ASIS introduces ANSI-approved standard for security risk assessments

ASIS International recently announced the release of an American National Standards Institute (ANSI)-approved standard for security risk assessments.

According to the association, the ASIS Security Risk Assessment (SRA) Standard “offers an up-to-date and forward-looking comprehensive and systematic approach to identifying, analyzing, and evaluating security risks, ultimately empowering organizations to safeguard their assets, mitigate threats and enhance resilience.”

“The ASIS Security Risk Assessment Standard is the result of extensive collaboration among a diverse group of leading security professionals with expertise in conducting security risk assessments,” said ASIS International’s SRA Technical Committee co-chair, Jennifer Holcomb, in a statement. “By outlining a systematic approach to security risk assessment, this standard empowers organizations to proactively identify threats and address vulnerabilities, ultimately strengthening their security posture.”

Features of the ASIS SRA Standard include:

• A detailed outline of the scope, objectives and principles of security risk assessments.
• Foundational elements of the SRA, including needs assessment, defining objectives, delineating roles and responsibilities, and ensuring compliance with legal and other requirements.
• Practical guidance on authorization, information gathering, planning and documentation.
• The essential steps involved in analyzing and assessing security risks, providing methodologies for both qualitative and quantitative analysis.
• The process of implementing risk treatments and establishing ongoing monitoring and improvement mechanisms.

“With security risks evolving at an unprecedented pace, it is imperative for organizations to have a robust framework in place to assess and mitigate these risks effectively. The ASIS SRA Standard provides precisely that — a comprehensive roadmap for navigating the complexities of modern security challenges,” added Sue Carioti, vice-president, certification, standards, ASIS International.

Visit the ASIS International website for additional information.