ImageVerifierCode 换一换
格式:PDF , 页数:18 ,大小:295.44KB ,
资源ID:547486      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-547486.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(BS 8549-2016 Security consultancy Code of practice《安全咨询业务 实施规程》.pdf)为本站会员(confusegate185)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

BS 8549-2016 Security consultancy Code of practice《安全咨询业务 实施规程》.pdf

1、BS 8549:2016Security consultancy Code of practiceBSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06Publishing and copyright informationThe BSI copyright notice displayed in this document indicates when the documentwas last issued. The British Standards Institution 2016

2、Published by BSI Standards Limited 2016ISBN 978 0 580 90715 9ICS 03.080.20; 13.310The following BSI references relate to the work on this document:Committee reference GW/3/-/26Draft for comment 16/30326057 DCPublication historyFirst published, November 2006Second (present) edition, August 2016Amendm

3、ents issued since publicationDate Text affectedBS 8549:2016 BRITISH STANDARDContentsForeword ii1 Scope 12 Normative references 13 Terms and definitions 14 The consultancy 25 Personnel 46 Consultancy service 77 Implementation, verification and testing 9AnnexesAnnex A (informative) Example code of con

4、duct 11Bibliography 12Summary of pagesThis document comprises a front cover, an inside front cover, pages i to ii,pages 1 to 12, an inside back cover and a back cover.BRITISH STANDARD BS 8549:2016 The British Standards Institution 2016 iForewordPublishing informationThis British Standard is publishe

5、d by BSI Standards Limited, under licence fromThe British Standards Institution, and came into effect on 31 August 2016. It wasprepared by Subcommittee GW/3/-/26, Security Consultancy, under the authorityof Technical Committee GW/3, Private Security Management implementation, verification and testin

6、g; the addition of Annex A, Example code of conduct.As a code of practice, this British Standard takes the form of guidance andrecommendations. It should not be quoted as if it were a specification andparticular care should be taken to ensure that claims of compliance are notmisleading.Any user clai

7、ming compliance with this British Standard is expected to be able tojustify any course of action that deviates from its recommendations.Presentational conventionsThe provisions of this standard are presented in roman (i.e. upright) type. Itsrecommendations are expressed in sentences in which the pri

8、ncipal auxiliaryverb is “should”.Commentary, explanation and general informative material is presented insmaller italic type, and does not constitute a normative element.Requirements in this standard are drafted in accordance with Rules for thestructure and drafting of UK standards, subclause J.1.1,

9、 which states,“Requirements should be expressed using wording such as: When tested asdescribed in Annex A, the product shall .”. This means that only those productsthat are capable of passing the specified test will be deemed to conform to thisstandard.Contractual and legal considerationsThis public

10、ation does not purport to include all the necessary provisions of acontract. Users are responsible for its correct application.Compliance with a British Standard cannot confer immunity from legalobligations.BRITISH STANDARDBS 8549:2016ii The British Standards Institution 20161 ScopeThis British Stan

11、dard gives recommendations for the management, resourcingand operation for the provision of contracted security consultancy services.NOTE 1 The services offered by a security consultancy might include, but are notlimited to:a) assessing and identifying security risks to the customers organization;b)

12、 advising on the adequacy of resilience, existing procedures, defences andprocesses and outlining areas of possible improvement;c) development and maintenance of policies and plans etc.;d) strategic planning;e) crisis management;f) budget management;g) providing training to the customers members of

13、staff;h) pre-employment screening;i) workplace investigation, see also BS 102000;j) asset and lone worker tracking;k) acting as an expert witness in court cases (civil and criminal); andl) compliance management.This British Standard also assists procurers wishing to contract such services toensure t

14、he service fits the end user requirements and risk profile.NOTE 2 Security consultancy services can be provided by any legally defined tradingstyle, e.g. self-employed, a sole trader, a partnership, a limited liability partnership oran incorporated company.2 Normative referencesThe following referen

15、ced documents are indispensable for the application ofthis document. For dated references, only the edition cited applies. For undatedreferences, the latest edition of the referenced document (including anyamendments) applies.BS 7858, Security screening of individuals employed in a security environm

16、ent Code of practice3 Terms and definitionsFor the purposes of this British Standard the following terms and definitionsapply.3.1 customerindividual(s), public or corporate body retaining the services of a consultancy3.2 deliverablemeasurable and tangible outcome of the project as agreed with the cu

17、stomer3.3 milestonecheckpoint within the life of the project identifying when one or multiplegroups of activities have been completedBRITISH STANDARD BS 8549:2016 The British Standards Institution 2016 13.4 operational centrecentre where activities of a business, organization, etc. are administrated

18、 andtake placeNOTE This can be physical or virtual.3.5 scope of workdocument detailing specific contractual services3.6 security consultancyindividual or organization that is the prime provider of contracted servicesNOTE This definition also applies to a security consultant acting in a self-employed

19、capacity, a sole trader, a partnership, limited liability partnership or an incorporatedcompany.3.7 security consultantindividual giving advice with regard to:a) security policies, processes and procedures in relation to any risk to property,people or other tangible/intangible assets; orb) the use o

20、f any services involving the activities of security operatives3.8 security operativeindividual or company that performs activities relating to the provision ofsecurity services3.9 supplierindividual or company (and the persons employed, including all levels ofsubcontractor, by that individual or com

21、pany) that provides the consultancy withinformation, equipment and/or labour which is used in providing the service tothe customer3.10 technical expertindividual who provides specific knowledge or expertise for the fulfilment of thecontract4 The consultancy4.1 Code of conductThe consultancy should p

22、roduce a code of conduct which sets out its approachto services, by which it abides and which is available to the customer.The code of conduct should cover, but not be limited to, the consultancysvalues, obligations, duties, practices and compliance.In particular, the code of conduct should include:

23、a) responsibility and accountability;b) honesty and integrity;c) conflicts of interest;d) compliance with the law;e) authority, respect and courtesy;f) equality;g) confidentiality;h) general conduct; andBRITISH STANDARDBS 8549:20162 The British Standards Institution 2016i) challenging and reporting

24、improper conduct.NOTE 1 An example code of conduct is given in Annex A.NOTE 2 Attention is drawn to the Data Protection Act 1998 1.4.2 StructureThe consultancy should have a clearly defined management structure showingcontrol and accountability at each level of operation.Details of the consultancy o

25、wner should be made available. Any relevantunspent criminal convictions, business failures or liquidations, or undischargedbankruptcy of the owner should be disclosed on request.NOTE Attention is drawn to the Rehabilitation of Offenders Act 1974, as amended2, whose provisions, if applicable, govern

26、such disclosure.Details of the consultant(s) responsible for the delivery of the contracted servicesshould be established and their curriculum vitae and details of experience madeavailable to customers on request.4.3 SubcontractorsWhere the customer permits the use of subcontractors, they should be

27、requiredto comply with the consultancys code of conduct, see 4.1.4.4 FinancesThe consultancy should act with financial probity and have in place theresources and financial controls to provide the contracted services.Supplier and subcontractor fees should be paid promptly and within contractedtimesca

28、les.4.5 InsuranceThe consultancy should possess all necessary insurance cover commensurate withthe contracted services provided and the number of persons employed, e.g.professional indemnity, public liability, efficacy liability, employers liability, whichshould be made available on request.4.6 Admi

29、nistrative office and/or operational centreThe consultancy should have an administrative office(s) and/or operationalcentre(s) where records, professional and business documents, certificates,correspondence, files and other documents necessary for conducting businesstransactions are held in accordan

30、ce with 4.7.4.7 Documented informationSeparate records (hardcopy or electronic) maintained for each customer,employee, sub-contractor and supplier should be held in an accessible andsecure manner and retained for an agreed period after which they should besecurely destroyed. Where no requirement for

31、 the period of retention ofdocuments exists, records should be kept for a minimum of 12 months fromcessation of contract, after which they should be securely destroyed. Amendedand/or updated records should be identifiable by date and clearlydistinguishable from previous versions.NOTE 1 Attention is

32、drawn to the Data Protection Act 1998 1 and associatedguidance note.NOTE 2 Attention is also drawn to the fact that certain records have a statutoryminimum retention period and/or are covered by other Acts.BRITISH STANDARD BS 8549:2016 The British Standards Institution 2016 34.8 Information backupBa

33、ckup copies of information, software and system images should be taken andregularly tested in accordance with company policy.Copies should be securely stored separately in a different location or, if notpossible, in a different fire zone within the same location.NOTE Attention is drawn to BS ISO/IEC

34、 27001.4.9 Complaints managementThe consultancy should operate a complaints management system.NOTE Further guidance on complaints management is given in BS ISO 10002.5 PersonnelCOMMENTARY ON CLAUSE 5A nationally recognized body or agency could undertake the personnel processesand validations outline

35、d in this clause on behalf of the consultancy.5.1 Selection and security screeningAll personnel who have access to information and/or property of the customeror the consultancy should be screened in accordance with BS 7858 and be boundby an agreement to keep confidential such information indefinitel

36、y, unlessotherwise authorized in writing.NOTE Higher levels of security screening might be required as appropriate to thecontracted services.The consultancy service provider should ensure that all personnel are obliged todeclare immediately any changes to the information obtained during theselection

37、 process.5.2 Disciplinary codeAll personnel should be instructed that the following (including the aiding andabetting of others) could constitute a breach of the terms and conditions ofengagement:a) neglecting to complete a required task at work promptly and diligently,without sufficient cause;b) le

38、aving a place of work without permission, or without sufficient cause;c) making or signing any false statements, of any description;d) destroying, altering or erasing documents, records or electronic datawithout permission or through negligence;e) divulging matters confidential to the organization o

39、r customer, either pastor present, without permission;f) soliciting or receipt of gratuities or other consideration from any person;g) failure to account for keys, money, information or property received inconnection with business;h) incivility to persons encountered in the course of duties, or misu

40、se ofauthority in connection with business;i) conduct in a manner likely to bring discredit to the organization, customeror a fellow employee;j) use of uniform, equipment or identification without permission;BRITISH STANDARDBS 8549:20164 The British Standards Institution 2016k) reporting for duty un

41、der the influence of alcohol or restricted drugs, or useof these whilst on duty;l) failure to notify the employer immediately of any:1) conviction for a criminal and/or motoring offence;2) indictment for any offence;3) police caution;4) legal summons;5) refusal, suspension or withdrawal (revocation)

42、 of a licence.NOTE 1 An example of such a licence would be a Security Industry Authority(SIA) licence. For definitions see the SIA website,http:/www.sia.homeoffice.gov.uk/Pages/home.aspx.m) permitting unauthorized access to a customers premises;n) carrying of equipment not issued as essential to an

43、employees duties, or useof a customers equipment or facilities without permission; ando) not maintaining agreed standards of appearance and deportment whilst atwork.NOTE 2 This list is not exhaustive and does not necessarily include all actions withina company policy that could or could not constitu

44、te criminal offences.5.3 IdentificationPersons who have been screened in accordance with 5.1 should be issued withan identity card incorporating, as a minimum, the following information:a) the name, address and telephone number of the consultancy;b) the name, job title and signature of the holder;c)

45、 the expiry date of the card (not more than three years from the date ofissue); andd) a current photograph of the holder.Identity cards should be presented to the customer on request.Old or out of date identity cards should be formally withdrawn from personsrenewing their cards. Cards should be retu

46、rned when an employee leaves theemployment of the consultancy, and destroyed in a secure manner.A record of identity cards issued should be maintained. This record should alsoindicate the status and location of withdrawn cards, e.g. whether they havebeen destroyed or lost, or where they are held by

47、the employee/organization.5.4 Training5.4.1 GeneralThe consultancy should have a clearly defined and documented training policyand should ensure that the training outlined in 5.4.2, 5.4.3 and 5.4.4 is given asa minimum.5.4.2 InductionThe consultancy should provide induction training in matters relat

48、ing to itsconditions of employment, structure and procedures for all employees. Thisinduction training should be additional to the competence recommendationsin 5.4.3.BRITISH STANDARD BS 8549:2016 The British Standards Institution 2016 55.4.3 CompetenceSecurity consultants should be able to demonstra

49、te that they have undergonetraining on the main aspects of security consultancy which could include, whererelevant:a) threat and risk assessment;b) security audits, surveys and reviews;c) security strategy, management, policy and procedures;d) crisis management and business continuity planning;e) physical security;f) electronic security systems;g) manned guarding;h) IT and information security;i) health and safety;j) construction design and management regulations (CDM);k) fire safety;l) investigative practice;m) human rights;n) civil and crimi

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1