ISO/FDIS 22300

FINAL DRAFT
International
Standard
ISO/TC 292
Security and resilience —
Secretariat: SIS
Vocabulary
Voting begins on:
Sécurité et résilience — Vocabulaire 2025-08-11
Voting terminates on:
2025-10-06
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
ISO/CEN PARALLEL PROCESSING LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
Reference number
FINAL DRAFT
International
Standard
ISO/TC 292
Security and resilience —
Secretariat: SIS
Vocabulary
Voting begins on:
Sécurité et résilience — Vocabulaire
Voting terminates on:
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT,
WITH THEIR COMMENTS, NOTIFICATION OF ANY
RELEVANT PATENT RIGHTS OF WHICH THEY ARE AWARE
AND TO PROVIDE SUPPOR TING DOCUMENTATION.
© ISO 2025
IN ADDITION TO THEIR EVALUATION AS
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
ISO/CEN PARALLEL PROCESSING
LOGICAL, COMMERCIAL AND USER PURPOSES, DRAFT
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
INTERNATIONAL STANDARDS MAY ON OCCASION HAVE
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL
or ISO’s member body in the country of the requester.
TO BECOME STAN DARDS TO WHICH REFERENCE MAY BE
MADE IN NATIONAL REGULATIONS.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland Reference number
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Terms related to security and resilience .1
3.2 Terms related to risk .7
3.3 Terms related to management systems .11
Bibliography .16
Index . 17

iii
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 292, Security and resilience, in collaboration
with the European Committee for Standardization (CEN) Technical Committee CEN/TC 391, Societal and
Citizen Security, in accordance with the Agreement on technical cooperation between ISO and CEN (Vienna
Agreement).
This fourth edition cancels and replaces the third edition (ISO 22300:2021), which has been technically
revised.
The main changes are as follows:
— removal of terms that are not commonly used across the portfolio of ISO/TC 292 standards and are very
specific to particular standards;
— definitions for some terms have been modified to be more generic and applicable across the portfolio of
ISO/TC 292 standards;
— inclusion of new terms and definitions from recent published documents and documents transferred to
ISO/TC 292;
— the structure of the document has been revised to make the document more concise and user friendly.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

iv
Introduction
This document defines generic terms related to security and resilience topics.
This document provides a common language profile to help facilitate a common understanding and to
maintain consistency of fundamental terminology.
Security and resilience topics cover a broad range of disciplines. In some circumstances, it can be necessary
to supplement the vocabulary in this document.
This document can be applied as a reference by competent authorities, as well as by specialists involved
in standardization systems, to better and more accurately understand relevant text, correspondences and
communications.
v
FINAL DRAFT International Standard ISO/FDIS 22300:2025(en)
Security and resilience — Vocabulary
1 Scope
This document defines terms related to security and resilience topics.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1 Terms related to security and resilience
3.1.1
acute shock
unexpected state or physical condition or event that suddenly occurs to a severe or intense degree with the
potential to have immediate but short-term impacts on resilience objectives
3.1.2
affected area
location that has been impacted by a disruptive event (3.1.33) such as an incident (3.1.38), accident, or
disaster (3.1.24)
3.1.3
after-action report
document that records, describes and analyses the actual event (3.1.33) or exercise (3.1.34), and derives
lessons from it
3.1.4
alert
notification that captures attention of people at risk (3.1.50) in a developing situation
3.1.5
all clear
message or signal that the situation has passed
3.1.6
all-hazards approach
comprehensive approach to emergency preparedness that ensures that organizational capabilities and
controls are designed and applied so that they can respond to all types of disruptive events, irrespective of
their nature or cause
3.1.7
business continuity
capability of an organization (3.3.19) to continue the delivery of products and services within acceptable
time frames at predefined capacity during a disruption (3.1.26)

3.1.8
business continuity management
process (3.3.30) of implementing and maintaining business continuity (3.1.7)
3.1.9
business continuity plan
documented information (3.3.8) that guides an organization (3.3.19) to respond to a disruption (3.1.26) and
resume, recover and restore the delivery of products and services consistent with its business continuity
(3.1.7)objectives (3.3.18)
3.1.10
business impact analysis
process (3.3.30) of analysing the impact (3.1.36) over time of a disruption (3.1.26) on the organization (3.3.19)
3.1.11
chronic stress
unexpected state or physical condition or event (3.1.33) that develops slowly with increasing intensity and
severity, that influences long-term impacts (3.1.36) on resilience (3.1.59) objectives (3.3.18)
3.1.12
civil protection
measures taken and systems implemented to preserve the lives and well-being of people, properties and
environment from undesired events
Note 1 to entry: Undesired events (3.1.33) can include accidents, emergencies (3.1.30) and disasters (3.1.24).
3.1.13
civil society
wide range of individuals, groups of people, networks, movements, associations and organizations (3.3.19)
that manifest and advocate for the interests of their members and others
3.1.14
command and control
execution of authority and direction over assigned resources
Note 1 to entry: Command and control may be executed in the context of an emergency (3.1.30), crisis (3.1.22), disaster
(3.1.24), or other disruption (3.1.26), and for relief and recovery (3.1.56) activities.
Note 2 to entry: Control is used in some jurisdictions to refer to the overall direction of response activities and spans
across multiple organizations (3.3.19).
Note 3 to entry: Command is used in some jurisdictions to refer to the internal direction of resources within a single
organization (3.3.19).
3.1.15
command and control system
set of arrangements used to facilitate decisions and direct resources as part of the broader incident (3.1.38)
management approach
3.1.16
contingency
provision for handling of changing circumstances
3.1.17
cooperation
process (3.3.30) of working or acting together for common interests and values, based on agreement
3.1.18
coordination
process (3.3.30) of working or acting together in order to achieve a common objective (3.3.18)

3.1.19
counterfeit,verb
simulate, reproduce or modify a material good (3.1.44) or its packaging without authorization
3.1.20
counterfeit good
material good (3.1.44) imitating or copying an authentic material good (3.1.44)
3.1.21
countermeasure
action to mitigate the impact of a vulnerability (3.1.68)
3.1.22
crisis
abnormal or extraordinary event (3.1.33) or situation that poses an existential threat (3.1.67) and requires
a strategic and timely response
3.1.23
crisis management
coordinated activities to lead, direct and control an organization (3.3.19) with regard to crisis (3.1.22)
3.1.24
disaster
situation where widespread human, material, economic or environmental losses have occurred that
exceeded the ability of the affected organization (3.3.19), community (3.3.3) or society to respond and
recover using its own resources
3.1.25
disaster risk reduction
policy (3.3.28) aimed at preventing new and reducing existing disaster (3.1.24) risk (3.2.8) and managing
residual risk (3.2.7), all of which contribute to strengthening resilience (3.1.59) and therefore to the
achievement of sustainable development
3.1.26
disruption
anticipated or unanticipated event (3.1.33) that interrupts normal functions, operations or processes (3.3.30)
3.1.27
drill
repetitive training (3.3.34) that practises a designed activity
3.1.28
duty of care
legal obligation to provide for the safety (3.1.61), well-being or interests of others
3.1.29
early warning
provision of information through local networks, allowing affected individuals to take action to avoid or
reduce risks (3.2.8) and to prepare responses
Note 1 to entry: This includes collecting and assessing information, providing information to the identified interested
parties (3.3.11), and taking respective actions.
3.1.30
emergency
sudden, urgent, usually unexpected occurrence or event (3.1.33) requiring immediate action
Note
...