ASIS International this week announced that its' Physical Asset Protection Standard has received approval from the American National Standards Institute.
The standard, which was developed by a technical committee consisting of more than 80 members from 17 countries, provides security managers with a comprehensive approach to identify, apply and manage physical security measures to safeguard an organization’s assets, which include its personnel, property and information.
Work first began on the standard in 2010 when members of ASIS in the UK developed an asset protection draft standard, which was used as a starting point for the full technical committee.
"It was quite an enterprise getting this done," said. Dr. Marc Seigle, commissioner of the ASIS Global Standards Initiative. "(The technical committee) was a nice cross section of people from all different kinds of walks and countries that are involved in security management. The other thing that was very nice about this group, it also spanned public and private sector, as well as people that are involved in physical asset protection and information security protection. The convergence between information and physical security and the ideas behind them were well represented."
According to Seigle, the most important thing about the standard is that is focuses on the entire process of physical asset protection and is not just simply a "catalog of methodologies."
"It’s taking you through the thought process and how you integrate this into a management-type approach," he explained. "It’s built using the ISO-style management system approach and it’s built in a way that works with existing management system standards, and in particular, it was written to work with the organizational resilience standard (the ANSI/ASIS SPC.1). That way you can integrate your physical asset protection into an overall management system that’s looking at both protection, but also response and recovery to events taking place."
Seigle added that one of the drivers behind the standard was to make it a "user-friendly business tool" that looks at security management as part of an entire organization. "Security managers are really looking at how they create and protect value for the organization," he said.
Receiving ANSI approval is important for end-users, according to Seigle, because it shows them and the senior executives they answer to that the standard was developed using a transparent process, which thereby provides it with more credibility.
"For us, it’s important because it validates the process we use. To be a standards development organization, we have to have a process that ANSI audits, certifies and that way people know that it’s an open and transparent process we use to develop standards and that we include stakeholders who will both be using the standard and be impacted by the standard," Seigle said. "For the end-user, it’s good to know that it was approved by ANSI because they then know that we did follow a defined process. This isn’t just one or two people’s opinions who sat down in a closed room and decided that this is what they think is the best practice."
For more information or to download the new standard, visit www.asisonline.org.