What is PRISM®?
A Performance and Risk-based Integrated Security Methodology
PRISM® is a complete security risk management framework that can be implemented and managed by the owner or operator of any asset.
Security Risk Management Methodology
It defines a benchmark for organisations who wish to demonstrate a competency in security risk management to internal and external stakeholders, in a language comparable to that of Health, Safety and Environment [HSE] and Enterprise risk management.
Most infrastructure assets share similar characteristics even though the environment they operate in can be very different. So PRISM® incorporates two key features:
- The Security Risk Model: The analysis and assessment of security risk that informs the technical design and delivery of security systems.
- The Risk Environment: The environment that security risk model has to operate within. Unless this environment is conducive to the model, it will not be effective.
At the moment PRISM® is available as a printed document in the Reference Security Management Plan prepared for the European Commission. This has been written as a guidebook for security managers to use and refer to with templates and examples used throughout.
Updates to the Reference Security Management Plan will be captured in the software that will be available from early 2011. The PRISM® software will be available under licence to organisations to apply as a corporate security risk management framework across multiple-sites. The software will allow updated feeds on intelligence information, security systems developments or enhancements to the methodology to be distributed quickly.
During Q2 2011 e-learning options will be available making it possible to educate staff who work in or are affected by security risk.