Revised ASIS Security Risk Assessment Standard

June 2024 Training & Education

ASIS International has announced the release of a revised American National Standards Institute (ANSI ) - approved standard dedicated to security risk assessments. The ASIS Security Risk Assessment (SRA) Standard has been revised and designed to revolutionise how organisations assess and manage security risks. Developed by a team of seasoned security professionals, the ASIS SRA Standard offers an up-to-date and forward-looking comprehensive and systematic approach to identifying, analysing, and evaluating security risks, ultimately empowering organisations to safeguard their assets, mitigate threats, and enhance resilience.

“The ASIS Security Risk Assessment Standard is the result of extensive collaboration and expertise from a diverse group of leading security professionals with expertise in conducting security risk assessments,” stated ASIS International’s SRA Technical Committee Co-Chair, Jennifer Holcomb, PE, PMP, PSP, CPP, CPD. “By outlining a systematic approach to security risk assessment, this standard empowers organisations to proactively identify and address vulnerabilities, ultimately strengthening their security posture."

The ASIS SRA Standard sets the benchmark for excellence in security risk assessment practices. With its robust framework and detailed guidance, this standard equips security practitioners with the tools and methodologies needed to conduct thorough and effective security risk assessments in diverse environments.

Key features of the ASIS SRA Standard include: 

Comprehensive scope: The standard provides a detailed outline of the scope, objectives, and principles of security risk assessments, ensuring that all aspects of the assessment process are thoroughly covered.

Establishing the SRA context: This section delves into the foundational elements of the SRA, including needs assessment, defining objectives, delineating roles, and responsibilities, and ensuring compliance with legal and other requirements.

Preparing SRA activities: This section offers practical guidance on authorisation, information gathering, planning, and documentation; preparing practitioners to execute the SRA process. 

Conducting SRA activities: From risk identification to evaluation, this section outlines the essential steps in analysing and assessing security risks, providing methodologies for both qualitative and quantitative analysis.

Post-SRA activities: Following the assessment, this section guides organisations through implementing risk treatments and establishing ongoing monitoring and improvement mechanisms.

General principles: This section emphasises impartiality, objectivity, competence, confidentiality, and the ethical and professional standards that underpin the SRA process. 

Contents of the Security Risk Assessment Report: This section provides a template for reporting findings and recommendations and ensures clarity and consistency in communicating assessment outcomes.

With its emphasis on best practices, transparency, and continual improvement, the ASIS SRA Standard is poised to become the go-to resource for security professionals worldwide. Whether you are a seasoned practitioner or new to the field, this standard offers invaluable insights and detailed guidance for enhancing your organisation's security posture.

The ASIS Security Risk Assessment Standard is now available as an eBook and in print.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Gallagher Security launches Augmented Reality Training in Australia
Gallagher Training & Education Access Control & Identity Management
Gallagher Security has announced the latest addition to its innovative suite of training solutions, Augmented Reality Training, demonstrating its continued commitment to innovation and improving access to security training opportunities.

Read more...
SAIDSA achieves ISO 9001 certification
SAIDSA(SA Intruder Detection Services Association) Associations News & Events Training & Education
The South African Intruder Detection Services Association (SAIDSA) has announced that it has achieved ISO 9001:2015 certification. This milestone reflects its commitment to quality management and excellence in the security services industry.

Read more...
Tips and tools for trade businesses
News & Events Training & Education
ServCraft brings together trade industry associations and corporations to launch blox, a digital content platform and community impacting lives, businesses and industries across hundreds of thousands of trade business SMEs.

Read more...
Africa Online Safety Platform launched in SA
Training & Education News & Events
Impact Amplifier, with the financial support of Google.org, launched its African Online Safety Platform (AOSP), a platform providing a rich repository of research, education content, funding opportunities and ways to seek help after an online crime.

Read more...
South African Keiron PRO laser target system
News & Events Training & Education
Jacstech, based in Cape Town, South Africa, has been appointed to supply a complete Keiron PRO laser training system to the SIRT Academy. The SIRT Academy is a firearms and tactics training facility in Perugia, Italy.

Read more...
Practical guide to protect data privacy
Training & Education Information Security
The Data Privacy Toolkit, reflecting the evolving landscape of data privacy, includes guidelines and recommendations to safeguard sensitive information crucial for protecting sensitive information from malicious actors.

Read more...
ONVIF releases first add-on for secure communications
Surveillance Training & Education
ONVIF has released the final version of the TLS Configuration add-on to increase the security of communications between devices and software clients within a physical security system.

Read more...
Mastering security awareness in the digital era
Security Services & Risk Management Training & Education
Human error and lack of security awareness remain the first security threat. Companies must consider the importance of managing employee cyber risk and the significance of training and awareness programmes.

Read more...
Preparing young entrepreneurs
News & Events Training & Education
Liquid Intelligent Technologies SA recently announced that its Youth Empowerment Programme is successfully preparing young South Africans with the skills they need to succeed in a digital future.

Read more...
Free South Africa Market Report webinar from TAPA EMEA
Technews Publishing Editor's Choice News & Events Transport (Industry) Training & Education Logistics (Industry)
October 2023 offers TAPA EMEA members and non-members opportunities to increase their knowledge of cargo crime and supply chain security risks in three countries in Europe, the Middle East & Africa region, where supply chains are most targeted by both organised crime groups and other offenders.

Read more...