Skip to content
Photo by iStock; Photo illustration by Security Management​

October 2018 ASIS News

​CPP Prep At Your Fingertips

You spoke. ASIS listened. This month, ASIS launches a completely revitalized version of the on-demand CPP Online Review course. The modernized review course not only employs a new, more user-friendly interface that can be accessed across all devices; it’s also jam-packed with enhanced study tools to help aspirants tackle all seven domains in the CPP body of knowledge.

From interactive and downloadable flashcards to quizzes that help you keep track of your learning progress, the course provides valuable resources to help master best practices for security management. 

Reviewed by certified professionals, the course condenses material into bite-sized pieces, while still maintaining comprehensive coverage of the exam’s body of knowledge.

The streamlined, self-paced CPP Online Review is a must for security professionals ready to take that next step in their career. It reflects ASIS’s continued commitment to developing the profession with globally accessible education.

Learn more at​

Celebrating 10 Years of Standards & Guidelines

ASIS International didn’t have a standard to its name in 2008. Fast forward to 2018, and ASIS has published 12 standards and eight guidelines on topics ranging from investigations to physical asset protection, from risk assessment to workplace violence. And more are in the works.

How did the Society get here? 

The ASIS Commission on Guidelines was formed in 2001 to address the growing demand for formal processes to address mounting security threats. The commission hit the ground running, producing guidelines in the areas of general security risk assessment, business continuity, facilities physical security measures, and workplace violence prevention and response.

In 2007, the ASIS Board of Directors decided to expand the Society’s work and enter the standards arena. The Commission on Guidelines changed its name to the ASIS Commission on Standards and Guidelines, and, in 2008, ASIS became an American National Standards Institute (ANSI) Accredited Standards Developer. 

Since then, ASIS has made significant advances in its standards and guidelines development. From the first standard, Chief Security Officer—An Organizational Model (CSO), to the most recent, Security and Resilience in Organizations and their Supply Chains (ORM.1), these industry best practices advance the professionalism of the security industry.

As the security landscape continues to evolve, so do the needs of practitioners, and ASIS understands the importance of a global perspective when facing the challenges that lie ahead. 

“This past year, the Commission on Standards and Guidelines took purposeful steps to broaden its membership composition with the goal of ensuring that our efforts are truly representative of industry needs and address the concerns of security professionals worldwide,” says Sue Carioti, vice president, ASIS International Certifications, Standards, and Guidelines. “This is an essential move for us in expanding our global standards footprint. To that end, diverse perspectives, fresh ideas, and a wealth of global experience will be key to success moving forward.” 

The commission continues to evolve its standards program to maximize the Society’s impact on security standards worldwide. ASIS currently serves key liaison roles on two International Organization for Standardization (ISO) technical committees that cover risk management and security and resilience.

Work is underway on new market driven standards dealing with private security officer selection and training, as well as security awareness. In addition, a new revision of workplace violence prevention and interventions (including an annex on active assailants) and a revision of the PSC.2 Standard—Conformity Assessment and Auditing Management Systems for Quality of Private Security Company Operations—are also in the works. 

“Moving ahead, members and stakeholders can expect continued advances in the future of standards and guidelines development from a global perspective,” says Bernard Greenawalt, CPP, chair, ASIS Commission on Standards and Guidelines. “ASIS is pushing in earnest to utilize the knowledge, experience, and expertise of its members and the industry at large as it continues to advance the practice of security management worldwide.”

Interested in learning more about the new direction or in getting involved? Contact [email protected].​

ESRM in Action

In 2016, ASIS made enterprise security risk management (ESRM) an organizational priority and has begun infusing this management philosophy into all the Society’s programs and services. In the months ahead, we will provide updates, as well as showcase how members are implementing ESRM in their organizations.

By David Bilson, CPP

Since 2012, the British Museum has adopted an enterprise approach to security risk management and embedded the core principles into its security strategy framework and plans. 

The museum had already operated a robust and comprehensive corporate risk approach—essential in such a major organization—including meeting requirements for risk management within the Government Security Policy Framework. While the broadest organizational risks were clearly identified and prioritized, the strategic program to address security risk was not. 

I attended the 2012 ASIS Europe Conference in London where ESRM was a central discussion in conference presentations. Combined with my CPP study and Protection of Assets knowledge, ESRM provided a foundation for building a risk management strategy.

The benefits of such a strategy for the museum were immediately obvious. While guarding the entrance and responding to alarms is important, security services for any major organization must always be about more. I worked to develop a security strategy centered on an ESRM approach, prioritizing key themes to reduce security risk across the wider enterprise, whether on the museum site or in our operations around the globe. 

Deliberately taking a broader view of security risks and engaging colleagues from outside the security department raised the levels of security awareness across the organization, contributed to delivery of risk reduction, and paid great security dividends. 

Now, whenever the threat context changes substantially, the museum is in a stronger position to respond, whether the risk comes from terrorism, travel, or employee background screening.

The ESRM approach supports key decision making around resources and agreeing on priorities. More and more, I realize that the work of the CSO is never complete and ever evolving. 

An enterprise approach to security risk management has provided a clear understanding of the criticality and priority of security risks and identified a strategic approach to addressing and mitigating against them.​

Promoting Safe Cyber Practices This October

ASIS joins the U.S. Department of Homeland Security and the European Union Agency for Network and Information Security in recognizing October as Cyber Security Awareness Month.

Tune in to ASIS social media accounts all month long for updated best practices for staying safe online. Join us in helping to spread the word about the ever-present risks associated with Internet use, and ways people can protect themselves against these risks. 

Find a collection of ASIS IT Security Council and other cybersecurity resources at​


ASIS congratulates Lawrence J. Fennelly on becoming a Life Member. He has been an ASIS member for more than 41 years, during which he has served as a council chair for various councils. 

He currently sits on the School Safety and Security Council and the Active Assailant Initiative. He was instrumental in the creation of the ASIS Security Industry Book of the Year Award, and he has written and contributed to many books published by ASIS.