1、Maturity Model for the Phased Implementation of a Quality Assurance Management System for Private Security Service ProvidersA S I S I N T E R N A T I O N A L STANDARDAMERICAN NATIONAL1625 Prince StreetAlexandria, Virginia 22314-2818 USA+1.703.519.6200Fax: +1.703.519.6299www.asisonline.org ANSI/ASIS
2、PSC.3-201342726_Cover-R1.indd 1-2 3/21/2013 9:54:07 AMASIS International (ASIS) is the preeminent organization for security professionals, with more than 38,000 members worldwide. Founded in 1955, ASIS is dedicated to increasing the effectiveness and productivity of security professionals by develop
3、ing educational programs and materials that address broad security interests, such as the ASIS Annual Seminar and Exhibits, as well as specific security topics. ASIS also advocates the role and value of the security management profession to business, the media, governmental entities, and the general
4、 public. By providing members and the security community with access to a full range of programs and services, and by publishing the industrys number one magazine, Security Management, ASIS leads the way for advanced and improved security performance. For more information, visit www.asisonline.org.4
5、2726_Cover-R1.indd 3-4 3/21/2013 9:54:07 AMANSI/ASIS PSC.3-2013 an American National Standard MATURITY MODEL FOR THE PHASED IMPLEMENTATION OF A QUALITY ASSURANCE MANAGEMENT SYSTEM FOR PRIVATE SECURITY SERVICE PROVIDERS Approved January 29, 2013 American National Standards Institute, Inc. ASIS Intern
6、ational Abstract This Standard will benefit private security service providers (PSCs) in improving their quality of services consistent with respect for human rights and legal and contractual obligations. It provides a basis for managing risk while reducing costs, demonstrating legal compliance, enh
7、ancing stakeholder relations, and meeting client expectations. The model outlines 6 phases ranging from no process in place for quality assurance management, to going beyond the requirements of the Standard. Criteria based on core elements of ANSI/ASIS PSC.1-2012, Management System for Quality of Pr
8、ivate Security Company Operations - Requirements with Guidance can be used to demonstrate continual improvement and are compatible with rewards and recognition programs. 85869_ASFIS_Rev0_1-52.pdf 185869_ASFIS_Rev0_1-52.pd2.pdff 1 3/21/13 11:54 AM3/21/13 11:54 AMANSI/ASIS PSC.3-2013 ii NOTICE AND DIS
9、CLAIMER The information in this publication was considered technically sound by the consensus of those who engaged in the development and approval of the document at the time of its creation. Consensus does not necessarily mean that there is unanimous agreement among the participants in the developm
10、ent of this document. ASIS International standards and guideline publications, of which the document contained herein is one, are developed through a voluntary consensus standards development process. This process brings together volunteers and/or seeks out the views of persons who have an interest
11、and knowledge in the topic covered by this publication. While ASIS administers the process and establishes rules to promote fairness in the development of consensus, it does not write the document and it does not independently test, evaluate, or verify the accuracy or completeness of any information
12、 or the soundness of any judgments contained in its standards and guideline publications. ASIS is a volunteer, nonprofit professional society with no regulatory, licensing or enforcement power over its members or anyone else. ASIS does not accept or undertake a duty to any third party because it doe
13、s not have the authority to enforce compliance with its standards or guidelines. It assumes no duty of care to the general public, because its works are not obligatory and because it does not monitor the use of them. ASIS disclaims liability for any personal injury, property, or other damages of any
14、 nature whatsoever, whether special, indirect, consequential, or compensatory, directly or indirectly resulting from the publication, use of, application, or reliance on this document. ASIS disclaims and makes no guaranty or warranty, expressed or implied, as to the accuracy or completeness of any i
15、nformation published herein, and disclaims and makes no warranty that the information in this document will fulfill any persons or entitys particular purposes or needs. ASIS does not undertake to guarantee the performance of any individual manufacturer or sellers products or services by virtue of th
16、is standard or guide. In publishing and making this document available, ASIS is not undertaking to render professional or other services for or on behalf of any person or entity, nor is ASIS undertaking to perform any duty owed by any person or entity to someone else. Anyone using this document shou
17、ld rely on his or her own independent judgment or, as appropriate, seek the advice of a competent professional in determining the exercise of reasonable care in any given circumstances. Information and other standards on the topic covered by this publication may be available from other sources, whic
18、h the user may wish to consult for additional views or information not covered by this publication. ASIS has no power, nor does it undertake to police or enforce compliance with the contents of this document. ASIS has no control over which of its standards, if any, may be adopted by governmental reg
19、ulatory agencies, or over any activity or conduct that purports to conform to its standards. ASIS does not list, certify, test, inspect, or approve any practices, products, materials, designs, or installations for compliance with its standards. It merely publishes standards to be used as guidelines
20、that third parties may or may not choose to adopt, modify or reject. Any certification or other statement of compliance with any information in this document shall not be attributable to ASIS and is solely the responsibility of the certifier or maker of the statement. All rights reserved. No part of
21、 this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written consent of the copyright owner. Copyright 2013 ASIS International ISBN: 978-1-934904-45-9 85869_ASF
22、IS_Rev0_1-52.pdf 285869_ASFIS_Rev0_1-52.pd2.pdf2f 2 3/21/13 11:54 AM3/21/13 11:51/13 11:54 AM4 AMANSI/ASIS PSC.3-2013 iii FOREWORD The information contained in this Foreword is not part of this American National Standard (ANS) and has not been processed in accordance with ANSIs requirements for an A
23、NS. As such, this Foreword may contain material that has not been subjected to public review or a consensus process. In addition, it does not contain requirements necessary for conformance to the Standard. ANSI guidelines specify two categories of requirements: mandatory and recommendation. The mand
24、atory requirements are designated by the word shall and recommendations by the word should. Where both a mandatory requirement and a recommendation are specified for the same criterion, the recommendation represents a goal currently identifiable as having distinct compatibility or performance advant
25、ages. About ASIS ASIS International (ASIS) is the preeminent organization for security professionals, with more than 38,000 members worldwide. ASIS is dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs and materials that address br
26、oad security interests, such as the ASIS Annual Seminar and Exhibits, as well as specific security topics. ASIS also advocates the role and value of the security management profession to business, the media, government entities, and the public. By providing members and the security community with ac
27、cess to a full range of programs and services, and by publishing the industrys No. 1 magazine Security Management ASIS leads the way for advanced and improved security performance. The work of preparing standards and guidelines is carried out through the ASIS International Standards and Guidelines C
28、ommittees, and governed by the ASIS Commission on Standards and Guidelines. An ANSI accredited Standards Development Organization, ASIS actively participates in the International Organization for Standardization. The Mission of the ASIS Standards and Guidelines Commission is to advance the practice
29、of security management through the development of standards and guidelines within a voluntary, nonproprietary, and consensus-based process, utilizing to the fullest extent possible the knowledge, experience, and expertise of ASIS membership, security professionals, and the global security industry.
30、Suggestions for improvement of this document are welcome. They should be sent to ASIS International, 1625 Prince Street, Alexandria, VA 22314-2818, USA. Commission Members Charles A. Baley, Farmers Insurance Group, Inc. Jason L. Brown, Thales Australia Michael Bouchard, Sterling Global Operations, I
31、nc. John C. Cholewa III, CPP, Mentor Associates, LLC Cynthia P. Conlon, CPP, Conlon Consulting Corporation William J. Daly, Control Risks Security Consulting Lisa DuBrock, Radian Compliance Eugene F. Ferraro, CPP, PCI, CFE, Business Controls, Inc. F. Mark Geraci, CPP, Purdue Pharma L.P., Chair Berna
32、rd D. Greenawalt, CPP, Securitas Security Services USA, Inc. Robert W. Jones, Socrates Ltd Glen Kitteringham, CPP, Kitteringham Security Group, Inc. Michael E. Knoke, CPP, Express Scripts, Inc., Vice Chair 85869_ASFIS_Rev0_1-52.pdf 385869_ASFIS_Rev0_1-52.pd2.pdf3f 3 3/21/13 11:54 AM3/21/13 11:51/13
33、11:54 AM4 AMANSI/ASIS PSC.3-2013 iv Bryan Leadbetter, CPP, Bausch particularly those operating in circumstances of weakened governance where the rule of law has been undermined due to human or naturally caused events. The Standard accommodates diverse jurisdictional, geographical, cultural, operatio
34、nal, and social environments. Adopting a process for the phased implementation of a QAMS (“maturity model”) helps the organization determine how to manage change and cost-effectively address the uncertainty in achieving its objectives. The purpose of this Standard is to improve and demonstrate consi
35、stent and predictable quality of services provided by PSCs while maintaining the safety and security of their operations and clients within a framework that aims to ensure respect for human rights, national and international laws, and fundamental freedoms. Given the finite resources of organizations
36、, it is imperative that they have tools to address the array of threats, hazards, and risks they may face. The maturity model described in this Standard helps organizations establish, implement, and maintain a QAMS (e.g., ANSI/ASIS PSC.1-2012) to better manage the risks of potentially undesirable an
37、d disruptive events through anticipation, assessment, prevention, protection, mitigation, response, and recovery. Throughout this Standard, reference is made to managing risks. PSCs inherently operate in high risk environments. The organization needs not only to manage risks related to its operation
38、s and internal stakeholders, but also those related to external stakeholders upon whom the organization impacts and who can impact the organization. Therefore, the organization must also consider the risks related to its clients, as well as impacted communities. Sources of risk include, but are not
39、exclusive to: legal, security, safety, human resources, cultural, environmental, financial, socio-political, and operational factors. In order to provide a quality of service while demonstrating respect for human life and rights and in order to fulfill contractual obligations, the organization shoul
40、d strive to proactively treat risks minimizing the likelihood and consequences of undesirable and disruptive events. Risk management objectives need to support the organizations quality assurance management objectives. This Standard identifies six phases of maturity to achieve continual improvement
41、of quality assurance through a management framework. The maturity model helps organizations achieve the benefits of quality assurance management by “phasing in” a system tied to the organizations business needs and economic realities, emphasizing a priority to protect life and 85869_ASFIS_Rev0_1-52.
42、pdf 985869_ASFIS_Rev0_1-52.pd2.pdf9f 9 3/21/13 11:54 AM3/21/13 11:51/13 11:54 AM4 AMANSI/ASIS PSC.3-2013 x respect human rights, national and international laws, and fundamental freedoms. The maturity model enhances an organizations capacity to manage quality assurance to better prevent when possibl
43、e, mitigate, respond to, and recover from undesirable and disruptive events. The body of this document provides criteria to plan, do, check, and act, in order to drive continual improvement of the management system. This model outlines six phases of implementation of ANSI/ASIS PSC.1-2012, ranging fr
44、om a pre-awareness phase (no process in place for quality assurance management) to holistic management (going beyond the requirements of ANSI/ASIS PSC.1-2012), to promote quality assurance management with stakeholders. Using this maturity model, an organization can achieve and maintain an appropriat
45、e level of quality assurance management with respect for legal obligations and human rights as part of an organizations culture. The maturity model for the phased implementation of ANSI/ASIS PSC.1-2012 is a series of steps designed to help organizations evaluate where they currently are with regard
46、to quality assurance management, create a business case for a QAMS, establish goals for achievement, benchmark where they are relative to those goals, and plot a business-sensible path to attain conformance with ANSI/ASIS PSC.1-2012. Standards are designed to promote managed and repeatable performan
47、ce. Managed and repeatable performance will be achieved by moving to a level appropriate for the organization with the goal being to achieve full conformance with ANSI/ASIS PSC.1-2012 and going beyond conformance to the sixth step whenever possible. This Standard is designed so that it can be integr
48、ated with quality, safety, environmental, information security, risk, resilience, and other management systems within an organization. A suitably designed maturity model for phased implementation can thus satisfy the requirements of other management systems standards. Organizations that have adopted
49、 a management system (e.g., according to ANSI/ASIS SPC.1-2009, ISO 9001:2000, ISO 14001:2004, ISO 28000:2005, and/or ISO/IEC 27001:2005) are encouraged to use this Standard in conjunction with their existing management systems. 0.2 Human Rights Protection While states and their entities must respect, uphold, and protect human rights, all segments of society (public, private, and not-for-profit) have a shared responsibility to act in a way that respects and does not negatively impact upon human rights and fundamental freedoms. States, clients, and PSCs have a share
