear business benefits backed International Standard ISO 14067, Carbon footprint of products – forecasts on “ The Limits to Growth ”. By Standards support cloud Standards underpin global by essential global quality, services and Requirements and guidelines for quantification and communication, 2005, it had become evident that humans objectives market strategy security management standards. is being developed to increase transparency in quantifying and report- have a significant impact on climate change through greenhouse gas emissions – a fact We participate with the Distributed ing CO emissions over the entire lifecycle of products and services – Orange Business Services is success- Not surprisingly, our global customer Management Task Force (DMTF) in its 2 recognized by the eight leading industrialized fully delivering on its promise and creating base expects Orange Business Services to Cloud Management Work Group to advance from production to recycling or waste disposal. The document is cur- nations (G8) at their summit in Gleneagles, notable momentum in the cloud computing achieve certifications on an international international cloud computing and virtu- rently at the stage of Draft International Standard (DIS) and expected Scotland, that year. The G8 summit was also market. The company has confirmed its level. Today more than ever, our customers alization management standards that will to be finalized for publication in March 2014. attended by representatives from developing cloud computing ambition and strategy as and markets are seeking additional assur- allow more choice for IT customers via and newly industrialized countries, such part of its “Conquests 2015” programme. ance that their service providers are audited interoperability and portability between as China, India, Brazil and Mexico, and Cloud computing is one of the key growth regularly to ensure expected service levels cloud environments. In addition, Orange from numerous international organizations. drivers defined by Orange in its five-year wherever they are providing services. ITIL has joined the Cloud Security Alliance In addition to lifecycle analysis, the Significant anthropogenic plan, and we aim to generate EUR 500 processes, ISO MSS, and ISAE assurance as a corporate member to lend its global new standard will focus on greenhouse influences million via the cloud model in 2015. It is reports help us to convince our customers expertise to promoting best practices for gases, globally the most important envi- Consumers will have that Orange is more than capable of deliver- In its synthesis report on climate change also part of our own service transformation security within cloud computing. ronmental factor, and ensure that carbon all the information for programme. ing to their expectations. The objective of Orange Business Services footprint data will become comparable published in 2007, the Intergovernmental Launching these sophisticated services Cloud computing creates numerous market it to make it easy for enterprises to access worldwide for the first time. ISO 14067 Panel on Climate Change (IPCC) stated assessing a product. would be very difficult without the spring- opportunities for organizations, and helps the IT resources they need by providing a will also be consistent with other standards that the climate system is unequivocally board provided by our integrated manage- address many of their IT challenges. By one-stop-shop for a range of cloud com- such as ISO 14025 (environmental labels warming. This is evidenced by observations ment system and governance model. Our optimizing IT infrastructures and enhancing puting services. By taking an integrated and declarations), ISO 14044 (lifecycle of an increase in globally averaged air and In addition, the G8 leaders agreed on an ITIL V3 aligned processes for IT delivery productivity, cloud computing can enable approach, Orange can deliver network and assessment) and BSI PAS 2050 (specifi- sea temperatures, extensive melting of snow action plan for climate protection meas- have been improved over a number of years companies to do more with their IT budgets. IT “as-a-service” with end-to-end service cation for the assessment of the lifecycle and ice as well as a rise in the mean global ures, and recognized the Kyoto Protocol through our programme of ISO management However, choosing the right cloud comput- level commitments wherever our customers greenhouse gas emissions of goods and sea level. As a result, millions of people as a potential regulating mechanism for system standards (MSS). ing service provider is critical. do business.  services). are threatened with losing their homes and market-based incentive systems.

36 ISO Focus+ May 2012 ISO Focus+ May 2012 37 a

Management Solutions Standards in Action

Thus, numerous assessment models have been developed in recent years. However, there were no suitable tools for comparing these classifications, no agreement on a common terminology, nor were the assess- ments generated sufficiently documented to allow for objective analyses.

Comparing data, communicating quickly Now, for the first time, ISO 14067 will

enable the quantification of CO2 emissions measures to reduce emissions and raise over the entire lifecycle of products and the efficiency of the value creation chain. services, and ensure that the relevant values Thanks to the new standard, this optimized become comparable worldwide. carbon footprint can be communicated to The standard also covers communica- consumers through traceable information. tion of carbon footprint data to consum- As a result, consumers will have all the Nobel Peace Prize laureate Dr. Klaus ers. Communication tools of claim, label quality information required for assessing Radunsky, Convenor of the ISO working and declaration used by ISO to date are group that is developing ISO 14067. a product. by Debbie Chin complemented by an external communica- ISO 14067, developed by 107 experts tion report (ECR) and a carbon footprint from more than 30 countries, makes reli- Carbon footprint reveals performance report (CFPR). able and comparable parameters available etween September 2010 and polluters B While the existing tools require time- to enterprises and consumers. This is a December 2011, a series of consuming studies or programmes, the To effectively reduce greenhouse gas emis- significant preparatory step towards the powerful earthquakes wreaked ECR and CFPR serve to provide con- reduction of CO emissions worldwide. ISO Rebuilding sions, one must first identify their sources. 2 sumers with rapid, traceable and, hence, devastation in New Zealand’s The carbon footprint concept highlights the experts, however, are already considering reliable information that depends less on contribution of individual products to the further actions. Canterbury region, particularly quantification. greenhouse effect. Attempts were made to “ The next goal would be a ‘ personal car- in Christchurch. What has been from draw up a kind of balance sheet by adding bon footprint ’. Just imagine the dynamism the country’s response and that can be created if companies pursue the up all the carbon dioxide emissions caused what role can standards play in by a product throughout its lifecycle. The next goal would objective of manufacturing the product be a “ personal carbon with the smallest carbon footprint,” says the face of natural disasters ? rubble footprint”. Dr. Radunsky.  On 4 September 2010, a magnitude 7.1 earthquake struck the city of Christchurch Nobel Peace Prize laureate Dr. Klaus and the surrounding region of Canterbury. Radunsky, department head at Umwelt- This earthquake triggered a rippling effect bundesamt (Environment Agency Austria) throughout the region, with major earth- Austria’s representative in the World Climate quakes occurring on 26 December 2010, Council, and Convenor of the ISO work- 22 February 2011, 13 June 2011, and 23 ing group that is developing ISO 14067, December 2011. explains : “ This new standard is certainly GNS Science, New Zealand’s leading a milestone. ISO 14067 is a very important seismic hazards research organization, says Lessons learned help tool for obtaining a good indication of areas the ground accelerations in Christchurch in which greenhouse gases can be reduced. on 22 February 2011 were the largest ever New Zealand be better prepared On the other hand, the standard can help recorded for a New Zealand earthquake. raise awareness of this issue. After all, the Massive cracks formed in the roads of Christchurch, New Zealand by a devastating earthquake decarbonization of our economy eventu- in February 2011. ally depends very strongly on individual Standards New Zealand consumption decisions.” is working to ensure damage to buildings. Tragically, a total of on rebuilding and repair work that form standards reflect lessons 185 people died, and many others suffered part of the recovery from the Canterbury

Benefits of ISO 14067 : Hans Leitner learned. serious injuries. earthquakes ”. How can manufacturers and service pro- Photo These events led New Zealand’s govern- These recommendations include the viders benefit from ISO 14067 ? Put simply, Herbert Hirner is a freelance Austrian ment to form the Royal Commission of review of several New Zealand building they can identify the lifecycle processes journalist and regular contributor to Although the September 2010 earth- Inquiry into Building Failure Caused by standards to support the Canterbury rebuild. that significantly contribute to the carbon CONNEX Journal published by Austrian quake was of greater magnitude, it was the Canterbury Earthquakes. In October A final report is expected to be delivered Standards. This is an edited version of footprint of a product or service in an initial an article first published in the January/ the magnitude 6.2 earthquake of 22 Febru- 2011, this commission released an interim to New Zealand’s Governor-General in screening. Then, they can take targeted February 2012 edition. ary 2011 that led to the most deaths and report to “ inform early decision making November 2012.

38 ISO Focus+ May 2012 ISO Focus+ May 2012 39 a

Standards in Action

The Government also established a new and benefits to determine the level of fire agency, the Canterbury Earthquake Recov- protection that should be prescribed.” ery Authority, to lead and coordinate the region’s recovery. The big picture Seismicity – developing a model Beyond individual building issues, gov- ernment officials and industry leaders are GNS Science has built a national seismic increasingly aware that resilience should hazard model (NSHM) to predict the likely be built into our overall systems to deal magnitude and frequency of major earth- with extraordinary circumstances. In this quakes. Developed for use in engineering context, resilience is defined as putting design, NSHM was updated in 2010, before processes in place that help communities the September 2010 earthquake. anticipate and, if necessary, respond and As well as modelling earthquakes on recover from disruptive challenges. known faults, the updated model now allows I see an important role for standards in for earthquakes on hidden faults up to a addressing resilience both in New Zealand region-dependent maximum magnitude. and internationally. Resilience standards For Canterbury, the new seismic model could be developed in a similar way to raised this magnitude from 7.0 to 7.2, just how risk management standards, such encompassing the magnitude 7.1 of the as ISO 31000:2009, Risk management – September 2010 earthquake. This type of information is now being Roger Shelton, Senior Structural Engi- Principles and guidelines, have evolved fed into standards development and review neer, Building Research Association of to offer organizations and communities processes. In building, fire protection, infra- New Zealand, and a member of several a process-oriented approach to deal with structure, and risk management, Standards Codifying building national and international standards com- complex and unexpected problems. New Zealand is working with government, mittees including the one responsible for standards in legislation communities, and industry to ensure our NZS 3604, says that codifying building helps to ensure best standards reflect lessons learned from standards in New Zealand legislation helps I see an important practice. recent events. An important aspect of this to ensure best practice. He says : “ After role for standards in work is also to identify what standards are the September 2010 and February 2011 addressing resilience. working well. earthquakes in Canterbury, early findings suggest most buildings that met current Following the 22 February 2011 earth- Standards as building blocks standards fared well.” quake, GNS Science updated NSHM again, Standards New Zealand is currently He cautions, however, that standards to account for the region’s active ongoing In New Zealand, many building stand- considering resilience planning and many development is an iterative process : “ Build- sequence of earthquakes. This led to an ards are codified in the country’s building other areas of work. ings that failed through the Canterbury increase of the seismic hazard factor for legislation and building code. For example, The Canterbury rebuild is a huge challenge earthquakes may have been built to standard Christchurch from 0.22 to 0.30, a large NZS 3604:2011, Timber-framed buildings, to New Zealand, and industry, government at the time, but our knowledge continues rise reflecting knowledge gained from the is a core resource for demonstrating compli- and local communities must continue to to grow and, based on that knowledge, Canterbury earthquakes. ance with the New Zealand Building Code. Christchurch Anglican Cathedral in New Zealand prior to the devastating earthquake work together to ensure success. Extending standards continue to evolve. of February 2011 which destroyed the magnificent spire and stained glass windows over the entrance. beyond physically rebuilding Canterbury, “ And while standards development this great effort has social, environmental, is important, it’s equally crucial that we economic, and cultural dimensions, too.  ensure building professionals and consum- One expert is Chris Mak, who has over buildings to have dedicated water supplies ers are well informed, and compliance with 25 years’ experience in fire protection, and in case public water service is interrupted.” appropriate standards is achieved. currently manages the technical services In light of the earthquakes, the review “ One of New Zealand’s advantages is business unit of insurance broker and risk committee of NZS 4541:2007, Automatic About the author that we are a relatively small country where management provider, AON New Zealand. fire sprinkler systems, which Chris Mak government, industry, and consumer rep- Chris Mak says that, overall, fire protec- chairs, is examining seismic provisions for Debbie Chin is resentatives come together to solve issues. tion devices (such as sprinklers) that meet water tanks and considering the inclusion Chief Executive That allows a nimbleness and responsiveness applicable standards performed well in the of an appendix to the revised standard that of Standards New to issues that might be harder to achieve in Canterbury earthquakes : “ What we found introduces guidelines for steps to take fol- Zealand, a role other parts of the world.” after the September 2010 and February 2011 lowing a natural disaster. The draft standard she has held since earthquakes is that most sprinkler system is expected to be released for public com- 2007. Among her The standards difference damages were attributed to building col- ment later in 2012, with publication of the previous roles she lapse, or mechanical damage by building final standard scheduled for March 2013. has been Deputy Since the September 2010 earthquake, element failures. Chris Mak says : “ Another aspect of fire Director, General engineers and building experts have worked “ Still, there have been several lessons protection that needs further consideration Corporate and Information, Ministry closely with government officials and learned for future fire protection stand- is what happens if there is more than one of Health, and Advisor for the Depart- Canterbury communities to identify issues ards development, including the collapse disaster, for example if a major fire occurs ment of Prime Minister and Cabinet. A Red tape reading “ danger keep out ” preventing people crossing a bridge. Taken in Christchurch that need to be addressed as Cantabrians of about a dozen constructed water tanks after an earthquake. There is work to be Chartered Accountant, she is a graduate after the earthquake which struck on 22 February 2011. begin to rebuild. and the potential need for some classes of done in assessing risk and analyzing costs of Victoria University, Wellington.

40 ISO Focus+ May 2012 ISO Focus+ May 2012 41 a

360° 360°

established ratings if ever called upon in a real-life fire. This is where our committee discus- sions on ISO/TC 21/SC 5 play a key role in identifying and comparing trends in the global fire safety market. During this pro- cess, we receive input from manufacturers, regulatory agencies, contractors, insurance Safety first industry and fire-code enforcement offi- cials, and others. This input can be from direct committee attendees as well as from comments submitted during the balloting Global regulations protecting process from a wider range of principal lives and property and observer members. A fire event in one part of the world is quickly communicated to a broad audience around the globe. : property of Victaulic.

Photo This process enables us to share experi- ences and cross-train our members with by Len Swantek a broad range of knowledge in fire safety product testing and standards development. Pre-testing to these stringent standards There is much more to fire quality and most comprehensive fire safety Before regulatory procedures even begin, is a key function in determining critical protection regulation than sim- product qualification standards possible. a tremendous amount of time is invested attributes, as well as individual compo- ply following the rules. Helping Some producers have more than 100 in research and development. For example, nent durability that make up the overall different projects in the approval cycle at ensuring proper water supply and distribution shape them is equally impor- performance ratings of the end device or any given time, along with hundreds of over a given commodity, material hazard complete system. This process would not tant. In this article, I will give follow-up examinations and annual produc- or occupancy is at the forefront of the fire be complete without replicating known field a description of the regulatory tion external audits each year. sprinkler designer’s agenda. scenarios that could be encountered, applying process from product design to Given the critical applications and Product and technology designs and process technology and even re-engineering the broad range of systems in which fire future concepts that are coming through post production, and explain the products as necessary. At the subcommittee protection products are applied, it is not manufacturers’ internal evaluation pro- level, the combined contributions from a role and importance of stand- surprising that there should be so much cesses are judged against a wide range wide range of expertise generate valuable ards development in support of scrutiny. However, it does require consider- of both national and international per- discussions and collaboration. able management and coordination to meet the global fire safety industry. formance standards. This validates their Although this can be difficult and time- : property of Victaulic. both agency and customer requirements. long-term durability, serviceability and

consuming in the consensus building process, Photo the end result is a well-balanced criterion for Fire safety standards incorporate a wide range of laboratory data obtained by replicating known Getting the groundwork right each particular area of product specializa- field scenarios. tion in the standard (fire sprinklers, valve Regulation is a highly complex mat- products and other related components). ter for manufacturers, code enforcement evaluations by more than 35 different standard used in the region where the initial officials and property owners alike. With Life-long assessment agencies worldwide. For time and cost agency qualification took place. considerations, some manufacturers use global emphasis on improving fire safety, This is also an important feature of our Development of a new product is a lengthy a tier-based approach to their third-party global committee collaborations, in that today’s manufacturers are filing new prod- process, often involving many months, and testing. For example, a manufacturer may some regions with less developed fire safety uct approval applications with the major sometimes years. However, this is time well- select the most important product certifica- standards and infrastructure can benefit from certifying agencies at a rate not seen since spent and, while most people would often tions required to capture its initial market other delegates having more experience in the early 1990s. The output of this work take this for granted in a sprinkler system objectives and a return on its product fire safety product testing and available data yields a large amount of laboratory test installed in their workplace or home, there development investment. from their regional laboratory resources. data, that is invaluable to ISO technical is no substitute for these labour-intensive These initial certifications and test data To facilitate actual performance testing, committee ISO/TC 21, Equipment for fire and costly product qualifications in the can often be used to achieve the next level product samples, pipe of various specifi- protection and fire fighting, subcommit- event of an actual fire. of agency approvals in a particular region cations and other related equipment must tee SC 5, Fixed firefighting systems using A single fire safety system component that also follows a similar fire code, or that be organized and shipped to applicable water, in their efforts to develop the highest can be subjected to testing and/or technical recognizes and follows the performance agency facilities globally. This is another

42 ISO Focus+ May 2012 ISO Focus+ May 2012 43 a

360° time-critical operation as any delays by a codes and standards committees to quickly Duplicating these events and conduct- Working together is important, and we manufacturer could result in a lost position become aware of a potential need to enact ing product performance trials becomes greatly appreciate the focus and individual in the testing laboratory’s queue. At this new legislation, revise existing building the task of regulators and manufacturers. efforts of all of our committee members. stage, documentation must already be avail- and fire codes and create both short- and Testing a wide range of samples to new or The safety of our communities is, after all, able in multiple languages for examiners to long-term solutions for installers, inspectors proposed standards is serious work, making the number one consideration of everyone assemble equipment themselves based on and building owners. fire protection one of the most regulated in this business.  an assumed level of skill equal to that of the The scale of fire events and related cir- industries in the world. end user. On average, the testing process cumstances are also often matched with the Agency testing is among the most exacting takes six to nine months to complete. degree of urgency in making critical changes of all market segments. Although heavily About the author The approval authorities are also con- to the applicable codes and standards. For influenced by the insurance industry, fire cerned with the manufacturing and assem- example, if a fire investigation reveals a protection and fire safety are also among Len Swantek is bly locations of specific finished parts or product performance deficiency in one the most widely recognized areas of public Director of Global sub-assemblies. Those parts that are most region, this information can be easily dis- concern globally, irrespective of cultural or Regulatory Com- critical to the overall performance of the seminated and brought to the committee for demographic influence. pliance at Victaulic. finished assembly will have greater regula- discussion and action as deemed appropriate. We can all learn from real-life situations He is also Chair tory oversight. If the manufacturer produces SC 5 recently engaged in such discussions and effect change where needed – whether of ISO/TC 21, in multiple locations worldwide, this can to help other delegates understand the specific this means collaborating in committees with Equipment for fire greatly increase costs as each location must circumstances that led to a regional product manufacturers and regulatory bodies to protection and fire- be certified and audited regularly. recall and revision of the related qualification create the most well-rounded and effective fighting, subcom- Independent of this process, the commit- Audit management starts when a prod- In the event of a non-conformance at this standards. In fact, some of the most beneficial regulations, or joining with contractors and mittee SC 5, which oversees standards tee could receive comments, suggestions uct certification is officially released and stage, a manufacturer risks losing valuable work to improve the effectiveness of fire end-users to help solve real-world problems governing “ fixed fire-fighting systems or questions raised by any of our global only ends when the product is no longer time to market and must re-submit for a re- safety standards and product testing is often and build on shared learning to develop using water ” within the scope of the delegates related to existing standards or produced. Through various surveillance evaluation, but only after design modifica- the result of real-world events. new products. ISO 6182 series. for future consideration as a revision or procedures and factory production control tions have been finalized and documented. future standard. For the manufacturers, audits, products are re-tested annually as Upon successful completion of all testing this can be particularly concerning, as any a minimum requirement. Some regulatory to the applicable standards, the certifying future change to the standard could affect authorities re-examine products quarterly authority will issue its final report with all the type and amount of certification testing – and sometimes even weekly – to ensure relevant data, along with a formal certificate high-quality performance to regional agency or other documents confirming compliance required to qualify the end product. codes and standards, and to check that with the relevant standards. As such, manufacturers can only go to market when they have secured all appli- manufacturing processes remain unchanged. Auditing is especially important since Global stages and audit process cable certifications and each product or package carries the appropriate agency codes are constantly evolving to improve With more than 35 regional agencies markings. Once complete, only then can health and safety as a result of real-world throughout North America, Europe, the results be reviewed and data fed back to factors. A clear understanding of the most Middle East, Africa, India and Asia-Pacific the research and development teams. All up-to-date requirements is vital to the suc- – and each having individual jurisdictional project correspondence is then archived cessful completion of the approval cycle authority over specific systems or applications and manufacturers move on to the audit and for maintaining the ongoing produc- – approvals for the complete global market management process, the final phase in the tion reviews. can take up to a year or more to complete. regulatory cycle. Ongoing safety watch Manufacturers of fire safety products work with regulators, code officials and compet- ing manufacturers to overcome problems encountered in the various industries and to better protect property and lives. Changes to codes and standards are frequently driven by trends in construction techniques – some for instance are prompted by the push towards lighter weight and more recyclable materials. They are also driven increasingly by immediate events that, on the surface, may seem unlikely in certain areas or impossible to duplicate in other market segments. Through instant global media and

advanced web tools, a fire event in one part : property of Victaulic.

of the world is quickly communicated to a Photo broad audience around the globe. The open- Qualification testing is a key function in determining individual component durability that make up the overall performance of the end device ness of today’s communications allows the or complete system.

44 ISO Focus+ May 2012 ISO Focus+ May 2012 45 a

360°

ISO 26000 in China

Comprehensive social responsibility management manual booklet. The State Grid Corporation promotes SR implementation across the organization. Press conference announcing China’s first SR report based on ISO 26000.

of the People's Republic of China (SAC), A large number of universities, research Future growth under the authorization of ISO, to help institutions and other educational establish- drive the development of SR in the country. ments now feature courses on the subject. The growth of SR should improve organi- In addition to the standard, the concept is SR is changing management practices in zations’ decision making, risk assessment, backed by a number of other recent initia- China, the exact manner depending on the financial and non-financial success and tives including : structure, nature, approach and farsighted- long-term sustainability. It is also hoped that SR will be admitted • SR has been written into China’s ness of the organization involved. into the strategies for national governance, revised company law Some local governments and companies and that the national government will have adopted SR development performance • The state-owned Assets Supervision play a more active role in initiating and as the assessment indicator, demonstrating and Administration Commission has supervising SR. their drive and determination to build effec- stated that national enterprises should For companies, sustainable development tive SR management systems. implement SR needs to be a core element of new, greener Examples of other organizations embrac- • The Shenzhen and Shanghai stock development models. exchanges have released SR guidance ing SR include : If Chinese SR is to go on growing, we for listed companies • Jinan Sunny Sister Domestic Service need to see cooperation, flexibility and • Some local governments have estab- Co., Ltd has released the first Chinese steady determination across the country. lished SR programmes and guides report on SR based on ISO 26000 One day – perhaps soon – Chinese com- panies will regularly appear as case studies • The China Textile Industry Associa- • The State Grid Corporation has in international forums and the world’s tion, China Association of Industrial released the “ Guide for implemen- leading business schools.  Enterprises and other industrial organi- tation of social responsibility ” to The State Grid Corporation encourages the safe use of electricity and energy saving on campus. zations have released SR guides for enterprises in its own industry, and their sectors. has implemented a pilot scheme for responsibility management About the author A new way of doing business Moreover, numerous organizations, • COSCO Group has implemented including social bodies, communities, indexing the management of sustain- Dr. Chen Wang, investors and research institutions, have consideration of economic, environmental, able development. Assistant Research by Chen Wang adopted and are implementing SR. and social responsibilities. This change in Professor, is thinking has enabled Chinese people to Deputy Director of Less than two years after publication, ISO 26000:2010, Guidance assess themselves and their activities with International approach the Social Respon- on social responsibility, has had a significant impact worldwide. In a new, longer-term perspective. sibility and Credit Over recent years, China has greatly Research Office, in China, while some of the standard’s principles were initially unfamil- strengthened its SR-related international A solid start the quality manage- iar, it is being rapidly and broadly accepted. involvement and links. In addition to adopt- ment branch of the The movement towards social responsibil- ing the concepts, principles, management China National Institute of Standardiza- ity (SR) in China is well underway. Since the tools and assessment standards of SR, China tion. She specializes in social responsibil- Traditionally, the notion of social respon- ideas on the subject, this Chinese approach initial release of a responsibility report on has welcomed independently authenticated ity and sustainability. Chen Wang is an sibility in China centred mainly on charitable has evolved. national enterprises in 2006, Chinese com- international institutions such as Global expert in ISO project committee ISO/PC and social activities for the public good. There is now a greater emphasis on : panies have taken a particularly strong lead. Compact and Global Report Initiative. 250, Sustainability in event management, With the growing momentum of social sustainable development; compromise The Chinese edition of ISO 26000 was In international forums on SR, Chinese ISO/TMB/SGDG 1, Sustainability guide Jinan Sunny Sister Domestic Service Co., Ltd responsibility as good business practice, and between stakeholders; mutual understanding; published in November 2011. It was trans- SR report (2010), and China’s first SR report contributors have a significant presence drafting group, and the ISO social respon- the absorption of western and international balance; and the careful, multidimensional lated by the Standardization Administration based on ISO 26000 (September 2011). and continue to increase their participation. sibility post publication organization.

46 ISO Focus+ May 2012 ISO Focus+ May 2012 47 a

New Releases New Releases Coming Up Adobe Extensible 360°

Metadata Platform (XMP) 35th ISO General Assembly The American National Standards Now an ISO standard Institute (ANSI) will host the 35th ISO General Assembly in San Diego, USA, from 19 to 21 September 2012. An open session on innovation and sustainability by Elizabeth Gasiorowski-Denis will be held during the event. The June issue of ISO Focus+ will ave you accessed or modified the data embedded in a file today ? feature an interview with Joe Bhatia, H President and CEO of ANSI, who Even if you have not, there is a good chance you did recently. explains ANSI’s motivation to pro- This is because the XMP (Extensible Metadata Platform) for tagging pose the USA as the venue for the ISO information electronically has become part of the digital document General Assembly. He tells us about landscape of today and a new ISO standard will allow users to have the enormous changes that have taken place in standardization since the last a thorough understanding of the XMP data model. time the USA hosted the ISO General Assembly in 1973. To know more about the role of ANSI ISO 16684-1:2012, Graphic technology Metadata can greatly increase the utility Innovation in international standardization, read – Extensible metadata platform (XMP) speci- of resources in collaborative production the June 2012 issue of ISO Focus+.  fication – Part 1: Data model, serialization workflows. For example, an image file might and core properties, offers content creators contain metadata such as its working title, an easy way to embed meaningful infor- description, and intellectual property rights. mation about their projects. It is useful for Accessing the metadata makes it easier to ISO Focus+ anyone who wishes to use XMP metadata, perform tasks such as searching for images, including both developers and end-users locating image captions, or determining The electronic edition (PDF file) of of applications that handle metadata for the copyright clearance to use an image. Far from being a barrier to innovation, its work include bar code and RFID tech- ISO Focus+ is accessible free of resources of any kind. The new standard, ISO 16684-1:2012 International Standards can be an important nologies. The impact of these standards charge on the ISO Website www. Adobe’s Extensible Metadata Platform is based on the XMP specification part 1 driver. According to the World Bank, one is enormous. From helping the supply iso.org/isofocus+. In addition, the (XMP) is a labeling technology that allows version developed by Adobe Systems. Estab- of the most important economic benefits of chain to track, acquire and manage data entire collection of previous issues of users to embed data about a file, known as lishing this International Standard ensures across a broad range of file formats and standards it that they increase productive and information to identifying personnel, ISO Focus+ editions, plus ISO Focus metadata, into the file itself. With XMP, the stability and longevity of its definitions domains of usage. and innovative efficiency. But that’s not all. transactions and resources. (2004-2009), plus ISO Management desktop applications and back-end pub- and encourages broader integration and Future parts will address formal validation Standards are the building blocks that The issue also highlights the work of the Systems magazine (2001-2009) lishing systems gain a common method interoperability of XMP with existing of XMP and XML syntax for describing influence technological advances and ISO, IEC and ITU Moving Picture Experts is also available free of charge as for capturing, sharing, and leveraging this standards. determine innovation performance. In group (MPEG), which created one of the XMP UI elements. In addition, ISO 16684- electronic files. valuable metadata – opening the door for Mr. Biederich further noted : “ Effective 1:2012 will serve as the foundation for particular, they influence the innovation most successful standards to date. Highly more efficient job processing, workflow metadata management has become increas- domain specific ISO activities, for example, process by setting the direction for future praised with several Emmy awards, MPEG ISO Update automation, and rights management, ingly important with the explosion of digital ISO/TC 42, Photography, working group technological developments. And they can has revolutionized the audio, video and among other possibilities. This is where media. The Adobe Extensible Metadata The ISO Update, a monthly sup- WG 18, Electronic still picture imaging, be a catalyst for innovative thinking and multimedia experience of millions of people. ISO 16684-1 comes in. Platform (XMP) offers a powerful metadata plement to ISO Focus+ is available or ISO/TC 171, Document management creativity. Innovation can also help build a more Adobe Systems Director of Engineering, infrastructure to the industry and is a widely applications, SC 2, Application issues, With the evolution of technology and sustainable world. Examples of green electronically (PDF) in both English Frank Biederich, commented : “ I am excited adopted technology, specifically in the area WG 5, PDF/A. the explosion of the Internet, Websites, plastics and carbon capture and storage www.iso.org/isoupdate and French to see ISO advance open and extensible of image and document management. ISO 16684-1:2012 was prepared by social media and online services are giv- showcase the importance of standards for www.iso.org/fr/isoupdate. metadata by releasing the first part of the “ The XMP platform not only helps ing rise to new challenges for industry and the proliferation and development of these Adobe and was adopted by ISO/TC 130, The ISO Update informs readers Adobe XMP specification as an Interna- operating system vendors and software Graphic technology, under a fast-track consumers. International Standards can technologies. tional Standard. Going forward, this allows companies to seamlessly exchange media about the latest developments in procedure. It is available from ISO national provide solutions. Finally, the issue looks at ISO’s ongoing industry experts to influence the direction related information, it also has been adopted the ISO world, including ISO member member institutes. It may also be obtained The June issue of ISO Focus+ will explore innovations in the standards developing of XMP and drive innovation leveraging by camera manufacturers applying metadata bodies’ CEO and address changes, directly from the ISO Central Secretariat these issues by highlighting key standards process, aimed at meeting stakeholder an established metadata ecosystem. to content early in the creation process. draft standards under circulation, as (www.iso.org) through the ISO Store or by that are revolutionizing industry. requirements and responding to market “ With its continuous commitment to ISO 16684-1:2012 supplies two essential well as newly published, confirmed contacting the Marketing, Communication One key player is joint technical commit- needs, with the goal to be always faster, openness, Adobe will expand its engage- components of XMP metadata : data model & Information department ([email protected]). tee ISO/IEC JTC 1, Information technology, simpler and better. or withdrawn standards. It also in- ment to other ISO groups in the future to and serialization. In addition, this part defines which provides a solid ICT infrastructure, To learn more about the benefits Interna- cludes a list of upcoming technical help develop and standardize metadata a collection of core properties, which are defining the basic structures which new tional Standards bring to innovation, don’t Elizabeth Gasiorowski-Denis is Editor in Chief, ONLINE committee plenary meetings. workflows based on XMP.” XMP metadata items that can be applied ISO Focus+. technologies will build on. Examples of miss the next issue of ISO Focus+. 

48 ISO Focus+ May 2012 ISO Focus+ May 2012 49 1

Hard work is one thing. Exploitation is another.

ISO 26000, Guidance on social responsibility

The fi rst link in a global supply issues and seven over- Available from ISO national member chain may be a little guy car- arching principles. All are institutes (listed with contact details rying a heavy load. The differ- based on consensus on the ISO Website at www.iso.org) ence between hard work and among 99 countries and and from the ISO Central Secretariat exploitation depends on criteria 42 international organiza- Webstore at www.iso.org/isostore or e-mail to [email protected]. like adequate pay, working con- tions from both public ditions, health and safety and private sectors. factors, and social pro- People worldwide now tection. Labour prac- demand that organiza- International Organization tices comprise one of 2010-10-21 17:07:36 tions behave in a for Standardization – www.iso.org the seven core subjects Discovering ISO 26000 - E.indd 1 socially responsible Central Secretariat of social responsibility manner. ISO 26000 shows how 1, ch. de la Voie-Creuse defined in ISO 26000, – and the benefi ts of doing so. Case postale 56 :33:47 2010-10-21 16

1 along with 37 underlying ect overview E.indd Link up now ! CH-1211 Genève 20 ISO 26000 - Proj