ASIS International (ASIS) has released a new standard, Security and Resilience in Organizations and Their Supply Chains—Requirements with Guidance (ORM.1) that provides security professionals with an integrated risk-based management systems approach to manage risk and enhance resilience in organizations and their supply chain.
Peter Page, CPP our chapter vice chairman was a committee member on the production of this standard and his contribution is greatly valued and appreciated by the Dubai chapter and ASIS.
The ORM.1 emphasizes a proactive, forward-looking approach to risk that supports the pursuit of business objectives and opportunities, as well as a process for prevention, protection, preparedness, readiness, mitigation, response, continuity, and recovery from undesirable and disruptive events. By fully integrating risk management processes throughout enterprise-wide business management activities, organizations will be empowered to make informed decisions based on best available information.
The Standard looks to eliminate “siloing” of risk by using a management systems approach that provides a holistic framework to develop and implement policies, objectives, and programs that consider:
- Context of the organization and its supply chain
- Legal, regulatory, and contractual obligations and voluntary commitments
- Needs of internal and external stakeholders
- Uncertainties in achieving its objectives
- Protection of human, tangible, and intangible assets
ASIS Standards and Guidelines Commission Liaison Lisa DuBrock notes the importance of this approach, “…in today’s increasingly complex and unstable global environments, the question is not if the security administrator is called upon to support the full spectrum of the standard, but when.”
The ORM.1 replaces two legacy ASIS standards that had been up for review: the ANSI/ASIS Organizational Resilience: Security, Preparedness and Continuity Management Systems (SPC.1) and ANSI/ASIS/BSI Business Continuity Management Standard (BCM.1).
Said DuBrock, “While the SPC.1 emphasized mitigation strategies for security and resilience and the BCM.1 standard emphasized traditional response recovery strategies, the ORM.1 provides an integrated risk-based approach to bring both disciplines together with an added emphasis on supply chain resilience.”
ASIS members are entitled to one free download of all standards and guidelines—an exclusive member benefit.