The new Risk Assessment standard will be developed jointly between ASIS International (ASIS) and RIMS (the Risk and Insurance Management Society, Inc.) and will provide a basis for a generic process for risk assessments enabling objective analysis of the efficacy of risk management controls that protect an organization’s assets. It will address operational risks and does not include financial risks.  Risk assessment includes: threat / hazard identification, asset identification, risk analysis, criticality analysis, vulnerability analysis, consequence analysis, and business impact analysis.  The Standard will use a process approach with the Plan-Do-Check-Act model.  Annexes will provide examples of quantitative and qualitative methodologies for risk assessment.

 

ASIS-International Standards and Guidelines