BS ISO 14298:2021 pdf download – Graphic technology — Management of security printing processes

BS ISO 14298:2021 pdf download – Graphic technology — Management of security printing processes 6.2 Security objectives and planning to achieve them The organization shall establish security objectives at relevant functions and levels. The security objectives shall: a) be consistent with the security policy; b) be measurable (if practicable); c) take into account applicable requirements; d) take into account results of the risk assessment; e) be monitored; f) be communicated; g) be updated as appropriate. When planning how to achieve its security objectives, the organization shall determine: — what will be done; — what resources will be required; — who will be responsible; — when it will be completed; — how the results will be evaluated. The organization shall retain documented information on the security objectives. 6.3 Security printing management system planning Top management shall ensure that: a) the planning of the security printing management system is carried out in order to meet the security objectives and requirements; b) the integrity of the security printing management system is maintained when it is changed. To give assurance that the security requirements are met, the organization shall establish a security plan based upon the risk assessment established in 4.4. The security plan shall: — document the processes needed for implementation and maintenance of the security printing management system; — document security requirements related to the organization’s processes; — document criteria and methods to ensure that the operation and control of these processes are effective; — ensure the availability of resources and information necessary to support security; — ensure these processes are monitored and analysed; — ensure the continuous evaluation and mitigation of the threats and risks to the organization. 7 Support 7.1 Resources The organization shall determine and provide the resources needed for: a) the establishment, implementation, maintenance and continual improvement of the security printing management system; b) meeting security requirements. 7.2 Competence The organization shall: — determine the necessary competence and trustworthiness of person(s) doing work under its control that affects its security management system performance; — ensure that these persons are competent on the basis of appropriate education, training, skills or experience; — where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken; — retain appropriate documented information as evidence of competence; — determine the talents, skills, knowledge, and capabilities each person needs to carry out his or her assigned responsibilities; — make...