24 Jun 2010

ASIS Organisational Resilience Standard finds acceptance with DHS
The standard has been adopted for DHS's Private Sector Preparedness (PS-Prep) Programme
The U.S. Department of Homeland Security has announced the adoption of the ASIS American National Standard for Organisational Resilience for the DHS's Private Sector Preparedness (PS-Prep) Programme.

The ANSI/ASIS SPC.1-2009 Standard, titled "Organisational Resilience: Security, Preparedness and Continuity Management Systems - Requirements with Guidance for Use," provides a holistic approach to cost-effectively improve any organisation's resilience and preparedness performance.

ANSI/ASIS SPC.1-2009, also known as the ASIS Organisational Resilience Standard, is the only standard that helps an organisation design a balanced system to reduce the likelihood and minimise the consequences of disruptive events. It provides a framework for businesses to assess the risks of disruptive events, develop a proactive strategy for prevention, response and recovery, establish performance criteria, and evaluate opportunities for improvement. It empowers an organisation to implement an organisational resilience management system appropriate to its needs and those of its stakeholders. The standard can be used by any organisation wishing to enhance its resilience and preparedness, as well as seek certification recognised by PS-Prep.

"In light of the recent events in the Gulf, the importance of resilience cannot be understated," says ASIS International President Joseph R. (Bob) Granger, CPP. "Preparing for, responding to and recovering from a disruption is not enough. Organisations need to be able to assess the potential for a disruption and minimise the likelihood. They also need to adapt to an ever-changing environment."

The standard helps an organisation design a balanced system to reduce the likelihood and minimise the consequences of disruptive events



"This standard provides organisations with a flexible tool they can use to tailor their resilience and preparedness needs to meet their business needs," Granger adds. "ASIS International is proud that the DHS has selected this standard to help businesses effectively address potential disruptions."

One of only three preparedness standards included in PS-Prep, the ASIS standard takes an enterprise-wide view of risk management, enabling an organisation to develop a comprehensive strategy to prevent when possible, prepare for, mitigate, respond to, and recover from a disruptive incident. It is the only American National Standard in the PS-Prep programme that is 100 percent compatible with existing ISO management system standards, enabling a cost-saving integrated application with other internationally recognised ISO management system standards. 

The importance of the ANSI/ASIS SPC.1-2009 was recently validated by ISO's decision to develop an international standard for Organisational Resilience.

The ASIS standard is applicable to all sizes and types of organisations, from public to private, small to multi-national, in manufacturing, service, storage or transportation, that want to:

  1. Create a balanced strategy for both likelihood and consequence reduction for incident prevention and management.
  2. Establish, implement, maintain and improve an organisational resilience management system.
  3. Demonstrate resiliency and continuity for supply chain and contractual agreements.
  4. Assure conformance with stated organisational resilience management policy.
  5. Implement a maturity model approach to cost-effectively enhance resilience performance.
  6. Make a self-determination and self-declaration of conformance with ANSI/ASIS SPC.1-2009.
  7. Seek certification/registration of its organisational resilience management system by an accredited third-party certification body.
  8. Leverage an existing investment in other ISO management system standards (e.g. ISO 9001, ISO 14001, ISO 27001, and ISO 28000) to improve security, preparedness and continuity performance.
  9. Integrate plans for managing the risks of disruptive events into their enterprise-wide risk management programs, consistent with the ISO 31000 for risk management.

ASIS is offering a two-and-a-half-day class on Organisational Resilience from 14 to 16 July 2010

"By adopting the ANSI/ASIS Organisational Resilience Standard, PS-Prep offers organisations a business-friendly, globally tested and proven method based on the ISO management system standard model, to improve their resilience and preparedness performance," says Mark Geraci, CPP, Chairman of the ASIS Commission on Standards and Guidelines. 

As a complement to this effort, ASIS is offering a two-and-a-half-day class on Organisational Resilience: Implementing and Auditing the ANSI/ASIS American National Standard. Attendees will learn to implement the ANSI/ASIS standard, identify necessary steps to establish and maintain an organisational resilience management system, understand the conduct of risk assessments and impact analysis to support decision making for resilience, and establish an effective internal auditing programme to evaluate and improve performance.

ASIS Standards and Guidelines are developed through a consensus standards-development process which seeks to advance security and resilience practices. This process brings together volunteers and/or seeks out the views of people who have an interest in the topic covered. This standard is available through the ASIS website.