SIST ISO 14298:2020
Graphic technology - Management of security printing processes
Graphic technology - Management of security printing processes
ISO 14298:2013 specifies requirements for a security printing management system for security printers.
ISO 14298:2013 specifies a minimum set of security printing management system requirements. Organizations ensure that customer security requirements are met as appropriate provided these do not conflict with the requirements of ISO 14298:2013.
Technologie graphique - Management des procédés d'impression de sécurité
L'ISO 14298:2013 spécifie les exigences requises pour un système de management des impressions de sécurité destiné aux imprimeurs de documents de sécurité.
L'ISO 14298:2013 spécifie un ensemble minimal d'exigences propres au système de management des impressions de sécurité. Les organismes veillent à ce que les exigences de sécurité de leur clientèle soient satisfaites, à condition qu'elles n'entrent pas en conflit avec les exigences de l'ISO 14298:2013.
Grafična tehnologija - Upravljanje procesov v varnostnem tisku
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
01-april-2020
Grafična tehnologija - Upravljanje procesov v varnostnem tisku
Graphic technology - Management of security printing processes
Technologie graphique - Management des procédés d'impression de sécurité
Ta slovenski standard je istoveten z: ISO 14298:2013
ICS:
37.100.01 Grafična tehnologija na Graphic technology in
splošno general
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
INTERNATIONAL ISO
STANDARD 14298
First edition
2013-04-15
Graphic technology — Management of
security printing processes
Technologie graphique — Management des procédés d’impression de
sécurité
Reference number
©
ISO 2013
© ISO 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2013 – All rights reserved
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 5
4.1 Understanding the organization and its context . 5
4.2 Understanding the needs and expectations of interested parties . 5
4.3 Determining the scope of the security printing management system . 6
4.4 Security printing management system . 6
5 Leadership . 7
5.1 Leadership and commitment . 7
5.2 Policy . 8
5.3 Organization roles, responsibilities and authorities . 8
6 Planning . 9
6.1 Actions to address risks and opportunities . 9
6.2 Security objectives and planning to achieve them . 9
6.3 Security printing management system planning .10
7 Support .10
7.1 Resources .10
7.2 Competence .10
7.3 Awareness .11
7.4 Communication .11
7.5 Documented information .11
8 Operation .13
9 Performance evaluation .13
9.1 Monitoring, measurement, analysis and evaluation .13
9.2 Internal audit .14
9.3 Management review .14
10 Improvement .15
10.1 Nonconformity, security breaches and corrective actions .15
10.2 Preventive actions .15
10.3 Continual improvement .16
Annex A (normative) Determination of security requirements related to the security printing
management system .17
Bibliography .20
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2. www.iso.org/directives
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received. www.iso.org/patents
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
The committee responsible for this document is ISO/TC 130, Graphic technology.
iv © ISO 2013 – All rights reserved
Introduction
General
This International Standard specifies requirements for a security printing management system for
security printers.
Current security printing management practices lack sufficient guarantees that effective security
controls are maintained to protect the interest of the customer as well as the general public. Using this
International Standard the organization establishes, documents, implements and maintains a security
printing management system. This security printing management system is regularly reviewed to
continually improve its effectiveness. It is recognized that customer requirements sometimes exceed
the requirements of this International Standard so the security printing management system also
addresses customer requirements that are beyond the scope of this International Standard.
The adoption of a security printing management system is a strategic decision of an organization. The
design and implementation of an organization’s security printing management system is influenced by
varying needs, particular objectives, products provided, processes employed, security environment,
cultural issues, legal limitations, risk assessment and by size and structure of the organization.
To achieve the objectives of this security printing management system standard measures are taken to
mitigate all of the security threats determined by an organizational risk assessment. Such controls focus
upon reducing, eliminating and preventing acts that compromise the security printing management
system of the organization.
It is not the intent of this International Standard to obtain uniformity in the structure of the security
printing management system or uniformity of documented information. The security printing
management system complies with laws and regulations in force. The requirements specified in this
International Standard are supplementary to requirements for products and processes of an organization
and allow for additional specific requirements from the customer.
This International Standard is intended to apply to security printers. It contains requirements that when
implemented by a security printer may be objectively audited for certification/registration purposes.
Process approach
This International Standard promotes the adoption of a process approach when developing, implementing
and improving the effectiveness of a security printing management system.
The application of a system of processes within an organization, together with the identification
and interaction of these processes, and their management, is referred to as a “process approach”. An
advantage of a “process approach” is the ongoing control that it provides over the interaction between
individual processes within the system of processes, as well as over their combination.
Basic principles
When implemented, the security printing management system:
a) achieves the security of products, processes, means of production, premises, information, raw
material supplies;
b) is used to continue to meet demonstrably the requirements, and naturally, the needs of customers;
c) affords management the confidence that the targeted degree of security is actually achieved and
remains effective;
d) affords the customers the confidence that the agreed nature and degree of security is or will be attained.
This International Standard prescribes which elements a security printing management system contains
and not how a specific organization implements these elements.
INTERNATIONAL STANDARD ISO 14298:2013(E)
Graphic technology — Management of security printing
processes
1 Scope
This International Standard specifies requirements for a security printing management system for
security printers.
This International Standard specifies a minimum set of security printing management system
requirements. Organizations ensure that customer security requirements are met as appropriate
provided these do not conflict with the requirements of this International Standard.
2 Normative references
No normative references are cited.
3 Terms and definitions
For the purposes of this document the following terms and definitions apply.
NOTE Italic type in a definition indicates a cross-reference to anothe
...
INTERNATIONAL ISO
STANDARD 14298
First edition
2013-04-15
Graphic technology — Management of
security printing processes
Technologie graphique — Management des procédés d’impression de
sécurité
Reference number
©
ISO 2013
© ISO 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2013 – All rights reserved
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 5
4.1 Understanding the organization and its context . 5
4.2 Understanding the needs and expectations of interested parties . 5
4.3 Determining the scope of the security printing management system . 6
4.4 Security printing management system . 6
5 Leadership . 7
5.1 Leadership and commitment . 7
5.2 Policy . 8
5.3 Organization roles, responsibilities and authorities . 8
6 Planning . 9
6.1 Actions to address risks and opportunities . 9
6.2 Security objectives and planning to achieve them . 9
6.3 Security printing management system planning .10
7 Support .10
7.1 Resources .10
7.2 Competence .10
7.3 Awareness .11
7.4 Communication .11
7.5 Documented information .11
8 Operation .13
9 Performance evaluation .13
9.1 Monitoring, measurement, analysis and evaluation .13
9.2 Internal audit .14
9.3 Management review .14
10 Improvement .15
10.1 Nonconformity, security breaches and corrective actions .15
10.2 Preventive actions .15
10.3 Continual improvement .16
Annex A (normative) Determination of security requirements related to the security printing
management system .17
Bibliography .20
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2. www.iso.org/directives
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received. www.iso.org/patents
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
The committee responsible for this document is ISO/TC 130, Graphic technology.
iv © ISO 2013 – All rights reserved
Introduction
General
This International Standard specifies requirements for a security printing management system for
security printers.
Current security printing management practices lack sufficient guarantees that effective security
controls are maintained to protect the interest of the customer as well as the general public. Using this
International Standard the organization establishes, documents, implements and maintains a security
printing management system. This security printing management system is regularly reviewed to
continually improve its effectiveness. It is recognized that customer requirements sometimes exceed
the requirements of this International Standard so the security printing management system also
addresses customer requirements that are beyond the scope of this International Standard.
The adoption of a security printing management system is a strategic decision of an organization. The
design and implementation of an organization’s security printing management system is influenced by
varying needs, particular objectives, products provided, processes employed, security environment,
cultural issues, legal limitations, risk assessment and by size and structure of the organization.
To achieve the objectives of this security printing management system standard measures are taken to
mitigate all of the security threats determined by an organizational risk assessment. Such controls focus
upon reducing, eliminating and preventing acts that compromise the security printing management
system of the organization.
It is not the intent of this International Standard to obtain uniformity in the structure of the security
printing management system or uniformity of documented information. The security printing
management system complies with laws and regulations in force. The requirements specified in this
International Standard are supplementary to requirements for products and processes of an organization
and allow for additional specific requirements from the customer.
This International Standard is intended to apply to security printers. It contains requirements that when
implemented by a security printer may be objectively audited for certification/registration purposes.
Process approach
This International Standard promotes the adoption of a process approach when developing, implementing
and improving the effectiveness of a security printing management system.
The application of a system of processes within an organization, together with the identification
and interaction of these processes, and their management, is referred to as a “process approach”. An
advantage of a “process approach” is the ongoing control that it provides over the interaction between
individual processes within the system of processes, as well as over their combination.
Basic principles
When implemented, the security printing management system:
a) achieves the security of products, processes, means of production, premises, information, raw
material supplies;
b) is used to continue to meet demonstrably the requirements, and naturally, the needs of customers;
c) affords management the confidence that the targeted degree of security is actually achieved and
remains effective;
d) affords the customers the confidence that the agreed nature and degree of security is or will be attained.
This International Standard prescribes which elements a security printing management system contains
and not how a specific organization implements these elements.
INTERNATIONAL STANDARD ISO 14298:2013(E)
Graphic technology — Management of security printing
processes
1 Scope
This International Standard specifies requirements for a security printing management system for
security printers.
This International Standard specifies a minimum set of security printing management system
requirements. Organizations ensure that customer security requirements are met as appropriate
provided these do not conflict with the requirements of this International Standard.
2 Normative references
No normative references are cited.
3 Terms and definitions
For the purposes of this document the following terms and definitions apply.
NOTE Italic type in a definition indicates a cross-reference to another term defined in this clause; the number
reference for the term is given in parentheses.
3.1
organization
person or group of people that has its own functions with responsibilities, authorities and relationships
to achieve its objectives (3.8)
Note 1 to entry: The concept of organization includes but is not limited to sole-trader, company, corporation, firm,
enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated
or not, public or private.
3.2
interested party
stakeholder
person or organization (3.1) that can affect, be affected by, or perceive themselves to be affected by a
decision or activity
3.3
requirement
need or expectation that is stated, generally implied or obligatory
Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization a
...
NORME ISO
INTERNATIONALE 14298
Première édition
2013-04-15
Technologie graphique —
Management des procédés
d’impression de sécurité
Graphic technology — Management of security printing processes
Numéro de référence
©
ISO 2013
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO 2013
Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite ni utilisée
sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie, l’affichage sur
l’internet ou sur un Intranet, sans autorisation écrite préalable. Les demandes d’autorisation peuvent être adressées à l’ISO à
l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Publié en Suisse
ii © ISO 2013 – Tous droits réservés
Sommaire Page
Avant-propos .iv
Introduction .v
1 Domaine d’application . 1
2 Références normatives . 1
3 Termes et définitions . 1
4 Contexte de l’organisme . 6
4.1 Comprendre l’organisme et son contexte . 6
4.2 Comprendre les besoins et les attentes des parties intéressées . 6
4.3 Déterminer le champ d’application du système de management des impressions
de sécurité . 6
4.4 Système de management des impressions de sécurité . 6
5 Primauté. 7
5.1 Primauté et engagement. 7
5.2 Politique . 8
5.3 Rôles de l’organisme, responsabilités et autorités . 8
6 Planification . 9
6.1 Actions visant à traiter les risques et les opportunités . 9
6.2 Objectifs de sécurité et planification de leur réalisation . 9
6.3 Planification du système de management des impressions de sécurité .10
7 Soutien .10
7.1 Ressources .10
7.2 Compétence .11
7.3 Sensibilisation .11
7.4 Communication .11
7.5 Informations documentées .12
8 Fonctionnement .13
9 Évaluation de la performance .14
9.1 Surveillance, mesurage, analyse et évaluation .14
9.2 Audit interne .14
9.3 Revue de direction .15
10 Amélioration .16
10.1 Non-conformité, manquements à la sûreté et actions correctives .16
10.2 Actions préventives .16
10.3 Amélioration continue .16
Annexe A (normative) Détermination des exigences en matière de sûreté liées au système de
management des impressions de sécurité .18
Bibliographie
...........................................................................................................................................................................................................................22
Avant-propos
L’ISO (Organisation internationale de normalisation) est une fédération mondiale d’organismes
nationaux de normalisation (comités membres de l’ISO). L’élaboration des Normes internationales est
en général confiée aux comités techniques de l’ISO. Chaque comité membre intéressé par une étude
a le droit de faire partie du comité technique créé à cet effet. Les organisations internationales,
gouvernementales et non gouvernementales, en liaison avec l’ISO participent également aux travaux.
L’ISO collabore étroitement avec la Commission électrotechnique internationale (CEI) en ce qui concerne
la normalisation électrotechnique.
Les procédures utilisées pour élaborer le présent document et celles destinées à sa mise à jour sont
décrites dans les Directives ISO/CEI, Partie 1. Il convient, en particulier de prendre note des différents
critères d’approbation requis pour les différents types de documents ISO. Le présent document a été
rédigé conformément aux règles de rédaction données dans les Directives ISO/CEI, Partie 2 (voir www.
iso.org/directives).
L’attention est appelée sur le fait que certains des éléments du présent document peuvent faire l’objet de
droits de propriété intellectuelle ou de droits analogues. L’ISO ne saurait être tenue pour responsable
de ne pas avoir identifié de tels droits de propriété et averti de leur existence. Les détails concernant les
références aux droits de propriété intellectuelle ou autres droits analogues identifiés lors de l’élaboration
du document sont indiqués dans l’Introduction et/ou sur la liste ISO des déclarations de brevets reçues
(voir www.iso.org/patents).
Les éventuelles appellations commerciales utilisées dans le présent document sont données pour
information à l’intention des utilisateurs et ne constituent pas une approbation ou une recommandation.
Le comité chargé de l’élaboration du présent document est l’ISO/TC 130 Technologie graphique.
iv © ISO 2013 – Tous droits réservés
Introduction
Généralités
La présente Norme internationale spécifie les exigences requises pour un système de management des
impressions de sécurité destiné aux imprimeurs de documents de sécurité.
Les pratiques actuelles en matière de management des impressions de sécurité n’offrent pas les garanties
suffisantes pour maintenir des contrôles de sécurité efficaces permettant de protéger l’intérêt du client
et du grand public. En utilisant la présente Norme internationale, l’organisme établit, documente, met en
œuvre et maintient un système de management des impressions de sécurité. Ce système de management
des impressions de sécurité est continuellement révisé afin d’en améliorer l’efficacité. Il est reconnu que
les exigences de la clientèle dépassent parfois celles de la présente Norme internationale; par conséquent,
le système de management des impressions de sécurité traite également les exigences de la clientèle qui
vont au-delà du champ d’application de la présente Norme internationale.
L’adoption d’un système de management des impressions de sécurité est une décision stratégique prise
par un organisme. La conception et la mise en œuvre d’un système de management des impressions de
sécurité au sein d’un organisme dépendent de besoins variables, d’objectifs particuliers ainsi que des
produits fournis, des processus employés, de l’environnement de sécurité, des questions culturelles, des
limites juridiques, de l’appréciation du risque, de la taille et de la structure de l’organisme.
Pour atteindre les objectifs du système de management des impressions de sécurité, des mesures types
sont prises afin de limiter l’ensemble des menaces relatives à la sûreté, lesquelles sont déterminées
par une appréciation organisationnelle du risque. Ces contrôles se concentrent sur la diminution,
l’élimination et la prévention des actes préjudiciables au système de management des impressions de
sécurité de l’organisme.
La présente Norme internationale ne prétend pas uniformiser la structure du système de management
des impressions de sécurité, ni uniformiser les informations documentées. Le système de management
des impressions de sécurité est conforme à la législation et à la réglementation en vigueur. Les exigences
spécifiées dans la présente Norme internationale viennent s’ajouter à celles s’appliquant aux produits et
processus de l’organisme et permettent l’ajout d’exigences spécifiques émanant du client.
La présente Norme internationale a vocation à s’appliquer aux imprimeurs de documents de sécurité.
Elle contient des exigences qui, lorsqu’elles sont mises en œuvre par un imprimeur de documents de
sécurité, peuvent faire l’objet d’un audit objectif en vue de leur certification/enregistrement.
Approche processus
La présente Norme internationale encourage l’adoption d’une «approche processus» lors de l’élaboration,
la mise en œuvre et l’amélioration de l’efficacité d’un système de management des impressions de sécurité.
L’«approche processus» désigne l’application d’un système de processus au sein d’un organisme, ainsi
que l’identification, l’interaction et le management de ces processus. L’un des avantages de l’«approche
processus» est qu’elle permet d’exercer un contrôle continu sur l’interaction et la combinaison des
processus individuels au sein du système de processus.
Principes de base
Lorsqu’il est mis en œuvre, le système de management des impressions de sécurité:
a) garantit la sécurité des produits, des processus, des moyens de production, des locaux, des
informations et des approvisionnements en matières premières;
b) est employé pour répondre aux exigences des clients et, naturellement, à leurs besoins, de manière
continue et démontrable;
c) offre à la direction l’assurance que le niveau de sûreté ciblé est effectivement atteint et qu’il
demeure efficace;
d) offre aux clients l’assurance que la nature et le niveau de sûreté convenus sont ou seront atteints.
La présente Norme internationale spécifie la nature des éléments qui composent un système de
management des impressions de sécurité et non la façon dont un organisme spécifique met en œuvre
ces éléments.
vi © ISO 2013 – Tous droits réservés
NORME INTERNATIONALE ISO 14298:2013(F)
Technologie graphique — Management des procédés
d’impression de sécurité
1 Domaine d’application
La présente Norme internationale spécifie les exigences requises pour un système de management des
impressions de sécurité destiné aux imprimeurs de documents de sécurité.
La présente Norme internationale spécifie un ensemble minimal d’exigences propres au système de
man
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.