standards development a primer for rims members l.
Skip this Video
Loading SlideShow in 5 Seconds..
Standards Development: A Primer for RIMS Members PowerPoint Presentation
Download Presentation
Standards Development: A Primer for RIMS Members

Loading in 2 Seconds...

play fullscreen
1 / 19

Standards Development: A Primer for RIMS Members - PowerPoint PPT Presentation

  • Uploaded on

Standards Development: A Primer for RIMS Members. Sponsored by RIMS Standards and Practices Committee. Outline. What are standards? Standards development National standards institutes ANSI International organizations International Standards Organization (ISO)

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Standards Development: A Primer for RIMS Members' - eze

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
standards development a primer for rims members

Standards Development: A Primer for RIMS Members

Sponsored by RIMS Standards and Practices Committee

  • What are standards?
  • Standards development
  • National standards institutes
    • ANSI
  • International organizations
    • International Standards Organization (ISO)
  • How RIMS is influencing standards development
what are standards
What Are Standards?
  • A standard is a document, established by consensus that provides rules, guidelines or characteristics for activities or their results. (ISO/IEC Guide 2:2004)
  • May specify performance of products or personnel
  • May define terms to alleviate as much misunderstanding as possible
  • Examples:
    • Ensure that light bulbs fit into sockets
    • Ensure film fits into cameras that can be purchased anywhere in the world
    • Provide an international definition of “risk”
what standards are not
What Standards Are Not
  • Mandated regulations
  • Controls
  • Necessarily “how to” documents
  • Certifications (nor require that an organization be certified to use a standard)
standards development
Standards Development
  • Standards development is a method of documenting processes, principles, or technical requirements and recommendations that are established by authority, custom, or consent
  • Organizations who develop standards are called standards-setting organizations (SSOs) or standards-development organizations (SDOs)
    • Standards can be either regional, national, or international.
standards development6
Standards Development
  • Products of standards development can be
    • Informal
      • Are often referred to as “specifications”
      • Usually do not involve participation by a significant part of any industry, profession, or pertinent stakeholders
      • May not use a formal process during development
      • Over time may be accepted by stakeholders and then become the “de facto” standard, or may be submitted for formal standardization
    • Formal

- Often referred to as “standards”

- Based on a formal process

      • Usually consensus based incorporating viewpoints of several stakeholders
      • ISO 31000:2009 Risk Management-Principles and Guidelines is an example

Approachin the United States

Approach in many economies

Two Primary Approaches to Standards

Standards bodies coordinate standardization activities

Bottom Up

Independent Standards Development Organizations (SDO) drive standardization activities

national standards institutes
National Standards Institutes
  • Many countries have a national standards institute that represents the country in international and regional standards activities
  • Examples include
      • AFNOR (France) ANSI (US)
      • BSI (UK) DIN (Germany)
      • GOST R (Russia) IRAM (Argentina)
      • JISC (Japan) KEBS (Kenya)
      • SA (Australia) SAC (China)
      • SASO (Saudi Arabia) CSA (Canada)
      • SNZ (New Zealand) DGN (Mexico)
national standards institutes9
National Standards Institutes

Example: American National Standards Institute (ANSI)

  • Leading U.S. organization for coordinating and promoting voluntary consensus standards
    • U.S. representative in non-treaty international and regional standards-setting activities
    • Entity that provides accreditation for US SDOs
      • ANSI Essential Requirements outline rules of engagement
    • RIMS has applied to become an ANSI member


ansi structure standards development view

ANSI Membership

Board of Directors

Executive Committee

Policy Committees

National Policy Committee (NPC)

ANSI ISO Council (AIC)

US National Committee IEC Council (USNC)

Board of Standards Review (BSR)


Technical Management Committee

Executive Standards Council

ANSI Structure: Standards Development View
international non governmental organizations
International Non-Governmental Organizations
  • International organizations usually considered to be those with country membership, e.g.,
    • International Organization for Standardization (ISO)
    • European Committee for Standardization
    • International Electrotechnical Commission (IEC)
    • International Telecommunications Union (ITU)
  • Developer of International Standards
    • Central coordination in Geneva, Switzerland
    • Network of national standards institutes of 162 countries, with one member per country
      • ANSI is the US representative to ISO
    • Involved with standardization of various technical areas, including risk management principles and processes
      • Risk management standards being developed in various technical committees and working groups, including
        • ISO Technical Committee 223 (TC 223), Societal Security
        • Technical Management Board (TMB) Working Group on risk management
iso structure standards development view


Principal OfficersDelegates of: Member bodies Correspondent members Subscriber members

Policy development committees

Committees on Conformity assessment (CASCO) Consumer policy (COPOLCO) Developing country matters (DEVCO)




Strategic and technical advisory groups and Committee on reference material (REMCO)

Technical committees (TCs)

Technical subcommittees (SCs)

Technical working groups (WGs)

ISO structure: Standards Development View
iso standards development
ISO standards development
  • Three main phases
    • Need communicated to national member body who proposes the new work item to ISO. Technical scope defined in appropriate working group.
    • Draft international standard developed in working group, then elevated to the relevant technical committee for approval. The draft international standard (DIS) is then circulated to the countries through the national bodies for comments.
iso standards development15
ISO standards development
  • Requirements for formal approval of the final draft international standard (FDIS):
    • Approval by two-thirds of the ISO members that participated actively in the standards development
    • Approval by 75% of all members that vote.
  • Following approval, the document is published as an International Standard (IS).



Standards Hierarchy

AS/NZS 4360


SAQ ONR 49001






NFPA 101

ISO 9001

ISO 14001




OHSAS 18001

ISO/IEC 27001

HB 436


ISO 10005

ISO/IEC 27002

CSA Q850

ISO/IEC 15408


ISO 31010






how rims is influencing standards development
How RIMS Is Influencing Standards Development
  • Collaborating with existing SDOs who submit standards to ISO for adoption
  • Developing liaison relationships with ISO technical committees
  • Submitting comments through ANSI technical advisory groups (TAGs) to ISO technical committees that are in the process of developing standards
  • Educating RIMS Members
presentation developed by
Presentation Developed By:

Yvette Ho Sang

Risk Management Analyst

IEEE Standards Association

Member of RIMS Standards and Practices Committee

With contributions from members of RIMS Standards and Practices Committee

If you have questions, please contact Nathan Bacchus at

referenced standards
Referenced Standards

ISO 31000: 2009 Risk Management –Principles and Guidelines

AS/NZS 4360:2004 Risk Management Australian/New Zealand Standard

ISO GUIDE 73:2009 Risk Management –Vocabulary

HB 436:2004 Risk Management Guidelines: a Companion to AS/NZS 4360:2004

CSA Q850-10 Risk Management – Implementation of CAN/CSA-ISO 31000

ISO 31010:2009 Risk Management –Risk Assessment

NFPA 101:2009 Life Safety Code®

ANSI/ASHRAE 62.1-2007 Standard on Ventilation for Acceptable Indoor Air Quality

OHSAS 18001:2007 Occupational Health and Safety

ISO 9001:2008 Quality Management Systems – Requirements

ISO 10005:2005 Quality Management Systems –Guidelines for Quality Plans

NFPA 75:2009 Standard for the Protection of Information Technology Equipment

ISO/IEC 27001:2005 Information Security Management Systems – Requirements

ISO/IEC 27002:2005 Information Technology – Code of Practice

ISO/IEC 15408:2005/2008 (3 parts) Evaluation Criteria for IT Security

ISO 14050:2009 Environmental - Vocabulary

ISO 14001:2004 Environmental Management Systems - Requirements

ISO 28000:2007 Security Management Systems for the Supply Chain

ANSI / ASIS SPC.1:2009 Organizational Resilience: Security Preparedness, and Continuity Management Systems – Requirements with Guidance for Use