《BS-8549-2006.pdf》由会员分享,可在线阅读,更多相关《BS-8549-2006.pdf(14页珍藏版)》请在三一文库上搜索。
1、BS 8549:2006 Security consultancy Code of practice ICS 03.080.20, 13.310 NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW BRITISH STANDARD Licensed Copy: London South Bank University, London South Bank University, Sun Dec 24 03:57:23 GMT+00:00 2006, Uncontrolled Copy, (c) BSI P
2、ublishing and copyright information The BSI copyright notice displayed in this document indicates when the document was last issued. BSI 2006 ISBN 0 580 49409 8 The following BSI references relate to the work on this standard: Committee reference GW/3 Draft for comment 06/30127881 DC Publication his
3、tory First published November 2006 Amendments issued since publication Amd. no.DateText affected BS 8549:2006 Licensed Copy: London South Bank University, London South Bank University, Sun Dec 24 03:57:23 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BSI 2006i BS 8549:2006 Contents Foreword ii 1Scope 1
4、 2Normative references 1 3Terms and definitions 1 4The consultancy 2 5Personnel 3 6Consultancy service 6 Bibliography 9 Summary of pages This document comprises a front cover, an inside front cover, pages i and ii, pages 1 to 9 and a back cover. Licensed Copy: London South Bank University, London So
5、uth Bank University, Sun Dec 24 03:57:23 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS 8549:2006 ii BSI 2006 Foreword Publishing information This British Standard is published by BSI and came into effect on 30 November 2006. It was prepared by Technical Committee GW/3, Manned security services. A li
6、st of organizations represented on this committee can be obtained on request to its secretary. Information about this document This British Standard is based on PAS 49:2002, which is withdrawn. PAS 49 was drafted in conjunction with the Association of Security Consultants to provide an interim code
7、of practice for security consultants. NOTE Attention is drawn to the statutory requirements of the Private Security Industry Act 2001 1. Use of this document As a code of practice, this British Standard takes the form of guidance and recommendations. It should not be quoted as if it were a specifica
8、tion and particular care should be taken to ensure that claims of compliance are not misleading. Any user claiming compliance with this British Standard is expected to be able to justify any course of action that deviates from its recommendations. Presentational conventions The provisions in this st
9、andard are presented in roman (i.e. upright) type. Its recommendations are expressed in sentences in which the principal auxiliary verb is “should”. Commentary, explanation and general informative material is presented in smaller italic type, and does not constitute a normative element. The word “sh
10、ould” is used to express recommendations of this standard. The word “may” is used in the text to express permissibility, e.g. as an alternative to the primary recommendation of the clause. The word “can” is used to express possibility, e.g. a consequence of an action or an event. Notes and commentar
11、ies are provided throughout the text of this standard. Notes give references and additional information that are important but do not form part of the recommendations. Commentaries give background information. Contractual and legal considerations This publication does not purport to include all the
12、necessary provisions of a contract. Users are responsible for its correct application. Compliance with a British Standard cannot confer immunity from legal obligations. Licensed Copy: London South Bank University, London South Bank University, Sun Dec 24 03:57:23 GMT+00:00 2006, Uncontrolled Copy, (
13、c) BSI BSI 20061 BS 8549:2006 1 Scope This British Standard gives recommendations for the management, staffing and operation for the provision of contracted security consultancy services. Additionally, this code might assist those who wish to contract the services of a security consultant. 2 Normati
14、ve references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. BS 7858, Security screening of pers
15、onnel employed in a security environment Code of practice BS ISO 10002, Quality management Customer satisfaction Guidelines for complaints handling in organizations 3 Terms and definitions For the purposes of this British Standard the following terms and definitions apply. 3.1scope of work document
16、detailing specific contractual services 3.2customer individual(s), public or corporate body retaining the services of a consultancy 3.3consultancy individual or organization that is the prime provider of security consultancy services NOTE This definition also applies to a security consultant acting
17、in a self-employed capacity, a sole trader, a partnership or an incorporated company. 3.4security consultant individual giving advice about: a)security precautions or processes in relation to any risk to property, the person or other tangible/intangible assets; or b)the use of any services involving
18、 the activities of security operatives. NOTE This definition does not apply to any activities of a member of a relevant accountancy body that are carried: a)by him/her; b)by any firm of which he/she is a partner or by which he/she is employed; c)by any body corporate of which he/she is a director or
19、 member or by which he/she is employed. Licensed Copy: London South Bank University, London South Bank University, Sun Dec 24 03:57:23 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS 8549:2006 2 BSI 2006 3.5security operative individual or company that performs activities relating to the provision of
20、security services 3.6supplier individual or company (and the persons employed, including all levels of subcontractor, by that individual or company) that provides the consultancy with information, equipment and/or labour which is used in providing the service to the customer 3.7technical expert indi
21、vidual who provides specific knowledge or expertise for the fulfilment of the contract 4 The consultancy 4.1Professional integrity The consultancy should provide its services solely in the interest of the customer and where a conflict of interest arises the consultancy should declare such an interes
22、t immediately it is known. This includes, but is not restricted to: a)disclosure of any financial or personal interest in any work to be undertaken; b)disclosure of any unspent criminal convictions or undischarged bankruptcy of a principal and/or director; c)disclosure of any other circumstances tha
23、t can involve a conflict of interest. NOTE Attention is drawn to the requirements of the Data Protection Act 2. 4.2Structure The consultancy should make available to a prospective customer, if requested, details of its ownership, structure and experience. The consultancy should operate a complaints
24、management system in accordance with the guidance given in BS ISO 10002. 4.3Finances When the consultancy is trading as a sole trader or a partnership, it should prepare annual accounts in accordance with generally accepted accounting standards. NOTE Attention is drawn to the fact that a consultancy
25、 trading as a limited company is required to prepare annual accounts under the Companies Act 1989 3. Licensed Copy: London South Bank University, London South Bank University, Sun Dec 24 03:57:23 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BSI 20063 BS 8549:2006 4.4Insurance The consultancy should po
26、ssess public liability and professional indemnity insurance at a level of cover commensurate with the business undertaken, specific contractual requirements and the number of persons employed. NOTE Attention is drawn to statutory insurance such as vehicle and employer liability insurance. 4.5Premise
27、s The consultancy should have an administrative office(s) where records, professional and business documents, certificates, correspondence, files and other documents necessary for conducting business transactions (see 4.6) should be kept in a secure manner. 4.6Documents and data Separate records (ha
28、rdcopy or electronic) should be maintained for each customer, employee and supplier. The records should be held in an accessible and secure manner and should be retained for an agreed period after which they should be securely destroyed. If no agreement for the period of retention of documents exist
29、s, records should be kept for a minimum of 12 months from cessation of contract, after which they should be securely destroyed. NOTE Attention is drawn to the fact that certain records have a statutory minimum retention period and /or are covered by other Acts. Amended and/or updated records should
30、be identifiable by date and clearly distinguishable from previous versions. Information stored in an electronic retrieval system should be regularly backed-up. The back-up copies should be stored separately in a different location or at least in a different fire zone in the same location. 5 Personne
31、l NOTE A nationally recognized body or agency may undertake the personnel processes and validations outlined in this clause on behalf of the consultancy. 5.1Selection and screening Where an applicant for employment has access to information and/or property of the customer, full pre-employment enquir
32、ies should be carried out by the consultancy to confirm an applicants identity and to ensure that they are suitably qualified. All relevant experience and qualifications should be verified. All employees and/or suppliers and/or technical experts who have access to information and/or property of the
33、customer and/or the consultancy should be screened in accordance with BS 7858 for a minimum period of 10 years. Licensed Copy: London South Bank University, London South Bank University, Sun Dec 24 03:57:23 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS 8549:2006 4 BSI 2006 All employees and/or suppl
34、iers and/or technical experts who have access to information and/or property of the customer and/or the consultancy should be bound by an agreement to keep confidential such information indefinitely unless authorized otherwise in writing. NOTE Attention is drawn to the fact that security consultants
35、 might be required to be licensed in accordance with the Private Security Industry Act 2001 1. 5.2Disciplinary code The consultancy should advise employees of the offences, including the aiding and abetting of others in the same offences, which are regarded as a breach of employment, including as a
36、minimum the following: a)neglecting to complete a required task at work or an assignment, without sufficient cause; b)making or signing any false statements, of any description; c)destroying, altering or erasing documents, records or electronic data without permission; d)divulging matters confidenti
37、al to the consultancy or customer, either past or present, without permission; e)conduct in a manner likely to bring discredit to the profession, consultancy or customer; f)being unfit for the task through drugs or alcohol; g)withdrawal of license under the Private Security Industry Act 2001 1 (when
38、 applicable); h)being convicted of criminal offence(s). NOTE This list is not exhaustive and does not include actions that in any case constitute criminal offences. 5.3Identification Persons who have been screened in accordance with 5.1 should be issued with an identity card incorporating a minimum
39、of the following information: a)the name, address and telephone number of the consultancy; b)the name, job title and signature of the holder; c)the expiry date of the card (not more than 3 years from the date of issue); d)a current photograph of the holder. Identity cards should be presented to the
40、customer on request Identity cards should be formally withdrawn from persons renewing their cards or leaving the consultancy, and destroyed in a secure manner. Licensed Copy: London South Bank University, London South Bank University, Sun Dec 24 03:57:23 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS
41、I 20065 BS 8549:2006 5.4Training 5.4.1General The consultancy should have a clearly defined and documented training policy and should ensure that the training outlined in 5.4.2, 5.4.3 and 5.4.4 is given as a minimum. 5.4.2Induction The consultancy should provide induction training in matters relatin
42、g to its conditions of employment, structure and procedures for all employees. This induction training should be additional to the competence recommendations in 5.4.3. 5.4.3Competence Security consultants will normally be expert in a specific field or fields as a result of previous experience, howev
43、er, they should be able to demonstrate that they have undergone basic training on the main aspects of security consultancy with the following subjects as a minimum: a)threat and risk assessment; b)security audits and reviews; c)security policy, procedures, strategy and management; d)crisis managemen
44、t and business continuity planning; e)physical security; f)electronic security systems; g)manned guarding. Security consultants should also have knowledge of the following: 1)IT and information security; 2)health and safety; 3)construction design and management regulations (CDM); 4)fire safety; 5)hu
45、man rights; 6)civil and criminal law; 7)data protection; 8)disability issues. NOTE Attention is drawn to the recommendations in 5.4.5. 5.4.4Continuing professional development (CPD) Consultancies should ensure that their security consultants continuously update themselves on all aspects of security,
46、 including those aspects listed in 5.4.3, because new ideas, technology, threats and crime trends are constantly evolving. The consultancy should ensure that evidence of appropriate CPD per annum is held by the security consultant and can be made available on request. Licensed Copy: London South Ban
47、k University, London South Bank University, Sun Dec 24 03:57:23 GMT+00:00 2006, Uncontrolled Copy, (c) BSI BS 8549:2006 6 BSI 2006 5.4.5Records All CPD and training undertaken should be accurately recorded and endorsed by the trainer or other authorized person. Evidence of training undertaken should
48、 be held by the trainee and the consultancy and can be made available on request. Training records should be reviewed annually by the consultancy, to ensure that appropriate training has been provided. 5.5Suppliers 5.5.1Suppliers of subcontract labour The consultancy should obtain the customers agre
49、ement on conditions for the use of suppliers of subcontract labour for undertaking the duties of a security consultant or technical expert. 5.5.2Suppliers personnel The consultancy should satisfy itself that those suppliers personnel who have access to a customers site and/or confidential records: a)meet the recommendations for professional integrity in 4.1; b)are successfully screened in accordance with 5.1; c)are competent to undertake the work involved; d)are insured as recommended in 4.4; e)have individually signed a confident