ACS Assessor Guide - Security Industry Authority

ACS Assessor GuideSection 4 – Criterion Specific Guidelines: Criteria 22.2 An SIA Approved Contractor can demonstrate that it has a sound plan to ensure continuity of service delivery.2.2.1 There is a sound plan to ensure continuity of service delivery.Clarification:The ACS standard is looking at how the applicant organisation manages incidents and crisiswithin the business. This is looking at the internal procedures rather than the handling ofincidents at a customer site which is addressed in another Indicator.The scope of the continuity plan will be dependent on the difficulty to recover after anincident or crisis.There must be some evidence that the plans have been reviewed, at least periodically orwhen new equipment is introduced.The extent to which the continuity plans are tested will vary dependent on the size ofapplicant organisation.Larger organisations may have a continuity plan, covering the full scope of the business, witha rigorous testing schedule that is implemented.Note that sectors, such as Key Holding, would consider all ‘call out’ as incidents and it isimportant that the assessor ensures the organisation understands the different requirements.Examples could include: how would you manage after a fire/flood/snowing in at your premises or travel towork area. what provision have you made for loss of data due to systems failure. identification of alternative offices. how do you store key files and equipment. how do you plan for the impact of PSIA licensing/renewals on your ability to cover allcontracts without a fall in standards. how would you continue to pay its employees if there was a breakdown in payrollsystems and procedures. how the company and individuals respond to threats against the organisation andcustomer sites.Good practice: Become familiar with your customers’ contingency plans to ensure compatibility. Design alternative manual procedures and test them for effectiveness. Key man insurance to cover loss of key management. All contingency plans are regularly tested and reviewed.Linkages with other Indicators:5.1.1 Information key to the business has been identified and is produced and delivered in aneffective and timely manner to relevant employees and other stakeholders.37The contents of this publication are copyright ©2013 Security Industry Authority, all rights reserved. No part of the contents may be reproduced or transmitted in any form, by any means without prior written permission of the copyright owner.