by Shane Henson — June 11, 2014—ASIS International, the global organization for security professionals, recently released a new standard that provides organizations with guidance on establishing and managing an audit program, as well as conducting individual audits consistent with the ISO 19011 and ISO/IEC 17021 standards.
The Auditing Management Systems: Risk, Resilience, Security, and Continuity—Guidance for Application American National Standard (SPC 2) standard helps practitioners evaluate risk and resilience-based management systems, establish and manage an audit program, conduct individual audits, and identify competence criteria for auditors who conduct conformity assessments of management risk and reliance-based management systems. SPC 2 is the latest of the organization’s five-part series of resilience standards, which were developed to offer a holistic, business-friendly approach to risk and resilience management.
Applicable to both private and public sector organizations, the standard provides generic concepts of auditing a risk and resilience-based management system. Organizations can adapt this guidance to fit the specific needs, size, nature, and level of maturity of their risk and resilience-based management system, says ASIS.
