SIST EN ISO 22300:2026

SLOVENSKI STANDARD
01-januar-2026
Varnost in vzdržljivost - Slovar (ISO 22300:2025)
Security and resilience - Vocabulary (ISO 22300:2025)
Sicherheit und Resilienz - Begriffe (ISO 22300:2025)
Sécurité et résilience - Vocabulaire (ISO 22300:2025)
Ta slovenski standard je istoveten z: EN ISO 22300:2025
ICS:
01.040.03 Storitve. Organizacija Services. Company
podjetja, vodenje in kakovost. organization, management
Uprava. Transport. and quality. Administration.
Sociologija. (Slovarji) Transport. Sociology.
(Vocabularies)
03.100.01 Organizacija in vodenje Company organization and
podjetja na splošno management in general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN ISO 22300
EUROPEAN STANDARD
NORME EUROPÉENNE
November 2025
EUROPÄISCHE NORM
ICS 01.040.03; 03.100.01 Supersedes EN ISO 22300:2021
English Version
Security and resilience - Vocabulary (ISO 22300:2025)
Sécurité et résilience - Vocabulaire (ISO 22300:2025) Sicherheit und Resilienz - Begriffe (ISO 22300:2025)
This European Standard was approved by CEN on 7 November 2025.

CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2025 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 22300:2025 E
worldwide for CEN national Members.

Contents Page
European foreword . 3

European foreword
This document (EN ISO 22300:2025) has been prepared by Technical Committee ISO/TC 292 "Security
and resilience" in collaboration with Technical Committee CEN/TC 391 “Societal and Citizen Security”
the secretariat of which is held by AFNOR.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by May 2026, and conflicting national standards shall be
withdrawn at the latest by May 2026.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN ISO 22300:2021.
Any feedback and questions on this document should be directed to the users’ national standards
body/national committee. A complete listing of these bodies can be found on the CEN website.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Türkiye and the
United Kingdom.
Endorsement notice
The text of ISO 22300:2025 has been approved by CEN as EN ISO 22300:2025 without any modification.

International
Standard
ISO 22300
Fourth edition
Security and resilience —
2025-11
Vocabulary
Sécurité et résilience — Vocabulaire
Reference number
ISO 22300:2025(en) © ISO 2025
ISO 22300:2025(en)
© ISO 2025
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
ISO 22300:2025(en)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Terms related to security and resilience .1
3.2 Terms related to risk .7
3.3 Terms related to management systems .11
Bibliography .16
Index . 17

iii
ISO 22300:2025(en)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 292, Security and resilience, in collaboration
with the European Committee for Standardization (CEN) Technical Committee CEN/TC 391, Societal and
Citizen Security, in accordance with the Agreement on technical cooperation between ISO and CEN (Vienna
Agreement).
This fourth edition cancels and replaces the third edition (ISO 22300:2021), which has been technically
revised.
The main changes are as follows:
— removal of terms that are not commonly used across the portfolio of ISO/TC 292 standards and are very
specific to particular standards;
— definitions for some terms have been modified to be more generic and applicable across the portfolio of
ISO/TC 292 standards;
— inclusion of new terms and definitions from recent published documents and documents transferred to
ISO/TC 292;
— the structure of the document has been revised to make the document more concise and user friendly.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

iv
ISO 22300:2025(en)
Introduction
This document defines generic terms related to security and resilience topics.
This document provides a common language profile to help facilitate a common understanding and to
maintain consistency of fundamental terminology.
Security and resilience topics cover a broad range of disciplines. In some circumstances, it can be necessary
to supplement the vocabulary in this document.
This document can be applied as a reference by competent authorities, as well as by specialists involved
in standardization systems, to better and more accurately understand relevant text, correspondences and
communications.
v
International Standard ISO 22300:2025(en)
Security and resilience — Vocabulary
1 Scope
This document defines terms related to security and resilience topics.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1 Terms related to security and resilience
3.1.1
acute shock
unexpected state or physical condition or event that suddenly occurs to a severe or intense degree with the
potential to have immediate but short-term impacts on resilience objectives
3.1.2
affected area
location that has been impacted by a disruptive event (3.1.33) such as an incident (3.1.38), accident, or
disaster (3.1.24)
3.1.3
after-action report
document that records, describes and analyses the actual event (3.1.33) or exercise (3.1.34), and derives
lessons from it
3.1.4
alert
notification that captures attention of people at risk (3.1.50) in a developing situation
3.1.5
all clear
message or signal that the situation has passed
3.1.6
all-hazards approach
comprehensive approach to emergency preparedness that ensures that organizational capabilities and
controls are designed and applied so that they can respond to all types of disruptive events, irrespective of
their nature or cause
3.1.7
business continuity
capability of an organization (3.3.19) to continue the delivery of products and services within acceptable
time frames at predefined capacity during a disruption (3.1.26)

ISO 22300:2025(en)
3.1.8
business continuity management
process (3.3.30) of implementing and maintaining business continuity (3.1.7)
3.1.9
business continuity plan
documented information (3.3.8) that guides an organization (3.3.19) to respond to a disruption (3.1.26) and
resume, recover and restore the delivery of products and services consistent with its business continuity
(3.1.7) objectives (3.3.18)
3.1.10
business impact analysis
process (3.3.30) of analysing the impact (3.1.36) over time of a disruption (3.1.26) on the organization (3.3.19)
3.1.11
chronic stress
unexpected state or physical condition or event (3.1.33) that develops slowly with increasing intensity and
severity, that influences long-term impacts (3.1.36) on resilience (3.1.59) objectives (3.3.18)
3.1.12
civil protection
measures taken and systems implemented to preserve the lives and well-being of people, properties and
environment from undesired events
Note 1 to entry: Undesired events (3.1.33) can include accidents, emergencies (3.1.30) and disasters (3.1.24).
3.1.13
civil society
wide range of individuals, groups of people, networks, movements, associations and organizations (3.3.19)
that manifest and advocate for the interests of their members and others
3.1.14
command and control
execution of authority and direction over assigned resources
Note 1 to entry: Command and control may be executed in the context of an emergency (3.1.30), crisis (3.1.22), disaster
(3.1.24), or other disruption (3.1.26), and for relief and recovery (3.1.56) activities.
Note 2 to entry: Control is used in some jurisdictions to refer to the overall direction of response activities and spans
across multiple organizations (3.3.19).
Note 3 to entry: Command is used in some jurisdictions to refer to the internal direction of resources within a single
organization (3.3.19).
3.1.15
command and control system
set of arrangements used to facilitate decisions and direct resources as part of the broader incident (3.1.38)
management approach
3.1.16
contingency
provision for handling of changing circumstances
3.1.17
cooperation
process (3.3.30) of working or acting together for common interests and values, based on agreement
3.1.18
coordination
process (3.3.30) of working or acting together in order to achieve a common objective (3.3.18)

ISO 22300:2025(en)
3.1.19
counterfeit,verb
simulate, reproduce or modify a material good (3.1.44) or its packaging without authorization
3.1.20
counterfeit good
material good (3.1.44) imitating or copying an authentic material good (3.1.44)
3.1.21
countermeasure
action to mitigate the impact of a vulnerability (3.1.68)
3.1.22
crisis
abnormal or extraordinary event (3.1.33) or situation that poses an existential threat (3.1.67) and requires
a strategic and timely response
3.1.23
crisis management
coordinated activities to lead, direct and control an organization (3.3.19) with regard to crisis (3.1.22)
3.1.24
disaster
situation where widespread human, material, economic or environmental losses have occurred that
exceeded the ability of the affected organization (3.3.19), community (3.3.3) or society to respond and
recover using its own resources
3.1.25
disaster risk reduction
policy (3.3.28) aimed at preventing new and reducing existing disaster (3.1.24) risk (3.2.8) and managing
residual risk (3.2.7), all of which contribute to strengthening resilience (3.1.59) and therefore to the
achievement of sustainable development
3.1.26
disruption
anticipated or unanticipated event (3.1.33) that interrupts normal functions, operations or processes (3.3.30)
3.1.27
drill
repetitive training (3.3.34) that practises a designed activity
3.1.28
duty of care
legal obligation to provide for the safety (3.1.61), well-being or interests of others
3.1.29
early warning
provision of information through local networks, allowing affected individuals to take action to avoid or
reduce risks (3.2.8) and to prepare responses
Note 1 to entry: This includes collecting and assessing information, providing information to the identified interested
parties (3.3.11), and taking respective actions.
3.1.30
emergency
sudden, urgent, usually unexpected occurrence or event (3.1.33) requiring immediate action
Note 1 to entry: An emergency is usually a disruption (3.1.26) or condition that can often be anticipated or prepared
for, but seldom exactly foreseen.

ISO 22300:2025(en)
3.1.31
emergency management
overall approach for preventing emergencies (3.1.30) and managing those that occur
3.1.32
evacuation
organized, phased and supervised movement of people from dangerous or potentially dangerous areas to
places of safety (3.1.61)
3.1.33
event
occurrence or change of a particular set of circumstances
Note 1 to entry: An event (3.1.33) can be one or more occurrences and can have several causes and several consequences
(3.2.1).
Note 2 to entry: An event (3.1.33) can also be something that is expected to happen but does not happen, or something
that happens unexpectedly.
Note 3 to entry: An event (3.1.33) can be a risk source (3.2.23).
[SOURCE: ISO 31073:2022, 3.3.11, modified — Notes 1 and 2 to entry modified.]
3.1.34
exercise
process (3.3.30) to train for, assess, practise, and improve performance (3.3.24) in an organization (3.3.19)
3.1.35
goods
physical items produced to achieve goals
3.1.36
impact
outcome of a disruption (3.1.26) affecting objectives (3.3.18)
3.1.37
impact analysis
process (3.3.30) of analysing all operational and strategic functions and capability, and the effect that a
disruption (3.1.26) can have upon them
3.1.38
incident
event (3.1.33) that can be, or could lead to a disruption (3.1.26), loss, emergency (3.1.30), crisis (3.1.22) or
disaster (3.1.24)
3.1.39
incident command
process (3.3.30) that is conducted as part of an incident (3.1.38) management system (3.3.14), and which
evolves during the management (3.3.13) of an incident
3.1.40
infrastructure
system of facilities, equipment and services needed to achieve objectives (3.3.18)
Note 1 to entry: Some jurisdictions define infrastructure broader and include people and resources.
Note 2 to entry: Some infrastructure enables the functioning of society or the operation of an organization (3.3.19).
3.1.41
integrity
state of designed accuracy and compliance

ISO 22300:2025(en)
3.1.42
interoperability
ability of diverse systems and organizations (3.3.19) to work together
3.1.43
landslide
wide variety of types of events (3.1.33) that result in the gravitationally driven downward and outward
movement of slope-forming materials including rock, soil, artificial fill or a combination of these
3.1.44
material good
manufactured, grown product or one secured from nature
3.1.45
minimum business continuity objective
MBCO
minimum level of product or services that is acceptable to an organization (3.3.19)
3.1.46
maximum tolerable period of disruption
MTPD
time it would take for adverse impacts (3.1.36), which can arise as a result of not providing a product or
service or performing an activity, to become unacceptable
3.1.47
mitigation
limitation of any negative consequence (3.2.1) of a particular incident (3.1.38)
3.1.48
mutual aid agreement
pre-arranged understanding between two or more entities to render assistance to each other
3.1.49
organizational resilience
ability of an organization (3.3.19) to absorb and adapt in a changing environment
3.1.50
people at risk
individuals in the area who could be affected by an incident (3.1.38)
3.1.51
preparedness
readiness
activities, programmes, and systems developed and implemented prior to an incident (3.1.38) that can be
used to support and enhance prevention (3.1.52), protection (3.1.53) from, mitigation (3.1.47) of, response to
and recovery (3.1.56) from disruptions (3.1.26), emergencies (3.1.30) or disasters (3.1.24)
3.1.52
prevention
measures taken to avoid an undesirable event (3.1.33)
Note 1 to entry: Removing the vulnerability (3.1.68) to an undesirable event (3.1.33) is also a measure to achieve
prevention.
3.1.53
protection
actions to be free from harm and threats (3.1.67)

ISO 22300:2025(en)
3.1.54
public warning
alert (3.1.4) messages disseminated prior to, or as part of an incident (3.1.38) response measure to enable
responders and people at risk (3.1.50) to take safety (3.1.61) measures
Note 1 to entry: Public warning can include information to raise public awareness and understanding or to provide
advisory or compulsory instructions.
3.1.55
public warning system
set of protocols, processes (3.3.30) and technologies based on the public warning (3.1.54) policy (3.3.28) to
deliver alert (3.1.4) messages in a developing emergency (3.1.30) situation to people at risk (3.1.50) and to
first responders
3.1.56
recovery
provision of policies (3.3.28), procedures (3.3.29) and processes (3.3.30) that are necessary to bring back to a
normal state of health, mind or strength
3.1.57
recovery point objective
RPO
point to which information and data used by an activity is restored to enable the activity to operate on
resumption
Note 1 to entry: Typically used to set information and data back-up frequency.
3.1.58
recovery time objective
RTO
prioritized time frame within the maximum tolerable period of disruption (MTPD) (3.1.46) for resuming
disrupted activities at a specified minimum acceptable capacity
Note 1 to entry: For products, services and activities, the RTO is less than the MTPD.
3.1.59
resilience
ability to absorb and adapt in a changing environment
3.1.60
robustness
ability to withstand adverse conditions
3.1.61
safety
being protected from harm
Note 1 to entry: In many languages, there is only one common term for the translation of the terms "safety" and
"security". Therefore, when translating into English, the different definitions of the terms "safety" and "security"
should be considered.
3.1.62
security
being free from danger or threat (3.1.67)
Note 1 to entry: In many languages, there is only one common term for the translation of the terms "safety" and
"security". Therefore, when
...