Skip to content
Menu
menu

RIsk Assessment

ATTENTION: This page is intended to be viewed online and may not be printed or copied.

ASIS Commission on Standards and Guidelines

Charles Baley, Farmers Insurance Group, Inc. 
Michael Bouchard, Sterling Global Operations, Inc.
Cynthia P. Conlon, CPP, Conlon Consulting Corporation
William Daly, Control Risks Security Consulting
Lisa DuBrock, Radian Compliance LLC
Eugene Ferraro, CPP, CFE, PCI, SPHR, Convercent, Inc.
Mark Geraci, CPP, Purdue Pharma L.P., Chair
Bernard Greenawalt, CPP, Securitas Security Services USA, Inc.
Robert Jones, Socrates Ltd
Glen Kitteringham, CPP, Kitteringham Security Group Inc.
Michael Knoke, CPP, Express Scripts, Inc., Vice Chair
Bryan Leadbetter, CPP, Alcoa Inc.
Marc Siegel, Ph.D., Commissioner, ASIS Global Standards Initiative
Jose Miguel Sobron, United Nations
Roger Warwick, CPP, Pyramid International Temi Group
Allison Wylde, Consultant

At the time it approved this document, RA, which is responsible for the development of this Standard, had the following members:

Committee Members

Committee Co-Chair: Carol Fox, ARM, Director of Strategic and Enterprise Practice, RIMS
Committee Co-Chair: Marc Siegel, Ph.D., Commissioner, ASIS Global Standards Initiative
Commission Liaison: Glen Kitteringham, CPP, Kitteringham Security Group Inc.
Committee Secretariat: Sue Carioti, ASIS Secretariat

Kaleem Ahmed, Independent
Sean Ahrens, M.A., CPP, BSCP, CSC, Aon Corporation
Ian Alderson, CPP, Independent
Christopher Aldous, Dip SP&C (Open), CPP, PSP, Design Security Ltd
Lyle Alexander, CPP, A.R.M Specialists Ltd
Rex Alexander, HeliExperts International LLC
Kanch Algama, DynCorp International, LLC
Frank Amoyaw, LandMark Security Limited
Edgard Ansola, CISA, CISSP, CEH, CCNA, Asepeyo MATEPSS nº151
Gina Arbeau, Cadillac Fairview Ltd.
Julie Ashley, The MITRE Corporation
Paul Aube, CPP, Dessau
Don Aviv, CPP, PSP, PCI, Interfor Inc.
Pradeep Bajaj, Eagle Hunter Solutions Limited
Mark Baker, CPP, Macatoma Security Inc.
Guillaume Banville, PSP, Bell Canada
Serge Barbeau, CPP, Chartand-Barbeau
Shayne Bates, CPP, LMC Consulting Group
Mark Beaudry, CPP, Independent
Jay Beighley, CPP, CFE, Nationwide Insurance
Dan Belai, CPP, PSP, Independent
Frank Bellomo, Business Risks International
Ray Bernard, PSP, RBCS, Inc.
William Besse, Andrews International LLC
John Biddy, CPP, Independent
Robert Birdsall, CPP, Independent
Ingeborg (Inge) Black, CPP, CFE, CPOI, Appollo International
Dennis Blass, CPP, PSP, CISSP, CFE, Children’s of Alabama
John Boal, CPP, PCI, Independent
Michael Bouchard, Security Dynamics Group LLC
Gertrude Branch, American National Red Cross
Patrick Brennan, Crivello Carlson
Mitchell Brockbank, CISSP, CISA, Independent
John Brown, CPP, Thomson Reuters
Michael Brzozowski, PSP, CPP, Symcor
Dirk Buerhaus, KOETTER GmbH & Co. KG Security
David Bunch, CPP, Independent
Donald Byrne, CBCP, CDCP, Independent
James Calder, Ph.D, CPP, Independent
Herbert Calderon, CPP, PSP, CFE, Talisman Energy
John Casas, PSP, John Casas & Associates LLC
Laurie Champion, CPCU, Aon Corporation
Chee-Seng Chan, CBCP, Spot Management Services Pte., Ltd.
Antony Chattin, IRCA 9001 Lead Auditor, Maritime Security Solutions Global Ltd.
Albert Concordia, CPP, ACE Group Insurance
Bill Cooper, Northwest University
Amaury Cooper, International Relief & Development (IRD)
Jose Correa, CPP, PSP, Independent
Georges Cowan, Business Continu-IT Partners
Geoffrey Craighead, CPP, Universal Protection Service
Michael Crocker, CPP and CSC, Michael Crocker, CPP & Assoc., Inc.
Kenneth Crowther, The MITRE Corporation
Dana Curtiss, Cook County Department of Homeland Security & Emergency Management
Ali Dalipi, Villanova University
Allan Davis, Sizemore Inc.
Frank Davis, CPP, MSc. Trident Manor
Eric Davoine, Independent
Robert Day, CPP, PCI, CSP, CRSP, CHRP, CPMSIA, Office of Regulatory Change Management
Debra Decker, Independent
Donald Decker, CPP, CPM, Robson Forensic, Inc.
Sean Denson, World Vision International
Mark DeWitt, Independent
Anthony DiSalvatore, CPP, PSP, PCI, REVEL
Anthony Dobson, Independent
Richard Dobson, Luxottica
Maria Dominguez, CPP, Bank of America
Bobby Dominguez, CPP, CISSP, PMP, Infinite Computer Systems, Inc.
Daniel Donohue, CPP, Caterpillar Inc.
Jack Dowling, CPP, PSP, JD Security Consultants, LLC
Kristen Drobnis, PMP, CBCP, CSOX, CGRM, CGRM-IT, TD Bank
David Droster, The Briggs & Stratton Corporation
Johan Du Plooy, CPP, Temi Group
Jason Dury, Independent
William Eardley, Independent
Nicholas Economou, M.B.A., Cablevision Systems Corporation
Michael Edgerton, CPP, Independent
Eduard Emde, CPP, CISSP, BMKISS Europe
Robert Fay Sr., IOSSI Unexploded Ordinance, Inc.
David Feeney, CPP, AlliedBarton Security Services
Ali Ferrer, PSP, Independent
Joseph Finley, Jr., Ph.D., CPP, G4S Secure Solutions, (USA), Inc.
Windom Fitzgerald, CPP, CHS-III, CFE, Fitzgerald Technology Group
Lawrence Fitzgerald, CPP, PSP, TRC Corporation
William Foos, CPP, Gannett Fleming, Inc.
Kevin Foster, CPEng, PhD, Foster Risk Management Ptg Ltd.
Thomas Frank, CPP, AbbVie Inc.
Sherryl Fraser, Algonquin College
Rudolf Friederich, CPP, Independent
Andrew Gale, CPP, CFE, PCIP, Independent
Francis Gallagher, PSP, Good Harbor Techmark, LLC
Nanpon Gambo, CSS, Nigerian Army
Scott Gane, CPP, CRISC, Gane Security Solutions
Douglas Glenn, PMP, SimplexGrinnell LP
Salvatore Grasso, Independent
Harold Grimsley, CPP, Blue Cross Blue Shield of Florida
Jeffrey Gruber, CPP, CHS-IV, Independent
Phillip Guffey, CPP, Roche Diagnostics
Carlos Guzman, Security 101
Mark Hankewycz, CPP, The Protection Engineering Group, Inc.
Steven Harback, CPP, Independent
Jerry Hart, MSc, SGS
Jeffrey Hauk, CPP, El Paso Water Utilities
Jeffrey Hawley, ARES Security Corporation
Patrick Hayden, Monsanto
Henri Hemery, PhD, RISK&CO
Alistair Hogg, CPP and MSc, Independent
Robert Holm, McDonald's USA
Diane Huberman-Arnold, Independent
George Huff, CBCP, BCMS Auditor, MBCI, Association of Contingency Planners (ACP)
Robert Hulshouser, CPP, Independent
John Hunepohl, PSP, ASSA ABLOY
Russell Hunt, Independent
Adam Incher, CPP, ACT Government, Shared Services
Scott Jack, CPP, Baylor Health Care System
Calvin Jaeger, Independent
Celia Jarvis, SPHR, MCR, LLC
Katherine Johnson, Harsco Corporation
Tyson Johnson, CPP, Independent
Roger Johnston, CPP, Argonne National Laboratory
Nicholas Jones, CPP, Independent
Edward Jopeck, Independent
Matthew Jordan, CPP, Parsons Corporation
Richard Kibbey, CPP, PSP, Independent
Glen Kitteringham, CPP, Kitteringham Security Group, Inc.
Kelly Klatt, CPP, Loews Hotels
Don Knox, CPP, CITRMS, Caterpillar Inc.
Daniel Kropp, CPP, Towers Watson
Ellen Ku, CBCP, Association of Contingency Planners (ACP)
Michael Kuras, CBCP, CHP, AIM Specialty Health
Keith Kushner, TRC Corporation
Eliot Kushner, CPP, CHS-V, NICET, Pacific Gas & Electric
Henrik Laidlow-Petersen, Siemens Wind Power
Mukesh Lakhanpal, CPP, G4S Secure Services India Pvt. Ltd.
Ronald Lander, CPP, Ultrasafe Security Solutions
Robert Lang, Kennesaw State University
Laura Langone, JD, Juniper Networks, Inc.
Russell Law, PSP, Gralion, LLC
Donald Lee, Jr., CPP, First Citizens Bank of North Carolina
James Leflar, Jr., CPP, CBCP, MBCI, Zantech IT Services
Vickie Leighton, AMBCI, Avanade Inc.
Jeffrey Leonard, CPP, PSP, Securitas Critical Infrastructure Services, Inc.
Vincent Lombardi, Jr., E*TRADE Financial
Christopher Lowery, Celgene Corporation
James Lukaszewski, Risdall Public Relations
Grant Lundberg, First Citizens Bank of North Carolina
William Lutz, Jr., Security On-Line Systems, Inc.
Ashley MacDonald, NCSO (ACSA) CPO (IFPO), United Protection Services, Inc.
Anthony Macisco, CPP, The Densus Group
Virginia MacSuibhne, J.D., CCEP, Roche Molecular Systems
Tracy Male, CFCP, CBCA, Independent
Peter Marotto, M.Ed., Independent
Ronald Martin, CPP, Open Security Exchange
Jan Mattingly, CRM, RF, CIP, RiskResults Consulting Inc.
Christopher Mayer, Department of Defense
Joe Mazza, CHPP, Independent
Lachlan McConnell, Orion Support, Inc. (OSI)
Timothy McCreight, Government of Alberta
Daniel McGarvey, Global Skills Exchange
Raymond McGill, CPP, Care Security Systems
James McGuffey, CPP, PSP, PCI, A.C.E. Security Consultants, LLC
Russell McGuire, Riskonnect, Inc.
Victoria McKenney, ACADEMI LLC
James Mecsics, Independent
Mohamed Fadhel Meddeb, Offline Solutions LLC
Paul Michaels, CISSP, CPP, ISP, PSP, PCI, CB&I Federal Services
Murray Mills, CPP, Independent
William Minear, II, CPP, West Virginia Military Authority
Mark Mirek, Beecher Carlson
George Mitchell, Independent
David Moore, PE, CSP, AcuTech Consulting Group
William Moore, PSP, Jacobs Engineering Inc.
Pedro Moreno, AMPM Mensajería
Andrew Morey, Independent
Dennis Morgan, DMMS Solutions
Andrew Morgan, STOPline Pty Ltd.
Juan Muñoz, CPP, Associated Projects International
Francisco Muñoz, CPP, Occidental Oil and Gas Corporation
Patrick Murphy, CPP, PSP, Marriott International Inc.
Drew Neckar, CPP, Mayo Clinic Health System
Joseph Nelson, CPP, State Street
Peter Nevins, ARM, ALCM, Independent
Barry Nixon, SPHR, National Institute for Prevention of Workplace Violence, Inc. Curtis Noffsinger, CPP, PSP, Independent
Thomas Norman, CPP, PSP, Protection Partners International
Augustine Okereke, CPP, PZ Cussons Nigeria PLC
Joe Olmeda, CPP, PCI, Independent
Alexandros Paraskevas, Ph.D., Independent
Jeff Peck, PSP, City of Toronto
Jean Perois, CPP, PSP, Risk & Co.
Gene Perry, CPP, Independent
Kevin Peterson, CPP, CPOI, Innovative Protection Solutions, LLC
Axel Petri, Deutsche Telekom AG
Russ Phillips, MMTS Group
John Piper, Bearing LLC
Jose Piscione, CPP, PSP, West Corp
Frank Pisciotta, CPP, Business Protection Specialists, Inc. 
Kurt Raffai, SaskGaming Corporation
Bala Ramanan, CISM, CRISC, CBCI, Microland Ltd.
Joseph Rector, CPP, PSP, PCI, 11th Security Forces Group
Brett Reddock, M.Sc., ABCP, SEM, Unparalleled Technologies
James Reese, TigerSwan
Vince Regan, CPP, PSP, PCI, Anixter, Inc.
Shawn Reilly, CPP, CHPA, Tech Systems, Inc.
John Richardson, Initiative for Human Rights in Business
Thomas Rohr Sr., CPP, Carestream Health, Inc.
Ronald Ronacher, PSP, Arup
Craig Rydalch, CISSP, CISM, PMP, AIM Specialty Health
Michael Saad, CPP, Gane Security Solutions
Ed Schlichtenmyer, ABCP, ImpactWeather
Brian Schmidt, CPP, Independent
Michael Schroeder, CBCP, MBCI, US Equities Asset Management
Josh Schubring, CPP, Mulva International Inc.
Michael Severin, Independent
Alister Shepherd, Allen & Overy LLP
Maya Siegel, M. Siegel Associates
Jeffrey Slotnick, CPP, PSP, Setracon Inc.
Jeff Snider, The MITRE Corporation
Jose Miguel Sobron, United Nations
Christopher Spillman, PSP, Port Authority of NY & NJ, Office of Emergency Management
Gregory  Staisiunas, CPP, CTI, FISSM, Independent
Teresa Stanford, CPP, Security Engineers, Inc.
Barry Stanford, CPP, Independent
Kelly Stewart, Newcastle Consulting LLC Peter Stiernstedt, CPP, Cikraitz AB
John St-Ilma, PSP, NCSPF, Health Canada
Jeremy Sturgeon, CPP, CFE, Apple
Robert Summers, CPP, Summers Associates, LLC
Timothy Sutton, CPP, CHSS, Sorensen, Wilder & Associates (SWA)
Kenneth Szalontay, CPP, AlliedBarton Security Services
Scott Taylor, CPP, Exact Security Pty Ltd.
Scott Tezak, Professional Engineer, TRC Corporation
Rajeev Thykatt, Infosys BPO Ltd.
Yoriko Tobishima, InterRisk Research Institute & Consulting, Inc.
Lina Tsakiris, CPP, TD Bank
Ruth Unks, ARM, Maricopa County Community College District
Karim Vellani, CPP, Threat Analysis Group, LLC
Joop Verdonk, CPP, CPOI, European Security Academy
Heather Viccione, PSP, (RBS) Citizens Bank
Corey Vitello, Ph.D., Visa Inc.
Taz Wake, CISSP, CISM, CRISC, Halkyn Consulting
Todd Warren, Spring Hill College
Andrew Weaver, PSP, PMP, Markon, Inc.
Jerry Werries, First Citizens Bank of South Carolina
Michael White, CPP, CRM, Security Risk Canada
Allan Wick, CFE, CPP, PSP, PCI, CBCP, Tri-State Generation & Transmission Association, Inc.
William Wills, CPP, Independent
Wei-Ning Wong, Ph.D., CBCP, MBCI, Instramax
Loftin Woodiel, CPP, Missouri Baptist University
Greg Wurm, CPP, Anthem
Allison Wylde, SRM, Independent
Mark Yeakley, CPP, Bank of America
Michael Yip, BFL CANADA
Paul Yung, Ph.D., Deloitte Touche Tohmatsu
Davoud Zahedi, Transportation Security Administration Air Cargo Division
Richard Zijdemans, Medtronic Inc.
Mohamad Zineddin, Khalifa University
Jeffrey Zwirn, CPP, CFPS, CFE, IDS Research & Development, Inc.

Working Group Members

Committee Co-Chair: Carol Fox, ARM, Director of Strategic and Enterprise Practice, RIMS
Committee Co-Chair: Marc Siegel, Ph.D., Commissioner, ASIS Global Standards Initiative
 
Shayne Bates, CPP, LMC Consulting Group
Dennis Blass, CPP, PSP, CISSP, CFE, Children’s of Alabama
David Bunch, CPP, Independent
John Casas, PSP, John Casas & Associates LLC
Albert Concordia, CPP, ACE Group Insurance
Michael Crocker, CPP and CSC, Michael Crocker, CPP & Assoc., Inc.
Frank Davis, CPP, MSc. Security and Risk Management, Trident Manor
Donald Decker, CPP, CPM, Robson Forensic, Inc.
Sean Denson, World Vision International
Kristen Drobnis, PMP, CBCP, CSOX, CGRM, CGRM-IT, TD Bank
Johan Du Plooy, CPP, Temi Group
Jason Dury, Independent
Windom Fitzgerald, CPP, CHS-III, CFE, Fitzgerald Technology Group
Kevin Foster, CPEng, PhD, Foster Risk Management Ptg Ltd.
Thomas Frank, CPP, AbbVie Inc.
Jeffrey Gruber, CPP, CHS-IV, Independent
Alistair Hogg, CPP and MSc, Independent
George Huff, CBCP, BCMS Auditor, MBCI, Association of Contingency Planners (ACP)
Scott Jack, CPP, Baylor Health Care System
Calvin Jaeger, Independent
Glen Kitteringham, CPP, Kitteringham Security Group Inc.
James Leflar, Jr, CPP, CBCP, MBCI, Zantech IT Services
Vickie Leighton, AMBCI, Avanade Inc.
Jeffrey Leonard, CPP, PSP, Securitas Critical Infrastructure Services, Inc.
Anthony Macisco, CPP, The Densus Group
Jan Mattingly, CRM, RF, CIP, RiskResults Consulting Inc.
William Minear, II, CPP, West Virginia Military Authority
Curtis Noffsinger, CPP, PSP, Independent
Kevin Peterson, CPP, CPOI, Innovative Protection Solutions, LLC
Vince Regan, CPP, PSP, PCI, Anixter, Inc.
Jeffrey Slotnick, CPP, PSP, Setracon Inc.
Kelly Stewart, Newcastle Consulting LLC
Jeremy Sturgeon, CPP, CFE, Apple
Andrew Weaver, PSP, PMP, Markon, Inc.
William Wills, CPP, Independent

Table of Contents

RA Standard Home

ASIS Commission on Standards and Guidelines
  • Committee Members
Introduction
  • General
  • Definition of Risk Assessment
  • Quantitative and Qualitative Analysis
  • Managing Organizational and Specific Risk Assessments
  • Plan-Do-Check-Act Model

Scope

  • Scope
  • Normative References
  • Terms and Definitions
Principles
  • General
  • Impartiality, Independence, and Objectivity
  • Trust, Competence, and Due Professional Care
  • Honest and Fair Representation
  • Responsibility and Authority
  • Consutative Approach
  • Fact-Based Approach
  • Confidentiality
  • Change Management
  • Continual Improvement
Managing A Risk Assessment Program
  • General
  • Understanding the Organization and Its Objectives
  • Establishing the Framework
  • Establishing the Program
  • Implementing the Risk Assessment Program
  • Monitoring the Risk Assessment Program
  • Review and Improvement
Performing Individual Risk Assessments
  • General
  • Commencing the Risk Assessment
  • Planning Risk Assessment Activities
  • Conducting Risk Assessment Activities
  • Post Risk Assessment Activities
  • General
  • Competence

Annex A: Risk Assessment Methods, Data Collection, and Sampling

  • General
  • Types of Interactions
  • Assessment Paths
  • Sampling

Annex B: Root Cause Analysis

  • General
  • Applying Root Cause Techniques
  • Ten Steps for Effective Root Cause Analysis

Annex C: Background Screening and Security Clearances

  • General
  • Background Checks
  • Interviews
  • Privacy Protection

Annex D: Contents of the Risk Assessment Report

Annex E: Confidentiality and Document Protection

Annex F: Examples of Risk Treatment Procedures that Enhance Resilience of the Organization

  • General
  • Prevention and Mitigation Procedures
  • Response Procedures
  • Continuity Procedures
  • Recovery Procedures

Annex G: Business Impact Analysis

Annex H: Bibliography

arrow_upward