Skip to content
Menu
menu

Security and Resilience in Organizations and their Supply Chains

ATTENTION: This page is intended to be viewed online and may not be printed or copied.

Annex G

(informative)

G. Bibiliography

G.1 ASIS International Publications

ASIS International (2008), ASIS International glossary of security terms. [Online]. Available: < http://www.asisonline.org/library/glossary/index.xml > Accessed 2011, August 19.

G.2 National Standards Publications

ASIS International (2014), ANSI/ASIS SPC.2-2014, Auditing Management Systems: Risk, Resilience, Security, and Continuity—Guidance for Application.
ASIS International (2012), ANSI/ASIS SPC.4-2012, Maturity Model for the Phased Implementation of the Organizational Resilience Management System.
ASIS International (2012), ANSI/ASIS SCRM.1-2014, Supply Chain Risk Management: A Compilation of Best Practices.
ASIS International (2015), ANSI/ASIS/RIMS RA.1-2015, Risk Assessment.

Table of Contents

ORM Standard Home

Introduction
  • Scope
  • Normative References
  • Terms and Definitions
General Principles
  • Leadership and Vision
  • Governance
  • Factual Basis for Decision Making
  • Outcomes Oriented
  • Needs Oriented Taking Human and Cultural Factors into Account
  • Overall Organizational Risk and Business Management Strategy
  • Systems Approach
  • Adaptablility and Flexibility
  • Managing Uncertainty
  • Cultual Change and Communication

Establishing the Framework

  • General
  • Context of the Organization
  • Needs and Requirements
  • Defining Risk Criteria
  • Scope of the Management System
Leadership
  • General
  • Management Commitment
  • Policy
  • Organizational Roles, Responsibilities, and Authorities for the ORMS
Planning
  • Legal and Other Requirements
  • Risk Assessment
  • Objectives and Plans to Achieve them
  • Actions to Achieve Risk and Business Management Objectives

Structural Requirements

  • General 
  • Organizational Structure
  • Financial and Administrative Procedures
  • Insurance
  • Outsourcing
  • Documented Information

Operation and Implementation

  • Operational Control
  • Resources, Roles, Responsibilities, and Authority
  • Competence, Training, and Awareness
  • Communication
  • Prevention and Management of Undesirable or Disruptive Events

Performance Evaluation

  • General
  • Monitoring and Measurement
  • Evaluation of Compliance
  • Exercises and Testing
  • Internal Audit
  • Management Review

Continual Improvement

  • General
  • Nonconformities, Corrective and Preventative Action
  • Change Management
  • Opportunities for Improvement

Annex B: Examples of Incident Prevention, Preparedness, and Response

Annex C: Examples of Risk Treatment Procedures that Enhance Resilience of the Organization 

Annex D: Business Impact Analysis

Annex E: An Integrated Management Systems Approach

Annex F: Qualifiers to Application

Annex G: Bibliography

Annex H: References

arrow_upward