SlideShare ist ein Scribd-Unternehmen logo

ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems

‱
‱
Prep4Audit
Prep4Audit

Streamlining compliance to ASIS SPC.1-2009, Organizational Resilience with our Compliance Plan Template (Word) & Compliance Tracking Worksheet (Excel). @ http://goo.gl/7ZpV3B

Business
1 von 6
Downloaden Sie, um offline zu lesen
© American National Standards Institute, Inc. (ASIS) ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems Approved March 12, 2009 © Prepared by Prep4Audit, LLC Version2: 2015 www.prep4audit.com
ASIS SPC.1-2009 Organizational Resilience 1 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC Our Acknowledgement of the Rights of Others and Our Disclaimers With the exception of governmental providers of guidelines, check-lists and standards, most providers have some copyright specifications on their guidelines, check-lists and/or standards. The form sets we provide do not contain any content of a guidelines, check-lists and standards except for the requirements themselves. In other words the full content of any specific guidelines, check-lists and/or standards is not reproduced. It should be noted that a significant number of requirements that address any particular issue (e.g. the use of seals, perimeter security, facility cleanliness, data security) are contained within a variety of guidelines, check-lists and/or standards and are worded in similar (or exact) manners. Any purchaser of our forms should review the statements of the provider. If an organization has already purchased a particular standard, as we have, then that organization already has the right to use the requirement statements, if such right is in fact required. We have provided direct links to provider sites where you may review their copyrights; download their guideline, check-list or standard without cost, or, in the case of ISO, where you may purchase the standard. We have: 1) reformatted and/or reworded certain requirements for purposes of clarity; and, 2) separated multiple requirements as stated within a single paragraph and/or multiple requirements as stated within a single sentence into single statement requirements that allow for operational responses. We have made every effort to properly restate requirements and avoid typographical and grammatical errors. You must assume responsibility to ensure your responses are responsive to the intent of the original statements. We are not affiliated with any provider of any guideline, check-list or standard or with any certified body licensed to audit the guideline, check-list or standard. We are not, nor will we become, licensed to perform audits. We receive no fees of any sort from any provider, seller, auditor, or any other party related to the sale of our forms. Terms of Sale You Accept and Will Honor Your Usage Rights: We offer our forms in editable Word and Excel formats, not in secured PDF format. We sell you a license to make an unlimited number of copies of our forms for use only in your business unit. Any recognized industry standard requires you to modify its requirement to reflect your business model. You need to add requirements, delete requirements, and modify requirements. The way we sell our forms allow you to do that. Your organization is responsible, to various degrees, for the compliance of your entire supply chain to specific requirements. To reflect this responsibility you may want to enforce the importance of this responsibility by incorporating your company’s image (e.g. add your logo, change colors, font, headers and footers). The way we sell our forms allow you to do that. Your Responsibilities: You agree to use the forms only within your organization and only at your specific site. You agree not resell the documents or spreadsheets. You agree that if your subsidiaries, divisions, sites of your organization desire to utilize the documents or spreadsheets they are required to purchase their own sets. You agree that if your business partners desire to utilize the documents or spreadsheets, they are required to purchase their own sets. Are We Really All That Trusting? Actually, “Yes”. The supply chain professionals we have ever met honor terms of sale. Unfortunately, there are always the bad guys. So, we have inserted specific words, phrases, or punctuation that do not alter the meaning of a requirement but will uniquely identify our copyrighted work. We will enforce our copyrights.
ASIS SPC.1-2009 Organizational Resilience 2 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC © American National Standards Institute, Inc. (ASIS) ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems Approved March 12, 2009
ASIS SPC.1-2009 Organizational Resilience 3 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC ASIS: Organizational Resilience: Security, Preparedness, and Continuity Management Systems 4.1.0.0 GENERAL REQUIREMENTS .....................................................................................................................................................4 4.1.1.0 SCOPE OF OR MANAGEMENT SYSTEM..........................................................................................................................................4 4.2.0.0 ORGANIZATIONAL RESILIENCE (OR) MANAGEMENT POLICY ..................................................................................................6 4.2.1.0 POLICY STATEMENT .................................................................................................................................................................6 4.2.2.0 MANAGEMENT COMMITMENT ...................................................................................................................................................7 4.3.0.0 PLANNING..............................................................................................................................................................................9 4.3.1.0 RISK ASSESSMENT AND IMPACT ANALYSIS......................................................................................................................................9 4.3.3.0 OBJECTIVES, TARGETS, AND PROGRAM(S) ...................................................................................................................................10 4.4.0.0 IMPLEMENTATION AND OPERATION...................................................................................................................................13 4.4.1.0 RESOURCES, ROLES, RESPONSIBILITY, AND AUTHORITY ...................................................................................................................13 4.4.2.0 COMPETENCE, TRAINING, AND AWARENESS.................................................................................................................................14 4.4.3.0 COMMUNICATION AND WARNING.............................................................................................................................................15 4.4.4.0 DOCUMENTATION .................................................................................................................................................................16 4.4.5.0 CONTROL OF DOCUMENTS.......................................................................................................................................................16 4.4.6.0 OPERATIONAL CONTROL .........................................................................................................................................................17 4.4.7.0 INCIDENT PREVENTION, PREPAREDNESS, AND RESPONSE.................................................................................................................18 4.5.0.0 CHECKING (EVALUATION)....................................................................................................................................................22 4.5.1.0 GENERAL.............................................................................................................................................................................22 4.5.2.0 MONITORING AND MEASUREMENT ...........................................................................................................................................22 4.5.3.0 EVALUATION OF COMPLIANCE AND SYSTEM PERFORMANCE .............................................................................................................22 4.5.4.0 NONCONFORMITY, CORRECTIVE ACTION, AND PREVENTIVE ACTION...................................................................................................23 4.5.5.0 CONTROL OF RECORDS ...........................................................................................................................................................24 4.5.6.0 INTERNAL AUDITS..................................................................................................................................................................24 4.6.0.0 MANAGEMENT REVIEW.......................................................................................................................................................26 4.6.1.0 GENERAL.............................................................................................................................................................................26 4.6.2.0 REVIEW INPUT......................................................................................................................................................................26 4.6.3.0 REVIEW OUTPUT...................................................................................................................................................................27 4.6.4.0 MAINTENANCE .....................................................................................................................................................................27 4.6.5.0 CONTINUAL IMPROVEMENT .....................................................................................................................................................27
ASIS SPC.1-2009 Organizational Resilience 4 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC ORGANIZATIONAL RESILIENCE (OR) MANAGEMENT SYSTEM REQUIREMENTS . 4.1.0.0 General Requirements 4.1.1.0 Scope of OR Management System 4.1.1.1 General: The organization shall establish, document, implement, maintain, and continually improve an organization resilience (security, preparedness, and continuity) management system in accordance with the requirements of this Standard, and determine how it will fulfill these requirements. 4.1.1.2 The organization shall define and document the scope of its OR management system. 4.1.1.3 In defining the scope of its OR management system, the organization shall define the boundaries of the organization to be included in the scope of its OR program, being the whole organization or one or more of its constituent parts. 4.1.1.4 In defining the scope of its OR management system, the organization shall establish the requirements for OR management, considering the organization’s mission, goals, internal and external obligations (including those related to stakeholders), and legal responsibilities. 4.1.1.5 In defining the scope of its OR management system, the organization shall consider critical operational objectives, assets, functions, services, and products. 4.1.1.6 In defining the scope of its OR management system, the organization shall determine risk scenarios, based both on potential internal and external events that could adversely affect the critical operations and functions of the organization within the context of their potential impact. 4.1.1.7 In defining the scope of its OR management system, the organization shall define the scope of the OR management system in terms of and appropriate to the size, nature, and complexity of the organization from a perspective of continual improvement. 4.1.1.8 The organization shall define the scope consistent with protecting and preserving the integrity of the organization and its relationships with stakeholders, including interactions with key suppliers, outsourcing partners, and other stakeholders (for example, the organization’s supply chain partners and suppliers, customers, stockholders, the community in which it operates, etc.).
ASIS SPC.1-2009 Organizational Resilience 5 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC 4.1.1.9 A Statement of Applicability shall define the strategic weighting of security management, preparedness, emergency management, disaster management, crisis management, and business continuity management in developing the management system, based on the risk assessment and impact analysis (see 4.3.1).

Empfohlen

Building and Distributing a Salesforce App
Building and Distributing a Salesforce AppBuilding and Distributing a Salesforce App
Building and Distributing a Salesforce App
Ross Belmont
 
Decoding Triggers for Admins
Decoding Triggers for AdminsDecoding Triggers for Admins
Decoding Triggers for Admins
Salesforce Admins
 
How to Become a Security-Minded Admin
How to Become a Security-Minded AdminHow to Become a Security-Minded Admin
How to Become a Security-Minded Admin
Salesforce Admins
 
How to be a SalesFIERCE Admin - Jared Miller & Davina Hanchuck
How to be a SalesFIERCE Admin - Jared Miller & Davina HanchuckHow to be a SalesFIERCE Admin - Jared Miller & Davina Hanchuck
How to be a SalesFIERCE Admin - Jared Miller & Davina Hanchuck
Salesforce Admins
 
How to be a SalesFIERCE Salesforce Admin
How to be a SalesFIERCE Salesforce AdminHow to be a SalesFIERCE Salesforce Admin
How to be a SalesFIERCE Salesforce Admin
Jared Miller
 
Getting It Right
Getting It RightGetting It Right
Getting It Right
Scott Sehlhorst
 
10 Best Practices using Flow - Darrell DeVeaux
10 Best Practices using Flow - Darrell DeVeaux10 Best Practices using Flow - Darrell DeVeaux
10 Best Practices using Flow - Darrell DeVeaux
Salesforce Admins
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 

Empfohlen

Building and Distributing a Salesforce App
Building and Distributing a Salesforce AppBuilding and Distributing a Salesforce App
Building and Distributing a Salesforce App
Ross Belmont
 
Decoding Triggers for Admins
Decoding Triggers for AdminsDecoding Triggers for Admins
Decoding Triggers for Admins
Salesforce Admins
 
How to Become a Security-Minded Admin
How to Become a Security-Minded AdminHow to Become a Security-Minded Admin
How to Become a Security-Minded Admin
Salesforce Admins
 
How to be a SalesFIERCE Admin - Jared Miller & Davina Hanchuck
How to be a SalesFIERCE Admin - Jared Miller & Davina HanchuckHow to be a SalesFIERCE Admin - Jared Miller & Davina Hanchuck
How to be a SalesFIERCE Admin - Jared Miller & Davina Hanchuck
Salesforce Admins
 
How to be a SalesFIERCE Salesforce Admin
How to be a SalesFIERCE Salesforce AdminHow to be a SalesFIERCE Salesforce Admin
How to be a SalesFIERCE Salesforce Admin
Jared Miller
 
Getting It Right
Getting It RightGetting It Right
Getting It Right
Scott Sehlhorst
 
10 Best Practices using Flow - Darrell DeVeaux
10 Best Practices using Flow - Darrell DeVeaux10 Best Practices using Flow - Darrell DeVeaux
10 Best Practices using Flow - Darrell DeVeaux
Salesforce Admins
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
Writing within an Agile Development Environment
Writing within an Agile Development EnvironmentWriting within an Agile Development Environment
Writing within an Agile Development Environment
Steve Greene
 
Lifecycle of a Bug
Lifecycle of a BugLifecycle of a Bug
Lifecycle of a Bug
Salesforce Developers
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance Solutions
Corporater
 
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
Amazon Web Services
 
Webinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Webinar: Cut that Clutter! Maintain a Clean Org and Improve ProductivityWebinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Webinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Salesforce Admins
 
Aaps Quality Agreement Presentation Share
Aaps Quality Agreement Presentation ShareAaps Quality Agreement Presentation Share
Aaps Quality Agreement Presentation Share
RalphDillon
 
Using Elastic @ Elastic: Fast-tracking support search
Using Elastic @ Elastic: Fast-tracking support searchUsing Elastic @ Elastic: Fast-tracking support search
Using Elastic @ Elastic: Fast-tracking support search
Elasticsearch
 
ISV Tech Talk: Environment Hub (October 15, 2014)
ISV Tech Talk: Environment Hub (October 15, 2014)ISV Tech Talk: Environment Hub (October 15, 2014)
ISV Tech Talk: Environment Hub (October 15, 2014)
Salesforce Partners
 
Dimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperDimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paper
Jason Cumberland
 
CodeofEthicsProgram auto nation
CodeofEthicsProgram auto nationCodeofEthicsProgram auto nation
CodeofEthicsProgram auto nation
finance14
 
CodeofEthicsProgram auto nation
CodeofEthicsProgram auto nationCodeofEthicsProgram auto nation
CodeofEthicsProgram auto nation
finance14
 
Df14 Maintaining your orgs setup for optimal efficiency for dist
Df14 Maintaining your orgs setup for optimal efficiency for distDf14 Maintaining your orgs setup for optimal efficiency for dist
Df14 Maintaining your orgs setup for optimal efficiency for dist
jayvinarora
 
Salesforce Security Review Tips and Tricks
Salesforce Security Review Tips and TricksSalesforce Security Review Tips and Tricks
Salesforce Security Review Tips and Tricks
Ryan Flood
 
An Insider's Guide to Security Review (October 13, 2014)
An Insider's Guide to Security Review (October 13, 2014)An Insider's Guide to Security Review (October 13, 2014)
An Insider's Guide to Security Review (October 13, 2014)
Salesforce Partners
 
Advanced Automation with Flows and Custom Metadata Types
Advanced Automation with Flows and Custom Metadata TypesAdvanced Automation with Flows and Custom Metadata Types
Advanced Automation with Flows and Custom Metadata Types
Salesforce Admins
 
4201 inter connect17-devopstransformation
4201 inter connect17-devopstransformation4201 inter connect17-devopstransformation
4201 inter connect17-devopstransformation
Carlton Mason, CSM
 
Creating stellar customer support experiences using search
Creating stellar customer support experiences using searchCreating stellar customer support experiences using search
Creating stellar customer support experiences using search
Elasticsearch
 
Metakortex Presentation
Metakortex PresentationMetakortex Presentation
Metakortex Presentation
guest0df6b0
 
Keys Things to Consider When Implementing Partner Communities
Keys Things to Consider When Implementing Partner CommunitiesKeys Things to Consider When Implementing Partner Communities
Keys Things to Consider When Implementing Partner Communities
Traction on Demand
 
Basic Software License & Copyright Compliance Quiz
Basic Software License & Copyright Compliance QuizBasic Software License & Copyright Compliance Quiz
Basic Software License & Copyright Compliance Quiz
Alan L. Plastow
 
Preserved Foods Manufacture FSC 18 SQF 7.1 | Prep4Audit
Preserved Foods Manufacture FSC 18 SQF 7.1 | Prep4AuditPreserved Foods Manufacture FSC 18 SQF 7.1 | Prep4Audit
Preserved Foods Manufacture FSC 18 SQF 7.1 | Prep4Audit
Prep4Audit
 
AEO Safety and Security Guidelines: Custom Agent | Prep4Audit
AEO Safety and Security Guidelines: Custom Agent | Prep4AuditAEO Safety and Security Guidelines: Custom Agent | Prep4Audit
AEO Safety and Security Guidelines: Custom Agent | Prep4Audit
Prep4Audit
 

Weitere Àhnliche Inhalte

Ähnlich wie ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems

Writing within an Agile Development Environment
Writing within an Agile Development EnvironmentWriting within an Agile Development Environment
Writing within an Agile Development Environment
Steve Greene
 
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
Amazon Web Services
 
Aaps Quality Agreement Presentation Share
Aaps Quality Agreement Presentation ShareAaps Quality Agreement Presentation Share
Aaps Quality Agreement Presentation Share
RalphDillon
 
Dimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperDimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paper
Jason Cumberland
 
CodeofEthicsProgram auto nation
CodeofEthicsProgram auto nationCodeofEthicsProgram auto nation
CodeofEthicsProgram auto nation
finance14
 
CodeofEthicsProgram auto nation
CodeofEthicsProgram auto nationCodeofEthicsProgram auto nation
CodeofEthicsProgram auto nation
finance14
 
Df14 Maintaining your orgs setup for optimal efficiency for dist
Df14 Maintaining your orgs setup for optimal efficiency for distDf14 Maintaining your orgs setup for optimal efficiency for dist
Df14 Maintaining your orgs setup for optimal efficiency for dist
jayvinarora
 

Ähnlich wie ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems (20)

Writing within an Agile Development Environment
Writing within an Agile Development EnvironmentWriting within an Agile Development Environment
Writing within an Agile Development Environment
 
Lifecycle of a Bug
Lifecycle of a BugLifecycle of a Bug
Lifecycle of a Bug
 
Compliance Management | Compliance Solutions
Compliance Management | Compliance SolutionsCompliance Management | Compliance Solutions
Compliance Management | Compliance Solutions
 
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
 
Webinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Webinar: Cut that Clutter! Maintain a Clean Org and Improve ProductivityWebinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
Webinar: Cut that Clutter! Maintain a Clean Org and Improve Productivity
 
Aaps Quality Agreement Presentation Share
Aaps Quality Agreement Presentation ShareAaps Quality Agreement Presentation Share
Aaps Quality Agreement Presentation Share
 
Using Elastic @ Elastic: Fast-tracking support search
Using Elastic @ Elastic: Fast-tracking support searchUsing Elastic @ Elastic: Fast-tracking support search
Using Elastic @ Elastic: Fast-tracking support search
 
ISV Tech Talk: Environment Hub (October 15, 2014)
ISV Tech Talk: Environment Hub (October 15, 2014)ISV Tech Talk: Environment Hub (October 15, 2014)
ISV Tech Talk: Environment Hub (October 15, 2014)
 
Dimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paperDimension data pursuing compliance in public cloud white paper
Dimension data pursuing compliance in public cloud white paper
 
CodeofEthicsProgram auto nation
CodeofEthicsProgram auto nationCodeofEthicsProgram auto nation
CodeofEthicsProgram auto nation
 
CodeofEthicsProgram auto nation
CodeofEthicsProgram auto nationCodeofEthicsProgram auto nation
CodeofEthicsProgram auto nation
 
Df14 Maintaining your orgs setup for optimal efficiency for dist
Df14 Maintaining your orgs setup for optimal efficiency for distDf14 Maintaining your orgs setup for optimal efficiency for dist
Df14 Maintaining your orgs setup for optimal efficiency for dist
 
Salesforce Security Review Tips and Tricks
Salesforce Security Review Tips and TricksSalesforce Security Review Tips and Tricks
Salesforce Security Review Tips and Tricks
 
An Insider's Guide to Security Review (October 13, 2014)
An Insider's Guide to Security Review (October 13, 2014)An Insider's Guide to Security Review (October 13, 2014)
An Insider's Guide to Security Review (October 13, 2014)
 
Advanced Automation with Flows and Custom Metadata Types
Advanced Automation with Flows and Custom Metadata TypesAdvanced Automation with Flows and Custom Metadata Types
Advanced Automation with Flows and Custom Metadata Types
 
4201 inter connect17-devopstransformation
4201 inter connect17-devopstransformation4201 inter connect17-devopstransformation
4201 inter connect17-devopstransformation
 
Creating stellar customer support experiences using search
Creating stellar customer support experiences using searchCreating stellar customer support experiences using search
Creating stellar customer support experiences using search
 
Metakortex Presentation
Metakortex PresentationMetakortex Presentation
Metakortex Presentation
 
Keys Things to Consider When Implementing Partner Communities
Keys Things to Consider When Implementing Partner CommunitiesKeys Things to Consider When Implementing Partner Communities
Keys Things to Consider When Implementing Partner Communities
 
Basic Software License & Copyright Compliance Quiz
Basic Software License & Copyright Compliance QuizBasic Software License & Copyright Compliance Quiz
Basic Software License & Copyright Compliance Quiz
 

Mehr von Prep4Audit

Mehr von Prep4Audit (12)

Preserved Foods Manufacture FSC 18 SQF 7.1 | Prep4Audit
Preserved Foods Manufacture FSC 18 SQF 7.1 | Prep4AuditPreserved Foods Manufacture FSC 18 SQF 7.1 | Prep4Audit
Preserved Foods Manufacture FSC 18 SQF 7.1 | Prep4Audit
 
AEO Safety and Security Guidelines: Custom Agent | Prep4Audit
AEO Safety and Security Guidelines: Custom Agent | Prep4AuditAEO Safety and Security Guidelines: Custom Agent | Prep4Audit
AEO Safety and Security Guidelines: Custom Agent | Prep4Audit
 
AEO Air Carrier compliance assessment | Prep4Audit
AEO Air Carrier compliance assessment | Prep4AuditAEO Air Carrier compliance assessment | Prep4Audit
AEO Air Carrier compliance assessment | Prep4Audit
 
C-TPAT Minimum Security Requirements with compliance Plan | Prep4Audit
C-TPAT Minimum Security Requirements with compliance Plan | Prep4AuditC-TPAT Minimum Security Requirements with compliance Plan | Prep4Audit
C-TPAT Minimum Security Requirements with compliance Plan | Prep4Audit
 
FSR 2011 Freight Supplier Security Section 2 Requirements
FSR 2011 Freight Supplier Security Section 2 RequirementsFSR 2011 Freight Supplier Security Section 2 Requirements
FSR 2011 Freight Supplier Security Section 2 Requirements
 
PCI DSS Requirements & Security Assessment Procedures | Prep4audit
PCI DSS Requirements & Security Assessment Procedures | Prep4auditPCI DSS Requirements & Security Assessment Procedures | Prep4audit
PCI DSS Requirements & Security Assessment Procedures | Prep4audit
 
CTPAT-Highway Carrier Security Requirements
CTPAT-Highway Carrier Security RequirementsCTPAT-Highway Carrier Security Requirements
CTPAT-Highway Carrier Security Requirements
 
Aeo safety-and-security-requirements exporter-table-of-contents
Aeo safety-and-security-requirements exporter-table-of-contentsAeo safety-and-security-requirements exporter-table-of-contents
Aeo safety-and-security-requirements exporter-table-of-contents
 
CTPAT 3PL Security Requirements
CTPAT 3PL Security Requirements CTPAT 3PL Security Requirements
CTPAT 3PL Security Requirements
 
ASIS SPC.1-2009 Section 4 Organizational Resilience
ASIS SPC.1-2009 Section 4 Organizational Resilience ASIS SPC.1-2009 Section 4 Organizational Resilience
ASIS SPC.1-2009 Section 4 Organizational Resilience
 
AEO Safety and Security Requirements
AEO Safety and Security Requirements AEO Safety and Security Requirements
AEO Safety and Security Requirements
 
BIS Export Management and Compliance Program Self-Assessment Toolkit
BIS Export Management and Compliance Program Self-Assessment ToolkitBIS Export Management and Compliance Program Self-Assessment Toolkit
BIS Export Management and Compliance Program Self-Assessment Toolkit
 

KĂŒrzlich hochgeladen

Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Dipal Arora
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
Renandantas16
 
Call Girls From Pari Chowk Greater Noida ❀8448577510 âŠčBest Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❀8448577510 âŠčBest Escorts Service I...Call Girls From Pari Chowk Greater Noida ❀8448577510 âŠčBest Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❀8448577510 âŠčBest Escorts Service I...
lizamodels9
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
Matteo Carbone
 
Call Girls In DLf Gurgaon ➄99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➄99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➄99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➄99902@11544 ( Best price)100% Genuine Escort In 24...
lizamodels9
 
Call Girls In Noida 959961âŠč3876 Independent Escort Service Noida
Call Girls In Noida 959961âŠč3876 Independent Escort Service NoidaCall Girls In Noida 959961âŠč3876 Independent Escort Service Noida
Call Girls In Noida 959961âŠč3876 Independent Escort Service Noida
dlhescort
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Dipal Arora
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 

KĂŒrzlich hochgeladen (20)

Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
Call Girls From Pari Chowk Greater Noida ❀8448577510 âŠčBest Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❀8448577510 âŠčBest Escorts Service I...Call Girls From Pari Chowk Greater Noida ❀8448577510 âŠčBest Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❀8448577510 âŠčBest Escorts Service I...
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Call Girls In DLf Gurgaon ➄99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➄99902@11544 ( Best price)100% Genuine Escort In 24...Call Girls In DLf Gurgaon ➄99902@11544 ( Best price)100% Genuine Escort In 24...
Call Girls In DLf Gurgaon ➄99902@11544 ( Best price)100% Genuine Escort In 24...
 
Call Girls In Noida 959961âŠč3876 Independent Escort Service Noida
Call Girls In Noida 959961âŠč3876 Independent Escort Service NoidaCall Girls In Noida 959961âŠč3876 Independent Escort Service Noida
Call Girls In Noida 959961âŠč3876 Independent Escort Service Noida
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 

ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems

  • 1. © American National Standards Institute, Inc. (ASIS) ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems Approved March 12, 2009 © Prepared by Prep4Audit, LLC Version2: 2015 www.prep4audit.com
  • 2. ASIS SPC.1-2009 Organizational Resilience 1 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC Our Acknowledgement of the Rights of Others and Our Disclaimers With the exception of governmental providers of guidelines, check-lists and standards, most providers have some copyright specifications on their guidelines, check-lists and/or standards. The form sets we provide do not contain any content of a guidelines, check-lists and standards except for the requirements themselves. In other words the full content of any specific guidelines, check-lists and/or standards is not reproduced. It should be noted that a significant number of requirements that address any particular issue (e.g. the use of seals, perimeter security, facility cleanliness, data security) are contained within a variety of guidelines, check-lists and/or standards and are worded in similar (or exact) manners. Any purchaser of our forms should review the statements of the provider. If an organization has already purchased a particular standard, as we have, then that organization already has the right to use the requirement statements, if such right is in fact required. We have provided direct links to provider sites where you may review their copyrights; download their guideline, check-list or standard without cost, or, in the case of ISO, where you may purchase the standard. We have: 1) reformatted and/or reworded certain requirements for purposes of clarity; and, 2) separated multiple requirements as stated within a single paragraph and/or multiple requirements as stated within a single sentence into single statement requirements that allow for operational responses. We have made every effort to properly restate requirements and avoid typographical and grammatical errors. You must assume responsibility to ensure your responses are responsive to the intent of the original statements. We are not affiliated with any provider of any guideline, check-list or standard or with any certified body licensed to audit the guideline, check-list or standard. We are not, nor will we become, licensed to perform audits. We receive no fees of any sort from any provider, seller, auditor, or any other party related to the sale of our forms. Terms of Sale You Accept and Will Honor Your Usage Rights: We offer our forms in editable Word and Excel formats, not in secured PDF format. We sell you a license to make an unlimited number of copies of our forms for use only in your business unit. Any recognized industry standard requires you to modify its requirement to reflect your business model. You need to add requirements, delete requirements, and modify requirements. The way we sell our forms allow you to do that. Your organization is responsible, to various degrees, for the compliance of your entire supply chain to specific requirements. To reflect this responsibility you may want to enforce the importance of this responsibility by incorporating your company’s image (e.g. add your logo, change colors, font, headers and footers). The way we sell our forms allow you to do that. Your Responsibilities: You agree to use the forms only within your organization and only at your specific site. You agree not resell the documents or spreadsheets. You agree that if your subsidiaries, divisions, sites of your organization desire to utilize the documents or spreadsheets they are required to purchase their own sets. You agree that if your business partners desire to utilize the documents or spreadsheets, they are required to purchase their own sets. Are We Really All That Trusting? Actually, “Yes”. The supply chain professionals we have ever met honor terms of sale. Unfortunately, there are always the bad guys. So, we have inserted specific words, phrases, or punctuation that do not alter the meaning of a requirement but will uniquely identify our copyrighted work. We will enforce our copyrights.
  • 3. ASIS SPC.1-2009 Organizational Resilience 2 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC © American National Standards Institute, Inc. (ASIS) ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems Approved March 12, 2009
  • 4. ASIS SPC.1-2009 Organizational Resilience 3 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC ASIS: Organizational Resilience: Security, Preparedness, and Continuity Management Systems 4.1.0.0 GENERAL REQUIREMENTS .....................................................................................................................................................4 4.1.1.0 SCOPE OF OR MANAGEMENT SYSTEM..........................................................................................................................................4 4.2.0.0 ORGANIZATIONAL RESILIENCE (OR) MANAGEMENT POLICY ..................................................................................................6 4.2.1.0 POLICY STATEMENT .................................................................................................................................................................6 4.2.2.0 MANAGEMENT COMMITMENT ...................................................................................................................................................7 4.3.0.0 PLANNING..............................................................................................................................................................................9 4.3.1.0 RISK ASSESSMENT AND IMPACT ANALYSIS......................................................................................................................................9 4.3.3.0 OBJECTIVES, TARGETS, AND PROGRAM(S) ...................................................................................................................................10 4.4.0.0 IMPLEMENTATION AND OPERATION...................................................................................................................................13 4.4.1.0 RESOURCES, ROLES, RESPONSIBILITY, AND AUTHORITY ...................................................................................................................13 4.4.2.0 COMPETENCE, TRAINING, AND AWARENESS.................................................................................................................................14 4.4.3.0 COMMUNICATION AND WARNING.............................................................................................................................................15 4.4.4.0 DOCUMENTATION .................................................................................................................................................................16 4.4.5.0 CONTROL OF DOCUMENTS.......................................................................................................................................................16 4.4.6.0 OPERATIONAL CONTROL .........................................................................................................................................................17 4.4.7.0 INCIDENT PREVENTION, PREPAREDNESS, AND RESPONSE.................................................................................................................18 4.5.0.0 CHECKING (EVALUATION)....................................................................................................................................................22 4.5.1.0 GENERAL.............................................................................................................................................................................22 4.5.2.0 MONITORING AND MEASUREMENT ...........................................................................................................................................22 4.5.3.0 EVALUATION OF COMPLIANCE AND SYSTEM PERFORMANCE .............................................................................................................22 4.5.4.0 NONCONFORMITY, CORRECTIVE ACTION, AND PREVENTIVE ACTION...................................................................................................23 4.5.5.0 CONTROL OF RECORDS ...........................................................................................................................................................24 4.5.6.0 INTERNAL AUDITS..................................................................................................................................................................24 4.6.0.0 MANAGEMENT REVIEW.......................................................................................................................................................26 4.6.1.0 GENERAL.............................................................................................................................................................................26 4.6.2.0 REVIEW INPUT......................................................................................................................................................................26 4.6.3.0 REVIEW OUTPUT...................................................................................................................................................................27 4.6.4.0 MAINTENANCE .....................................................................................................................................................................27 4.6.5.0 CONTINUAL IMPROVEMENT .....................................................................................................................................................27
  • 5. ASIS SPC.1-2009 Organizational Resilience 4 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC ORGANIZATIONAL RESILIENCE (OR) MANAGEMENT SYSTEM REQUIREMENTS . 4.1.0.0 General Requirements 4.1.1.0 Scope of OR Management System 4.1.1.1 General: The organization shall establish, document, implement, maintain, and continually improve an organization resilience (security, preparedness, and continuity) management system in accordance with the requirements of this Standard, and determine how it will fulfill these requirements. 4.1.1.2 The organization shall define and document the scope of its OR management system. 4.1.1.3 In defining the scope of its OR management system, the organization shall define the boundaries of the organization to be included in the scope of its OR program, being the whole organization or one or more of its constituent parts. 4.1.1.4 In defining the scope of its OR management system, the organization shall establish the requirements for OR management, considering the organization’s mission, goals, internal and external obligations (including those related to stakeholders), and legal responsibilities. 4.1.1.5 In defining the scope of its OR management system, the organization shall consider critical operational objectives, assets, functions, services, and products. 4.1.1.6 In defining the scope of its OR management system, the organization shall determine risk scenarios, based both on potential internal and external events that could adversely affect the critical operations and functions of the organization within the context of their potential impact. 4.1.1.7 In defining the scope of its OR management system, the organization shall define the scope of the OR management system in terms of and appropriate to the size, nature, and complexity of the organization from a perspective of continual improvement. 4.1.1.8 The organization shall define the scope consistent with protecting and preserving the integrity of the organization and its relationships with stakeholders, including interactions with key suppliers, outsourcing partners, and other stakeholders (for example, the organization’s supply chain partners and suppliers, customers, stockholders, the community in which it operates, etc.).
  • 6. ASIS SPC.1-2009 Organizational Resilience 5 © American National Standards Institute, Inc. (ASIS), ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems © Restatement and Document Preparation by Prep4Audit, LLC 4.1.1.9 A Statement of Applicability shall define the strategic weighting of security management, preparedness, emergency management, disaster management, crisis management, and business continuity management in developing the management system, based on the risk assessment and impact analysis (see 4.3.1).