Copyright 2015 ASIS International

Transcription

1 Dr. Marc Siegel Commissioner Global Standards Initiative ASIS International Brussels, Belgium Security and Resilience Standards Changing the business of security management KAITS International Industrial Security Seminar 27 October 2015

2 Standards Setting the Benchmark for Professional Practice Views security and resilience management as facilitators of overall business and risk management. Risk management is tailored to the business not vice-versa. Risk manager that recognizes that it is about value creation, products, and services. For organizations to cost-effectively manage risk they must develop balanced strategies to adaptively, proactively and reactively to minimize events with negative outcomes and exploit opportunities for positive outcomes. 2

3 Bottom Line: Risk Managers are Business Managers Old View New View Event Focused Objectives Focused

4 Risk Management IS a discipline for building a strong organizational foundation IS a competency for informed decision making IS a process for maximizing opportunities while minimizing harm and loss IS used to support proactive measures to enhance agility and the adaptive capacity of an organization IS NOT an end in and of itself, but a capability for achieving objectives 4

5 Risk Assessment Drives Decision Making Risk management is based on specific business objectives and is objectives focused Risk assessment is defined in terms of organizational objectives Key performance indicators linked to business objectives Risk management supports decision making, and is therefore proactive Risk management protects and creates value Risk management process consistency depends on clear governance structure 5

6 Identify Value Understanding the Organization What is important to the organization? What are short, medium, and longterm strategic, tactical and operational objectives? What are the human, tangible and intangible assets? What and who determines value? What are the measures of success? What is the risk attitude? 6

7 Navier Stokes Equations Provide the Basis for Risk Management The Navier Stokes equations are nonlinear partial differential equations describing almost every real situation.

8 PDCA - Plan - Do - Check - Act Approach to structured problem solving focused on continual improvement Act Standardize Solution Review and Define Next Issues Plan Define & Analyze a Problem and Identify the Root Cause Check Confirm Outcomes Against Plan Identify Deviations and Issues Do Devise a Solution Develop Detailed Action Plan & Implement It Systematically 8

9 American National Standard ANSI/ASIS PSC Management System for Quality of Private Security Company Operations Requirements with Guidance ANSI/ASIS PSC provides auditable requirements for third party certification of private security service providers working for any client. A management system approach for quality of private security services and the assurance of human rights. Builds on the Montreux Document and International Code of Conduct. 9

10 International Organization for Standardization Version Developed by ISO/PC284 International ISO standard based on the ANSI/ASIS.PSC.1 Considered an equivalent to the ANSI/ASIS.PSC.1 Normative references: Montreux Document on Pertinent International Legal Obligations and Good Practices for States related to Operations of Private Military and Security Companies during Armed Conflict (09/2008) International Code of Conduct for Private Security Service Providers (ICoC) (11/2010) Guiding Principles on Business and Human Rights; Implementing the United Nations Protect, Respect and Remedy Framework

11 American National Standard ANSI/ASIS PSC Conformity Assessment and Auditing Management Systems for Quality of Private Security Company Operations ANSI/ASIS PSC provides requirements for certification bodies providing independent third party certification of private security service providers working for any client. Supplement to ISO/IEC 17021:2011. Provides criteria for auditing and certification process, as well as required auditor competence. 11

12 American National Standard ANSI/ASIS PSC Maturity Model Phased Implementation ANSI/ASIS PSC provides a series of structured steps designed to help as organization: Evaluate where they currently are with regard to security, risk, and human rights management Set goals for where they want to go Benchmark where they are relative to the goals Plot a business sensible path to get there Achieve a balance between business needs, and time and financial constraints. Establish achievable and maintainable goals within resource constraints. 12

13 PSC.1 Basic Flow Diagram

14 Reality A Systems Approach

15 A Management Tool Not a Management System The standards provide industry good practices to establish an investigations or risk assessment program and conduct individual investigations or assessments. It is a management tool designed to be integrated into any security/risk/business management system. Provides a basis to demonstrate a credible documented, and repeatable investigative process consistent with jurisdictional laws and regulations. Helps the organization achieve its objectives. 15

16 American National Standard ANSI/ASIS/RIMS RA The standard is a guidance document: Describes the risk assessment process Provides a basis for internal auditing and continual improvement Provides a framework for establishing and implementing an organizational risk assessment program including: Principles of risk assessments Establishing and managing an organizational risk assessment program Conducting internal and external risk assessments Conducting individual risk assessments Guidance on the evaluation of competence of individuals involved in the risk assessment process. 16

17 Risk Assessment PDCA Flow Diagram 17

18 American National Standard ANSI/ASIS INV The standard is a guidance document: No certification requirement Provides a basis for internal auditing and continual improvement Provides a framework for establishing and implementing an organizational investigations program including: Principles of investigations Establishing and managing an organizational investigations program Conducting internal and external investigations Conducting individual investigations Guidance on the evaluation of competence of individuals involved in the investigation process. 18

19 Investigation PDCA Flow Diagram 19

20 Supply Chain Risk Management: Compilation of Best Practices Developed in collaboration with the Supply Chain Risk Leadership Council. Provides a framework for collecting, developing, understanding, and implementing current best practices for supply chain risk management (SCRM). Practitioner s guide to SCRM within the organization and its endto-end supply chain. Provides guidelines and tools to assess and address supply-chain risks. Submitted to ISO as a NWIP. 20

21 Don t Put the Cart Before the Horse It s all about value creation, resilience, and agility in the organization.

22 Thank You Questions? Dr. Marc Siegel Commissioner Global Standards Initiative ASIS International European Bureau Brussels, Belgium Download ANSI/ASIS Standards: 22