BS 16000-2015 pdf free download

BS 16000-2015 pdf free download.Security management Strategic and operational guIdelines.
4.4 Organization structure and roles and responsibilities
The organization should establish a security management structure, with an appropriate working group at its core. The organization should seek to build in efficiency and effectiveness by looking for opportunities to augment an existing group wherever possible, rather than create an additional group. This security management group, with appropriate terms of reference and membership to ensure full organizational representation, should be directly and clearly linked into the organization’s governance structure.
It is also probable that the organization will need to allocate new and additional roles and responsibilities to individuals. This shou’d be done formally, clearly and in writing, and should flow through into individuals’ objectives and performance rewards.
These roles and responsibilities should include the following.
a) Governing body
• Retaining overall accountability for security management.
• Identifying a specific member of top management with accountability for security.
• Providing clear direction to the member of top management.
• Demonstrating commitment to security management.
• Obtaining, and acting upon, evidence of the effectiveness or otherwise of security management.
b) Top management
• Ultimate accountability for the development and implementation of the security management framework and associated organization structure, as well as a security improvement programme to fully meet the agreed objectives, manage the security risks and contribute to the management of other risks to those objectives.
• Appointing a sufficiently dedicated and appropriately competent person to be responsible day-to-day for security, who has access to top management.
• Promoting security cultural change throughout the organization, by way of security awareness and appropriate security training for staff.
• Liaison with security, policing, regulatory and other agencies that either have responsibilities for delivering or facilitating security or an interest in sharing In the lessons from it.
• Active engagement, and mutual support, with peers who hold responsibility for both elements of security management and functions that support it.
• Coordination and facilitation of whatever security management group is established.
• Ongoing management of the human and other resources allocated to achieve appropriate security management.
• Ensuring the creation, operation and continuous improvement of the security management framework and lifecycle processes.
• Reporting to the identified governing body holding accountability for security management on all matters related to the effectiveness and efficiency of security management.
c) Staff
• Applying and remaining in compliance with policies and procedures in which they have been trained or made aware.
• Following security escalation processes for reporting of suspicious incidents!items, including near misses, and wwhistleblowing when this appears justified.
• Communicating information on threats, impacts and risks wherever and whenever they observe or suspect these.
4.5 Security advice
The selection, implementation and operation of the correct security solutions can be a daunting task for non-security decision-makers, as the security solutions available are numerous and their suitability is related to the organization’s risks and risk tolerance and what can be afforded, which is dependent upon budget availability.BS 16000-2015 pdf free download.