ISO 14298:2013 pdf download.Graphic technology — Management of security printing processes
4 Context of the organization
4.1 Understanding the organization and its context
The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its security printing management system.
4.2 Understanding the needs and expectations of interested parties
The organization shall determine:
— the interested parties that are relevant to the security printing management system, and
— the requirements of these interested parties.
Certification is only possible if the organization has followed the regulations of the certification
procedure and if it has established a security printing management system in accordance with the
specifications of this procedure. Furthermore the security printing management system has to comply
with laws and regulations in force.
4.3 Determining the scope of the security printing management system
The organization shall determine the boundaries and applicability of the security printing management
system to establish its scope.
When determining this scope, the organization shall consider:
— the external and internal issues referred to in 4.1, and
— the requirements referred to in 4.2.
The scope shall be available as documented information.
4.4 Security printing management system
The organization shall establish, implement, maintain and continually improve a security printing management system in accordance with the requirements of this International Standard including the processes needed as outlined in normative Annex A and their interactions.
It is recognized that customer requirements may exceed the requirements of this International Standard so the security printing management system also addresses customer requirements that are beyond the scope of this International Standard.
The organization shall conduct a risk assessment on at least the following:
a) Customer-related risk
EXAMPLE Unauthorized purchase, distribution or illegal use of a product by a customer.
b) Information-related risk
EXAMPLE Unwanted, unintended, prompted or unprompted disclosure of information.
c) Security material, product and waste-related risk
EXAMPLE Theft, damage, sabotage or loss of security materials.
d) Supply chain-related risk
EXAMPLE Any subversion or compromise of the security of the organization’s security products and related services at any point in the supply chain.
e) Physical intrusion and access-related risk
EXAMPLE Intrusion into sensitive physical areas.
f) Personnel-related risk
EXAMPLE Personnel fraud or unauthorized actions.
g) Disaster-related risk
EXAMPLE Security breakdowns that result from either man-made or natural disasters.
h) Security failure-related risk
EXAMPLE Occurrence of security breaches.
i) Security management-related risk
EXAMPLE Lack of security management competences.
j) Use of machinery-related risk
EXAMPLE Unauthorized use of the means of production.
k) Sales of equipment-related risk
EXAMPLE Sale, distribution of any equipment or component for illegal use.
l) Transportation-related risk
EXAMPLE Theft, modification, damage or destruction of products, security raw materials and security
features during loading, unloading, storage and transportation.
m) Any additional security-related risks unique to the organization
This risk assessment shall be the basis for the establishment of a security plan (see 6.3).
NOTE ISO 31000 contains guidance for risk assessment.
5 Leadership
5.1 Leadership and commitment
Top management shall demonstrate leadership and commitment with respect to the security printing management system by:
a) ensuring that the security policy and security objectives are established and are compatible with the strategic direction of the organization;
b) ensuring the integration of the security printing management system requirements into the organization’s business processes;
c) ensuring that the resources needed for the security printing management system are available;
d) communicating the importance of effective security printing management and of conforming to the security printing management system requirements, including customer, legal, and regulatory requirements;
e) ensuring that the security printing management system achieves its intended outcome(s);
f) directing and supporting persons to contribute to the effectiveness of the security printing management system;
g) promoting continual improvement;
h) supporting other relevant management roles to demonstrate their leadership as it applies to their areas of responsibility;
i) developing and implementing the security printing management system and continually improving its effectiveness;
j) ensuring that a risk assessment is conducted on a continuous basis to ascertain any needed changes
in the security printing management system;
k) ensuring that security requirements are understood and met;
l) reviewing the operation of the security printing management system;
m) assuring conformance to the requirements of this International Standard.ISO 14298 pdf download.ISO 14298-2013 pdf download