(Click to enlarge)

Organizational Resilience: Security, Preparedness and Continuity Management Systems – Requirements with Guidance for Use provides an approach for organizations to improve their resilience performance and increase preparedness, according to ASIS.

This management system Standard (referred to as the “Standard”) has applicability in the private, not-for-profit, non-governmental, and public sector environments. It is a management framework for action planning and decision making needed to anticipate, prevent if possible, and prepare for and respond to a disruptive incident (emergency, crisis, or disaster). It enhances an organization’s capacity to manage and survive the event, and take all appropriate actions to help ensure the organization’s continued viability. Regardless of the organization, its leadership has a duty to stakeholders to plan for its survival. The body of this document provides generic auditable criteria to establish, check, maintain, and improve a management system to enhance prevention, preparedness (readiness), mitigation, response, continuity, and recovery from disruptive incidents.

This Standard is designed so that it can be integrated with quality, safety, environmental, information security, risk, and other management systems within an organization. A suitably designed management system can thus satisfy the requirements of all these standards (see Annex B). Organizations that have adopted a process approach to management systems (e.g., according to ISO 9001:2000, ISO 14001:2004, and/or ISO/IEC 27001:2005) may be able to use their existing management system as a foundation for the organizational resilience (OR) management system as prescribed in this Standard.