Printer Friendly

Risk mitigation guidelines released. (ASIS News).

Last year, ASIS International established the ASIS Guidelines Commission to address the need for security guidelines and standards in the United States, which had become clear since September 11, 2001. The group's first mission was "to advance the practice of security through the development of risk mitigation guidelines." To that end, the commission has released a General Security Risk Assessment Guideline, officially known as ASIS GLCO 01 012003. The guideline is now available free of charge to ASIS members in printed form or on its Web site.

ASIS recognizes that as the preeminent organization for security professionals worldwide, it has an important role to play in helping the private sector protect business and critical infrastructure from terrorist attacks. "ASIS previously had chosen not to promulgate guidelines and standards but felt that whatever concerns it had in the past paled in comparison to the need for a professional security organization to be at the forefront of this initiative," says Chad Callaghan, CPP, co-chairman of the commission and vice president of loss prevention services for Marriott International. "After all, America's private sector controls 90 percent of the critical infrastructure that makes our economy run--we needed to stand up and take this initiative."

"In creating the commission, we also recognized the unique needs of other security groups, says Don W. Walker, the commission's co-chairman, as well as chairman and CEO of Pinkerton's Inc. "We included representation from organizations such as the International Security Management Association, the National Association of Security Companies, the American Hotel and Lodging Association, and the Security Industry Association (SIA) to be certain we had the broad representation needed to lay the groundwork for consensus-based guidelines and standards," he explains.

ASIS also has established a working relationship with the Department of Homeland Security and was approved by the American National Standards Institute as an accredited standards developer. In addition, the Society has been invited to participate in the Security Industry Standards Council, which was created by the SIA to assist in reviewing standards that are being developed by other organizations.

The Guidelines Commission will continue to reach out to other groups, including the National Fire Protection Association, to collaborate on future guidelines. It also has established procedures for how additional guidelines will be submitted, reviewed, and developed. The commission hopes the entire 32,000-person member base of ASIS will eventually assist in the development of guidelines through its multiple councils.

Rating risk. The risk guideline developed by the commission is applicable in any environment where people or assets are at risk. It provides a methodology by which security professionals can identify security risks at a specific location and determine the appropriate solutions. The guideline also includes definitions of terms, a process flow chart, a large bibliography, and an appendix to provide explanatory material that illustrates issues such as approach and methodology.

The commission's recommended approach and framework for conducting general security risk assessments is a multistep process that includes: identifying the people and assets at risk; specifying loss or risk vulnerabilities or previous events; establishing the probability of loss risk and frequency of events; determining the financial, psychological, and related costs associated with the loss of tangible or intangible assets; developing options to mitigate risks through physical, procedural, logical, or related security processes; studying the feasibility of implementing each option; and performing a cost/benefit analysis.

The guidelines include commentary that explores each of these steps. When, for example, examining the frequency of events, the guideline counsels, "the practitioner may want to query how often an exposure exists per event type...if the event is robbery of customers in the parking lot, then the relevant inquiry may be how often customers are in the lot and for how long when walking to and from their vehicles. If the event is the rape of a resident in an apartment building, then the inquiry may focus on how often the vulnerable population is at risk. If the event were a natural disaster such as a hurricane, the practitioner would certainly want to know when hurricane season takes place."

As another example, the commentary explains that "direct costs" may include financial losses associated with the event, increased insurance premiums, labor expenses, punitive damages awards not covered by ordinary insurance, and other tolls, while indirect costs may include negative media coverage, long-term negative consumer perception, additional public relations costs, and poor employee morale, leading to work stoppages and higher turnover.

To obtain a copy of the guidelines, contact ASIS Customer Services at 703/519-6200, or visit ASIS Online at www. asisonline.org.

-- Sean A. Ahrens, CPP, senior security manager, Gage-Babcock, and a member of the Guidelines Commission, contributed to this article.
COPYRIGHT 2003 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2003 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Ahrens, Sean A.
Publication:Security Management
Geographic Code:1USA
Date:Mar 1, 2003
Words:777
Previous Article:Strategic moves in the news.
Next Article:Guardsmark[R].
Topics:


Related Articles
Pre-seminar programs.
Pre-Seminar Programs.
Foster wins Noggle Award.
Business Continuity Guideline issued.
ASIS president corrects press conceptions on private security.
ASIS International.
ASIS International.
ASIS International.
ASIS International.
ASIS International.

Terms of use | Privacy policy | Copyright © 2020 Farlex, Inc. | Feedback | For webmasters