欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PDF文档下载
    分享到微信 分享到微博 分享到QQ空间

    ANSI SPC.1-2009 Organizational Resilience Security Preparedness and Continuity Management Systems CRequirements with Guidance for Use.pdf

    • 资源ID:438004       资源大小:1.22MB        全文页数:66页
    • 资源格式: PDF        下载积分:10000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要10000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    ANSI SPC.1-2009 Organizational Resilience Security Preparedness and Continuity Management Systems CRequirements with Guidance for Use.pdf

    1、Organizational Resilience: Security, Preparedness, and Continuity Management SystemsRequirements with Guidance for UseA S I S I N T E R N A T I O N A L STANDARDAMERICAN NATIONALASIS SPC.1-2009ASIS SPC.1-2009, ORGANIZATIONAL RESILIENCE STANDARD ASIS SPC.1-2009 an American National Standard for Securi

    2、ty ORGANIZATIONAL RESILIENCE: SECURITY, PREPAREDNESS, AND CONTINUITY MANAGEMENT SYSTEMS REQUIREMENTS WITH GUIDANCE FOR USE Approved March 12, 2009 American National Standards Institute, Inc. Abstract A comprehensive management systems approach for security, preparedness, response, mitigation, busine

    3、ss/operational continuity, and recovery for disruptive incidents resulting in an emergency, crisis, or disaster. ASIS SPC.1-2009, ORGANIZATIONAL RESILIENCE STANDARD ii NOTICE AND DISCLAIMER The information in this publication was considered technically sound by the consensus of persons engaged in th

    4、e development and approval of the document at the time it was developed. Consensus does not necessarily mean that there is unanimous agreement among every person participating in the development of this document. ASIS International standards and guideline publications, of which the document containe

    5、d herein is one, are developed through a voluntary consensus standards development process. This process brings together volunteers and/or seeks out the views of persons who have an interest in the topic covered by this publication. While ASIS administers the process and establishes rules to promote

    6、 fairness in the development of consensus, it does not write the document and it does not independently test, evaluate, or verify the accuracy or completeness of any information or the soundness of any judgments contained in its standards and guideline publications. ASIS is a voluntary, nonprofit pr

    7、ofessional society with no regulatory, licensing or police power over its members. ASIS does not undertake a duty to third parties because it does not have the authority to enforce compliance with its standards. It assumes no duty of care to the general public, because its standards are not obligato

    8、ry and because it does not monitor the use of those standards. ASIS disclaims liability for any personal injury, property, or other damages of any nature whatsoever, whether special, indirect, consequential, or compensatory, directly or indirectly resulting from the publication, use of, application,

    9、 or reliance on this document. ASIS disclaims and makes no guaranty or warranty, expressed or implied, as to the accuracy or completeness of any information published herein, and disclaims and makes no warranty that the information in this document will fulfill any persons or entitys particular purp

    10、oses or needs. ASIS does not undertake to guarantee the performance of any individual manufacturer or sellers products or services by virtue of this standard or guide. In publishing and making this document available, ASIS is not undertaking to render professional or other services for or on behalf

    11、of any person or entity, nor is ASIS undertaking to perform any duty owed by any person or entity to someone else. Anyone using this document should rely on his or her own independent judgment or, as appropriate, seek the advice of a competent professional in determining the exercise of reasonable c

    12、are in any given circumstances. Information and other standards on the topic covered by this publication may be available from other sources, which the user may wish to consult for additional views or information not covered by this publication. ASIS has no power, nor does it undertake to police or

    13、enforce compliance with the contents of this document. ASIS has no control over which of its standards, if any, may be adopted by governmental regulatory agencies, or over any activity or conduct that purports to conform to its standards. ASIS does not list, certify, test, inspect, or approve any pr

    14、actices, products, materials, designs, or installations for compliance with its standards. It merely publishes standards to be used as guidelines that third parties may or may not choose to adopt, modify or reject. Any certification or other statement of compliance with any information in this docum

    15、ent shall not be attributable to ASIS and is solely the responsibility of the certifier or maker of the statement. All rights reserved. Permission is hereby granted to individual users to download this document for their own personal use, with acknowledgement of ASIS International as the source. How

    16、ever, this document may not be downloaded for further copying or reproduction nor may it be sold, offered for sale, or otherwise used commercially. Copyright 2009 ASIS International ISBN: 978-1-887056-92-2 ASIS SPC.1-2009, ORGANIZATIONAL RESILIENCE STANDARD iii FOREWORD The information contained in

    17、this Foreword is not part of this American National Standard (ANS) and has not been processed in accordance with ANSIs requirements for an ANS. As such, this Foreword may contain material that has not been subjected to public review or a consensus process. In addition, it does not contain requiremen

    18、ts necessary for conformance to the Standard. ANSI guidelines specify two categories of requirements: mandatory and recommendation. The mandatory requirements are designated by the word shall and recommendations by the word should. Where both a mandatory requirement and a recommendation are specifie

    19、d for the same criterion, the recommendation represents a goal currently identifiable as having distinct compatibility or performance advantages. ASIS International (ASIS) is the preeminent organization for security professionals, with more than 37,000 members worldwide. Founded in 1955, ASIS is ded

    20、icated to increasing the effectiveness and productivity of security professionals by developing educational programs and materials that address broad security interests. ASIS also advocates the role and value of the security management profession to business, the media, government entities, and the

    21、public. By providing members and the security community with access to a full range of programs and services, ASIS leads the way for advanced and improved security performance. The work of preparing ASIS Standards is carried out through the ASIS International Standards and Guidelines Commission comm

    22、ittees. Each member interested in a subject for which a technical committee has been established has the right to be represented on that committee. The Guidelines Program of ASIS International has received a Designation award under the Support Anti-terrorism by Fostering Effective Technology Act of

    23、2002 (the SAFETY Act) from the U.S. Department of Homeland Security. Specifically, the SAFETY Act designation limits ASIS liability for acts arising out of the use of the guidelines in connection with an act of terrorism and precludes claims of third party damages against organizations using the gui

    24、delines as a means to prevent or limit the scope of terrorist acts. The ASIS International Organizational Resilience: Security, Preparedness and Continuity Management Systems Standard incorporates the guidance provided in the ASIS International Business Continuity Guideline: A Practical Approach for

    25、 Emergency Preparedness, Crisis Management, and Disaster Recovery, 2005. For additional information, the Business Continuity Guideline should be consulted. This best practices standard provides generic auditable criteria and informative guidance on prevention, preparedness (readiness), mitigation, r

    26、esponse, continuity, and recovery from disruptive incidents with a potential to escalate into an emergency, crisis, or disaster. Suggestions for improvement of this document are welcome. They should be sent to ASIS International, 1625 Prince Street, Alexandria, VA 22314-2818, USA. Commission Members

    27、 Jason L. Brown, Thales Australia Steven K. Bucklin, Glenbrook Security Services, Inc. John C. Cholewa III, CPP, Embarq Corporation Cynthia P. Conlon, CPP, Conlon Consulting Corporation Michael A. Crane, CPP, IPC International Corporation Eugene F. Ferraro, CPP, PCI, CFE, Business Controls Inc. F. M

    28、ark Geraci, CPP, Bristol-Myers Squibb Co., Chair Robert W. Jones, Kraft Foods, Inc. Michael E. Knoke, CPP, Express Scripts, Inc., Vice Chair John F. Mallon, CPP Marc H. Siegel, Ph.D, ASIS Security Management System Consultant Roger D. Warwick, CPP, Pyramid International ASIS SPC.1-2009, ORGANIZATION

    29、AL RESILIENCE STANDARD iv At the time it approved this document, SPC Standards Committee, which is responsible for the development of this Standard, had the following members: Committee Members Committee Chairman: Marc H. Siegel, Ph.D., ASIS Security Management System Consultant Committee Secretaria

    30、t: Sue Carioti, ASIS International Paul H. Aube, CCP, Federation C.J.A. Don Aviv, PSP, CPP, PCI, Interfor Inc. William D. Badertscher, CPP, BMP, Georgetown University Pradeep Bajaj, OSSIM Jay C. Beighley, CPP, Nationwide Insurance Dennis R. Blass, CPP, PSP, Sec Engineers University of Alabama Thomas

    31、 Bozek, Bozek Consulting LLC Jerry Brashear, Ph.D., ASME Jerry J. Brennan, Security Management Resources Richard C. Bryant, CBCP, CSE, Verizon Communications Frederick A. Budde, Federal Air Marshal Service Doyle J. Burke, CPP, Delphi Corporation/Securitas Sharon Caudle, Ph.D., Texas A b) Establishin

    32、g a policy and objectives to manage risks; c) Implementing and operating controls to manage an organizations risks within the context of the organizations mission; d) Monitoring and reviewing the performance and effectiveness of the OR management system; and e) Continual improvement based on objecti

    33、ve measurement. This Standard adopts the “Plan-Do-Check-Act“ (PDCA) model, which is applied to structure the OR management system processes. The PDCA model is sometimes referred to as the APCI (Assess-Protect-Confirm-Improve) Model. Figure 1 illustrates how an OR management system takes as input the

    34、 OR management requirements and expectations of the interested parties and through the necessary actions and processes produces risk management outcomes that meet those requirements and expectations. Figure 1 also illustrates the links in the processes presented in clause 4. DoDevise a SolutionDevel

    35、op Detailed ActionPlan b) Assure itself of its conformity with its stated OR management policy; c) Demonstrate conformity with this Standard by: i. Making a self-determination and self-declaration; or ii. Seeking confirmation of its conformance by parties having an interest in the organization (such

    36、 as customers); or iii. Seeking confirmation of its self-declaration by a party external to the organization; or iv. Seeking certification/registration of its OR management system by an external organization. All the requirements in this Standard are intended to be incorporated into any type of orga

    37、nizations OR management system. It provides all the elements required to integrate management, technology, facilities, processes, and people into the resilience culture, risk management, and OR management system of an organization. The extent of the application will depend on factors such as the ris

    38、k tolerance and policy of the organization; the nature of its activities, products, and services; and the location where, and the conditions in which, it functions. This Standard provides generic requirements as a framework, applicable to all types of organizations (or parts thereof) regardless of s

    39、ize and nature of operation. It provides guidance for organizations to develop their own specific performance criteria, enabling the organization to tailor and implement an OR management system appropriate to its needs and those of its stakeholders. ASIS SPC.1-2009, ORGANIZATIONAL RESILIENCE STANDAR

    40、D 2 The Standard emphasizes resilience, the adaptive capacity of an organization in a complex and changing environment, as well as protection of critical assets. Applying this Standard positions an organization to more readily prepare for and respond to all manner of intentional, unintentional, and/

    41、or naturally-caused disruptive events which, if unmanaged, could escalate into an emergency, crisis, or disaster. It covers all phases of incident management before, during, and after a disruptive event. This Standard enables an organization to: a) Develop a prevention, preparedness, and response/co

    42、ntinuity/recovery policy; b) Establish objectives, procedures, and processes to achieve the policy commitments; c) Assure competency, awareness, and training; d) Set metrics to measure performance and demonstrate success; e) Take action as needed to improve performance; f) Demonstrate conformity of

    43、the system to the requirements of this Standard; and g) Establish and apply a process for continual improvement. Annex A provides informative guidance on system planning, implementation, testing, maintenance, and improvement. 2. NORMATIVE REFERENCES The following standards contain provisions which,

    44、through reference in this text, constitute provisions of this American National Standard. At the time of publication, the editions indicated were valid. All standards are subject to revision, and parties to agreements based on this American National Standard are encouraged to investigate the possibi

    45、lity of applying the most recent editions of the standards indicated below. The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (includin

    46、g any amendments) applies. NOTE: All documents below are available from the International Organization for Standardization. 2.1 General Reference ISO Guide 73:2002, Risk management Vocabulary Guidelines for use in standards. 2.2 Parallel or Integrated Application of a Number of Systems ISO 9001:2000

    47、, Quality management systems Requirements. ISO 14001:2004, Environmental management systems Requirements with guidance for use. ASIS SPC.1-2009, ORGANIZATIONAL RESILIENCE STANDARD 3 ISO/IEC 27001:2005, Information technology Security techniques Information security management systems Requirements. I

    48、SO 28000:2007, Specification for security management systems for the supply chain. 3. TERMS AND DEFINITIONS An extensive Glossary of terms appears in Annex D. ASIS SPC.1-2009, ORGANIZATIONAL RESILIENCE STANDARD 4 4. ORGANIZATIONAL RESILIENCE (OR) MANAGEMENT SYSTEM REQUIREMENTS Figure 2: Organization

    49、al Resilience (OR) Management System Flow Diagram 4.1 General Requirements The organization shall establish, document, implement, maintain, and continually improve an organization resilience (security, preparedness, and continuity) management system in accordance with the requirements of this Standard, and determine how it will fulfill these requirements. ASIS SPC.1-2009, ORGANIZATIONAL RESILIENCE STANDARD 5 4.1.1 Scope of OR Management System The organization shall define and document the scope of its OR management system. In defining the scope, the organizat


    注意事项

    本文(ANSI SPC.1-2009 Organizational Resilience Security Preparedness and Continuity Management Systems CRequirements with Guidance for Use.pdf)为本站会员(eveningprove235)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开