by Brianna Crandall — July 4, 2014—ASIS International has released a new standard that provides guidance for establishing and managing an audit program, as well as conducting individual audits consistent with the ISO 19011 and ISO/IEC 17021 standards. ASIS, the worldwide organization for security professionals, is an ANSI Accredited Standards Developer.
The latest in the five-part series of ASIS resilience standards that offer a holistic, business friendly approach to risk and resilience management, the Auditing Management Systems: Risk, Resilience, Security, and Continuity—Guidance for Application American National Standard (ANSI/ASIS SPC.2-2014) will help practitioners evaluate risk and resilience-based management systems, establish and manage an audit program, conduct individual audits, and identify competence criteria for auditors who conduct conformity assessments of management risk and reliance-based management systems.
“The credibility of any audit program, be it security, crisis, or continuity management, depends on a defined process using competent auditors,” says Dr. Marc H. Siegel, commissioner of the ASIS Global Standards Initiative. “The SPC.2 standard provides a step-by-step process for establishing an audit program and conducting individual audits. It will enable organizations to evaluate their performance and identify opportunities for improvement.”
Applicable to both private and public sector organizations, the standard provides generic concepts of auditing a risk and resilience-based management system. Organizations should adapt this guidance to fit the specific needs, size, nature and level of maturity of their risk and resilience based management system, advises ASIS. An Executive Summary is available on the ASIS Web site.
For those interested in learning more about this standard, ASIS will offer an education session at its ASIS 2014 conference in Atlanta on Wednesday, October 1, called “Management System Auditing—Being Relaxed When the Auditor Arrives.”
