Skip Navigation LinksASIS International / About ASIS / Who We Are / What's New / ASIS International Releases Security and Resilience Standard

ASIS International Releases Security and Resilience Standard

19 June 2017

​​ASIS International (ASIS) has released a new standard, Security and Resilience in Organizations and Their Supply Chains—Requirements with Guidance (ORM.1) that provides security professionals with an integrated risk-based management systems approach to manage risk and enhance resilience in organizations and their supply chain. ASIS, the leading organization for security professionals worldwide, is an ANSI Accredited Standards Developer.

The ORM.1 emphasizes a proactive, forward-looking approach to risk that supports the pursuit of business objectives and opportunities, as well as a process for prevention, protection, preparedness, readiness, mitigation, response, continuity, and recovery from undesirable and disruptive events. By fully integrating risk management processes throughout enterprise-wide business management activities, organizations will be empowered to make informed decisions based on best available information.

The Standard looks to eliminate "siloing" of risk by using a management systems approach that provides a holistic framework to develop and implement policies, objectives, and programs that consider:

  • Context of the organization and its supply chain
  • Legal, regulatory, and contractual obligations and voluntary commitments
  • Needs of internal and external stakeholders
  • Uncertainties in achieving its objectives
  • Protection of human, tangible, and intangible assets

ASIS Standards and Guidelines Commission Liaison Lisa DuBrock notes the importance of this approach, "…in today's increasingly complex and unstable global environments, the question is not if the security administrator is called upon to support the full spectrum of the standard, but when."

The ORM.1 replaces two legacy ASIS standards that had been up for review: the ANSI/ASIS Organizational Resilience: Security, Preparedness and Continuity Management Systems (SPC.1) and ANSI/ASIS/BSI Business Continuity Management Standard (BCM.1).  

Said DuBrock, "While the SPC.1 emphasized mitigation strategies for security and resilience and the BCM.1 standard emphasized traditional response recovery strategies, the ORM.1 provides an integrated risk-based approach to bring both disciplines together with an added emphasis on supply chain resilience."

ASIS members are entitled to one free download of all standards and guidelines—an exclusive member benefit.

Want to learn more about this Standard?

DuBrock will discuss the new ORM.1 standard at an ASIS 2017 education session, Use Security and Resilience Management to Mitigate Organizational Risk, on Tuesday, September 26 in Dallas, TX.