fbpx

CIMSNex User Guides

System Guides

SOMS Guides
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

8.1.1 General Requirements:

  1. Process Planning and Control: The organization must plan, implement, and control its processes to meet its requirements and objectives, as outlined in Clause 6.1 of the ISO 18788 standard.

  2. Establishing Criteria: Criteria must be established for these processes to ensure they meet the organization's standards and requirements.

  3. Process Control: The organization should implement controls for its processes based on the established criteria.

  4. Documented Information: Documented information should be maintained to ensure confidence that the processes have been carried out as planned.

  5. Identifying Associated Activities: The organization must identify activities associated with significant risks and align them with its security operations management policy, risk assessment, objectives, and targets.

  6. Compliance: These activities should help the organization comply with legal and regulatory requirements, protect the client's reputation, adhere to local and international laws (including humanitarian and human rights laws), ensure the well-being of personnel, respect local communities, and implement risk management controls.

  7. Documented Procedures: The organization should establish, implement, and maintain documented procedures to control situations where the absence of such procedures could lead to deviations from the SOMS policy, objectives, and targets.

  8. Change Control: Planned changes must be controlled, and unintended changes should be reviewed to assess their consequences. Necessary actions should be taken to mitigate adverse effects.

  9. Outsourced Processes: The organization is responsible for ensuring that outsourced processes are also controlled to meet its security and management objectives.

This above provides a foundation for organizations to establish, document, and maintain processes that align with ISO 18788 requirements and promote effective security operations management. It emphasizes the importance of planning, control, compliance, risk management, and documentation in achieving security objectives.

 

SOMS Guides
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

8.1.2 Performance of Security-Related Functions

This section focuses on establishing procedures for the performance of security-related functions. It also emphasizes the importance of maintaining appropriate documents and records. Here are the specific requirements and associated documents/records:

1. Protection of People and Assets:

  • Requirements: Develop procedures to protect people, tangible and intangible assets, and other security-related functions.
  • Associated Documents:
    • Security Operations Manual: Outlines security procedures and protocols.
    • Risk Assessment Reports: Provide insights into identified risks and potential vulnerabilities.
  • Associated Records:
    • Risk Assessment Records: Document risk assessment findings and actions taken.

2. Risk Management:

  • Requirements: Establish procedures for managing risks identified in the risk assessment.
  • Associated Documents:
    • Risk Assessment Reports: Detail identified risks and their mitigation strategies.
  • Associated Records:
    • Risk Assessment Records: Record risk assessment outcomes and mitigation efforts.

3. Client and Authority Requirements:

  • Requirements: Develop procedures to address specific functions required by clients or competent authorities.
  • Associated Documents:
    • Client Security Requirements: Document client-specific security expectations.
  • Associated Records:
    • Client Communication Records: Maintain records of client communication and agreements.

4. Context-Specific Functions:

  • Requirements: Establish procedures for handling context-specific security functions and tasks.
  • Associated Documents:
    • Standard Operating Procedures (SOPs): Define step-by-step procedures for specific security tasks.
    • Training Materials: Provide guidance and resources for training personnel.
    • Incident Response Plan: Outline steps to follow in case of security incidents.
    • Change Control Records: Document changes made to security procedures.
  • Associated Records:
    • Training Records: Track personnel training and competency.
    • Incident Reports: Record details of security incidents and responses.
    • Audit and Inspection Records: Document findings from security audits and inspections.
    • Change Control Records: Track changes to security procedures.
    • Context-Specific Records: Maintain records related to context-specific security functions.

By following these detailed requirements and maintaining the associated documents and records, organizations can ensure the effective performance of security-related functions, compliance with client and authority requirements, and adaptive responses to context-specific security needs. This approach aligns with ISO 18788 standards and supports ongoing improvement in security operations.

 

 

SOMS Guides
Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

8.1.3 Respect for Human Rights and Associated Procedures:

This section emphasizes the need for procedures to ensure the respectful treatment of all individuals and the reporting of any non-conformance with respect to human rights. It also includes the requirement to communicate these procedures to all individuals working on behalf of the organization. Here's a detailed breakdown:

1. Respectful Treatment and Human Rights:

  • Requirements: Establish procedures that promote the treatment of all individuals with dignity and respect for their human rights.
  • Associated Documents:
    • Human Rights Policy: Outlines the organization's commitment to respecting human rights.
    • Code of Conduct: Specifies expected behavior and adherence to human rights principles.
  • Associated Records:
    • Reports of Non-Conformance: Document instances where human rights are not respected or non-conformances occur.

2. Communication of Procedures:

  • Requirements: Develop procedures for communicating these human rights principles and procedures to all individuals working on behalf of the organization.
  • Associated Documents:
    • Human Rights Policy: Communicate the organization's commitment to human rights.
    • Code of Conduct: Communicate behavioral expectations and human rights principles.
  • Associated Records:
    • Acknowledgment of Receipt: Maintain records of individuals acknowledging receipt and understanding of the human rights policies and procedures.

By establishing, implementing, and maintaining these procedures, organizations can ensure that all individuals associated with their operations are treated with dignity and respect for their human rights. Additionally, the organization can promptly address any non-conformance with these principles and comply with contractual, legal, and regulatory requirements related to security operations and human rights.

 

USER GUIDES

Image
SIMPLIFYING IMPLEMENTATION OF ISO STANDARDS, providing specialized guidance through reliable Expert Knowledge and Software to help you obtain and maintain your ISO certification.

More Links

FEATURED STANDARDS

ISO 27001 - Information Security

ISO 20000 - IT Service Management

ISO 22301 - Business Continuity

ISO 9001 - Quality Management

ISO 45001 - Health & Safety

ISO Compliance Software
Integrate . Mantain . Comply

Search