Upload File

asis spc.1-2009, organizational resilience: security, preparedness, and continuity management...

  • Home
  • Documents
  • ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems
6
© American National Standards Institute, Inc. (ASIS) ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems Approved March 12, 2009 © Prepared by Prep4Audit, LLC Version2: 2015 www.prep4audit.com

Upload: john-griggs

Post on 09-Sep-2015

38 views

Category:

Documents


0 download

Report

DESCRIPTION

Streamlining compliance to ASIS SPC.1-2009, Organizational Resilience with our Compliance Plan Template (Word) & Compliance Tracking Worksheet (Excel). @ http://goo.gl/7ZpV3B

TRANSCRIPT

  • American National Standards Institute, Inc. (ASIS)

    ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems Approved March 12, 2009

    Prepared by Prep4Audit, LLC

    Version2: 2015

    www.prep4audit.com

  • ASIS SPC.1-2009 Organizational Resilience

    1 American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems Restatement and Document Preparation by Prep4Audit, LLC

    Our Acknowledgement of the Rights of Others and Our Disclaimers

    With the exception of governmental providers of guidelines, check-lists and standards, most providers have some copyright specifications on their

    guidelines, check-lists and/or standards.

    The form sets we provide do not contain any content of a guidelines, check-lists and standards except for the requirements themselves. In other

    words the full content of any specific guidelines, check-lists and/or standards is not reproduced. It should be noted that a significant number of

    requirements that address any particular issue (e.g. the use of seals, perimeter security, facility cleanliness, data security) are contained within a

    variety of guidelines, check-lists and/or standards and are worded in similar (or exact) manners. Any purchaser of our forms should review the

    statements of the provider. If an organization has already purchased a particular standard, as we have, then that organization already has the right

    to use the requirement statements, if such right is in fact required. We have provided direct links to provider sites where you may review their

    copyrights; download their guideline, check-list or standard without cost, or, in the case of ISO, where you may purchase the standard.

    We have: 1) reformatted and/or reworded certain requirements for purposes of clarity; and, 2) separated multiple requirements as stated within a

    single paragraph and/or multiple requirements as stated within a single sentence into single statement requirements that allow for operational

    responses. We have made every effort to properly restate requirements and avoid typographical and grammatical errors. You must assume

    responsibility to ensure your responses are responsive to the intent of the original statements.

    We are not affiliated with any provider of any guideline, check-list or standard or with any certified body licensed to audit the guideline, check-list

    or standard. We are not, nor will we become, licensed to perform audits. We receive no fees of any sort from any provider, seller, auditor, or any

    other party related to the sale of our forms.

    Terms of Sale You Accept and Will Honor

    Your Usage Rights: We offer our forms in editable Word and Excel formats, not in secured PDF format. We sell you a license to make an unlimited

    number of copies of our forms for use only in your business unit.

    Any recognized industry standard requires you to modify its requirement to reflect your business model. You need to add requirements, delete

    requirements, and modify requirements. The way we sell our forms allow you to do that.

    Your organization is responsible, to various degrees, for the compliance of your entire supply chain to specific requirements. To reflect this

    responsibility you may want to enforce the importance of this responsibility by incorporating your companys image (e.g. add your logo, change

    colors, font, headers and footers). The way we sell our forms allow you to do that.

    Your Responsibilities: You agree to use the forms only within your organization and only at your specific site. You agree not resell the documents

    or spreadsheets. You agree that if your subsidiaries, divisions, sites of your organization desire to utilize the documents or spreadsheets they are

    required to purchase their own sets. You agree that if your business partners desire to utilize the documents or spreadsheets, they are required to

    purchase their own sets.

    Are We Really All That Trusting? Actually, Yes. The supply chain professionals we have ever met honor terms of sale. Unfortunately, there are

    always the bad guys. So, we have inserted specific words, phrases, or punctuation that do not alter the meaning of a requirement but will uniquely

    identify our copyrighted work. We will enforce our copyrights.

  • ASIS SPC.1-2009 Organizational Resilience

    2 American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems Restatement and Document Preparation by Prep4Audit, LLC

    American National Standards Institute, Inc. (ASIS)

    ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems Approved March 12, 2009

  • ASIS SPC.1-2009 Organizational Resilience

    3 American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems Restatement and Document Preparation by Prep4Audit, LLC

    ASIS: Organizational Resilience: Security, Preparedness, and Continuity Management Systems

    4.1.0.0 GENERAL REQUIREMENTS ..................................................................................................................................................... 4

    4.1.1.0 SCOPE OF OR MANAGEMENT SYSTEM .......................................................................................................................................... 4

    4.2.0.0 ORGANIZATIONAL RESILIENCE (OR) MANAGEMENT POLICY .................................................................................................. 6

    4.2.1.0 POLICY STATEMENT ................................................................................................................................................................. 6

    4.2.2.0 MANAGEMENT COMMITMENT ................................................................................................................................................... 7

    4.3.0.0 PLANNING.............................................................................................................................................................................. 9

    4.3.1.0 RISK ASSESSMENT AND IMPACT ANALYSIS...................................................................................................................................... 9

    4.3.3.0 OBJECTIVES, TARGETS, AND PROGRAM(S) ................................................................................................................................... 10

    4.4.0.0 IMPLEMENTATION AND OPERATION ................................................................................................................................... 13

    4.4.1.0 RESOURCES, ROLES, RESPONSIBILITY, AND AUTHORITY ................................................................................................................... 13

    4.4.2.0 COMPETENCE, TRAINING, AND AWARENESS ................................................................................................................................. 14

    4.4.3.0 COMMUNICATION AND WARNING ............................................................................................................................................. 15

    4.4.4.0 DOCUMENTATION ................................................................................................................................................................. 16

    4.4.5.0 CONTROL OF DOCUMENTS....................................................................................................................................................... 16

    4.4.6.0 OPERATIONAL CONTROL ......................................................................................................................................................... 17

    4.4.7.0 INCIDENT PREVENTION, PREPAREDNESS, AND RESPONSE ................................................................................................................. 18

    4.5.0.0 CHECKING (EVALUATION) .................................................................................................................................................... 22

    4.5.1.0 GENERAL............................................................................................................................................................................. 22

    4.5.2.0 MONITORING AND MEASUREMENT ........................................................................................................................................... 22

    4.5.3.0 EVALUATION OF COMPLIANCE AND SYSTEM PERFORMANCE ............................................................................................................. 22

    4.5.4.0 NONCONFORMITY, CORRECTIVE ACTION, AND PREVENTIVE ACTION ................................................................................................... 23

    4.5.5.0 CONTROL OF RECORDS ........................................................................................................................................................... 24

    4.5.6.0 INTERNAL AUDITS .................................................................................................................................................................. 24

    4.6.0.0 MANAGEMENT REVIEW ....................................................................................................................................................... 26

    4.6.1.0 GENERAL............................................................................................................................................................................. 26

    4.6.2.0 REVIEW INPUT ...................................................................................................................................................................... 26

    4.6.3.0 REVIEW OUTPUT ................................................................................................................................................................... 27

    4.6.4.0 MAINTENANCE ..................................................................................................................................................................... 27

    4.6.5.0 CONTINUAL IMPROVEMENT ..................................................................................................................................................... 27

  • ASIS SPC.1-2009 Organizational Resilience

    4 American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems Restatement and Document Preparation by Prep4Audit, LLC

    ORGANIZATIONAL RESILIENCE (OR) MANAGEMENT SYSTEM REQUIREMENTS

    .

    4.1.0.0 General Requirements

    4.1.1.0 Scope of OR Management System

    4.1.1.1 General: The organization shall establish, document, implement, maintain, and

    continually improve an organization resilience (security, preparedness, and continuity)

    management system in accordance with the requirements of this Standard, and determine

    how it will fulfill these requirements.

    4.1.1.2 The organization shall define and document the scope of its OR management

    system.

    4.1.1.3 In defining the scope of its OR management system, the organization shall define the

    boundaries of the organization to be included in the scope of its OR program, being the

    whole organization or one or more of its constituent parts.

    4.1.1.4 In defining the scope of its OR management system, the organization shall establish

    the requirements for OR management, considering the organizations mission, goals,

    internal and external obligations (including those related to stakeholders), and legal

    responsibilities.

    4.1.1.5 In defining the scope of its OR management system, the organization shall consider

    critical operational objectives, assets, functions, services, and products.

    4.1.1.6 In defining the scope of its OR management system, the organization shall

    determine risk scenarios, based both on potential internal and external events that could

    adversely affect the critical operations and functions of the organization within the context

    of their potential impact.

    4.1.1.7 In defining the scope of its OR management system, the organization shall define the

    scope of the OR management system in terms of and appropriate to the size, nature, and

    complexity of the organization from a perspective of continual improvement.

    4.1.1.8 The organization shall define the scope consistent with protecting and preserving

    the integrity of the organization and its relationships with stakeholders, including

    interactions with key suppliers, outsourcing partners, and other stakeholders (for example,

    the organizations supply chain partners and suppliers, customers, stockholders, the

    community in which it operates, etc.).

  • ASIS SPC.1-2009 Organizational Resilience

    5 American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems Restatement and Document Preparation by Prep4Audit, LLC

    4.1.1.9 A Statement of Applicability shall define the strategic weighting of security

    management, preparedness, emergency management, disaster management, crisis

    management, and business continuity management in developing the management system,

    based on the risk assessment and impact analysis (see 4.3.1).


Tourism Asis Online

ASIS 2 (2018) versus ASIS 1 (2014) · Enhanced Quick-look maps and website (2) New texts: succinct summaries 15 ASIS 2 (2018) versus ASIS 1 (2014) : MAJOR IMPROVEMENTS & EXTENSIONS

ASIS Dec19 ASIS RiskUK jan16 - ASIS - UK Chapter 208 Dec19.pdf · ASIS (UK) since 2006 and a Committee Member / Director of the Operations Board since 2016 for which he received a

Manual ASIS 2011

ASIS$International$BeneluxChapter$ $Fall ......Registratie$ ASIS!InternationalBenelux!chapter!leden!registreren!via!de!drukknop!hieronder.!NietNleden!zenden!een! eNmail!naar!het!secretariat!van!ASIS!International

asis mercado final.docx

Asis Primes

What Is ASIS ?

ASIS Board Certification

ASIS - Library

‘Looking Back, Looking Forward: Risk, Resilience, Business … ASIS... · 2018. 12. 11. · ‘Looking Back, Looking Forward: Risk, Resilience, Business Continuity and Crisis Management

Maturity Model for the Phased Implementation of the ...webstore.ansi.org/preview-pages/ASIS/preview_ANSI+ASIS+SPC.4-2012.pdfDan Breger, MSc AMBCI, Accenture Christopher Burton, Avalution

BUSINESS CONTINUITY GUIDE - ASIS · • Successful Business Continuity Planning 12 ... Organisations that have a business continuity capability are far more likely ... Think about

Asis - Pallanchacra Final

ICMA 2014_Panel 4_Maruja Asis

Transformation or continuity? The Impact of Social Media on Information: Implications for Theory and Practice. Panel at ASIS&T 2012 Annual Meeting, Baltimore, MD

ASIS Chief Sec Officer Asis Standard

ASIS&T 2010

Slant Plate Clarifier - mwwatermark.com · CLARIFIER DATA TABLE SPC 5 SPC 10 SPC 20 SPC 40 SPC 80 SPC 150 SPC 200 SPC 300 SPC 400 Design Flow Maximum (GPM) 5 10 20 40 80 150 200 300

ASIS Houston Presentation

ASIS Workshop ‘99

Asis Final

Asis Katalog

Asis 2013 april updates

Asis 2014 fr -v1

Asis apmap

ASIS INTERNATIONAL SECURITY CERTIFICATIONSsmooz.4your.net/asisonline/files/handbook.pdf · SECURITY CERTIFICATIONS FROM ASIS INTERNATIONAL The International Standard About ASIS International

STANDARD - ASIS España...ASIS International (ASIS) is the largest membership organi-zation for security management professionals that crosses industry sectors, embracing every discipline

Asis Modificado2012 - Copiahd

ASIS SPC.1-2009

ASIS Guide 2013

Legends of SPC Danny Frawley · Inducted Legends of SPC Legends of SPC 41 The Bourkes of Pakenham Michael, SPC 1950-1954 Gavan, SPC 1951-1954 Hugh, SPC 1949-1951 John, SPC 1945-1949

Chapters and Councils - ASIS · ESRM Initiative –Message to Chapters and Councils ... protection, travel safety, business continuity, and all other practices undertaken to prevent

60x120 - Goya Ceramica · 2020. 4. 15. · ASIS Asis BR 60 x 120 Asis BR 75 x 75 Asis BR 61 x 61 / 60 x 60 rect. MODEL SIZE PIECE SQM Kg BOXES SQM Kg PALETS Kg Asis 60 x 120 2 1,44

Asis 2015 Definitivo