BS ISO 14298:2021 pdf download – Graphic technology — Management of security printing processes
6.2 Security objectives and planning to achieve them
The organization shall establish security objectives at relevant functions and levels.
The security objectives shall:
a) be consistent with the security policy;
b) be measurable (if practicable);
c) take into account applicable requirements;
d) take into account results of the risk assessment;
e) be monitored;
f) be communicated;
g) be updated as appropriate.
When planning how to achieve its security objectives, the organization shall determine:
— what will be done;
— what resources will be required;
— who will be responsible;
— when it will be completed;
— how the results will be evaluated.
The organization shall retain documented information on the security objectives.
6.3 Security printing management system planning
Top management shall ensure that:
a) the planning of the security printing management system is carried out in order to meet the security objectives and requirements;
b) the integrity of the security printing management system is maintained when it is changed.
To give assurance that the security requirements are met, the organization shall establish a security plan based upon the risk assessment established in 4.4.
The security plan shall:
— document the processes needed for implementation and maintenance of the security printing management system;
— document security requirements related to the organization’s processes;
— document criteria and methods to ensure that the operation and control of these processes are effective;
— ensure the availability of resources and information necessary to support security;
— ensure these processes are monitored and analysed;
— ensure the continuous evaluation and mitigation of the threats and risks to the organization.
The organization shall determine and provide the resources needed for:
a) the establishment, implementation, maintenance and continual improvement of the security printing management system;
b) meeting security requirements.
The organization shall:
— determine the necessary competence and trustworthiness of person(s) doing work under its control that affects its security management system performance;
— ensure that these persons are competent on the basis of appropriate education, training, skills or experience;
— where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken;
— retain appropriate documented information as evidence of competence;
— determine the talents, skills, knowledge, and capabilities each person needs to carry out his or her assigned responsibilities;
— make sure each person understands how his or her work contributes to meeting security objectives and requirements;
— keep documented information of each person’s education, training, skills and experience.
NOTE Applicable actions can include, for example: the provision of training to, the mentoring of, or the reassignment of current employed persons; or the hiring or contracting of competent persons.
EXAMPLE Suitable and competent personnel has knowledge on rules and procedures in the organization concerning security.
Persons doing work under the organization’s control shall be aware of:
— the security policy;
— updates and changes of the policy in a timely manner;
— their contribution to the effectiveness of the security printing management system, including the benefits of improved security printing performance;
— the implications of not conforming with the security printing management system requirements.
The organization shall determine the need for internal and external communication relevant to the security printing management system including:
— on what it will communicate;
— when to communicate;
— with whom to communicate;
− how to communicate.
Top management shall set up an effective system of communication to ensure effective operation of the security printing management system.
7.5 Documented information
22.214.171.124 The organization’s security printing management system shall include:
a) documented information required by this document;
b) documented information determined by the organization as being necessary for the effectiveness of the security printing management system.BS ISO 14298 pdf download.