ASIS International replaces business continuity standards with new security and resilience standard

Published: Thursday, 22 June 2017 07:36

ASIS International has released a new standard, ‘Security and Resilience in Organizations and Their Supply Chains — Requirements with Guidance’ (ORM.1) that provides security professionals with an integrated risk-based management systems approach to manage risk and enhance resilience in organizations and their supply chain. ASIS is an ANSI Accredited Standards Developer.

According to ASIS, the ORM.1 standard ‘emphasizes a proactive, forward-looking approach to risk that supports the pursuit of business objectives and opportunities, as well as a process for prevention, protection, preparedness, readiness, mitigation, response, continuity, and recovery from undesirable and disruptive events’.

The standard looks to eliminate ‘siloing’ of risk by using a management systems approach that provides a holistic framework to develop and implement policies, objectives, and programs that consider:

ORM.1 replaces two legacy ASIS standards that had been up for review: the ANSI/ASIS Organizational Resilience: Security, Preparedness and Continuity Management Systems (SPC.1) and ANSI/ASIS/BSI Business Continuity Management Standard (BCM.1).  

ASIS Standards and Guidelines Commission Liaison Lisa DuBrock said: "While the SPC.1 emphasized mitigation strategies for security and resilience and the BCM.1 standard emphasized traditional response recovery strategies, the ORM.1 provides an integrated risk-based approach to bring both disciplines together with an added emphasis on supply chain resilience."

Obtain the new standard.