ANSI ORM.1:2017 pdf download.SECURITY AND RESILIENCE IN ORGANIZATIONS AND THEIR SUPPLY CHAINS -REQUIREMENTS WITH GUIDANCE.
0.1 General
ANSI ORM.1 recognizes the complex risk landscape facing organizations and their supply chains requires an integrated, comprehensive and systematic risk-based approach for managing risks to enhance survivability, sustainability and resilience, as well as identify and pursue opportunities for improvements. The Standard emphasizes proactive risk and business management to support the pursuit of objectives and opportunities as well as a process of prevention, protection, preparedness, readiness, mitigation, response, continuity and recovery from undesirable and disruptive events. This Standard provides a single integrated management system to eliminate “siloing” of risk, enabling an organization to more efficiently anticipate and plan for naturally, accidentally, or intentionally caused events, using a single management system standard.
ANSI ORM.1 recognizes that organizations do not operate in isolation but rather as part of a complex and interconnected ecosystem. It is not sufficient to manage just internal organizational risks, but it is essential for organizations to take a systems approach and understand the risk characteristics and interactions with individuals, organisations, the community and society. To properly manage risk, organizations need to assess the internal and external context of their activities, functions, products and services. This includes the risk factors related to its end-to-end supply chain, interdependencies and dependencies.
ANSI ORM.1 takes a jurisdictional/country and discipline neutral approach to managing the uncertainties in achieving the organization’s strategic, operational, tactical, and reputational objectives. Risk management is viewed from a proactive and forward-looking perspective to protect and create value for the organization and its stakeholders. In order to build resilience, organizations need to continually integrate and optimize their risk and business management processes. By fully integrating its risk management processes throughout its enterprise-wide business management activities, the organization is empowered to make informed decisions based on best available information.
Resilience, as defined in this Standard is: “The absorptive and adaptive capacity of an organization in a complex and changing environment.” Therefore, resilience is about building capacity, rather than an end-point, and includes:
a) A convergence and integration of systems to manage its human, tangible and intangible assets (including addressing risks associated with information and communications technology products and services);
b) Building a capacity for proactive risk management which identifies indicators of opportunities, change and adversity to enable an organization to take pre-emptive measures to pursue positive outcomes and minimize negative outcomes;
c) An agility and flexibility capacity in risk and business management processes aligned with time dependencies and needs for change.ANSI ORM.1 pdf download.