Risk mitigation guidelines released. (ASIS News).
ASIS recognizes that as the preeminent organization for security professionals worldwide, it has an important role to play in helping the private sector protect business and critical infrastructure from terrorist attacks. "ASIS previously had chosen not to promulgate guidelines and standards but felt that whatever concerns it had in the past paled in comparison to the need for a professional security organization to be at the forefront of this initiative," says Chad Callaghan, CPP, co-chairman of the commission and vice president of loss prevention services for Marriott International. "After all, America's private sector controls 90 percent of the critical infrastructure that makes our economy run--we needed to stand up and take this initiative."
"In creating the commission, we also recognized the unique needs of other security groups, says Don W. Walker, the commission's co-chairman, as well as chairman and CEO of Pinkerton's Inc. "We included representation from organizations such as the International Security Management Association, the National Association of Security Companies, the American Hotel and Lodging Association, and the Security Industry Association (SIA) to be certain we had the broad representation needed to lay the groundwork for consensus-based guidelines and standards," he explains.
ASIS also has established a working relationship with the Department of Homeland Security and was approved by the American National Standards Institute as an accredited standards developer. In addition, the Society has been invited to participate in the Security Industry Standards Council, which was created by the SIA to assist in reviewing standards that are being developed by other organizations.
The Guidelines Commission will continue to reach out to other groups, including the National Fire Protection Association, to collaborate on future guidelines. It also has established procedures for how additional guidelines will be submitted, reviewed, and developed. The commission hopes the entire 32,000-person member base of ASIS will eventually assist in the development of guidelines through its multiple councils.
Rating risk. The risk guideline developed by the commission is applicable in any environment where people or assets are at risk. It provides a methodology by which security professionals can identify security risks at a specific location and determine the appropriate solutions. The guideline also includes definitions of terms, a process flow chart, a large bibliography, and an appendix to provide explanatory material that illustrates issues such as approach and methodology.
The commission's recommended approach and framework for conducting general security risk assessments is a multistep process that includes: identifying the people and assets at risk; specifying loss or risk vulnerabilities or previous events; establishing the probability of loss risk and frequency of events; determining the financial, psychological, and related costs associated with the loss of tangible or intangible assets; developing options to mitigate risks through physical, procedural, logical, or related security processes; studying the feasibility of implementing each option; and performing a cost/benefit analysis.
The guidelines include commentary that explores each of these steps. When, for example, examining the frequency of events, the guideline counsels, "the practitioner may want to query how often an exposure exists per event type...if the event is robbery of customers in the parking lot, then the relevant inquiry may be how often customers are in the lot and for how long when walking to and from their vehicles. If the event is the rape of a resident in an apartment building, then the inquiry may focus on how often the vulnerable population is at risk. If the event were a natural disaster such as a hurricane, the practitioner would certainly want to know when hurricane season takes place."
As another example, the commentary explains that "direct costs" may include financial losses associated with the event, increased insurance premiums, labor expenses, punitive damages awards not covered by ordinary insurance, and other tolls, while indirect costs may include negative media coverage, long-term negative consumer perception, additional public relations costs, and poor employee morale, leading to work stoppages and higher turnover.
To obtain a copy of the guidelines, contact ASIS Customer Services at 703/519-6200, or visit ASIS Online at www. asisonline.org.
-- Sean A. Ahrens, CPP, senior security manager, Gage-Babcock, and a member of the Guidelines Commission, contributed to this article.
|Printer friendly Cite/link Email Feedback|
|Author:||Ahrens, Sean A.|
|Date:||Mar 1, 2003|
|Previous Article:||Strategic moves in the news.|