NTISthis.com

Evidence Guide: CPPSEC4012A - Identify and assess security of assets

Student: __________________________________________________

Signature: _________________________________________________

Tips for gathering evidence to demonstrate your skills

The important thing to remember when gathering evidence is that the more evidence the better - that is, the more evidence you gather to demonstrate your skills, the more confident an assessor can be that you have learned the skills not just at one point in time, but are continuing to apply and develop those skills (as opposed to just learning for the test!). Furthermore, one piece of evidence that you collect will not usualy demonstrate all the required criteria for a unit of competency, whereas multiple overlapping pieces of evidence will usually do the trick!

From the Wiki University

 

CPPSEC4012A - Identify and assess security of assets

What evidence can you provide to prove your understanding of each of the following citeria?

List assets.

  1. Applicable provisions of legislative and organisational requirements, and relevant standards for security assessment activities are identified and complied with.
  2. Advice is sought from authorised relevant persons on the location and nature of all assets.
  3. Source documents are obtained and validated in accordance with legislative requirements.
  4. List of assets is reviewed and confirmed in consultation with client using effective interpersonal techniques.
  5. Asset listing is developed in a format suitable for analysis, interpretation and dissemination in accordance with requirements of relevant standards.
Applicable provisions of legislative and organisational requirements, and relevant standards for security assessment activities are identified and complied with.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Advice is sought from authorised relevant persons on the location and nature of all assets.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Source documents are obtained and validated in accordance with legislative requirements.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

List of assets is reviewed and confirmed in consultation with client using effective interpersonal techniques.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Asset listing is developed in a format suitable for analysis, interpretation and dissemination in accordance with requirements of relevant standards.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Confirm status of assets.

  1. Status of assets is evaluated based on information obtained from source documents.
  2. Findings are supported by valid and reliable evidence in accordance with relevant standards.
  3. Market value of assets is calculated and confirmed in accordance with client instructions and organisational procedures.
  4. Comprehensive asset valuation is developed based on assessment of all factors.
Status of assets is evaluated based on information obtained from source documents.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Findings are supported by valid and reliable evidence in accordance with relevant standards.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Market value of assets is calculated and confirmed in accordance with client instructions and organisational procedures.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Comprehensive asset valuation is developed based on assessment of all factors.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Assess vulnerability of assets.

  1. Access to assets and information on existing and planned security measures and risk is confirmed with relevant persons.
  2. All treatments and incident reporting mechanisms arranged on behalf of the organisation are identified and an audit conducted.
  3. Operating parameters of identified treatments are obtained from relevant persons in accordance with legislative requirements.
  4. Operational effectiveness of treatments are assessed through planned testing in accordance with relevant standards and organisational procedures.
  5. Failure or potential failure of existing control mechanisms are immediately reported to client.
Access to assets and information on existing and planned security measures and risk is confirmed with relevant persons.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

All treatments and incident reporting mechanisms arranged on behalf of the organisation are identified and an audit conducted.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Operating parameters of identified treatments are obtained from relevant persons in accordance with legislative requirements.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Operational effectiveness of treatments are assessed through planned testing in accordance with relevant standards and organisational procedures.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Failure or potential failure of existing control mechanisms are immediately reported to client.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Present information.

  1. Assessment details including asset valuation, vulnerability and any recommendations are documented in accordance with organisationalstandards.
  2. Report is presented to relevant persons within specified time and budget.
  3. Feedback on client satisfaction with service delivery is sought and queries or areas of dissatisfaction responded to promptly.
  4. All information is securely maintained and stored with due regard to client confidentiality.
Assessment details including asset valuation, vulnerability and any recommendations are documented in accordance with organisationalstandards.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Report is presented to relevant persons within specified time and budget.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Feedback on client satisfaction with service delivery is sought and queries or areas of dissatisfaction responded to promptly.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

All information is securely maintained and stored with due regard to client confidentiality.

Completed
Date:

Teacher:
Evidence:

 

 

 

 

 

 

 

Assessed

Teacher: ___________________________________ Date: _________

Signature: ________________________________________________

Comments:

 

 

 

 

 

 

 

 

Instructions to Assessors

Evidence Guide

The evidence guide provides advice on assessment and must be read in conjunction with the performance criteria, required skills and knowledge, range statement and the Assessment Guidelines for the Training Package.

Critical aspects for assessment and evidence required to demonstrate competency in this unit

A person who demonstrates competency in this unit must be able to provide evidence of:

obtaining and using information from a range of sources and consultative processes to develop an accurate listing of assets in compliance with client, organisational and legislative requirements

accurately evaluating and confirming status, market value and vulnerability of assets using valid and reliable evidence in compliance with relevant standards

using effective communication skills to obtain information and present information and reports.

Context of and specific resources for assessment

Context of assessment includes:

a setting in the workplace or environment that simulates the conditions of performance described in the elements, performance criteria and range statement.

Resource implications for assessment include:

access to plain English version of relevant statutes and procedures

access to a registered provider of assessment services

access to a suitable venue and equipment

assessment instruments including personal planner and assessment record book

work schedules, organisational policies and duty statements.

Reasonable adjustments must be made to assessment processes where required for people with disabilities. This could include access to modified equipment and other physical resources, and the provision of appropriate assessment support.

Method of assessment

This unit of competency could be assessed using the following methods of assessment:

observation of processes and procedures

questioning of underpinning knowledge and skills.

Guidance information for assessment

Assessment processes and techniques must be culturally appropriate and suitable to the language, literacy and numeracy capacity of the candidate and the competency being assessed. In all cases where practical assessment is used, it should be combined with targeted questioning to assess the underpinning knowledge.

Oral questioning or written assessment may be used to assess underpinning knowledge. In assessment situations where the candidate is offered a choice between oral questioning and written assessment, questions are to be identical.

Supplementary evidence may be obtained from relevant authenticated correspondence from existing supervisors, team leaders or specialist training staff.

Required Skills and Knowledge

This section describes the skills and knowledge and their level required for this unit.

Required skills

accurately record and report information

active listening and questioning

assessment and analysis

calculate market value of assets

coaching and mentoring to provide support to colleagues

data collection and analysis

design of tools and questionnaires

information technology

observation

planning

read and interpret maps, plans and schematic drawings

relate to people from a range of social, cultural and ethnic backgrounds and physical and mental abilities

research.

Required knowledge

auditing and assessment techniques and methodologies

basic accounting procedures, such as depreciation methods for determining market value of assets

broad application of security risk management

legislation, standards, regulations and codes of practice applicable to valuing assets

organisational or client standards and procedures for the presentation of information

principles of AS/NZS 4360: 2004 Risk management and related guidelines

processes for testing operational effectiveness of assets and treatments

reporting procedures and documentation requirements and processes

risk assessment techniques and processes

sources of information for asset valuation.

Range Statement

The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.

Legislative requirements may relate to:

Australian standards and quality assurance requirements

force continuum, use of force guidelines

general 'duty of care' responsibilities

licensing or certification requirements

privacy and confidentiality

relevant commonwealth, state and territory legislation, codes and national standards for:

anti-discrimination

cultural and ethnic diversity

environmental issues

equal employment opportunity

industrial relations

Occupational Health and Safety (OHS)

relevant industry codes of practice

trespass and the removal of persons.

Organisational requirements may relate to:

access and equity policies, principles and practices

business and performance plans

client service standards

code of conduct, code of ethics

communication and reporting procedures

complaint and dispute resolution procedures

emergency and evacuation procedures

employer and employee rights and responsibilities

OHS policies, procedures and programs

own role, responsibility and authority

personal and professional development

privacy and confidentiality of information

quality assurance and continuous improvement processes and standards

resource parameters and procedures

roles, functions and responsibilities of security personnel

storage and disposal of information.

Relevant standards:

must include AS/NZS 4360: 2004 Risk management

may relate to:

AS2630-1983 Guide to the selection and application of intruder alarm systems for domestic and business premises

AS3911:1992 Guidelines for auditing quality systems

HB 167:2006 Security Risk Management

HB 436 Risk Management Guidelines - Companion to AS/NZS 4360

HB 231:2000 Information security risk management guidelines.

Relevant persons may be:

accountants

contractors

inventory or administration personnel

managers

operational personnel

security personnel

technicians.

Assetsmay include:

assets owned, leased or in the custody of an organisation

buildings

equipment

facilities

goodwill

information and documentation

information systems and sources

intellectual property

people

reputation

security systems.

Source documentsmay include:

asset register

depreciation register

employee records

lease or hire purchase contracts

organisation chart

profit and loss analysis for an asset or division of the organisation

those obtained from accounting personnel.

Interpersonal techniquesmay include:

active listening

being respectful and non-discriminatory to others

control of tone of voice and body language

demonstrating flexibility and willingness to negotiate

interpreting non-verbal and verbal messages

maintaining professionalism

providing and receiving constructive feedback

questioning to clarify and confirm understanding

two-way communication

use of communication appropriate to cultural differences

use of positive, confident and cooperative language.

Status of assetsmay relate to:

borrowing

current condition of asset (damaged, in repair, lost, stolen, on leave, undergoing routine maintenance)

held in custody

hire

importance

lease

ownership

security.

Market valueof assets may be based on:

assessment of purchase price

depreciated value

formal valuation

replacement costs.

Factorswhich may influence value of assets may include:

dollar cost

function

harm to short or long term operation of the organisation

importance to normal operation of the organisation

replacement availability, time and cost

the value of production or output lost as a result of loss of the asset.

Access to assetsor sources of information may involve:

entry to locations where assets are kept, used or stored

entry to storage facilities

obtaining authority to access restricted data, areas or personnel

obtaining relevant security clearance

on-site visits.

Security measuresmay relate to:

access control systems

Closed Circuit Television (CCTV) and monitoring systems

deployment or increase of security personnel

safes, vaults and locking mechanisms

standard operating procedures for security of assets.

Riskrelates to:

the chance of something happening that will have an impact on objectives.

Security risks may relate to:

biological hazards

chemical spills

client contact

electrical faults

explosives

financial viability

injury to personnel

noise, light, heat, smoke

persons carrying weapons

persons causing a public nuisance

persons demonstrating suspicious behaviour

persons suffering from emotional or physical distress

persons under the influence of intoxicating substances

persons with criminal intent

persons, vehicles and equipment in unsuitable locations

property or people

security systems

suspicious packages or substances

systems or process failures

terrorism

violence or physical threats.

Treatmentsmay relate to:

additional personnel

contracted contingency services

identified countermeasures

internal contingency plans

risk reduction strategies

use of stored resources

use of superseded equipment.

Anauditmay be completed by using:

inspection of records and documents

internal auditing procedures as outlined in AS3911:1992 Guidelines for auditing quality systems

interviews

monitoring and inspecting procedures and processes

professional internal or external auditors

questionnaires

site visits and inspections.

Operating parametersmay include:

adherence to procedures

adverse conditions for system efficiency

availability and condition of systems and equipment

availability and use of back-up systems

call out of support and specialist personnel

clarity of communication systems

fault-finding procedures

normal function of duties

OHS requirements

optimal conditions for system efficiency

reaction time

safe and timely deployment

sound and light intensity

standard operating procedures.

Planned testingmay include:

computer modelling

conceptual analysis

controlled interruptions to normal operations

debriefing sessions

inspection

interception

interviews

penetration exercises

rehearsals

simulation and replication

testing of alarms, CCTV and other warning devices

testing or access control systems.

Organisational standards for written informationmay relate to:

ability to be used for legal purposes

accuracy of costings

appropriate level of literacy

format and presentation

relevance of written information

use of clear, concise language and plain English.

Reportshould include:

evidence and supporting materials to validate the findings

graphical representations of data

recommendations where applicable

summary of assessment objectives and outcomes

tables and information from approved data collection tools.

Feedbackmay be obtained through:

comments from client or colleagues

completion and analysis of formal client satisfaction survey

effectiveness of assessment outcomes in meeting assessment objectives

formal or informal performance discussion.