Security and Resilience in Organizations and their Supply Chains-Requirements with Guidance
|Publication Date:||1 January 2017|
This Standard specifies requirements for an integrated management system for organizations and their supply chains. The organizational resilience management system (ORMS) enables an organization to identify, assess, and manage risks related to the achievement of its strategic, operational, tactical, and reputational objectives in the organization and its supply chains. It provides a holistic framework to develop and implement policies, objectives, and programs taking into account:
a) Context of the organization and its supply chains;
b) Legal, regulatory, and contractual obligations and voluntary commitments;
c) Needs of internal and external stakeholders;
d) Uncertainties in achieving its objectives; and
e) Protection of human, tangible and intangible assets.
This Standard applies to risks and/or their impacts that the organization identifies as those it can control, influence, reduce, or exploit. It does not itself state specific performance criteria.
This Standard is applicable to any organization that wishes to:
a) Establish, implement, maintain, and improve an ORMS;
b) Assure itself of its conformity with its stated ORMS;
c) Demonstrate conformity with this Standard by:
i. Making a self-determination and self-declaration; or
ii. Seeking confirmation of its conformance by parties having an interest in the organization (such as customers); or
iii. Seeking confirmation of its self-declaration by a party external to the organization; or
iv. Seeking certification/regist
This Standard provides generic requirements as a framework, applicable to all types of organizations (or parts thereof) regardless of size and nature of operation. It is applicable to all types of activities and decision-making processes. It provides guidance for organizations to develop their own specific performance criteria, enabling the organization to tailor and implement an ORMS appropriate to its needs and those of its stakeholders. The Standard emphasizes resilience, the absorptive and adaptive capacity of an organization in a complex and changing environment. Risks are managed in a forward-looking proactive perspective to enable the organization to identify current and emerging threats and opportunities in its operations and in its supply chain. Applying this Standard enhances the organization's absorptive and adaptive capacity to avoid, prevent, withstand and emerge stronger from all manner of intentional, unintentional, and/or naturally-caused events.
This Standard enables an organization to:
a) Develop an ORMS policy;
b) Establish objectives, procedures, and processes to achieve the policy commitments;
c) Develop processes to assure competency, awareness, and training;
d) Set metrics to measure performance and demonstrate success;
e) Take action as needed to improve performance;
f) Demonstrate conformity of the system to the requirements of this Standard; and
g) Establish and apply a process for continual improvement.
Annex A provides informative guidance on system planning, implementation, testing, maintenance, and improvement.