by Brianna Crandall — October 21, 2015—ASIS International, the global organization for security professionals, and RIMS, the education and advocacy society for the global risk management community, have jointly announced the release of the new ANSI/ASIS/RIMS RA.1-2015 Risk Assessment Standard. This Standard provides guidance on developing and sustaining a coherent and effective risk assessment program. Both ASIS and RIMS are ANSI Accredited Standards Developers.
The standard represents leading practices from 250 global security and risk management professionals and provides a framework for robust risk assessment programs.
For executives around the globe, managing risk effectively has become a more complex and critical responsibility, points out ASIS. In a global economy, organizations look upon their risk and security practitioners as essential facilitators for achieving successful business results.
The new ASIS/RIMS Risk Assessment Standard provides a framework and process for organizations to establish an ongoing program to evaluate risks and conduct individual risk assessments. The Standard complements the ISO 31000 Risk Management — Principles and Guidelines Standard and the ISO 31010:2009 Risk management — Risk Assessment Techniques Standard cataloguing risk assessment methodologies by providing a blueprint for the risk assessment process.
ASIS Global Standard Initiative Commissioner Dr. Marc Siegel stated:
Managing risk is about managing uncertainties in order to achieve strategic, tactical and operational objectives. This includes identifying opportunities, minimizing potential losses, and building a more resilient organization and supply chain. It is essential that decision-makers have accurate and dynamic information on uncertainties and their potential outcomes in order to help better assure their organizations thrive and survive. The ASIS/RIMS Risk Assessment Standard provides a blueprint for addressing enterprise-wide risk at all levels and regardless of the source.
The standard presents a basis for a universal and integrated approach to risk management, including:
- Building a risk assessment program;
- Understanding the context for risk assessments;
- Conducting a risk assessment; and
- Using risk assessment outcomes for decision-making.
Carol Fox, RIMS director, Strategic and Enterprise Risk Practice, added:
In this standard, we focus on the primary value of risk assessments, which is informing responsible and accountable decision-makers as to what choices are available to effectively manage risk in achieving objectives. Therefore, we included guidance on types of risk assessments, understanding biases, and the competence of risk assessors.
ASIS and RIMS members get one free download of the ANSI/ASIS/RIMS RA.1-2015 Risk Assessment Standard through their respective Web sites. Others are welcome to purchase the standard through either organization’s online stores. View the Executive Summary (PDF) on the ASIS Web site.
ASIS is also conducting a free Webinar presentation on the new standard on Thursday, October 29, 2015, at 12:00-1:30 pm (ET), called “Conducting Risk Assessments Using the New American National Standard.”
