ISO 14298:2021 グラフィックテクノロジー—セキュリティ印刷プロセスの管理 | ページ 6

3.1

organization

person or group of people that has its own functions with responsibilities, authorities and relationships to achieve its objectives (3.8)

Note 1 to entry: The concept of organization includes but is not limited to sole-trader, company, corporation, firm, enterprise, authority, partnership, charity or institution, or part or combination thereof, whether incorporated or not, public or private.

3.2

interested party

stakeholder

person or organization (3.1) that can affect, be affected by, or perceive itself to be affected by a decision or activity

3.3

requirement

need or expectation that is stated, generally implied or obligatory

Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization and interested parties that the need or expectation under consideration is implied.

Note 2 to entry: A specified requirement is one that is stated, for example in documented information.

3.4

management system

set of interrelated or interacting elements of an organization (3.1) to establish policies (3.7) and objectives (3.8) , and processes (3.12) to achieve those objectives

Note 1 to entry: A management system can address a single discipline or several disciplines.

Note 2 to entry: The system elements include the organization’s structure, roles and responsibilities, planning and operation.

Note 3 to entry: The scope of a management system may include the whole of the organization, specific and identified functions of the organization, specific and identified sections of the organization, or one or more functions across a group of organizations.

3.5

top management

person or group of people who directs and controls an organization (3.1) at the highest level

Note 1 to entry: Top management has the power to delegate authority and provide resources within the organization.

Note 2 to entry: If the scope of the management system (3.4) covers only part of an organization then top management refers to those who direct and control that part of the organization.

3.6

effectiveness

extent to which planned activities are realized and planned results achieved

3.7

policy

intentions and direction of an organization (3.1) as formally expressed by its top management (3.5)

3.8

objective

result to be achieved

Note 1 to entry: An objective can be strategic, tactical, or operational.

Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and environmental goals) and can apply at different levels [such as strategic, organization-wide, project, product and process (3.12) ].

Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an operational criterion, as a security objective (3.32) or by the use of other words with similar meaning (e.g. aim, goal, or target).

Note 4 to entry: In the context of security printing management systems security objectives (3.32) are set by the organization, consistent with the security policy, to achieve specific results.

3.9

risk

effect of uncertainty

Note 1 to entry: An effect is a deviation from the expected — positive or negative.

Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.

Note 3 to entry: Risk is often characterized by reference to potential “events” (see ISO Guide 73:2009, 3.5.1.3) and “consequences” (see ISO Guide 73:2009, 3.6.1.3), or a combination of these.

Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated “likelihood” (see ISO Guide 73:2009, 3.6.1.1) of occurrence.

3.10

competence

ability to apply knowledge and skills to achieve intended results

3.11

documented information

information required to be controlled and maintained by an organization (3.1) and the medium on which it is contained

Note 1 to entry: Documented information can be in any format and media and from any source.

Note 2 to entry: Documented information can refer to the management system (3.4) , including related processes (3.12) ; information created in order for the organization to operate (documentation); and evidence of results achieved (records).

3.12

process

set of interrelated or interacting activities which transforms inputs into outputs

3.13

performance

measurable result

Note 1 to entry: Performance can relate either to quantitative or qualitative findings.

Note 2 to entry: Performance can relate to the management of activities, processes (3.12) , products (including services), systems or organizations (3.1) .

3.14

outsource (verb)

make an arrangement where an external organization (3.1) performs part of an organization’s function or process (3.12)

Note 1 to entry: An external organization is outside the scope of the management system (3.4) , although the outsourced function or process is within the scope.

3.15

monitoring

determining the status of a system, a process (3.12) or an activity

Note 1 to entry: To determine the status there may be a need to check, measure, supervise or critically observe.

3.16

measurement

process (3.12) to determine a value

3.17

audit

systematic, independent and documented process (3.12) for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled

Note 1 to entry: An audit can be an internal audit (first party) or an external audit (second party or third party), or it can be a combined audit (combining two or more disciplines).

Note 2 to entry: An internal audit is conducted by the organization itself, or by an external party on its behalf.

Note 3 to entry: “Audit evidence” and “audit criteria” (see ISO 19011).

3.18

conformity

fulfilment of a requirement (3.3)

3.19

nonconformity

non-fulfilment of a requirement (3.3)

3.20

correction

action to eliminate a detected nonconformity (3.19)

3.21

corrective action

action to eliminate the cause of a nonconformity (3.19) and to prevent recurrence

3.22

continual improvement

recurring activity to enhance performance (3.13)

3.23

risk assessment

overall process of risk identification, risk analysis and risk evaluation

[SOURCE:ISO Guide 73:2009, 3.4.1]

3.24

security printer

producer of printed documents or products of value or entitlement, ID documents or security foils (3.26) which are physically protected against forgery, counterfeiting and alteration by security features (3.27)

3.25

security printing

set of processes (3.12) which transform raw materials into documents or products of value or entitlement, ID documents or security foils (3.26) physically protected by security features (3.27)

3.26

security foil

thin film material that contains an optical variable element or similar security feature (3.27) , which is applied onto documents or products to physically protect them against forgery, counterfeiting and alteration

3.27

security feature

component integrated in the product to protect against forgery, counterfeiting and alteration

3.28

security

protection of products, processes, information, means of production, security features and the supply chain

3.29

threat

action or potential occurrence, whether or not malicious, to breach the security (3.28) of the system

3.30

security breach

infraction or violation of security

3.31

documented procedure

established way of working, documented, implemented and maintained

3.32

security objective

result to be achieved with regard to security (3.28)

Note 1 to entry: Security objectives are in general based on the security policy of the organization.

Note 2 to entry: Security objectives are in general specified for relevant functions and levels in the organization.

3.33

security management

coordinated activities to direct and control an organization with regard to security (3.28)

Note 1 to entry: “Direct and control” in general entails the establishment of the policy, objectives, planning, control, security assurance and improvements with regards to security (3.28) . Security assurance represents all planned and systematic actions needed to give a sufficient degree of confidence that a product or process (3.12) meets the security requirements.

3.34

security plan

documented information that specifies the procedures and resources to satisfy the security requirements of the organization

3.35

security control

aspect of security management (3.33) aimed at the fulfilment of the security requirements

3.36

preventive action

action to prevent the cause of a nonconformity (3.19)

3.37

traceability

ability to trace the history, application or location of an object

Note 1 to entry: When considering a product or a service, traceability can relate to the origin of materials and parts, the processing history and the distribution and location of the product or service after delivery.

(SOURCE: ISO 9000:2015, 3.6.13, modified — Note 2 to entry has been omitted.)

3.38

resource

personnel, information, premises, process equipment (software and hardware) and tools

3.39

supply chain

set of interconnected processes (3.12) and resources (3.38) that starts with the sourcing of raw materials and ends with the delivery of products and services to the customer

Note 1 to entry: Supply chains include producers, suppliers, manufacturers, distributors, wholesalers, vendors, and logistics providers. They include facilities, plants, offices, warehouses, and branches and can be both internal and external to an organization.

Note 2 to entry: Supply chain management as related to this document includes the vetting of suppliers and customers from the point of initial security value, which is the point at which security is added to the product.