Framework for Voluntary Preparedness - Association of Contingency ...

More documents

Recommendations

Info

Appendix D C R O S S W A L K O F R E L E V A N T R E G U L A T I O N S Framework For Voluntary Preparedness Core Elements SEC NASD HIPAA FFIEC NERC Policy statement and management commitment Scope, program roles, responsibilities, and resources Risk identification, assessments and criticality impact analyses, including legal and other requirements Prevention and Mitigation Evaluation and Planning • Strategic: prioritization, objectives, targets and dependencies • Tactical: plans for avoidance, prevention, deterrence, readiness, mitigation, response, continuity, and recovery Incident management (procedures and controls before, during and after a disruption, including emergency management of people, business operations and technology) • Operational procedures and contingency plans • Communications and warning • Application and business function resiliency • Document, information and data control and backup • Execution resources, responsibilities and finances Recovery • Rebuild, repair, restore, renovate Awareness and training Exercises and testing • Post-mortem learning Program revision and improvement • Corrective actions Non-Core Elements Specific to Regulated Industries SEC NASD HIPAA FFIEC NERC • Emergency Mode Operation Plan (security) • Enterprise wide • Independent Audit • Insurance Planning Page 19
Appendix E A C C R E D I T A T I O N A N D C E R T I F I C A T I O N ( R E G I S T R A T I O N ) B O D I E S Framework For Voluntary Preparedness Relevant Standards Other Relevant Standards Director y of Bodies Accreditation Bodies An organization (usually a national standards body associated with ISO) that checks certification bodies and, provided their certification assessment processes pass muster, accredits them i.e. grants them the authority to issue recognized certificates. Cer tification (Registration) Bodies An independent external body that issues written assurance (the certificate) that it has audited a management system and verified that it conforms to the requirements specified in the standard. Cer tification Guidelines Or ganizations Implements standard – may seek formal recognition (certification) by a specialized third party body. • ISO/IEC 17011:2004, Conformity assessment -- General requirements for accreditation bodies accrediting conformity assessment bodies • ISO/IEC 17040:2005, Conformity assessment -- General requirements for peer assessment of conformity assessment bodies and accreditation bodies • ISO/IEC 17021:2006, Conformity assessment -- Requirements for bodies providing audit and certification of management systems • ISO 19011:2002, Guidelines for quality and/or environmental management systems auditing • ISO/PAS 22399:2007 or • ASIS Organizational Resilience: Preparedness and Continuity Management - Best Practices Standard or • NFPA 1600:2007 Standard on Disaster/Emergency Management and Business Continuity Programs or • BS 25999-2 • etc. • ISO/IEC 27006:2007, Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems • ISO 28003:2007, Security management systems for the supply chain -- Requirements for bodies providing audit and certification of supply chain security management systems • ISO/PAS 22399:2007 or • ASIS Organizational Resilience: Preparedness and Continuity Management - Best Practices Standard or • NFPA 1600:2007 Standard on Disaster/Emergency Management and Business Continuity Programs or • BS 25999-2 • There are over 50 accreditation bodies worldwide. For a complete list: http://www.compad.com.au/clients/ iaf/indexPrev.phpupdaterUrlPrev= articles&artId=145 • There is one accreditation body listed in the United States: ANAB: American National Standards Institute - American Society for Quality National Accreditation Board LLC For a list of certification bodies, go to http://www.anab.org/Directory/Directo ry_Search.asp Note: Auditors from the certifying body must demonstrate competence both in ISO 19011:2002, as well as the standard against which they are auditing the organization. Page 20
Page 1 and 2: Report Prepared For Paula J. Olsiew
Page 3 and 4: Framework For Voluntary Preparednes
Page 15 and 16: Appendix C C R O S S W A L K O F S
Page 17 and 18: Common Elements Awareness, Competen
Page 19: Framework For Voluntary Preparednes

Framework for Voluntary Preparedness - Association of Contingency ...

Create successful ePaper yourself

Delete template?

Save as template?