DHS Adopts ASIS National Organizational Resilience Standard

• Jun 21, 2010

The Department of Homeland Security has announced the adoption of the ASIS American National Standard for Organizational Resilience for the DHS’s Private Sector Preparedness (PS-Prep) Program.

The ANSI/ASIS SPC.1-2009 Standard, titled “Organizational Resilience: Security, Preparedness and Continuity Management Systems -- Requirements with Guidance for Use,” provides a holistic approach to cost-effectively improve any organization’s resilience and preparedness performance.

ANSI/ASIS SPC.1-2009, also known as the ASIS Organizational Resilience Standard, is the only standard that helps an organization design a balanced system to reduce the likelihood and minimize the consequences of disruptive events.

It provides a framework for businesses to assess the risks of disruptive events, develop a proactive strategy for prevention, response and recovery, establish performance criteria, and evaluate opportunities for improvement. It empowers an organization to implement an organizational resilience management system appropriate to its needs and those of its stakeholders. The standard can be used by any organization wishing to enhance its resilience and preparedness, as well as seek certification recognized by PS-Prep.

“In light of the recent events in the Gulf, the importance of resilience cannot be understated,” said ASIS International President Joseph R. (Bob) Granger, CPP. “Preparing for, responding to and recovering from a disruption is not enough. Organizations need to be able to assess the potential for a disruption and minimize the likelihood. They also need to adapt to an ever-changing environment.”

“This standard provides organizations with a flexible tool they can use to tailor their resilience and preparedness needs to meet their business needs,” Granger said. “ASIS International is proud that the DHS has selected this standard to help businesses effectively address potential disruptions.”

One of only three preparedness standards included in PS-Prep, the ASIS standard takes an enterprise-wide view of risk management, enabling an organization to develop a comprehensive strategy to prevent when possible, prepare for, mitigate, respond to, and recover from a disruptive incident. It is the only American National Standard in the PS-Prep program that is 100 percent compatible with existing ISO management system standards, enabling a cost-saving integrated application with other internationally recognized ISO management system standards.

The importance of the ANSI/ASIS SPC.1-2009 was recently validated by ISO’s decision to develop an international standard for Organizational Resilience.

The ASIS standard is applicable to all sizes and types of organizations, from public to private, small to multinational, in manufacturing, service, storage or transportation, that want to:

• Create a balanced strategy for both likelihood and consequence reduction for incident prevention and management.
• Establish, implement, maintain and improve an organizational resilience management system.
• Demonstrate resiliency and continuity for supply chain and contractual agreements.
• Assure conformance with stated organizational resilience management policy.
• Implement a maturity model approach to cost-effectively enhance resilience performance.
• Make a self-determination and self-declaration of conformance with ANSI/ASIS SPC.1-2009.
• Seek certification/registration of its organizational resilience management system by an accredited third-party certification body.
• Leverage an existing investment in other ISO management system standards (e.g. ISO 9001, ISO 14001, ISO 27001, ISO 28000) to improve security, preparedness and continuity performance.
• Integrate plans for managing the risks of disruptive events into their enterprise-wide risk management programs, consistent with the ISO 31000 for risk management.

“By adopting the ANSI/ASIS Organizational Resilience Standard, PS-Prep offers organizations a business-friendly, globally tested and proven method based on the ISO management system standard model, to improve their resilience and preparedness performance,” said Mark Geraci, CPP, chairman of the ASIS Commission on Standards and Guidelines.

As a complement to this effort, ASIS is offering a two-and-a-half-day class on Organizational Resilience: Implementing and Auditing the ANSI/ASIS American National Standard. Attendees will learn to implement the ANSI/ASIS standard, identify necessary steps to establish and maintain an organizational resilience management system, understand the conduct of risk assessments and impact analysis to support decision making for resilience, and establish an effective internal auditing program to evaluate and improve performance.

ASIS Standards and Guidelines are developed through a consensus standards-development process which seeks to advance security and resilience practices. This process brings together volunteers and/or seeks out the views of people who have an interest in the topic covered. This standard is available through the ASIS website, http://www.asisonline.org.