The latest resilience news from around the world

ASIS International replaces business continuity standards with new security and resilience standard

ASIS International has released a new standard, ‘Security and Resilience in Organizations and Their Supply Chains — Requirements with Guidance’ (ORM.1) that provides security professionals with an integrated risk-based management systems approach to manage risk and enhance resilience in organizations and their supply chain. ASIS is an ANSI Accredited Standards Developer.

According to ASIS, the ORM.1 standard ‘emphasizes a proactive, forward-looking approach to risk that supports the pursuit of business objectives and opportunities, as well as a process for prevention, protection, preparedness, readiness, mitigation, response, continuity, and recovery from undesirable and disruptive events’.

The standard looks to eliminate ‘siloing’ of risk by using a management systems approach that provides a holistic framework to develop and implement policies, objectives, and programs that consider:

  • Context of the organization and its supply chain;
  • Legal, regulatory, and contractual obligations and voluntary commitments;
  • Needs of internal and external stakeholders;
  • Uncertainties in achieving its objectives;
  • Protection of human, tangible, and intangible assets.

ORM.1 replaces two legacy ASIS standards that had been up for review: the ANSI/ASIS Organizational Resilience: Security, Preparedness and Continuity Management Systems (SPC.1) and ANSI/ASIS/BSI Business Continuity Management Standard (BCM.1).  

ASIS Standards and Guidelines Commission Liaison Lisa DuBrock said: "While the SPC.1 emphasized mitigation strategies for security and resilience and the BCM.1 standard emphasized traditional response recovery strategies, the ORM.1 provides an integrated risk-based approach to bring both disciplines together with an added emphasis on supply chain resilience."

Obtain the new standard.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.