1、InvestigationsASIS INTERNATIONAL ANSI/ASIS INV.1-2015STANDARDThe worldwide leader in security standards and guidelines developmentANSI/ASIS INV.1-2015 an American National Standard INVESTIGATIONS Approved July 28, 2015 American National Standards Institute, Inc. ASIS International Abstract This Stan
2、dard provides guidance for conducting investigations. It provides guidance on establishing investigative programs as well as the conduct of individual investigations, including the competence and evaluation of investigators. ANSI/ASIS INV.1-2015 ii NOTICE AND DISCLAIMER The information in this publi
3、cation was considered technically sound by the consensus of those who engaged in the development and approval of the document at the time of its creation. Consensus does not necessarily mean that there is unanimous agreement among the participants in the development of this document. ASIS Internatio
4、nal standards and guideline publications, of which the document contained herein is one, are developed through a voluntary consensus standards development process. This process brings together volunteers and/or seeks out the views of persons who have an interest and knowledge in the topic covered by
5、 this publication. While ASIS administers the process and establishes rules to promote fairness in the development of consensus, it does not write the document and it does not independently test, evaluate, or verify the accuracy or completeness of any information or the soundness of any judgments co
6、ntained in its standards and guideline publications. ASIS is a volunteer, nonprofit professional society with no regulatory, licensing or enforcement power over its members or anyone else. ASIS does not accept or undertake a duty to any third party because it does not have the authority to enforce c
7、ompliance with its standards or guidelines. It assumes no duty of care to the general public because its works are not obligatory and because it does not monitor the use of them. ASIS disclaims liability for any personal injury, property, or other damages of any nature whatsoever, whether special, i
8、ndirect, consequential, or compensatory, directly or indirectly resulting from the publication, use of, application, or reliance on this document. ASIS disclaims and makes no guaranty or warranty, expressed or implied, as to the accuracy or completeness of any information published herein, and discl
9、aims and makes no warranty that the information in this document will fulfill any persons or entitys particular purposes or needs. ASIS does not undertake to guarantee the performance of any individual manufacturer or sellers products or services by virtue of this Standard or guide. In publishing an
10、d making this document available, ASIS is not undertaking to render professional or other services for or on behalf of any person or entity, nor is ASIS undertaking to perform any duty owed by any person or entity to someone else. Anyone using this document should rely on his or her own independent
11、judgment or, as appropriate, seek the advice of a competent professional in determining the exercise of reasonable care in any given circumstances. Information and other standards on the topic covered by this publication may be available from other sources, which the user may wish to consult for add
12、itional views or information not covered by this publication. ASIS has no power, nor does it undertake to police or enforce compliance with the contents of this document. ASIS has no control over which of its standards, if any, may be adopted by governmental regulatory agencies, or over any activity
13、 or conduct that purports to conform to its standards. ASIS does not list, certify, test, inspect, or approve any practices, products, materials, designs, or installations for compliance with its standards. It merely publishes standards to be used as guidelines that third parties may or may not choo
14、se to adopt, modify or reject. Any certification or other statement of compliance with any information in this document should not be attributable to ASIS and is solely the responsibility of the certifier or maker of the statement. All rights reserved. No part of this publication may be reproduced,
15、stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written consent of the copyright owner. Copyright 2015 ASIS International ISBN: 978-1-934904-76-3 ANSI/ASIS INV.1-2015 iii FOREWORD The informat
16、ion contained in this Foreword is not part of this American National Standard (ANS) and has not been processed in accordance with ANSIs requirements for an ANS. As such, this Foreword may contain material that has not been subjected to public review or a consensus process. In addition, it does not c
17、ontain requirements necessary for conformance to the Standard. ANSI guidelines specify two categories of requirements: mandatory and recommendation. The mandatory requirements are designated by the word shall and recommendations by the word should. Where both a mandatory requirement and a recommenda
18、tion are specified for the same criterion, the recommendation represents a goal currently identifiable as having distinct compatibility or performance advantages. About ASIS ASIS International (ASIS) is the largest membership organization for security management professionals that crosses industry s
19、ectors, embracing every discipline along the security spectrum from operational to cybersecurity. Founded in 1955, ASIS is dedicated to increasing the effectiveness of security professionals at all levels. With membership and chapters around the globe, ASIS develops and delivers board certifications
20、 and industry standards, hosts networking opportunities, publishes the award-winning Security Management magazine, and offers educational programs, including the Annual Seminar and Exhibitsthe security industrys most influential event. Whether providing thought leadership through the CSO Roundtable
21、for the industrys most senior executives or advocating before business, government, or the media, ASIS is focused on advancing the profession, and ensuring that the security community has access to intelligence, resources, and technology needed within the business enterprise. www.asisonline.org The
22、work of preparing standards and guidelines is carried out through the ASIS International Standards and Guidelines Committees, and governed by the ASIS Commission on Standards and Guidelines. An ANSI accredited Standards Development Organization (SDO), ASIS actively participates in the International
23、Organization for Standardization (ISO). The mission of the ASIS Standards and Guidelines Commission is to advance the practice of security management through the development of standardsand guidelines within a voluntary, nonproprietary, and consensus-based process, utilizing to the fullest extent po
24、ssible the knowledge, experience, and expertise of ASIS membership, security professionals, and the global security industry. Suggestions for improvement of this document are welcome. They should be sent to ASIS International, 1625 Prince Street, Alexandria, VA 22314-2818. Commission Members Charles
25、 Baley, Farmers Insurance Group, Inc. Michael Bouchard, Sterling Global Operations, Inc. Cynthia P. Conlon, CPP, Conlon Consulting Corporation William Daly, Control Risks Security Consulting Lisa DuBrock, Radian Compliance LLC Eugene Ferraro, CPP, CFE, PCI, SPHR, Convercent, Inc. F. Mark Geraci, CPP
26、, Purdue Pharma L.P., Chair Bernard Greenawalt, CPP, Securitas Security Services USA, Inc. Robert Jones, Socrates Ltd Glen Kitteringham, CPP, Kitteringham Security Group Inc. Michael Knoke, CPP, Express Scripts, Inc., Vice Chair Bryan Leadbetter, CPP, Alcoa Inc. Marc Siegel, Ph.D., Commissioner, ASI
27、S Global Standards Initiative Jose Miguel Sobron, United Nations Roger Warwick, CPP, Pyramid International Temi Group Allison Wylde, Consultant ANSI/ASIS INV.1-2015 iv At the time it approved this document, the INV Standards Committee, which is responsible for the development of this Standard, had t
28、he following members: Committee Members Committee Chairman: Marc Siegel, Ph.D., Commissioner, ASIS Global Standards Initiative Commission Liaison: Eugene Ferraro, CPP, CFE, PCI, SPHR, Convercent, Inc. Committee Secretariat: Sue Carioti, ASIS Secretariat Deborah Aebi, SPHR, McPherson Organization Con
29、sultants, LLC John Albanese, CPP, Independent Greg Alexander, CPP, CFE, Praxair, Inc. Frank Amoyaw, LandMark Security Limited Thomas Anderson, Independent Edgard Ansola, CISA, CISSP, CEH, CCNA, Asepeyo MATEPSS n151 Charles Atkinson Jr., A and K Investigations Don Aviv, CPP, PSP, PCI, Interfor Inc. W
30、illiam Badertscher, CPP, PMP, GSEC, Georgetown University David Bagnoni, CPP, Independent Lester Bain, CFE, Burke and Herbert Bank Pradeep Bajaj, Eagle Hunter Solutions Limited Michael Balentine, CPP, ConocoPhillips Company Luis Bauza, CPP, Purdue Pharma Dean Beers, CLI, CCDI, Independent Jay Beighl
31、ey, CPP, CFE, Nationwide Insurance Dennis Blass, CPP, PSP, CISSP, CFE, CHSP, Childrens of Alabama John Boal, CPP, PCI, Independent Michael Bouchard, Security Dynamics Group LLC Tom Bourgeois, CPP, Health Care Service Corporation Tena Bracy, SPHR, GPHR, CDM, Independent Marc Brenman, Independent Robe
32、rt Brzenchek, Independent Michael Brzozowski, CPP, PSP, Symcor Rod Buckingham, PCI, SaskGaming Gary Bukowicki, CPP, G4S Security Systems (Hong Kong) Ltd Keith Butler, Independent Louis Carpenter, Jr., CPP, AT b) Ethical; c) Lawful; d) Useful in meeting the intended objective(s); e) Minimally disrupt
33、ive to the organization and its operations; f) Able to provide feedback on procedure/policy deviations; and g) Value added, providing the highest return on investment without compromising the investigation. The guidance in this Standard provides a framework for establishing an investigation program
34、and conducting individual investigations within the overall program. It uses the PDCA Model approach to facilitate integration of an investigation program into any risk and resilience based management system. It describes establishing and managing an investigation program as well as conducting indiv
35、idual investigations. The competence of investigators is the foundation for conducting reliable investigations. This Standard provides competence criteria for investigators conducting investigations. Investigators understand their activities involve interacting with people; therefore, there is a nee
36、d to build rapport, trust, and confidence while avoiding the creation of an adversarial atmosphere. Good investigative techniques project a sense of fairness based on an impartial approach. An investigation supports the achievement of the objectives of the organization; therefore, it adds value and
37、may lead to opportunities for improvement. Good investigative techniques help identify and understand root causes of any problems, thereby supporting proactive improvements to avoid a recurrence. Organizations should adapt this guidance to fit the specific needs, size, nature and level of maturity o
38、f their risk management system. This Standard can be used by anybody involved in the investigative process supporting the achievement of the organizations objectives. ANSI/ASIS INV.1-2015 xiv 0.2 Investigation Defined For the purposes of this Standard: An investigation is a fact-finding process of l
39、ogically, methodically, and lawfully gathering and documenting information for the specific purpose of objectively developing a reasonable conclusion based on the facts learned through this process. An investigation is conducted to reveal information and facts that can be used to support conclusions
40、 about an allegation, assertion, claim, or process. By focusing on uncovering facts and essential information needed to reach conclusions and solve problems, a properly conducted investigation can provide additional benefits, such as: a) Increased awareness of policies and procedures of the organiza
41、tion; b) A means to analyze and identify process and system failures; c) Providing actionable information to resolve problems and mitigate consequences; d) Providing an informed response to litigation and regulatory actions; e) Identifying and understanding the root causes of an incident to prevent
42、a recurrence; and f) A basis for improvement of the organizations operations and activities. This definition applies to public and private organizations. It covers the broad range of investigations, from preemployment screening, to administrative and internal inquiries, to criminal matters, to alleg
43、ations of improprieties. The value of investigative capabilities may be measured in terms of recovery, restitution, risk reduction, and process improvements. Investigations may differ in terms of legal authorities, resource allocations, and use of outcomes based on jurisdictional laws, policies, and
44、 procedures. This Standard examines investigative functions which may be conducted with internal and external resources, or a combination of both. 0.3 Managing Investigation Programs and Individual Investigations The investigation program establishes the overall investigation process. The investigat
45、ion program is the overarching organizational structure, resources, commitment, and documented methods used to plan and execute investigations. An effective program is built by clearly defining the investigation objectives. A competent person should manage the investigation program and the necessary
46、 resources (including qualified personnel and sufficient time) should be committed to meet the program objectives. Priority should be given to gathering and assessing information significant to the mission of the organization and meeting legal, ethical, and contractual obligations. Individual invest
47、igations within the overall investigation program are conducted within a clearly defined scope consistent with achieving the objectives of the overall investigation program. This Standard also provides guidance on the preparation for and execution of individual investigations. ANSI/ASIS INV.1-2015 x
48、v 0.4 Plan-Do-Check-Act Model This Standard adopts the PDCA model from Total Quality Management (TQM). Figure 1 illustrates the model. ActStandardize Solution Review and Define Next IssuesDoDevise a SolutionDevelop Detailed Action Plan b) Methodically implement the program; c) Monitor, measure, and
49、evaluate progress; d) Identify, prevent, or remedy problems as they occur; e) Assess competence requirements and train persons working on the organizations behalf; and f) Provide top management with a feedback loop to assess progress and make appropriate changes to the investigation program. Furthermore, it contributes to information management within the organization, thereby improving operational efficiency. In conjunction with the PDCA model, this Standard uses a process approach for the investigation program. An investigation program is a compilation of a system o
