ASIS International replaces business continuity standards with new security and resilience standard
- Published: Thursday, 22 June 2017 07:36
ASIS International has released a new standard, ‘Security and Resilience in Organizations and Their Supply Chains — Requirements with Guidance’ (ORM.1) that provides security professionals with an integrated risk-based management systems approach to manage risk and enhance resilience in organizations and their supply chain. ASIS is an ANSI Accredited Standards Developer.
According to ASIS, the ORM.1 standard ‘emphasizes a proactive, forward-looking approach to risk that supports the pursuit of business objectives and opportunities, as well as a process for prevention, protection, preparedness, readiness, mitigation, response, continuity, and recovery from undesirable and disruptive events’.
The standard looks to eliminate ‘siloing’ of risk by using a management systems approach that provides a holistic framework to develop and implement policies, objectives, and programs that consider:
- Context of the organization and its supply chain;
- Legal, regulatory, and contractual obligations and voluntary commitments;
- Needs of internal and external stakeholders;
- Uncertainties in achieving its objectives;
- Protection of human, tangible, and intangible assets.
ORM.1 replaces two legacy ASIS standards that had been up for review: the ANSI/ASIS Organizational Resilience: Security, Preparedness and Continuity Management Systems (SPC.1) and ANSI/ASIS/BSI Business Continuity Management Standard (BCM.1).
ASIS Standards and Guidelines Commission Liaison Lisa DuBrock said: "While the SPC.1 emphasized mitigation strategies for security and resilience and the BCM.1 standard emphasized traditional response recovery strategies, the ORM.1 provides an integrated risk-based approach to bring both disciplines together with an added emphasis on supply chain resilience."