When looking at how organizations have been impacted by new regulations since 9/11, it seems appropriate to note the trend among global organizations toward the development of risk management and resilience programs. While it is neither possible nor desirable to eliminate all risks, it is necessary for organizations to prioritize and determine a risk strategy to cost-effectively establish adaptive, proactive, and reactive approaches to control risks. To adequately manage the risks of disruptive events and assure resilience, organizations must engage in a comprehensive and systematic process of prevention, protection, preparedness, mitigation, response, continuity, and recovery.
In 2009, ASIS published the “Organizational Resilience: Security, Preparedness and Continuity Management Systems- Requirements with Guidance for Use Standard.” This standard provides steps necessary to prevent, prepare for, and respond to a disruptive incident and ensure the organization’s resilience. The standard was adopted by the U.S. Department of Homeland Security (DHS) for the DHS Private Sector Preparedness (PS-Prep) Program. It is available for free download at www.asisonline.org.