ACS Assessor Guide - Security Industry Authority

ACS Assessor GuideSection 4 – Criterion Specific Guidelines: Criteria 55.1 An SIA Approved Contractor can demonstrate that it has effective management information systems for all aspects of its business with appropriateback-ups and contingencies.5.1.4 Personnel records and other key information are maintained in accordance with legal requirements.Clarification:‘Information’ referred to in this section relates to all the information held by an organisationincluding that held on personal computers. The section is looking to determine how well theorganisation manages records and information.There are statutory requirements for the keeping of personnel records and financial records.Assessors should ensure their personal knowledge is maintained.www.businesslink.gov.uk is a useful link for statutory information.Applicant organisations may wish to refer to the current British Standard relating toinformation security.Linkages with other Indicators:5.1.1 Information key to the business has been identified and is produced and delivered in aneffective and timely manner to relevant employees and other stakeholders.5.1.2 Relevant versions of applicable documents are available at the point of use.5.1.3 Adherence to the Data Protection Act 1998 is apparent.6.1.4 Employee records are maintained.7.1.1 Leaders can demonstrate, relevant to sector, knowledge of the legislative framework,common law, working practice, and industry standards/codes of practice.Ref: ISO9001; BS7858; BS7960;BS7958; BS7499; BS7984Test: what are the organisation’s procedures for backing up information? who has access to employee records? is there an audit trail of record accessing? what is kept in relation to financial records e.g.:• accounts• invoices• expenses etc.103The contents of this publication are copyright ©2013 Security Industry Authority, all rights reserved. No part of the contents may be reproduced or transmitted in any form, by any means without prior written permission of the copyright owner.