Skip to content

ESRM Update: New Education, Guidelines, and Maturity Model

​ASIS volunteer leaders are making great strides in advancing Enterprise Security Risk Management (ESRM), which was adopted by the ASIS Board of Directors as a priority initiative in July 2016.

At the January 2018 Leadership Conference, ASIS announced the creation of four member-led value streams that would begin infusing ESRM principles into ASIS products, services, and culture.

These groups, focused on Education, Standards and Guidelines, creation of a Maturity Model, and Marketing are each led by a subject matter expert and a representative from the ASIS Board of Directors, and comprised of a cadre of volunteer leaders.

 As project leads, it gives us great pleasure to share some of the key deliverables you will be hearing more about in the week ahead.


The ESRM Education group developed an "ESRM 101" module that explains baseline concepts. The material defines ESRM, explains what it is and isn't, discusses the role of the security manager in ESRM, and details the benefits of that approach.

This fundamental information is currently incorporated in presentations for chapter and council leaders to explain ESRM to their constituents, and it was included on Sunday as part of the daylong pre-conference program "The ESRM Life-Cycle and Convergence of Physical and Cyber-Security."

The ESRM 101 concepts will be made available to members on a forthcoming ASIS Online microsite. They will also be covered in the following GSX education sessions, which include a sneak peek at the soon to be unveiled Maturity Model tool: "ESRM and ASIS: Know More About Enterprise Security Risk Management," Monday, September 24, 10:30-11:45 a.m.; and "What You Need To Know About ESRM," Tuesday, September 25, 11:00 a.m.-12:15 p.m. ESRM 101 principles will continue to evolve, with later iterations to be more detailed and advanced.


The ESRM Standards and Guidelines group released a preliminary ESRM guide—the first in the industry—just in time for GSX. Stop by the ASIS Hub (Booth #3557) to view the document and connect with members of the working group.

This project is ongoing, and the ASIS Standards & Guidelines Commission will now consider developing the document into an official ASIS guideline. Stay tuned for more details.


The ESRM Maturity Model group has been developing a user-friendly model and application that ASIS members can use to measure the maturity of their security program against the ESRM philosophy and approach.

This tool will be demoed at select education sessions, and a launch date for the tool is expected to be announced at GSX.


The ESRM Marketing and Communications ESRM Update: New Education, Guideline, and Maturity Model group will be at the ASIS Hub throughout the week. Do you have an ESRM story to tell? Or need help understanding or explaining ESRM to colleagues? Stop by the Hub and connect with the team. We are here to help! Or, send your contact info to esrm@ and we'll set up a time to connect onsite.

Tim McCreight, CPP, is ESRM Initiative board sponsor, and Rachelle Loyear is ESRM Initiative program manager.