1、Conformity Assessment and Auditing Management Systems for Quality of Private Security Company OperationsA S I S I N T E R N A T I O N A L STANDARDAMERICAN NATIONALANSI/ASIS PSC.2-2012ANSI/ASIS PSC.2-2012 an American National Standard CONFORMITY ASSESSMENT AND AUDITING MANAGEMENT SYSTEMS FOR QUALITY
2、OF PRIVATE SECURITY COMPANY OPERATIONS Approved April 27, 2012 American National Standards Institute, Inc. ASIS International Abstract This Standard provides requirements and guidance for conducting conformity assessment of the ANSI/ASIS PSC.1-2012, Management System for Quality of Private Security
3、Company Operations Requirements with Guidance Standard. It provides requirements for bodies providing auditing and third party certification of Private Security Company Operations (PSCs) private security providers working for any client in conditions where governance and the rule of law have been un
4、dermined by conflict or disaster. It provides requirements and guidance on the management of audit programs, conduct of internal or external audits of the management system and private security company operations, as well as on competence and evaluation of auditors. ANSI/ASIS PSC.2-2012 ii NOTICE AN
5、D DISCLAIMER The information in this publication was considered technically sound by the consensus of those who engaged in the development and approval of the document at the time of its creation. Consensus does not necessarily mean that there is unanimous agreement among the participants in the dev
6、elopment of this document. ASIS International standards and guideline publications, of which the document contained herein is one, are developed through a voluntary consensus standards development process. This process brings together volunteers and/or seeks out the views of persons who have an inte
7、rest and knowledge in the topic covered by this publication. While ASIS administers the process and establishes rules to promote fairness in the development of consensus, it does not write the document and it does not independently test, evaluate, or verify the accuracy or completeness of any inform
8、ation or the soundness of any judgments contained in its standards and guideline publications. ASIS is a volunteer, nonprofit professional society with no regulatory, licensing or enforcement power over its members or anyone else. ASIS does not accept or undertake a duty to any third party because i
9、t does not have the authority to enforce compliance with its standards or guidelines. It assumes no duty of care to the general public, because its works are not obligatory and because it does not monitor the use of them. ASIS disclaims liability for any personal injury, property, or other damages o
10、f any nature whatsoever, whether special, indirect, consequential, or compensatory, directly or indirectly resulting from the publication, use of, application, or reliance on this document. ASIS disclaims and makes no guaranty or warranty, expressed or implied, as to the accuracy or completeness of
11、any information published herein, and disclaims and makes no warranty that the information in this document will fulfill any persons or entitys particular purposes or needs. ASIS does not undertake to guarantee the performance of any individual manufacturer or sellers products or services by virtue
12、of this standard or guide. In publishing and making this document available, ASIS is not undertaking to render professional or other services for or on behalf of any person or entity, nor is ASIS undertaking to perform any duty owed by any person or entity to someone else. Anyone using this document
13、 should rely on his or her own independent judgment or, as appropriate, seek the advice of a competent professional in determining the exercise of reasonable care in any given circumstances. Information and other standards on the topic covered by this publication may be available from other sources,
14、 which the user may wish to consult for additional views or information not covered by this publication. ASIS has no power, nor does it undertake to police or enforce compliance with the contents of this document. ASIS has no control over which of its standards, if any, may be adopted by governmenta
15、l regulatory agencies, or over any activity or conduct that purports to conform to its standards. ASIS does not list, certify, test, inspect, or approve any practices, products, materials, designs, or installations for compliance with its standards. It merely publishes standards to be used as guidel
16、ines that third parties may or may not choose to adopt, modify or reject. Any certification or other statement of compliance with any information in this document shall not be attributable to ASIS and is solely the responsibility of the certifier or maker of the statement. All rights reserved. No pa
17、rt of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written consent of the copyright owner. Copyright 2012 ASIS International ISBN: 978-1-934904-36-7 ANSI
18、/ASIS PSC.2-2012 iii FOREWORD The information contained in this Foreword is not part of this American National Standard (ANS) and has not been processed in accordance with ANSIs requirements for an ANS. As such, this Foreword may contain material that has not been subjected to public review or a con
19、sensus process. In addition, it does not contain requirements necessary for conformance to the Standard. ANSI guidelines specify two categories of requirements: mandatory and recommendation. The mandatory requirements are designated by the word shall and recommendations by the word should. Where bot
20、h a mandatory requirement and a recommendation are specified for the same criterion, the recommendation represents a goal currently identifiable as having distinct compatibility or performance advantages. This conformity assessment standard provides generic auditable criteria and informative guidanc
21、e. About ASIS ASIS International (ASIS) is the preeminent organization for security professionals, with 38,000 members worldwide. ASIS is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs and materials that address broad security
22、interests, such as the ASIS Annual Seminar and Exhibits, as well as specific security topics. ASIS also advocates the role and value of the security management profession to business, the media, government entities, and the public. By providing members and the security community with access to a ful
23、l range of programs and services and by publishing the industrys No. 1 magazine Security Management - ASIS leads the way for advanced and improved security performance. The work of preparing standards and guidelines is carried out through the ASIS International Standards and Guidelines Committees an
24、d governed by the ASIS Commission on Standards and Guidelines. An ANSI accredited Standards Development Organization (SDO), ASIS actively participates in the International Organization for Standardization. The Mission of the ASIS Standards and Guidelines Commission is to advance the practice of secu
25、rity management through the development of standards and guidelines within a voluntary, nonproprietary, and consensus-based process, utilizing to the fullest extent possible the knowledge, experience, and expertise of ASIS membership, security professionals, and the global security industry. Suggest
26、ions for improvement of this document are welcome. They should be sent to ASIS International, 1625 Prince Street, Alexandria, VA 22314-2818, USA. Commission Members Charles A. Baley, Farmers Insurance Group, Inc. Jason L. Brown, Thales Australia Steven K. Bucklin, Glenbrook Companies, Inc. John C. C
27、holewa III, CPP, Mentor Associates, LLC Cynthia P. Conlon, CPP, Conlon Consulting Corporation Michael A. Crane, CPP, IPC International Corporation William J. Daly, Control Risks Security Consulting Lisa DuBrock, Radian Compliance Eugene F. Ferraro, CPP, PCI, CFE, Business Controls, Inc. F. Mark Gera
28、ci, CPP, Purdue Pharma L.P., Chair Bernard D. Greenawalt, CPP, Securitas Security Services USA, Inc. Robert W. Jones, Socrates Ltd Glen Kitteringham, CPP, Kitteringham Security Group, Inc. ANSI/ASIS PSC.2-2012 iv Michael E. Knoke, CPP, Express Scripts, Inc., Vice Chair Bryan Leadbetter, CPP, Bausch
29、b) Describes the process that needs to be followed to conduct attestation of fulfillment of the requirements of the standard ANSI/ASIS PSC.1-2012, Management System for Quality of Private Security Company Operations Requirements with Guidance; c) Provides requirements and guidance for conducting con
30、formity assessment of the ANSI/ASIS PSC.1-2012, Management System for Quality of Private Security Company Operations Requirements with Guidance Standard; d) Provides requirements for bodies providing auditing and third party certification of PSCs working for any client (public, private, non-governme
31、ntal, or not-for-profit); e) Provides requirements and guidance on the management of audit programs, conduct of internal or external audits of the management system and PSC operations, as well as on competence and evaluation of auditors; and f) Provides confidence and information to internal and ext
32、ernal stakeholders that the requirements of the ANSI/ASIS PSC.1-2012 are being met. Conformity assessment is the process used to demonstrate that a product, service, management system, or body meets specified criteria and requirements; in the case of this Standard, the criteria and requirements of t
33、he ANSI/ASIS PSC.1-2012. There are three types of conformity assessment: a) First party - Carried out by the organization itself or by someone working on behalf of the organization. It is a self-assessment and self-declaration. b) Second party - Performed by a client or customer of the organization.
34、 c) Third party - Performed by a body that is independent of the organization that provides the product/services and is not a user of the product/services. An independent certification body certifies that another organization complies with the standard and issues it with a certificate to this effect
35、. Certification of a quality assurance management system (“certification”) is a third-party conformity assessment activity. Bodies performing this activity are therefore third-party conformity assessment bodies (“certification body”). ANSI/ASIS PSC.2-2012 2 NOTE 1: Certification of a management syst
36、em is sometimes also called “registration” and certification bodies are sometimes called “registrars”. NOTE 2: A certification body can be non-governmental or governmental (with or without regulatory authority). NOTE 3: This Standard is primarily intended to be used as a criteria document for the ac
37、creditation or peer assessment of certification bodies which seek to be recognized as being competent to certify that quality assurance management system complies with ANSI/ASIS PSC.1-2012. It is also intended to be used as a criteria document by regulatory authorities and clients of PSCs which enga
38、ge in direct recognition of certification bodies to certify that a quality assurance management system complies with ANSI/ASIS PSC.1-2012. The Standards requirements may also be useful by any other parties involved in the conformity assessment of such certification bodies. Organizations can use the
39、concepts and requirements of this Standard for first and second party conformity assessment provided that the requirements are adapted as necessary. It is recommended that organizations implementing the ANSI/ASIS PSC.1-2012 use the procedures described in this Standard in conjunction with the ISO 19
40、011:2011 to conduct their internal audit activities. 2 NORMATIVE REFERENCES The following documents contain information which, through reference in this text, constitutes foundational knowledge for the use of this American National Standard. At the time of publication the editions indicated were val
41、id. All material is subject to revision and parties are encouraged to investigate the possibility of applying the most recent editions of the material indicated below. a) ISO 9000:2005, Quality management systems Fundamentals and vocabulary.1 b) ISO/IEC 17000:2004, Conformity assessment Vocabulary a
42、nd general principles.1 c) ISO/IEC 17021:2011, Conformity assessment Requirements for bodies providing audit and certification of management systems.1 d) ISO 19011:2011, Guidelines for auditing management systems.1 e) ANSI/ASIS PSC.1-2012, Management System for Quality of Private Security Company Op
43、erations - Requirements with Guidance.2 f) International Code of Conduct for Private Security Service Providers (11/2010).3 g) Montreux Document on pertinent international legal obligations and good practices for States related to operations of private military and security companies during armed co
44、nflict (09/2008).4 1 This document is available at 2 This document is available at . 3This document is available at . 4 This document is available at . ANSI/ASIS PSC.2-2012 3 3 TERMS AND DEFINITIONS For the purposes of this document these terms and definitions and those given in ISO 9000, ISO/IEC 17
45、000, ISO/IEC 17021, ISO 19011, and in ANSI/ASIS PSC.1-2012 apply. Term Definition 3.1 accreditation Third-party attestation related to a conformity assessment body conveying formal demonstration of its competence to carry out specific conformity assessment tasks. ISO/IEC 17000:2006 3.2 accreditation
46、 body Authoritative body that performs accreditation. ISO/IEC 17000:2006 NOTE: The authority of an accreditation body is generally derived from government. 3.3 attestation Issue of a statement, based on a decision following review, that fulfillment of specified requirements has been demonstrated. IS
47、O/IEC 17000:2006 NOTE: The resulting statement, referred to in this International Standard as a “statement of conformity” conveys the assurance that the specified requirements have been fulfilled. Such an assurance does not, of itself, afford contractual or other legal guarantees. 3.4 audit Systemat
48、ic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled. ISO19011:2011 NOTE 1: Internal audits, sometimes called first party audits, are conducted by the organization itself, or on its behalf
49、, for management review and other internal purposes (e.g., to confirm the effectiveness of the management system or to obtain information for improvement of the management system). Internal audits can form the basis for an organizations self-declaration of conformity. In many cases, particularly in small organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited or freedom from bias and conflict of interest. NOTE 2: External audits include second and third party audits. Second party audits are conducted by
