Skip to content

Security Risk Assessment Standard

The effectiveness of your security plan—every decision you make, every objective you achieve—stems from a strong process for identifying, analyzing, and evaluating risks to your organization and its assets.

That’s why you need the revised Security Risk Assessment Standard from ASIS International, an American National Standard.

This standard replaces the ANSI/ASIS/RIMS RA.1-2015 Standard and the ASIS GSRA 2003 Guideline.

Purchase the Softcover

ASIS members can enjoy a 50% discount off the list price. This Standard is also available as an eBook.

Purchase the eBook

Take advantage of the Security Risk Assessment Standard's valuable content anytime, anywhere with the Security Risk Assessment Standard eBook.

Standards & Guidelines eBooks are free to ASIS Members.

About the Standard

Senior Security Executive Cover PageEvery organization has assets (e.g., people, property, and information) it relies on to achieve their organizational strategic goals and objectives. To ensure success, the organization must ascertain their assets and apply effective measures to safeguard them.

To determine the appropriate treatments, it’s critical to conduct a security risk assessment (SRA) and identify the risks to the organization. An organization must establish a risk management process to support enterprise-wide strategic, tactical, and operational activities. An SRA provides a logical, structured, and consistent approach to assess risk. The people responsible for decision-making can then systematically select from risk treatment strategies and options based on reason and best available information.

An SRA provides the cornerstone to make informed decisions in order to address uncertainties and achieve an organization’s objectives. A comprehensive SRA is designed to consider the organization’s mission and vision, core values, and operating environment, as well as strategic, tactical, and operational objectives. It is not possible to eliminate all risk and uncertainty, but the results of the SRA inform the responsible decision maker(s) of the options to effectively manage and prioritize the risks and achieve the organization’s objectives.

This revised standard provides guidance for conducting a security-specific risk assessment, which may include physical, non-physical, and logical risks. It provides a structured process to establish the context of the SRA, plan SRA activities, and conduct the SRA (i.e., risk identification, risk analysis, and risk evaluation). This standard also provides guidance on post SRA activities and includes an example of information that may be incorporated into an SRA report.
This standard replaces the ANSI/ASIS/RIMS RA.1-2015 Standard and the ASIS GSRA 2003 Guideline.

Related Content

Security's Role in Finding and Keeping a High-Functioning WorkforceEssentials of Security Risk Assessment Certificate

A proper security risk assessment is the foundation for establishing an effective security program. The Essentials of Security Risk Assessments Certificate gives you the essential knowledge and skills to participate in a security risk assessment.

Earn Your Certificate

Security's Role in Finding and Keeping a High-Functioning WorkforceThe Science and Art of Security Risk Assessment - eBook

From a scientific perspective, a well-done risk assessment is the product of a formal step-by-step process. It requires as much hard data as possible, as well as training and education of the assessor. This data comes in the form of actual monetary values of previous losses as well as the actual times that various threats have occurred (one of the best predictors of the future is the past) and other forms of tangible numbers from events that will quantify probability, criticality and vulnerability. All of this information is presented in the new ASIS publication.

Download the eBook