Jump to content

Kevin Foster

  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by Kevin Foster

  1. The following Standards Australia publications have recently been published. Publication Number: AS ISO 22301:2020 Title: Security and resilience — Business continuity management systems — Requirements Publishing Date:25-09-2020 SA Project Committee: MB-025 Security and Resilience Publication Number: AS ISO 22313:2020 Title: Security and resilience — Business continuity management systems — Guidance on the use of ISO 22301 Publishing Date:25-09-2020 SA Project Committee: MB-025 Security and Resilience
  2. AS/NZS ISO 31000:2018 defines ‘risk’ as “the effect of uncertainty on objectives” and ‘risk management’ as “coordinated activities to direct and control an organization with regard to risk”. Therefore it is implied that ‘engineering risk’ is the effect of uncertainty on engineering objectives. If we accept that risk engineering is a specialised form of risk management, then to be consistent with ISO 31000, ‘risk engineering’ could be defined as coordinated activities to direct and control an organization with regard to engineering risk. The key advantages of defining risk engineering in this way is that we do not need to redefine ‘engineering’ and we remain consistent with ISO 31000 terminology.
  3. Yes Geoff. The ISO definition of complexity is pretty close to the one typically used by social scientists since the mid 1960s. The management and political sciences have needed to distinguish between complicated and complex decision systems. In 1965, Herbert Simon described a complex system as “one made up of a large number of parts that interact in a nonsimple way. In such systems, the whole is more than the sum of the parts, not in an ultimate, metaphysical sense, but in the important pragmatic sense that, given the properties of the parts and the laws of interaction, it is not a trivial matter to infer the properties of the whole.” Simon was of course describing political decision systems. Simon, Herbert A. 1965. The Architecture of Complexity, in General Systems Yearbook vol 10. pp. 63-64.
  4. An interesting ISO technical specification in the ISO22300 (Societal security) series is: ISO/TS 22375:2018 Security and resilience — Guidelines for complexity assessment process. This document discusses organisational complexity and how one might asses complexity to improve societal security and resilience.
  5. In the introduction to REBOK there is a statement: "Risk management of engineering design is also mandated under international standards." It is important to understand that the use of ISO and Australian Standards are not mandatory unless legislation requires them to be used. Also, ISO 31000 is a set of guidelines including principles, framework and process. Its intent is for use by people to create and protect value in organisations by managing risks, setting and achieving objectives and improving performance. The application of the guidelines can be customised to any organisation and its operating context. The words "shall" and "must" are not used in this standard except in the foreword in relation to ISO's responsibilities. There is nothing written into this standard that mandates the use of any of the guidelines. Therefore the referenced statement in the REBOK introduction should be re-written to clarify the intent of the statement. If the intent is to reference legislation that mandates the use of ISO 31000 or other international risk management and resilience standards then it would be better to be clear about that.
  6. Draft ISO/DIS 22300:2020 currently defines complexity as the "condition of an organisational system with many diverse and autonomous but interrelated and independent components or parts where those parts interact with each other and with external elements in multiple-end non-linear ways." This definition is subject to change in the final publication.
  • Create New...