序言这是CSA Z1600《应急和连续性管理计划》的第三版。它取代了2014年和2008年出版的《应急管理和业务连续性计划》之前的版本。本标准全部或部分适用，与组织的规模或目的无关。本版本继续提供持续改进过程的要求，以制定、实施、评估、维护和改进应急和连续性管理计划，该计划涉及预防和缓解、准备、响应和恢复的组成部分。此外，本修订版还引入了新的术语，并更新了不断演变的定义。加拿大公共和私营部门的利益相关者有兴趣确保应急和连续性管理计划的发展保持一致，并在范围和应用上具有国际化的潜力。 本标准最初改编自2007版NFPA 1600《灾害/应急管理和业务连续性计划标准》，与加拿大政府的《加拿大应急管理框架》保持一致。本标准源于CSA集团和NFPA的强烈承诺，即合作促进社区和工作场所对标准和行业最佳实践的认识、知识和应用。本版本还反映了加拿大对国际标准化组织（ISO）的持续参与，例如根据ISO/TC292-安全和弹性制定的标准。本标准2008年版的最初版本确认了应急和业务连续性管理计划目标和概念之间的演变。2014年版反映了与早期方案相比，对全危险方法的改变- 具体做法。2016年版强调了基于风险的决策的重要性，以指导应急和连续性项目管理各个方面的优先级设置。此外，最新版还介绍了变革管理的概念，将其作为一个关键工具，继续推动组织朝着恢复力的目标前进。这是一个更广泛的概念，除了人、财产和环境的传统方面外，还考虑社会的人、社会、经济、文化和政治方面。许多条款被改写，以反映行业的进步、与其他标准的一致性以及内容的更深入。一些附件条款也得到了改进，以帮助理解如何应用本标准，附件B中的合格评定工具仍然是自我评估组织是否符合本标准要求的一种方式。 新版本还包括附录C中CSA Z1600-17主要条款标题与两个国际公认标准和两个国际认证机构的专业实践/实践指南的交叉引用比较，如下所示:a）NFPA 1600-2016；b） ISO 22301:2012；c） DRII业务连续性从业人员专业实践，2016年；和d）BCI良好实践指南，2013年。范围、目的和应用1。1范围本标准确立了应急和连续性管理计划的标准。1.2目的1.2.1概述本标准规定了制定、实施、评估、维护和持续改进预防和缓解、准备、响应和恢复应急和连续性管理计划的要求。1.2.2持续改进过程本标准中包括的持续改进过程的要素包括a）项目管理； b） 规划；c） 实施；d） 项目评估；e）管理审查。1.3应用本标准适用于所有组织。1.4本标准中的术语“应”用于表示要求，即用户为遵守本标准而有义务满足的规定；“应该”用于表示建议或建议但不需要的建议；“可”用于表示一个选项或在标准范围内允许的选项。注释随附条款不包括要求或替代要求；随附条款的注释的目的是将解释性或信息性材料与文本分开。表和图的注释被视为表或图的一部分，可以作为要求编写。附件被指定为规范性（强制性）或信息性（非强制性）来定义其应用。

PrefaceThis is the third edition of CSA Z1600, Emergency and continuity management program. It supersedes the previous editions published in 2014, and in 2008 under the title, Emergency management and business continuity programs. This Standard is applicable, in whole or in part, regardless of an organization's size or purpose. This edition continues to provide requirements for a continual improvement process to develop, implement, evaluate, maintain, and improve an emergency and continuity management program that addresses the components of prevention and mitigation, preparedness, response, and recovery. As well, this revised edition introduces new terms and updates evolving definitions. Canadian public and private sector stakeholders have an interest in ensuring that emergency and continuity management programs evolve to be consistent and have the potential to be international in scope and application. This Standard, initially adapted from the 2007 edition of NFPA 1600, Standard on Disaster/Emergency Management and Business Continuity Programs, remains consistent with the Government of Canada's, An Emergency Management Framework for Canada. This Standard grew out of the strong commitment of both CSA Group and the NFPA to work collaboratively to promote awareness, knowledge, and application of Standards and industry best practices in the community and the workplace. This edition also reflects Canada's ongoing participation in the International Organization for Standardization (ISO), such as standards developed under ISO/TC292 - Security and resilience. The original 2008 edition of this Standard recognized an evolution between emergency and business continuity management program objectives and concepts. The 2014 edition reflected the change to an all-hazard approach versus the earlier scenario-specific approach. The 2016 edition underscores the importance of risk-based decision-making to guide priority setting in all aspects of emergency and continuity program management. As well, this latest edition introduces the concept of change management as a key tool in continuing to move organizations towards the objective of resilience, a broader concept that considers - in addition to the traditional aspects of people, property and the environment - the human, social, economic, cultural, and political aspects of society. A number of clauses were rewritten to reflect advancement in industry, alignment with other standards, and more depth in content. Some of the Annex clauses were also improved to assist with understanding of how to apply this Standard, and the conformity assessment tool in Annex B remains as a way to self-assess whether an organization complies with the requirements of the Standard. This new edition also includes, in Annex C, a cross reference comparison of the main clause headings of CSA Z1600-17 with two internationally recognized standards and the professional practices/practice guidelines of two international certification bodies as per below: a) NFPA 1600-2016; b) ISO 22301:2012; c) DRII Professional Practices for Business Continuity Practitioners, 2016; and d) BCI Good Practice Guidelines, 2013.Scope, purpose, and application1.1 Scope This Standard establishes criteria for an emergency and continuity management program. 1.2 Purpose 1.2.1 General This Standard provides the requirements to develop, implement, evaluate, maintain, and continually improve an emergency and continuity management program for prevention and mitigation, preparedness, response, and recovery. 1.2.2 Continual improvement process The elements of a continual improvement process included in this Standard are a) program management; b) planning; c) implementation;d) program evaluation; and e) management review. 1.3 Application This Standard applies to all organizations. 1.4 Terminology In this Standard, "shall" is used to express a requirement, i.e., a provision that the user is obliged to satisfy in order to comply with the standard; "should" is used to express a recommendation or that which is advised but not required; and "may" is used to express an option or that which is permissible within the limits of the standard. Notes accompanying clauses do not include requirements or alternative requirements; the purpose of a note accompanying a clause is to separate from the text explanatory or informative material. Notes to tables and figures are considered part of the table or figure and may be written as requirements. Annexes are designated normative (mandatory) or informative (nonmandatory) to define their application.