This Standard provides generic principles,requirements, and guidance as well as the framework for amanagement system to assist organizations in the design,implementation, monitoring, evaluation, maintenance, andreplacement of PPS. All the requirements and guidance in thisStandard are intended to be incorporated in ANSI/ASIS SPC.1-2009,or any type of an organization's management system based on thePDCA model. The Standard is applicable to organizations ofall sizes across all sectors: private, public andnot-for-profit.
A PAPMS includes the protection of both tangible and intangibleassets.
This Standard is applicable to any organization that wishesto:
a) Establish, implement, maintain, and improve the PAPMS;
b) Confirm conformity with its stated PAP and managementpolicy;
c) Commit to continual improvement through duty of care; and
d) Demonstrate conformity with this Standard by:
I. Making a self-determination and self-declaration;
II. Seeking confirmation of its conformance by parties having aninterest in the organization (such as customers); or
III. Seeking confirmation of its self-declaration by an externalparty.
This Standard provides generic principles,requirements, and guidance intended to be incorporated into anyorganization-wide risk and resilience management system (seeANSI/ASIS SPC.1-2009) intended to minimize the risks of disruptiveevents; it is not intended to promote a uniform approach to allorganizations in all sectors. The design, implementation, andevaluation of PAP plans, procedures, and practices should take intoaccount the particular requirements of each organization: itsobjectives, context, customers, culture, structure, assets,operations, processes, products, and services â€“ as well asfinancial and regulatory realities.