ASIS International Releases Organizational Resilience Standard

It’s one of the hottest topics in the security profession. And ASIS International is on board with its second American National Standard, “Organizational Resilience: Security, Preparedness and Continuity Management Systems—Requirements with Guidance for Use.”

This standard provides a comprehensive management framework to anticipate, prevent if possible, and prepare for and respond to a disruptive incident. ASIS, the preeminent organization for security professionals worldwide, is an American National Standards Institute (ANSI) accredited Standards Development Organization.

The Organizational Resilience standard specifies requirements and provides guidance for organizational resilience management. It focuses on resilience—the adaptive capacity of an organization in a complex and changing environment, as well as protection of critical assets.

Organizational resilience emphasizes the synergies between the functions of risk, security, preparedness, continuity and emergency managers. This avoids “siloing” risks and allows the organization to build both a proactive and reactive approach to managing risks, tailored to its size, activities and business/operating environment.

“The new OR standard uses a comprehensive approach to the management of risks associated with intentional, unintentional and naturally caused disruptions,” says F. Mark Geraci, CPP, chair of the ASIS International Standards and Guidelines Commission. “It provides a complete suite of tools to build a strategy for dealing with risks compatible with the mission and needs of the organization, as well as addresses the core elements and criteria of the DHS PS-PREP.”

Designed to be business friendly, the standard uses the globally tested and proven management systems approach. It can be integrated with quality, safety, environmental, information security, risk and other management systems within an organization. Organizations that have adopted a management systems approach may be able to use it as a foundation for the OR management system as prescribed in the new American National Standard.

The standard can be used for first, second or third-party verification and certification. Organizations can use it to improve resilience performance, as well as demonstrate to customers, clients and supply chain partners that the company has a robust resilience program. The OR standard will help organizations improve their competitiveness by implementing a balanced, holistic program for managing and treating risks.

The OR standard has been under development simultaneously in countries on four continents. The publication of this new ANSI standard will be followed by the publication of this document as a national standard in other countries that have supported this initiative.

To view the Organizational Resilience standard, http://www.abdi-secure-ecommerce.com/asis/p-907-1842.aspx

ASIS standards and guidelines are developed through a consensus standards-development process to advance security practices. This process brings together volunteers and/or seeks out the views of people who have an interest in the topic covered. For more information, visit Standards and Guidelines on the ASIS Web site, www.asisonline.org.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.