Burglary
Loss Prevention Standard LPS 1224: Issue 3 2008 Requirements for companies providing secure asset registration services.
Loss Prevention Standard: Requirements for companies providing secure asset registration services
LPS 1224: Issue 3 September 2008
© LOSS PREVENTION CERTIFICATION BOARD LIMITED
1. SCOPE
2. DEFINITIONS
3. REQUIREMENTS
4. MARKING, LABELLING AND PACKAGING
5. PUBLICATIONS REFERRED TO
FOREWORD
This standard identifies the evaluation and assessment practices undertaken by LPCB for the purposes of approval and listing of secure asset registration services. LPCB listing and approval of products and services is based on evidence acceptable to LPCB:
- that the product or service meets the standard
- that the manufacturer or service provider has staff, processes and systems in place to ensure that the product or service delivered meets the standard
and on:
- periodic audits of the manufacturer or service provider including testing as appropriate
- compliance with the contract for LPCB listing and approval including agreement to rectify faults as appropriate.
This standard specifies requirements for asset registration companies providing third party secure asset registration services within the UK* such that the information they are responsible for registering and maintaining:
- is secure.
- can be used to verify the identity of the registered keeper of an asset registered on the secure asset register.
The standard covers secure asset registration services based on systems that accommodate the receipt, processing and storage of information and enquiries submitted to the asset registration company by post, fax, telephone, email and internet.
The standard does not specify any one particular design of secure asset register and is applicable to all sizes of asset registration company.
The minimum security requirements defined in this standard are designed to prevent unauthorized viewing, manipulation or destruction of the information registered on secure asset registers while also ensuring that information is suitably accessible to:
- registered keepers of assets registered on the secure asset register; and
- those wishing to verify details of the registered keeper, for example, law enforcement officers or people considering purchasing the registered items.
The standard identifies four grades of secure asset register. These are defined according to the value of the equipment recorded on that secure asset register.
The following definitions, in addition to those contained in BS EN ISO 9001:2000 and BS EN ISO/IEC 27001:2005, shall apply for the purpose of this standard.
2.1 Access privilege
The scope of the secure information and/or areas within the asset registration company’s facilities to which a person is authorised to have access and the degree to which they are permitted to create/edit/delete/dispose of information to which they have access.
2.2 Asset identification code
Series of at least four alphabetic and/or numeric characters incorporated on an overt marking device and is registered on a nominated secure asset register.
2.3 Asset marking device
A method of securely marking or tagging an asset to provide visible information uniquely linking that asset, via a nominated secure asset register, to the registered keeper of the asset.
2.4 Asset marking system
Coalition of marking devices (either overt or overt and covert) and a secure asset register used to provide traceability of a marked asset to its registered keeper.
2.5 Asset registration company
Company providing third party secure asset registration services.
2.6 Covert asset marking device
Method of uniquely identifying the registered keeper of an asset via a nominated secure asset register, that when applied to an asset:
i) Is secure and hidden from direct view.
ii) Cannot be read with the unaided eye, assuming normal vision and average lighting conditions.
2.7 Enquirer
Any person or organisation other than the registered owner requesting secure information held on the secure asset register.
This section defines requirements that are common to all asset registration companies irrespective of the technologies they use to receive registration details and process enquiries.
The asset registration company shall:
- (a) hold third party certification to BS EN ISO 9001: 2000. The scope of that certification shall cover the provision of the secure asset registration service(s) to be approved to LPS 1224 and the certification shall be issued by a certification body that is accredited to BS EN ISO/IEC 17021:2006 Conformity assessment. Requirements for bodies providing audit and certification of management systems
- (b) be registered with the Information Commissioner’s Office in accordance with the requirements of the Data Protection Act 1998 and to provide the secure asset registration services in accordance with the provisions of the Data Protection Act 1998; and
- (c) ensure any third party to which they subcontract elements of the information processing and management (e.g. call centres or data storage facilities) complies with clause (b) above
4. MARKING, LABELLING AND PACKAGING
Documents relating specifically to the secure asset register assessed by the LPCB shall be marked with the asset registration company's trade name and trademarks under which the secure asset register is approved to this standard.
For a full list of the publications referred to in this standard, please download the file and refer to section 5.Getting a copy
PDF 238KbDate modified: 22 December 2008
Review date: December 2009
Originator: Loss Prevention Certification Board
Last update: Monday, December 22, 2008