Jump to content

Kevin Foster

  • Posts

  • Joined

  • Last visited

  • Days Won


Kevin Foster last won the day on July 30

Kevin Foster had the most liked content!

1 Follower

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Kevin Foster's Achievements


Newbie (1/14)

  • Conversation Starter Rare
  • Week One Done Rare
  • One Month Later Rare
  • One Year In Rare

Recent Badges



  1. ISO Technical Committee 292 is responsible for the publication and development of standards in the field of societal security to enhance the safety and resilience of society. The catalogue of these standards is available at https://www.iso.org/committee/5259148/x/catalogue/ This ISO 22300 series of standards provides operational continuity management systems, incident preparedness and response guidance, and societal security technological capabilities. Some notable standards included in the catalogue: ISO 22300:2021 Security and resilience - vocabulary ISO 22301:2019 Business continuity management systems - Requirements ISO 22315:2014 Mass evacuation - Guidelines for Planning ISO 22316:2017 Organizational resilience - Principles and attributes ISO/TR 22370 Urban resilience - Framework and principles ISO/TS 22375:2018 Guidelines for complexity assessment process An interesting standard proposed is on the topic of Energy Resilience.
  2. The following Standards Australia publications have recently been published. Publication Number: AS ISO 22301:2020 Title: Security and resilience — Business continuity management systems — Requirements Publishing Date:25-09-2020 SA Project Committee: MB-025 Security and Resilience Publication Number: AS ISO 22313:2020 Title: Security and resilience — Business continuity management systems — Guidance on the use of ISO 22301 Publishing Date:25-09-2020 SA Project Committee: MB-025 Security and Resilience
  3. AS/NZS ISO 31000:2018 defines ‘risk’ as “the effect of uncertainty on objectives” and ‘risk management’ as “coordinated activities to direct and control an organization with regard to risk”. Therefore it is implied that ‘engineering risk’ is the effect of uncertainty on engineering objectives. If we accept that risk engineering is a specialised form of risk management, then to be consistent with ISO 31000, ‘risk engineering’ could be defined as coordinated activities to direct and control an organization with regard to engineering risk. The key advantages of defining risk engineering in this way is that we do not need to redefine ‘engineering’ and we remain consistent with ISO 31000 terminology.
  4. Yes Geoff. The ISO definition of complexity is pretty close to the one typically used by social scientists since the mid 1960s. The management and political sciences have needed to distinguish between complicated and complex decision systems. In 1965, Herbert Simon described a complex system as “one made up of a large number of parts that interact in a nonsimple way. In such systems, the whole is more than the sum of the parts, not in an ultimate, metaphysical sense, but in the important pragmatic sense that, given the properties of the parts and the laws of interaction, it is not a trivial matter to infer the properties of the whole.” Simon was of course describing political decision systems. Simon, Herbert A. 1965. The Architecture of Complexity, in General Systems Yearbook vol 10. pp. 63-64.
  5. An interesting ISO technical specification in the ISO22300 (Societal security) series is: ISO/TS 22375:2018 Security and resilience — Guidelines for complexity assessment process. This document discusses organisational complexity and how one might asses complexity to improve societal security and resilience.
  6. In the introduction to REBOK there is a statement: "Risk management of engineering design is also mandated under international standards." It is important to understand that the use of ISO and Australian Standards are not mandatory unless legislation requires them to be used. Also, ISO 31000 is a set of guidelines including principles, framework and process. Its intent is for use by people to create and protect value in organisations by managing risks, setting and achieving objectives and improving performance. The application of the guidelines can be customised to any organisation and its operating context. The words "shall" and "must" are not used in this standard except in the foreword in relation to ISO's responsibilities. There is nothing written into this standard that mandates the use of any of the guidelines. Therefore the referenced statement in the REBOK introduction should be re-written to clarify the intent of the statement. If the intent is to reference legislation that mandates the use of ISO 31000 or other international risk management and resilience standards then it would be better to be clear about that.
  7. Draft ISO/DIS 22300:2020 currently defines complexity as the "condition of an organisational system with many diverse and autonomous but interrelated and independent components or parts where those parts interact with each other and with external elements in multiple-end non-linear ways." This definition is subject to change in the final publication.
  • Create New...