8.1.2 Performance of Security-Related Functions
This section focuses on establishing procedures for the performance of security-related functions. It also emphasizes the importance of maintaining appropriate documents and records. Here are the specific requirements and associated documents/records:
1. Protection of People and Assets:
- Requirements: Develop procedures to protect people, tangible and intangible assets, and other security-related functions.
- Associated Documents:
- Security Operations Manual: Outlines security procedures and protocols.
- Risk Assessment Reports: Provide insights into identified risks and potential vulnerabilities.
- Associated Records:
- Risk Assessment Records: Document risk assessment findings and actions taken.
2. Risk Management:
- Requirements: Establish procedures for managing risks identified in the risk assessment.
- Associated Documents:
- Risk Assessment Reports: Detail identified risks and their mitigation strategies.
- Associated Records:
- Risk Assessment Records: Record risk assessment outcomes and mitigation efforts.
3. Client and Authority Requirements:
- Requirements: Develop procedures to address specific functions required by clients or competent authorities.
- Associated Documents:
- Client Security Requirements: Document client-specific security expectations.
- Associated Records:
- Client Communication Records: Maintain records of client communication and agreements.
4. Context-Specific Functions:
- Requirements: Establish procedures for handling context-specific security functions and tasks.
- Associated Documents:
- Standard Operating Procedures (SOPs): Define step-by-step procedures for specific security tasks.
- Training Materials: Provide guidance and resources for training personnel.
- Incident Response Plan: Outline steps to follow in case of security incidents.
- Change Control Records: Document changes made to security procedures.
- Associated Records:
- Training Records: Track personnel training and competency.
- Incident Reports: Record details of security incidents and responses.
- Audit and Inspection Records: Document findings from security audits and inspections.
- Change Control Records: Track changes to security procedures.
- Context-Specific Records: Maintain records related to context-specific security functions.
By following these detailed requirements and maintaining the associated documents and records, organizations can ensure the effective performance of security-related functions, compliance with client and authority requirements, and adaptive responses to context-specific security needs. This approach aligns with ISO 18788 standards and supports ongoing improvement in security operations.
