ISO Publishes "Security and resilience - Guidelines for complexity assessment process"

Como, 6-th November, 2018. ISO, the International Organization for Standardization, has published the ISO 22375, Security and resilience -- Guidelines for complexity assessment process. According to ISO, “This document gives guidelines for the application of principles and a process for a complexity assessment of an organization's systems to improve security and resilience. A complexity assessment process allows an organization to identify potential hidden vulnerabilities of its system and to provide an early indication of risk resulting from complexity.“

The ISO 22375 originates from the UNI 11613 published in 2015 and impulsed by Ontonix. Ontonix is principal co-author of UNI 11613.

“We are pleased to have contributed to the ISO 22375” said Dr. J. Marczyk, the founder and President of Ontonix. “Complexity-induced risk is a new form of risk, introduced by Ontonix and the management of which Ontonix has pioneered since its founding in 2005. Complexity-induced risk is today the most insidious form of risk", he added. “We do, however, have reservations as to ISO 22375. First of all, it provides a subjective assessment in that it is based on arbitrarily assigned weights. Second, the analysis procedure has a stong linear flavour and discounts the presence of critical complexity. This last fact indicates that the standard leans heavily towards a qualitative analysis, neglecting such fundamental principles of physics as the Second Law of Thermodynamics. Finally, the standard speaks of resilience but no measure of resilience is proposed or discussed”, he concluded.

Jacek Marczyk

Visionary, scientist, businessman and writer with over 35 years of experience in QUANTITATIVE large-scale Uncertainty and Complexity Management in diverse fields (manufacturing, finance, economics).

Author of nine books on simulation, uncertainty and complexity management, rating.

Developed in mid 90s the theory of eigenvalue orbits, a generalization of the concept of eigenvalue.

In 2000-2005 has developed the first Quantitative Complexity Theory (QCT), including a comprehensive measure of complexity.

Founded Ontonix Complexity Management in 2005 in the USA and launched in 2006 the first commercial system for MEASURING and managing complexity: OntoSpace.

In 2007 launched first on-line Resilience Rating for businesses, an objective and transparent rating system:

In 2009 delivered real-time technology to measure the complexity and stability of patients during operation or permanence in Intensive Care Units.

Developed a new theory of risk and rating published in 2009 in a book entitled "A New Theory of Risk and Rating".

Over last decade develops quantitative complexity management (QCM) technology and solutions for applications in economics, finance, Risk Rating and Management as well as in Asset Management and medicine. In the past five years works towards the democratization of ratings.

In 2013 he founded London-based Assetdyne, focusing on design of complexity-based high-performance portfolios and complexity-based asset allocation and asset management.

He is currently focusing on creating a new Rating Agency and a fund which will be managed via complexity technology (QCT).