Security Standards

Security standards will change the landscape of how security professionals do business. It is imperative that security professionals should create security standards. Therefore, it is entirely appropriate for ASIS International to be involved developing security standards. Security standards will serve the needs of security professionals by increasing the effectiveness and productivity of security practices and solutions, as well as enhancing the professionalism of the industry.

To advance security practices through the development of standards and guidelines on a worldwide basis, ASIS Intl. participates in the U.S. national standards setting organization, the American National Standards Institute (ANSI). ASIS also participates in international standards-setting initiatives as a member of the International Organization for Standardization (ISO). Participation ensures that ASIS provides a voice of security professionals in developing global security standards.

What are Standards?
Standards are not regulations. They are a set of voluntary criteria, guidelines and best practices used to enhance the quality, performance, reliability and consistency of products, services and/or processes. Standards are seen as one of the major dynamic tools to help nations, communities, societies, organizations and individuals improve their resilience in the face of security threats — both natural and man-made.

ASIS members and nonmembers (which may include qualified representatives of industry, research institutes, public authorities, consumer or professional bodies) are invited to participate in the process. The ASIS Commission on Guidelines and Standards, the promulgating body within ASIS Intl., initiates the process to develop security management standards. The standards drafting and development is conducted by technical committees comprised of experts representing organizations interested in or affected by the subject matter. Committee balance and openness, as well as processes of impartiality and transparency, ensure content relevancy, credibility and broad acceptance.

Volunteers can help in two ways. First, ASIS committees and working groups initiate, comment on and approve drafts and proposals. Their efforts provide consensus positions, particularly as they relate to ANSI and ISO standards. Second, ASIS working groups develop new drafts in collaboration with other national standards groups. These drafts can be presented for submission to ISO as it considers new standards. In addition, they can become the template for a new ASIS guideline or evolve into workshops and training to enhance the skills of security professionals.

ASIS Standards and Guidelines Commission committees have focused on: business continuity; Chief Security Officers; facilities’ physical security measures; general security risk assessment; information asset protection; pre-employment background screening; private security officers; threat advisory system response; workplace violence prevention and response; Organizational Resilience: Security Preparedness and Continuity Management Systems – Requirements with Guidance for Use; auditing management systems for security, preparedness and continuity management with guidance for application; and facilities physical security management.

ASIS is now in the process of forming committees that will begin the process of developing two new American National Standards. The business continuity management systems standard will be based on the ASIS Business Continuity Guideline, and the risk assessment standard will be based on the ASIS General Security Risk Assessment Guideline. Both will serve as complements to standards development efforts currently underway in ISO.

The Business Continuity Management American National Standard, based on the ASIS guideline, will include auditable criteria for preparedness, crisis management, business and operational continuity, and disaster management.

The General Security Risk Assessment American National Standard, based on the ASIS guideline, will provide a basis for the objective analysis of the efficacy of risk management controls that protect an organization’s assets. It will address operational risks and not financial risks.

Organizations, including those in the global business community, not-for-profit entities, educational institutions, government agencies and more will likely be directly impacted by these standards.

Societal Security
These proposed standards will be designed to be incorporated into the family of Societal Security Management System Standards, which integrates a range of interconnected disciplines, including asset protection (human, physical, environmental, financial and intangible), security, risk management, recovery management and disaster management. Societal Security standardization addresses the challenges an organization, group or society may face before, during and after a disruptive event. That disruptive event may be natural, technological and/or human, either unintentional or intentional.

“Given the finite resources of organizations, it is imperative that they have business-friendly tools to address any array of threats, hazards and risks they may face,” says Marc Siegel, ASIS Intl.’s security management system consultant. “Standards will be playing an ever-increasing role in the management of operational risks organizations face. An integrated approach can help avoid segregating, or siloing, risks.”

Specifics on 15 ASIS standards and guidelines are available at (click on Standards and Guidelines in the left navigation).

F. Mark Geraci, CPP, CFE, is senior director of Corporate Security for Bristol-Myers Squibb Company. He holds memberships in ASIS Intl., and was elected and served as a member of the ASIS Board of Directors from 1993-1999. In 1998, he became ASIS’s 43rd President, and in 1999 its Chairman of the Board. For more information, or to volunteer, email or call (703) 519-6200.