The latest in the five part series of ASIS resilience standards that offer a holistic, business friendly approach to risk and resilience management, the Auditing Management Systems: Risk, Resilience, Security, and Continuity—Guidance for Application American National Standard (SPC 2) will help practitioners evaluate risk and resilience-based management systems, establish and manage an audit programme, conduct individual audits, and identify competence criteria for auditors who conduct conformity assessments of management risk and reliance-based management systems. View the Executive Summary.

"The credibility of any audit programme, be it security, crisis, or continuity management, depends on a defined process using competent auditors,” says Dr. Marc H. Siegel, commissioner of the ASIS Global Standards Initiative. "The SPC.2 standard provides a step-by-step process for establishing an audit programme and conducting individual audits. It will enable organisations to evaluate their performance and identify opportunities for improvement.”

Applicable to both private and public sector organisations, the Standard provides generic concepts of auditing a risk and resilience-based management system. Organisations should adapt this guidance to fit the specific needs, size, nature and level of maturity of their risk and resilience based management system.