Frequently Asked Questions
NASPO INTERNATIONAL Background:
Who or What is NASPO INTERNATIONAL?
NASPO international was formed as the North American Security Products Organization. The non-profit organization was founded in 2002 by companies and individuals in industry that recognized the need for security focused standards to prevent fraudulent acts that support criminal and terrorist activity.
NASPO INTERNATIONAL develops both national and international standards and the supporting auditing practices as well as standards for private industries.
NASPO INTERNATIONAL is an American National Standards Institute (ANSI) Accredited Standards Development Organization (SDO). It also develops international standards through the International Organization for Standardization (ISO). In addition, NASPO INTERNATIONAL represents ANSI by serving as Secretariat to ISO TC247 “Fraud Countermeasures and Controls”.
Why was NASPO INTERNATIONAL formed?
NASPO INTERNATIONAL was formed to combat the ever increasing amount of fraud within the areas of brand protection, document security, and identity. Our focus is to produce credible, structured, and, when appropriate, certifiable standards. NASPO INTERNATIONAL has created a risk reduction standard and auditing process to certify security focused organizations. This structure also provides the end user with the ability to create a secure supply chain from supplier to end users.
When was NASPO INTERNATIONAL founded?
The first NASPO INTERNATIONAL Board Meeting was held in Washington, DC in December 2002.
NASPO INTERNATIONAL Benefits:
What can NASPO INTERNATIONAL do for me and my company?
NASPO INTERNATIONAL can provide many things for your company. Among them are:
• Assurance that your security sensitive providers are certified to the appropriate level of security
• Enhanced market presence by providing a level of recognition and credibility within the security industry
• Increased industry knowledge by working with industry experts on national and international security issues
• Market recognition through certification that your company is focused upon security issues to protect your company, your employees and your customers
• Potential for broadened access to restricted security materials
• Meeting security requirements in contracts and request for quotes
• Ability to provide input into the standards development process
• Reduced costs for certification and professional training as a member
Can I use the NASPO INTERNATIONAL Certification or membership logo in my marketing material?
All members in good standing are welcome and encouraged to use the NASPO INTERNATIONAL logo on their marketing materials. Certified members are encouraged to use the NASPO INTERNATIONAL Certified logo. This provides a level of distinction of the company’s commitment to the security interest of their customers and clients.
Doing Business with NASPO INTERNATIONAL Certified Companies:
As an end user/brand owner, why should I use a NASPO INTERNATIONAL certified supplier?
Brand owners and end users are increasingly faced with fraud that attacks and dilutes their brand equity. This is now a critical issue. To create a solid defense, band owners must select from national and international suppliers that support the security interest of those brand owners. The NASPO INTERNATIONAL ANSI Security Standard is designed to directly support this expansion by providing a platform of audited security standards that brand owners and others can utilize to insure their supplies and materials are not compromised. Implementation of the standard across the supply chain relieves the brand owner or end user from the necessity of creating internal security analysis and audit protocols. It also provides a single recognized conformity standard for the suppliers rather than attempting to comply with a multitude of individual security requirements.
I continue to see more security requirements in RFP’s and contracts. Will NASPO INTERNATIONAL Certification help my company fulfill those requirements?
Yes, the ANSI/NASPO INTERNATIONAL Security Standard and the auditing/certification process provides companies with a solid framework of security practices and procedures to fulfill contractual security requirements without the need for the end user to develop and enforce a private security audit process.
NASPO INTERNATIONAL standards are cost effective to use, understandable to a large variety of companies, and certifiable through independent auditing.
As an end user/brand owner, can I use the ANSI/NASPO INTERNATIONAL Standards as a security requirement in my contracts and RFP’s?
Yes. The use of the NASPO INTERNATIONAL standards in contracts and Request for Proposal (RFP) documents is easy and cost effective. The end user/brand owner, based upon the standard, would independently determine the level of security required for the production of their procured item. The end user/brand owner would then simply state in the contract/RFP that the supplier must meet a specific NASPO INTERNATIONAL designated security class to bid on or provide the procurement item. In effect the brand owner and supplier both know what the security requirements are and NASPO INTERNATIONAL has independently certified that the producing company has met those requirements.
Membership, Member Responsibilities, and Member Costs
Who can join NASPO INTERNATIONAL? How do I join?
Membership is open to any company, organization or individual that is legitimately involved in the development, integration, manufacture and use of security for fraud reduction. Because of the security nature of our organization, all potential members will be screened to determine their applicability for membership. Membership information and an application form can be downloaded from this website. (www.naspo.info)
How much does it cost?
NASPO INTERNATIONAL has several levels of membership dues based upon your desired membership status. Each level has its benefits and advantages. The dues are outlined in our membership material, downloadable from this website. (www.NASPO.info)
Beyond the cost of the audit, how much will it cost my company to become certified?
Each company is going to be different based upon the security classification and the amount of security infrastructure already in place. A company can review the standard criteria for the classification desired and use a gap analysis to determine deficiencies. A working budget can then be approximated based upon the analysis. In addition to the audit fees, the company is responsible for the travel expenses of the auditor if using NASPO INTERNATIONAL for the audit. An estimate of those expenses can be provided to the company prior to the audit.
Because NASPO INTERNATIONAL is primarily a volunteer organization, as a member how much time will I need to spend on NASPO INTERNATIONAL work?
NASPO INTERNATIONAL is a volunteer organization and is dependent on the work of the members to fulfill the objectives of the organization. We are extremely fortunate that we have individuals that are strongly supported by their companies. Without the support of the member companies NASPO INTERNATIONAL would not be in existence. The actual amount of time required is an individual decision. We all are employed full time and therefore our volunteer time may be heavily restricted. We take the contributions of time when and where they are available and thank everyone for their participation.
Does one corporation hold a membership or does each plant have to be a member?
A corporation may hold a membership or individual plants may hold memberships, dependent upon the structure of the corporation or desire of the individual plants. NASPO INTERNATIONAL may limit Board membership and voting rights from multiple plants from one corporation, but not actual memberships.
If I am a member do I have to be audited and certified?
Members are encouraged to become certified, but it is not a requirement to do so.
Do I have to be a member to use the ANSI/NASPO INTERNATIONAL Standard to protect my company and its products?
No. The use of the Standard does not require NASPO INTERNATIONAL membership however, we encourage every user to become involved in NASPO INTERNATIONAL because their knowledge and experience provides invaluable input in the continuing improvement of our standards.
Security Audits and Security Certification:
Who will the auditors be?
NASPO INTERNATIONAL and/or third party auditors are professionals selected and trained by NASPO in both the standards and auditing process to perform your audits.
Who can help my company understand the standards and the audit process to become certified?
There are independent consultants to assist in understanding the ANSI/NASPO INTERNATIONAL standards and audit processes. Auditors may also be available on a limited basis to answer specific questions related to the standards and audit. NASPO INTERNATIONAL offers training courses in security management leading to a Certified Security Professional designation.
How will my company know which security classification is appropriate for us?
The security classification to which the company will be audited to is mutually determined by the auditor and the company. It is primarily determined by the nature of the security products produced and the threats posed against those products. Products and services that are the primary targets of organized crime or are terrorist enabling would normally require the highest level of evaluation.
How long will it take my company to become certified?
This will vary from company to company based on the class of security sought and the level of current preparedness. Only an internal pre-audit exercise by the company can make the determination of infrastructure procedures and preparedness necessary to estimate a timeline to certification.
Do I have to be a member to receive a security audit?
No. You do not have to be a NASPO INTERNATIONAL member to receive a security audit. We have established a price structure for auditing services for those organizations that choose not to become members. It is of course more cost effective for members to receive the security audit and certification. The cost of the security audit and certification for members and non-members is available upon request.
Are the results of my audit going to be made public, or known by the membership?
The results of your audit are held at a highly confidential level and revealed to no one without express written consent of the audited company. Any written or electronic documents produced from an audit are stored in a bank vault. Auditors are all required to sign a highly restrictive confidentially agreement. NASPO INTERNATIONAL will only publicly announce that a company has been certified and not at what classification level. Classification levels can be revealed solely by the certified company. NASPO INTERNATIONAL will verify the certification to third parties only with the written permission of the certified company.
I am concerned about divulging confidential information. What does NASPO INTERNATIONAL do to protect my confidentiality?
The NASPO INTERNATIONAL auditor will be working under a restrictive confidentiality agreement. The only confidential information that must be revealed to the auditor will be of a security nature and pertinent to the audit process. Any confidential information revealed to the auditor in the audit process will not be disclosed to anyone under any circumstance.
Can I get the standards without being a member?
Yes, the standard is an American National Standard available to anyone wishing to purchase a copy. Copies can be purchased on-line at either www.naspo.info or at ANSI’s eStandards Store at www.ansi.org. NASPO INTERNATIONAL members, however, receive copies of our standards and auditing procedures at no additional cost.
Will the ANSI/NASPO INTERNATIONAL Standards become part of the security requirements for contracts and RFP’s?
Yes, as an American National Standard it will become the recognized standard for security compliance in both domestic and international RFP’s and contracts.
Are your standards the same as the APACS standards used in the United Kingdom?
No, they may have a similar basis and focus but the APACS is a separate standard developed independently of NASPO, and primarily for the production of checks and financial documents.
NASPO INTERNATIONAL Meetings:
How often are meetings being held?
Currently committee and General Members Meetings are being held three times per year. Special committee and board meetings can be called by the committee chairperson or by the Executive Committee.
Where are the meetings being held?
Meetings are generally held in major cities in North America as selected by the membership.
What do you do at NASPO INTERNATIONAL meetings?
Traditionally, we review the progress of the national and international standards development committees, take input from the members, announce the certification of companies and conduct the business of the organization. We also conduct NASPO INTERNATIONAL business involving planning, communications, and topics of specific interest to the security industry. More recently we have added value added service: Professional Development Training for Security Professionals, Product Protection conferences and training for brand owners and risk managers and breakout groups on the three segments NASPO targets – Identity, Secure Documents and Brand Protection.
Some of my competitors are members of NASPO INTERNATIONAL. Are we expected to discuss issues that may be competitive information at the meetings and how does NASPO INTERNATIONAL handle anti-trust issues?
NASPO INTERNATIONAL strictly adheres to all anti-trust regulations and prohibits its members from participating in any activity that might be in violation of any anti-trust laws or regulations. The organization is focused on the development of security industry standards and the certification of qualified companies. All discussions should be germane to that focus. Our anti-trust policy is read prior to all meeting and a copy is provided to all members at regular board meetings. A copy is also available on our website.
NASPO Outside of North America:
Will you create standards that will apply outside of North America?
Yes. NASPO INTERNATIONAL develops both national (ANSI) and international (ISO) standards.
My company is based outside of North America, can I join NASPO INTERNATIONAL?
Yes. There are no geographical restrictions to either NASPO INTERNATIONAL membership or certification.
My plant is outside of the North America. Can it be audited and certified by NASPO?
Yes. Presently NASPO INTERNATIONAL audits member’s facilities outside of North America.