UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

ASIS SPC.2

Auditing Management Systems: Risk, Resilience, Security, and Continuity-Guidance for Application

active, Most Current
Buy Now
Organization: ASIS
Publication Date: 1 January 2014
Status: active
Page Count: 92
scope:

This Standard:

a) Is a sector specific standard based on the ISO 19011: 2011 and ISO/IEC 17021:2011;

b) Provides guidance for conducting conformity assessment of the ANSI/ASIS SPC.1-2009 Organizational Resilience: Security, Preparedness, and Continuity Management Systems - Requirements with Guidance for Use standard, as well as similar risk and resilience based management system standards (e.g., ISO 22301:2012, Societal security - Business continuity management systems - Requirements; ANSI/ASIS/BSI BCM.01-2010, Business Continuity Management Standard; ISO 28000:2007, Specification for security management systems for the supply chain; ASIS/ANSI PAP.1-2012, Security Management Standard: Physical Asset Protection; etc.);

c) Provides guidance on auditing risk and resilience based management system standards for the disciplines of risk, resilience, security, crisis, continuity, and recovery management, including principles of auditing, managing the audit program, and conducting audits, as well as evaluation of competence of persons involved in the audit process;

d) Describes the process of attestation of fulfillment of the requirements of a risk and resilience based management system standard for the disciplines of risk, resilience, security, crisis, continuity, and recovery management;

e) Provides guidance on the management of audit programs, conduct of internal or external audits of the management system and risk, resilience, security, crisis, continuity, and recovery management, as well as on competence and evaluation of auditors;

f) Provides guidance for bodies providing auditing and third party certification of risk and resilience based management system standards for the disciplines of risk, resilience, security, crisis, continuity, and recovery management; and

g) Provides confidence and information to stakeholders that the requirements of standards for risk, resilience, security, crisis, continuity, and recovery management are being met.

Organizations, of all types and sizes can use the concepts and guidance of this Standard. It is recommended that organizations implementing risk and resilience based management system standards use the procedures described in this Standard in conjunction with the ISO 19011:2011 to conduct their internal audit activities.

This Standard is a guidance document and not intended as a specification for third-party certification.

Document History

ASIS SPC.2
January 1, 2014
Auditing Management Systems: Risk, Resilience, Security, and Continuity-Guidance for Application
This Standard: a) Is a sector specific standard based on the ISO 19011: 2011 and ISO/IEC 17021:2011; b) Provides guidance for conducting conformity assessment of the ANSI/ASIS SPC.1-2009...

References

This document references:
ASIS BCM.01 - Business Continuity Management Systems: Requirements with Guidance for Use
Published by ASIS on January 1, 2010
SCOPE OF STANDARD This Standard specifies requirements for a business continuity management system (BCMS) to enable an organization to identify, develop, and implement policies, objectives,...
This document references:
ASIS PAP.1 - Security Management Standard: Physical Asset Protection
Published by ASIS on January 1, 2012
This Standard provides generic principles, requirements, and guidance as well as the framework for a management system to assist organizations in the design, implementation, monitoring, evaluation,...
This document references:
ASIS SPC.1 - Organizational Resilience: Security, Preparedness, and Continuity Management Systems–Requirements with Guidance for Use
Published by ASIS on January 1, 2009
This Standard specifies requirements for an organizational resilience (OR) management system to enable an organization to develop and implement policies, objectives, and programs taking into account...
This document references:
ISO 19011 - Guidelines for auditing management systems
Published by ISO on July 1, 2018
This document provides guidance on auditing management systems, including the principles of auditing, managing an audit programme and conducting management system audits, as well as guidance on the...
This document references:
ISO 31000 - Risk management - Guidelines
Published by ISO on February 1, 2018
This document provides guidelines on managing risk faced by organizations. The application of these guidelines can be customized to any organization and its context. This document provides a common...
This document is referenced by:
ASIS ORM.1 - Security and Resilience in Organizations and their Supply Chains-Requirements with Guidance
Published by ASIS on January 1, 2017
This Standard specifies requirements for an integrated management system for organizations and their supply chains. The organizational resilience management system (ORMS) enables an organization to...
This document is referenced by:
ISO 22313 - Security and resilience — Business continuity management systems — Guidance on the use of ISO 22301
Published by ISO on February 1, 2020
This document gives guidance and recommendations for applying the requirements of the business continuity management system (BCMS) given in ISO 22301. The guidance and recommendations are based on...
View Less
View All
Advertisement