SlideShare ist ein Scribd-Unternehmen logo

ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems

Prep4Audit
Prep4Audit

Streamlining compliance to ASIS SPC.1-2009, Organizational Resilience with our Compliance Plan Template (Word) & Compliance Tracking Worksheet (Excel). @ http://goo.gl/7ZpV3B

Business
1 von 6
Downloaden Sie, um offline zu lesen
© American National Standards Institute, Inc. (ASIS) ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems Approved March 12, 2009 © Prepared by Prep4Audit, LLC Version2: 2015 www.prep4audit.com
ASIS SPC.1-2009 Organizational Resilience 1 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC Our Acknowledgement of the Rights of Others and Our Disclaimers With the exception of governmental providers of guidelines, check-lists and standards, most providers have some copyright specifications on their guidelines, check-lists and/or standards. The form sets we provide do not contain any content of a guidelines, check-lists and standards except for the requirements themselves. In other words the full content of any specific guidelines, check-lists and/or standards is not reproduced. It should be noted that a significant number of requirements that address any particular issue (e.g. the use of seals, perimeter security, facility cleanliness, data security) are contained within a variety of guidelines, check-lists and/or standards and are worded in similar (or exact) manners. Any purchaser of our forms should review the statements of the provider. If an organization has already purchased a particular standard, as we have, then that organization already has the right to use the requirement statements, if such right is in fact required. We have provided direct links to provider sites where you may review their copyrights; download their guideline, check-list or standard without cost, or, in the case of ISO, where you may purchase the standard. We have: 1) reformatted and/or reworded certain requirements for purposes of clarity; and, 2) separated multiple requirements as stated within a single paragraph and/or multiple requirements as stated within a single sentence into single statement requirements that allow for operational responses. We have made every effort to properly restate requirements and avoid typographical and grammatical errors. You must assume responsibility to ensure your responses are responsive to the intent of the original statements. We are not affiliated with any provider of any guideline, check-list or standard or with any certified body licensed to audit the guideline, check-list or standard. We are not, nor will we become, licensed to perform audits. We receive no fees of any sort from any provider, seller, auditor, or any other party related to the sale of our forms. Terms of Sale You Accept and Will Honor Your Usage Rights: We offer our forms in editable Word and Excel formats, not in secured PDF format. We sell you a license to make an unlimited number of copies of our forms for use only in your business unit. Any recognized industry standard requires you to modify its requirement to reflect your business model. You need to add requirements, delete requirements, and modify requirements. The way we sell our forms allow you to do that. Your organization is responsible, to various degrees, for the compliance of your entire supply chain to specific requirements. To reflect this responsibility you may want to enforce the importance of this responsibility by incorporating your company’s image (e.g. add your logo, change colors, font, headers and footers). The way we sell our forms allow you to do that. Your Responsibilities: You agree to use the forms only within your organization and only at your specific site. You agree not resell the documents or spreadsheets. You agree that if your subsidiaries, divisions, sites of your organization desire to utilize the documents or spreadsheets they are required to purchase their own sets. You agree that if your business partners desire to utilize the documents or spreadsheets, they are required to purchase their own sets. Are We Really All That Trusting? Actually, “Yes”. The supply chain professionals we have ever met honor terms of sale. Unfortunately, there are always the bad guys. So, we have inserted specific words, phrases, or punctuation that do not alter the meaning of a requirement but will uniquely identify our copyrighted work. We will enforce our copyrights.
ASIS SPC.1-2009 Organizational Resilience 2 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC © American National Standards Institute, Inc. (ASIS) ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems Approved March 12, 2009
ASIS SPC.1-2009 Organizational Resilience 3 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC ASIS: Organizational Resilience: Security, Preparedness, and Continuity Management Systems 4.1.0.0 GENERAL REQUIREMENTS .....................................................................................................................................................4 4.1.1.0 SCOPE OF OR MANAGEMENT SYSTEM..........................................................................................................................................4 4.2.0.0 ORGANIZATIONAL RESILIENCE (OR) MANAGEMENT POLICY ..................................................................................................6 4.2.1.0 POLICY STATEMENT .................................................................................................................................................................6 4.2.2.0 MANAGEMENT COMMITMENT ...................................................................................................................................................7 4.3.0.0 PLANNING..............................................................................................................................................................................9 4.3.1.0 RISK ASSESSMENT AND IMPACT ANALYSIS......................................................................................................................................9 4.3.3.0 OBJECTIVES, TARGETS, AND PROGRAM(S) ...................................................................................................................................10 4.4.0.0 IMPLEMENTATION AND OPERATION...................................................................................................................................13 4.4.1.0 RESOURCES, ROLES, RESPONSIBILITY, AND AUTHORITY ...................................................................................................................13 4.4.2.0 COMPETENCE, TRAINING, AND AWARENESS.................................................................................................................................14 4.4.3.0 COMMUNICATION AND WARNING.............................................................................................................................................15 4.4.4.0 DOCUMENTATION .................................................................................................................................................................16 4.4.5.0 CONTROL OF DOCUMENTS.......................................................................................................................................................16 4.4.6.0 OPERATIONAL CONTROL .........................................................................................................................................................17 4.4.7.0 INCIDENT PREVENTION, PREPAREDNESS, AND RESPONSE.................................................................................................................18 4.5.0.0 CHECKING (EVALUATION)....................................................................................................................................................22 4.5.1.0 GENERAL.............................................................................................................................................................................22 4.5.2.0 MONITORING AND MEASUREMENT ...........................................................................................................................................22 4.5.3.0 EVALUATION OF COMPLIANCE AND SYSTEM PERFORMANCE .............................................................................................................22 4.5.4.0 NONCONFORMITY, CORRECTIVE ACTION, AND PREVENTIVE ACTION...................................................................................................23 4.5.5.0 CONTROL OF RECORDS ...........................................................................................................................................................24 4.5.6.0 INTERNAL AUDITS..................................................................................................................................................................24 4.6.0.0 MANAGEMENT REVIEW.......................................................................................................................................................26 4.6.1.0 GENERAL.............................................................................................................................................................................26 4.6.2.0 REVIEW INPUT......................................................................................................................................................................26 4.6.3.0 REVIEW OUTPUT...................................................................................................................................................................27 4.6.4.0 MAINTENANCE .....................................................................................................................................................................27 4.6.5.0 CONTINUAL IMPROVEMENT .....................................................................................................................................................27
ASIS SPC.1-2009 Organizational Resilience 4 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC ORGANIZATIONAL RESILIENCE (OR) MANAGEMENT SYSTEM REQUIREMENTS . 4.1.0.0 General Requirements 4.1.1.0 Scope of OR Management System 4.1.1.1 General: The organization shall establish, document, implement, maintain, and continually improve an organization resilience (security, preparedness, and continuity) management system in accordance with the requirements of this Standard, and determine how it will fulfill these requirements. 4.1.1.2 The organization shall define and document the scope of its OR management system. 4.1.1.3 In defining the scope of its OR management system, the organization shall define the boundaries of the organization to be included in the scope of its OR program, being the whole organization or one or more of its constituent parts. 4.1.1.4 In defining the scope of its OR management system, the organization shall establish the requirements for OR management, considering the organization’s mission, goals, internal and external obligations (including those related to stakeholders), and legal responsibilities. 4.1.1.5 In defining the scope of its OR management system, the organization shall consider critical operational objectives, assets, functions, services, and products. 4.1.1.6 In defining the scope of its OR management system, the organization shall determine risk scenarios, based both on potential internal and external events that could adversely affect the critical operations and functions of the organization within the context of their potential impact. 4.1.1.7 In defining the scope of its OR management system, the organization shall define the scope of the OR management system in terms of and appropriate to the size, nature, and complexity of the organization from a perspective of continual improvement. 4.1.1.8 The organization shall define the scope consistent with protecting and preserving the integrity of the organization and its relationships with stakeholders, including interactions with key suppliers, outsourcing partners, and other stakeholders (for example, the organization’s supply chain partners and suppliers, customers, stockholders, the community in which it operates, etc.).
ASIS SPC.1-2009 Organizational Resilience 5 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC 4.1.1.9 A Statement of Applicability shall define the strategic weighting of security management, preparedness, emergency management, disaster management, crisis management, and business continuity management in developing the management system, based on the risk assessment and impact analysis (see 4.3.1).

Empfohlen

Building and Distributing a Salesforce App
Building and Distributing a Salesforce AppBuilding and Distributing a Salesforce App
Building and Distributing a Salesforce AppRoss Belmont
 
Decoding Triggers for Admins
Decoding Triggers for AdminsDecoding Triggers for Admins
Decoding Triggers for AdminsSalesforce Admins
 
How to Become a Security-Minded Admin
How to Become a Security-Minded AdminHow to Become a Security-Minded Admin
How to Become a Security-Minded AdminSalesforce Admins
 
How to be a SalesFIERCE Admin - Jared Miller & Davina Hanchuck
How to be a SalesFIERCE Admin - Jared Miller & Davina HanchuckHow to be a SalesFIERCE Admin - Jared Miller & Davina Hanchuck
How to be a SalesFIERCE Admin - Jared Miller & Davina HanchuckSalesforce Admins
 
How to be a SalesFIERCE Salesforce Admin
How to be a SalesFIERCE Salesforce AdminHow to be a SalesFIERCE Salesforce Admin
How to be a SalesFIERCE Salesforce AdminJared Miller
 
Getting It Right
Getting It RightGetting It Right
Getting It RightScott Sehlhorst
 
10 Best Practices using Flow - Darrell DeVeaux
10 Best Practices using Flow - Darrell DeVeaux10 Best Practices using Flow - Darrell DeVeaux
10 Best Practices using Flow - Darrell DeVeauxSalesforce Admins
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 

Empfohlen

Building and Distributing a Salesforce App
Building and Distributing a Salesforce AppBuilding and Distributing a Salesforce App
Building and Distributing a Salesforce AppRoss Belmont
 
Decoding Triggers for Admins
Decoding Triggers for AdminsDecoding Triggers for Admins
Decoding Triggers for AdminsSalesforce Admins
 
How to Become a Security-Minded Admin
How to Become a Security-Minded AdminHow to Become a Security-Minded Admin
How to Become a Security-Minded AdminSalesforce Admins
 
How to be a SalesFIERCE Admin - Jared Miller & Davina Hanchuck
How to be a SalesFIERCE Admin - Jared Miller & Davina HanchuckHow to be a SalesFIERCE Admin - Jared Miller & Davina Hanchuck
How to be a SalesFIERCE Admin - Jared Miller & Davina HanchuckSalesforce Admins
 
How to be a SalesFIERCE Salesforce Admin
How to be a SalesFIERCE Salesforce AdminHow to be a SalesFIERCE Salesforce Admin
How to be a SalesFIERCE Salesforce AdminJared Miller
 
Getting It Right
Getting It RightGetting It Right
Getting It RightScott Sehlhorst
 
10 Best Practices using Flow - Darrell DeVeaux
10 Best Practices using Flow - Darrell DeVeaux10 Best Practices using Flow - Darrell DeVeaux
10 Best Practices using Flow - Darrell DeVeauxSalesforce Admins
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 
Writing within an Agile Development Environment
Writing within an Agile Development EnvironmentWriting within an Agile Development Environment
Writing within an Agile Development EnvironmentSteve Greene
 
Lifecycle of a Bug
Lifecycle of a BugLifecycle of a Bug
Lifecycle of a BugSalesforce Developers
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCorporater
 
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...Amazon Web Services
 
Webinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Webinar: Cut that Clutter! Maintain a Clean Org and Improve ProductivityWebinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Webinar: Cut that Clutter! Maintain a Clean Org and Improve ProductivitySalesforce Admins
 
Aaps Quality Agreement Presentation Share
Aaps Quality Agreement Presentation ShareAaps Quality Agreement Presentation Share
Aaps Quality Agreement Presentation ShareRalphDillon
 
Using Elastic @ Elastic: Fast-tracking support search
Using Elastic @ Elastic: Fast-tracking support searchUsing Elastic @ Elastic: Fast-tracking support search
Using Elastic @ Elastic: Fast-tracking support searchElasticsearch
 
ISV Tech Talk: Environment Hub (October 15, 2014)
ISV Tech Talk: Environment Hub (October 15, 2014)ISV Tech Talk: Environment Hub (October 15, 2014)
ISV Tech Talk: Environment Hub (October 15, 2014)Salesforce Partners
 
Dimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperDimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperJason Cumberland
 
CodeofEthicsProgram auto nation
CodeofEthicsProgram auto nationCodeofEthicsProgram auto nation
CodeofEthicsProgram auto nationfinance14
 
CodeofEthicsProgram auto nation
CodeofEthicsProgram auto nationCodeofEthicsProgram auto nation
CodeofEthicsProgram auto nationfinance14
 
Df14 Maintaining your orgs setup for optimal efficiency for dist
Df14 Maintaining your orgs setup for optimal efficiency for distDf14 Maintaining your orgs setup for optimal efficiency for dist
Df14 Maintaining your orgs setup for optimal efficiency for distjayvinarora
 
Salesforce Security Review Tips and Tricks
Salesforce Security Review Tips and TricksSalesforce Security Review Tips and Tricks
Salesforce Security Review Tips and TricksRyan Flood
 
An Insider's Guide to Security Review (October 13, 2014)
An Insider's Guide to Security Review (October 13, 2014)An Insider's Guide to Security Review (October 13, 2014)
An Insider's Guide to Security Review (October 13, 2014)Salesforce Partners
 
Advanced Automation with Flows and Custom Metadata Types
Advanced Automation with Flows and Custom Metadata TypesAdvanced Automation with Flows and Custom Metadata Types
Advanced Automation with Flows and Custom Metadata TypesSalesforce Admins
 
4201 inter connect17-devopstransformation
4201 inter connect17-devopstransformation4201 inter connect17-devopstransformation
4201 inter connect17-devopstransformationCarlton Mason, CSM
 
Creating stellar customer support experiences using search
Creating stellar customer support experiences using searchCreating stellar customer support experiences using search
Creating stellar customer support experiences using searchElasticsearch
 
Metakortex Presentation
Metakortex PresentationMetakortex Presentation
Metakortex Presentationguest0df6b0
 
Keys Things to Consider When Implementing Partner Communities
Keys Things to Consider When Implementing Partner CommunitiesKeys Things to Consider When Implementing Partner Communities
Keys Things to Consider When Implementing Partner CommunitiesTraction on Demand
 
Basic Software License & Copyright Compliance Quiz
Basic Software License & Copyright Compliance QuizBasic Software License & Copyright Compliance Quiz
Basic Software License & Copyright Compliance QuizAlan L. Plastow
 
Preserved Foods Manufacture FSC 18 SQF 7.1 | Prep4Audit
Preserved Foods Manufacture FSC 18 SQF 7.1 | Prep4AuditPreserved Foods Manufacture FSC 18 SQF 7.1 | Prep4Audit
Preserved Foods Manufacture FSC 18 SQF 7.1 | Prep4AuditPrep4Audit
 
AEO Safety and Security Guidelines: Custom Agent | Prep4Audit
AEO Safety and Security Guidelines: Custom Agent | Prep4AuditAEO Safety and Security Guidelines: Custom Agent | Prep4Audit
AEO Safety and Security Guidelines: Custom Agent | Prep4AuditPrep4Audit
 

Weitere ähnliche Inhalte

Ähnlich wie ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems

Writing within an Agile Development Environment
Writing within an Agile Development EnvironmentWriting within an Agile Development Environment
Writing within an Agile Development EnvironmentSteve Greene
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCorporater
 
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...Amazon Web Services
 
Webinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Webinar: Cut that Clutter! Maintain a Clean Org and Improve ProductivityWebinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Webinar: Cut that Clutter! Maintain a Clean Org and Improve ProductivitySalesforce Admins
 
Aaps Quality Agreement Presentation Share
Aaps Quality Agreement Presentation ShareAaps Quality Agreement Presentation Share
Aaps Quality Agreement Presentation ShareRalphDillon
 
Using Elastic @ Elastic: Fast-tracking support search
Using Elastic @ Elastic: Fast-tracking support searchUsing Elastic @ Elastic: Fast-tracking support search
Using Elastic @ Elastic: Fast-tracking support searchElasticsearch
 
ISV Tech Talk: Environment Hub (October 15, 2014)
ISV Tech Talk: Environment Hub (October 15, 2014)ISV Tech Talk: Environment Hub (October 15, 2014)
ISV Tech Talk: Environment Hub (October 15, 2014)Salesforce Partners
 
Dimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperDimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperJason Cumberland
 
CodeofEthicsProgram auto nation
CodeofEthicsProgram auto nationCodeofEthicsProgram auto nation
CodeofEthicsProgram auto nationfinance14
 
CodeofEthicsProgram auto nation
CodeofEthicsProgram auto nationCodeofEthicsProgram auto nation
CodeofEthicsProgram auto nationfinance14
 
Df14 Maintaining your orgs setup for optimal efficiency for dist
Df14 Maintaining your orgs setup for optimal efficiency for distDf14 Maintaining your orgs setup for optimal efficiency for dist
Df14 Maintaining your orgs setup for optimal efficiency for distjayvinarora
 
Salesforce Security Review Tips and Tricks
Salesforce Security Review Tips and TricksSalesforce Security Review Tips and Tricks
Salesforce Security Review Tips and TricksRyan Flood
 
An Insider's Guide to Security Review (October 13, 2014)
An Insider's Guide to Security Review (October 13, 2014)An Insider's Guide to Security Review (October 13, 2014)
An Insider's Guide to Security Review (October 13, 2014)Salesforce Partners
 
Advanced Automation with Flows and Custom Metadata Types
Advanced Automation with Flows and Custom Metadata TypesAdvanced Automation with Flows and Custom Metadata Types
Advanced Automation with Flows and Custom Metadata TypesSalesforce Admins
 
4201 inter connect17-devopstransformation
4201 inter connect17-devopstransformation4201 inter connect17-devopstransformation
4201 inter connect17-devopstransformationCarlton Mason, CSM
 
Creating stellar customer support experiences using search
Creating stellar customer support experiences using searchCreating stellar customer support experiences using search
Creating stellar customer support experiences using searchElasticsearch
 
Metakortex Presentation
Metakortex PresentationMetakortex Presentation
Metakortex Presentationguest0df6b0
 
Keys Things to Consider When Implementing Partner Communities
Keys Things to Consider When Implementing Partner CommunitiesKeys Things to Consider When Implementing Partner Communities
Keys Things to Consider When Implementing Partner CommunitiesTraction on Demand
 
Basic Software License & Copyright Compliance Quiz
Basic Software License & Copyright Compliance QuizBasic Software License & Copyright Compliance Quiz
Basic Software License & Copyright Compliance QuizAlan L. Plastow
 

Ähnlich wie ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems (20)

Writing within an Agile Development Environment
Writing within an Agile Development EnvironmentWriting within an Agile Development Environment
Writing within an Agile Development Environment
 
Lifecycle of a Bug
Lifecycle of a BugLifecycle of a Bug
Lifecycle of a Bug
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance Solutions
 
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
 
Webinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Webinar: Cut that Clutter! Maintain a Clean Org and Improve ProductivityWebinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Webinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
 
Aaps Quality Agreement Presentation Share
Aaps Quality Agreement Presentation ShareAaps Quality Agreement Presentation Share
Aaps Quality Agreement Presentation Share
 
Using Elastic @ Elastic: Fast-tracking support search
Using Elastic @ Elastic: Fast-tracking support searchUsing Elastic @ Elastic: Fast-tracking support search
Using Elastic @ Elastic: Fast-tracking support search
 
ISV Tech Talk: Environment Hub (October 15, 2014)
ISV Tech Talk: Environment Hub (October 15, 2014)ISV Tech Talk: Environment Hub (October 15, 2014)
ISV Tech Talk: Environment Hub (October 15, 2014)
 
Dimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperDimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paper
 
CodeofEthicsProgram auto nation
CodeofEthicsProgram auto nationCodeofEthicsProgram auto nation
CodeofEthicsProgram auto nation
 
CodeofEthicsProgram auto nation
CodeofEthicsProgram auto nationCodeofEthicsProgram auto nation
CodeofEthicsProgram auto nation
 
Df14 Maintaining your orgs setup for optimal efficiency for dist
Df14 Maintaining your orgs setup for optimal efficiency for distDf14 Maintaining your orgs setup for optimal efficiency for dist
Df14 Maintaining your orgs setup for optimal efficiency for dist
 
Salesforce Security Review Tips and Tricks
Salesforce Security Review Tips and TricksSalesforce Security Review Tips and Tricks
Salesforce Security Review Tips and Tricks
 
An Insider's Guide to Security Review (October 13, 2014)
An Insider's Guide to Security Review (October 13, 2014)An Insider's Guide to Security Review (October 13, 2014)
An Insider's Guide to Security Review (October 13, 2014)
 
Advanced Automation with Flows and Custom Metadata Types
Advanced Automation with Flows and Custom Metadata TypesAdvanced Automation with Flows and Custom Metadata Types
Advanced Automation with Flows and Custom Metadata Types
 
4201 inter connect17-devopstransformation
4201 inter connect17-devopstransformation4201 inter connect17-devopstransformation
4201 inter connect17-devopstransformation
 
Creating stellar customer support experiences using search
Creating stellar customer support experiences using searchCreating stellar customer support experiences using search
Creating stellar customer support experiences using search
 
Metakortex Presentation
Metakortex PresentationMetakortex Presentation
Metakortex Presentation
 
Keys Things to Consider When Implementing Partner Communities
Keys Things to Consider When Implementing Partner CommunitiesKeys Things to Consider When Implementing Partner Communities
Keys Things to Consider When Implementing Partner Communities
 
Basic Software License & Copyright Compliance Quiz
Basic Software License & Copyright Compliance QuizBasic Software License & Copyright Compliance Quiz
Basic Software License & Copyright Compliance Quiz
 

Mehr von Prep4Audit

Preserved Foods Manufacture FSC 18 SQF 7.1 | Prep4Audit
Preserved Foods Manufacture FSC 18 SQF 7.1 | Prep4AuditPreserved Foods Manufacture FSC 18 SQF 7.1 | Prep4Audit
Preserved Foods Manufacture FSC 18 SQF 7.1 | Prep4AuditPrep4Audit
 
AEO Safety and Security Guidelines: Custom Agent | Prep4Audit
AEO Safety and Security Guidelines: Custom Agent | Prep4AuditAEO Safety and Security Guidelines: Custom Agent | Prep4Audit
AEO Safety and Security Guidelines: Custom Agent | Prep4AuditPrep4Audit
 
AEO Air Carrier compliance assessment | Prep4Audit
AEO Air Carrier compliance assessment | Prep4AuditAEO Air Carrier compliance assessment | Prep4Audit
AEO Air Carrier compliance assessment | Prep4AuditPrep4Audit
 
C-TPAT Minimum Security Requirements with compliance Plan | Prep4Audit
C-TPAT Minimum Security Requirements with compliance Plan | Prep4AuditC-TPAT Minimum Security Requirements with compliance Plan | Prep4Audit
C-TPAT Minimum Security Requirements with compliance Plan | Prep4AuditPrep4Audit
 
FSR 2011 Freight Supplier Security Section 2 Requirements
FSR 2011 Freight Supplier Security Section 2 RequirementsFSR 2011 Freight Supplier Security Section 2 Requirements
FSR 2011 Freight Supplier Security Section 2 RequirementsPrep4Audit
 
PCI DSS Requirements & Security Assessment Procedures | Prep4audit
PCI DSS Requirements & Security Assessment Procedures | Prep4auditPCI DSS Requirements & Security Assessment Procedures | Prep4audit
PCI DSS Requirements & Security Assessment Procedures | Prep4auditPrep4Audit
 
CTPAT-Highway Carrier Security Requirements
CTPAT-Highway Carrier Security RequirementsCTPAT-Highway Carrier Security Requirements
CTPAT-Highway Carrier Security RequirementsPrep4Audit
 
Aeo safety-and-security-requirements exporter-table-of-contents
Aeo safety-and-security-requirements exporter-table-of-contentsAeo safety-and-security-requirements exporter-table-of-contents
Aeo safety-and-security-requirements exporter-table-of-contentsPrep4Audit
 
CTPAT 3PL Security Requirements
CTPAT 3PL Security Requirements CTPAT 3PL Security Requirements
CTPAT 3PL Security RequirementsPrep4Audit
 
ASIS SPC.1-2009 Section 4 Organizational Resilience
ASIS SPC.1-2009 Section 4 Organizational Resilience ASIS SPC.1-2009 Section 4 Organizational Resilience
ASIS SPC.1-2009 Section 4 Organizational Resilience Prep4Audit
 
AEO Safety and Security Requirements
AEO Safety and Security Requirements AEO Safety and Security Requirements
AEO Safety and Security Requirements Prep4Audit
 
BIS Export Management and Compliance Program Self-Assessment Toolkit
BIS Export Management and Compliance Program Self-Assessment ToolkitBIS Export Management and Compliance Program Self-Assessment Toolkit
BIS Export Management and Compliance Program Self-Assessment ToolkitPrep4Audit
 

Mehr von Prep4Audit (12)

Preserved Foods Manufacture FSC 18 SQF 7.1 | Prep4Audit
Preserved Foods Manufacture FSC 18 SQF 7.1 | Prep4AuditPreserved Foods Manufacture FSC 18 SQF 7.1 | Prep4Audit
Preserved Foods Manufacture FSC 18 SQF 7.1 | Prep4Audit
 
AEO Safety and Security Guidelines: Custom Agent | Prep4Audit
AEO Safety and Security Guidelines: Custom Agent | Prep4AuditAEO Safety and Security Guidelines: Custom Agent | Prep4Audit
AEO Safety and Security Guidelines: Custom Agent | Prep4Audit
 
AEO Air Carrier compliance assessment | Prep4Audit
AEO Air Carrier compliance assessment | Prep4AuditAEO Air Carrier compliance assessment | Prep4Audit
AEO Air Carrier compliance assessment | Prep4Audit
 
C-TPAT Minimum Security Requirements with compliance Plan | Prep4Audit
C-TPAT Minimum Security Requirements with compliance Plan | Prep4AuditC-TPAT Minimum Security Requirements with compliance Plan | Prep4Audit
C-TPAT Minimum Security Requirements with compliance Plan | Prep4Audit
 
FSR 2011 Freight Supplier Security Section 2 Requirements
FSR 2011 Freight Supplier Security Section 2 RequirementsFSR 2011 Freight Supplier Security Section 2 Requirements
FSR 2011 Freight Supplier Security Section 2 Requirements
 
PCI DSS Requirements & Security Assessment Procedures | Prep4audit
PCI DSS Requirements & Security Assessment Procedures | Prep4auditPCI DSS Requirements & Security Assessment Procedures | Prep4audit
PCI DSS Requirements & Security Assessment Procedures | Prep4audit
 
CTPAT-Highway Carrier Security Requirements
CTPAT-Highway Carrier Security RequirementsCTPAT-Highway Carrier Security Requirements
CTPAT-Highway Carrier Security Requirements
 
Aeo safety-and-security-requirements exporter-table-of-contents
Aeo safety-and-security-requirements exporter-table-of-contentsAeo safety-and-security-requirements exporter-table-of-contents
Aeo safety-and-security-requirements exporter-table-of-contents
 
CTPAT 3PL Security Requirements
CTPAT 3PL Security Requirements CTPAT 3PL Security Requirements
CTPAT 3PL Security Requirements
 
ASIS SPC.1-2009 Section 4 Organizational Resilience
ASIS SPC.1-2009 Section 4 Organizational Resilience ASIS SPC.1-2009 Section 4 Organizational Resilience
ASIS SPC.1-2009 Section 4 Organizational Resilience
 
AEO Safety and Security Requirements
AEO Safety and Security Requirements AEO Safety and Security Requirements
AEO Safety and Security Requirements
 
BIS Export Management and Compliance Program Self-Assessment Toolkit
BIS Export Management and Compliance Program Self-Assessment ToolkitBIS Export Management and Compliance Program Self-Assessment Toolkit
BIS Export Management and Compliance Program Self-Assessment Toolkit
 

Kürzlich hochgeladen

Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...lizamodels9
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadAyesha Khan
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 

Kürzlich hochgeladen (20)

Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in IslamabadIslamabad Escorts | Call 03070433345 | Escort Service in Islamabad
Islamabad Escorts | Call 03070433345 | Escort Service in Islamabad
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 

ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems

  • 1. © American National Standards Institute, Inc. (ASIS) ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems Approved March 12, 2009 © Prepared by Prep4Audit, LLC Version2: 2015 www.prep4audit.com
  • 2. ASIS SPC.1-2009 Organizational Resilience 1 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC Our Acknowledgement of the Rights of Others and Our Disclaimers With the exception of governmental providers of guidelines, check-lists and standards, most providers have some copyright specifications on their guidelines, check-lists and/or standards. The form sets we provide do not contain any content of a guidelines, check-lists and standards except for the requirements themselves. In other words the full content of any specific guidelines, check-lists and/or standards is not reproduced. It should be noted that a significant number of requirements that address any particular issue (e.g. the use of seals, perimeter security, facility cleanliness, data security) are contained within a variety of guidelines, check-lists and/or standards and are worded in similar (or exact) manners. Any purchaser of our forms should review the statements of the provider. If an organization has already purchased a particular standard, as we have, then that organization already has the right to use the requirement statements, if such right is in fact required. We have provided direct links to provider sites where you may review their copyrights; download their guideline, check-list or standard without cost, or, in the case of ISO, where you may purchase the standard. We have: 1) reformatted and/or reworded certain requirements for purposes of clarity; and, 2) separated multiple requirements as stated within a single paragraph and/or multiple requirements as stated within a single sentence into single statement requirements that allow for operational responses. We have made every effort to properly restate requirements and avoid typographical and grammatical errors. You must assume responsibility to ensure your responses are responsive to the intent of the original statements. We are not affiliated with any provider of any guideline, check-list or standard or with any certified body licensed to audit the guideline, check-list or standard. We are not, nor will we become, licensed to perform audits. We receive no fees of any sort from any provider, seller, auditor, or any other party related to the sale of our forms. Terms of Sale You Accept and Will Honor Your Usage Rights: We offer our forms in editable Word and Excel formats, not in secured PDF format. We sell you a license to make an unlimited number of copies of our forms for use only in your business unit. Any recognized industry standard requires you to modify its requirement to reflect your business model. You need to add requirements, delete requirements, and modify requirements. The way we sell our forms allow you to do that. Your organization is responsible, to various degrees, for the compliance of your entire supply chain to specific requirements. To reflect this responsibility you may want to enforce the importance of this responsibility by incorporating your company’s image (e.g. add your logo, change colors, font, headers and footers). The way we sell our forms allow you to do that. Your Responsibilities: You agree to use the forms only within your organization and only at your specific site. You agree not resell the documents or spreadsheets. You agree that if your subsidiaries, divisions, sites of your organization desire to utilize the documents or spreadsheets they are required to purchase their own sets. You agree that if your business partners desire to utilize the documents or spreadsheets, they are required to purchase their own sets. Are We Really All That Trusting? Actually, “Yes”. The supply chain professionals we have ever met honor terms of sale. Unfortunately, there are always the bad guys. So, we have inserted specific words, phrases, or punctuation that do not alter the meaning of a requirement but will uniquely identify our copyrighted work. We will enforce our copyrights.
  • 3. ASIS SPC.1-2009 Organizational Resilience 2 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC © American National Standards Institute, Inc. (ASIS) ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems Approved March 12, 2009
  • 4. ASIS SPC.1-2009 Organizational Resilience 3 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC ASIS: Organizational Resilience: Security, Preparedness, and Continuity Management Systems 4.1.0.0 GENERAL REQUIREMENTS .....................................................................................................................................................4 4.1.1.0 SCOPE OF OR MANAGEMENT SYSTEM..........................................................................................................................................4 4.2.0.0 ORGANIZATIONAL RESILIENCE (OR) MANAGEMENT POLICY ..................................................................................................6 4.2.1.0 POLICY STATEMENT .................................................................................................................................................................6 4.2.2.0 MANAGEMENT COMMITMENT ...................................................................................................................................................7 4.3.0.0 PLANNING..............................................................................................................................................................................9 4.3.1.0 RISK ASSESSMENT AND IMPACT ANALYSIS......................................................................................................................................9 4.3.3.0 OBJECTIVES, TARGETS, AND PROGRAM(S) ...................................................................................................................................10 4.4.0.0 IMPLEMENTATION AND OPERATION...................................................................................................................................13 4.4.1.0 RESOURCES, ROLES, RESPONSIBILITY, AND AUTHORITY ...................................................................................................................13 4.4.2.0 COMPETENCE, TRAINING, AND AWARENESS.................................................................................................................................14 4.4.3.0 COMMUNICATION AND WARNING.............................................................................................................................................15 4.4.4.0 DOCUMENTATION .................................................................................................................................................................16 4.4.5.0 CONTROL OF DOCUMENTS.......................................................................................................................................................16 4.4.6.0 OPERATIONAL CONTROL .........................................................................................................................................................17 4.4.7.0 INCIDENT PREVENTION, PREPAREDNESS, AND RESPONSE.................................................................................................................18 4.5.0.0 CHECKING (EVALUATION)....................................................................................................................................................22 4.5.1.0 GENERAL.............................................................................................................................................................................22 4.5.2.0 MONITORING AND MEASUREMENT ...........................................................................................................................................22 4.5.3.0 EVALUATION OF COMPLIANCE AND SYSTEM PERFORMANCE .............................................................................................................22 4.5.4.0 NONCONFORMITY, CORRECTIVE ACTION, AND PREVENTIVE ACTION...................................................................................................23 4.5.5.0 CONTROL OF RECORDS ...........................................................................................................................................................24 4.5.6.0 INTERNAL AUDITS..................................................................................................................................................................24 4.6.0.0 MANAGEMENT REVIEW.......................................................................................................................................................26 4.6.1.0 GENERAL.............................................................................................................................................................................26 4.6.2.0 REVIEW INPUT......................................................................................................................................................................26 4.6.3.0 REVIEW OUTPUT...................................................................................................................................................................27 4.6.4.0 MAINTENANCE .....................................................................................................................................................................27 4.6.5.0 CONTINUAL IMPROVEMENT .....................................................................................................................................................27
  • 5. ASIS SPC.1-2009 Organizational Resilience 4 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC ORGANIZATIONAL RESILIENCE (OR) MANAGEMENT SYSTEM REQUIREMENTS . 4.1.0.0 General Requirements 4.1.1.0 Scope of OR Management System 4.1.1.1 General: The organization shall establish, document, implement, maintain, and continually improve an organization resilience (security, preparedness, and continuity) management system in accordance with the requirements of this Standard, and determine how it will fulfill these requirements. 4.1.1.2 The organization shall define and document the scope of its OR management system. 4.1.1.3 In defining the scope of its OR management system, the organization shall define the boundaries of the organization to be included in the scope of its OR program, being the whole organization or one or more of its constituent parts. 4.1.1.4 In defining the scope of its OR management system, the organization shall establish the requirements for OR management, considering the organization’s mission, goals, internal and external obligations (including those related to stakeholders), and legal responsibilities. 4.1.1.5 In defining the scope of its OR management system, the organization shall consider critical operational objectives, assets, functions, services, and products. 4.1.1.6 In defining the scope of its OR management system, the organization shall determine risk scenarios, based both on potential internal and external events that could adversely affect the critical operations and functions of the organization within the context of their potential impact. 4.1.1.7 In defining the scope of its OR management system, the organization shall define the scope of the OR management system in terms of and appropriate to the size, nature, and complexity of the organization from a perspective of continual improvement. 4.1.1.8 The organization shall define the scope consistent with protecting and preserving the integrity of the organization and its relationships with stakeholders, including interactions with key suppliers, outsourcing partners, and other stakeholders (for example, the organization’s supply chain partners and suppliers, customers, stockholders, the community in which it operates, etc.).
  • 6. ASIS SPC.1-2009 Organizational Resilience 5 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC 4.1.1.9 A Statement of Applicability shall define the strategic weighting of security management, preparedness, emergency management, disaster management, crisis management, and business continuity management in developing the management system, based on the risk assessment and impact analysis (see 4.3.1).