ISC Updates to the Risk Management Process

Details

The ISC's Risk Management Process: An Interagency Security Committee Standard, 2024 Edition(RMP Standard) is the ISC’s core doctrine that establishes a single, formalized process for assessing risk and determining federal facility security requirements. The RMP is a five-step process that enables organizations to make informed decisions, prioritize risk mitigation efforts, and allocate resources effectively.

As required by Executive Order 14111 to "enhance the quality and effectiveness of security in the protection of buildings and facilities," the ISC Standards Subcommittee reviewed, sought membership input, and updated the RMP Standard over a two-year timeframe. Significant updates and enhancements include:   

• Consolidates and revises the Risk Management Process into a five-step methodology.
• Updates Facility Security Level (FSL) Matrix values to match other values within the risk management process.
• Limits use of the baseline Level of Protection (LOP).
• Implements recurring training requirements for tenants, security organizations, and owning/leasing organizations.
• Modifies facility security committee (FSC) meeting frequencies, voting and decision process.
• Offers additional information on resourcing security countermeasures.
• Expands guidance on the process associated with accepting risk.
• Specifies roles and responsibilities for agencies, security organizations, and owning/leasing organizations.
• Incorporates compliance reporting and compliance verification requirements.
• Revises and expands performance measurement approaches.
• Articulates protection from liability.
• Improves forms and templates.

The recorded webinar can be found on the ISC Portal on TRIPwire.