ASIS International this week released a new standard designed to provide guidance for those establishing and managing an audit program, as well as conducting individual audits consistent with the ISO 19011 and ISO/IEC 17021 standards.
The organization said this standard is the latest in a five-part series of resilience standards that offer a holistic, business-friendly approach to risk and resilience management. The “Auditing Management Systems: Risk, Resilience, Security, and Continuity—Guidance for Application American National Standard (SPC 2)” will help security practitioners evaluate risk and resilience-based management systems, establish and manage an audit program, conduct individual audits, and identify competence criteria for auditors who conduct conformity assessments of management risk and reliance-based management systems.
“The credibility of any audit program, be it security, crisis, or continuity management, depends on a defined process using competent auditors,” said Dr. Marc H. Siegel, commissioner of the ASIS Global Standards Initiative. “The SPC.2 standard provides a step-by-step process for establishing an audit program and conducting individual audits. It will enable organizations to evaluate their performance and identify opportunities for improvement.”
Applicable to both private and public sector organizations, ASIS said the standard provides generic concepts of auditing a risk and resilience-based management system. Organizations should adapt this guidance to fit their specific needs, size, nature and level of maturity of their risk and resilience-based management system.