Task 1 -- Standards in Security Flashcards
What is A standard?
A standard is a set of criteria, guidelines, and best practices that can be used to enhance the quality and reliability of products, services, or processes. Because of the world’s numerous national and international standards, many parts, processes, and systems work regardless of who creates or performs them, who uses them, and where they are used.
Standards are developed to address a market need or fill a gap in existing industry standards. They are coordinated through accredited standards developing organizations (SDOs), which bring together interested stakeholder from both the private and public sectors to collaborate in the identification of industry best practices. Standards serve as building blocks to innovation and competitiveness and provide a common language to promote domestic and international trade.
Standards are developed in accordance with the principles of consensus, openness, due process, and transparency. In the security arena, they can help nations, communities, societies, organizations, and individuals safeguard assets and improve resilience in the face of security threats, both natural and man-made.
– VOLUNTARY Standards
Standards from the International Organization for Standardization (ISO) and national standardization institutes are voluntary but widely adopted. Some have been integrated into various countries’ regulatory frameworks. ISO standards are relevant to assets protection and involve such issues as facilities management, health, environment and safety, risk management, security and resilience, and IT and information security. In the United States, voluntary standards are also set by trade or professional associations such as ASIS International that develop standards for security management. Other entities such as the National Fire Protection Association (NFPA) develop standards that are not all voluntary—rather some may be incorporated into regulations, such as building codes.
Several standards from Underwriters Laboratories (UL) relate to security equipment, such as locks, alarms, and access control systems. Other trade and professional associations, such as the Illuminating Engineering Society (lighting standards and practices) and the Electronic Industries Association (electronic components and products), create standards.
Statutory or Regulatory Standards
Statutory or regulatory standards are binding under the law and can be enforced by formal authorities.
Benefits of Standards
Standards may do one or all of the following:
Codify best practices and processes and share lessons learned.
Provide tools to assess threats, risks, vulnerabilities, criticalities, and impacts.
Define measurement methods.
Document equipment performance requirements to ensure effectiveness and safety.
Establish design requirements for devices, systems, and infrastructure to withstand threats.
Define effective methods for identification of individuals.
Enhance cross-jurisdictional information sharing and interoperability.
Provide for consistency of services
Increase knowledge and competency.
Mixed Standards
The distinction between statutory and voluntary standards becomes blurred when voluntary standards are incorporated into laws or regulations, as is the case in areas such as fire, construction, and life safety. In some situations, a standard may remain technically voluntary but obligatory in practice.
Management System Standards
Management systems standards are designed to help organizations improve the ways in which they provide services and perform processes; they are widely accepted and used in many fields and disciplines. The most prominent management systems standards are ISO 9001 on quality management systems, ISO 14001 on environmental management systems, and ISO 31000 on risk management.
The management systems approach encourages organizations to analyze organizational and stakeholder requirements and define processes that contribute to success. A management system provides the framework for continual improvement to increase the likelihood of achieving strategic, operational, tactical, and reputational objectives while enhancing the resilience of an organization.
Plan-Do-Check-Act Cycle
Plan-Do-Check-Act Cycle
The Plan-Do-Check-Act (PDCA) cycle is the operating principle of management systems standards. It is an approach to structured problem solving focused on continual improvement. Click on the ? below to learn more about each step.
