ISO 22342:2023
Security and resilience — Protective security — Guidelines for the development of a security plan for an organization
This document gives guidance on developing and maintaining security plans. The security plan describes how an organization establishes effective security planning and how it can integrate security within organizational risk management practices.
This document is applicable to all organizations regardless of type, size and nature, whether in the private, public or not-for-profit sectors, that wish to develop effective security plans in a consistent manner.
This document is applicable to any organization intending to implement measures designed to protect their assets against malicious acts and mitigate their associated risks.
This document does not provide specific criteria for identifying the need to implement or enhance prevention and protection measures against malicious acts. It does not apply to services and operations delivered by private security companies.
| Get this standard | Prices exclude GST | |
|---|---|---|
| PDF ( Single user document) |
$126.00 NZD
|
|
| Networkable PDF |
Price varies
|
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Security planning
5 Components of the security plan
5.1 General
5.2 Governance
5.2.1 General
5.2.2 Security objectives
5.2.3 Scope of the security plan
5.2.4 Leadership
5.2.5 Legal and regulatory
5.2.6 Roles, accountabilities and responsibilities
5.2.7 Communication
5.2.8 Documented information
5.2.9 Reporting
5.2.10 Evaluation
5.2.11 Continuous improvement
5.3 Management of risk
5.3.1 General
5.3.2 Security risk scope, context and criteria
5.3.3 Assessment
5.3.4 Treatment
5.3.5 Acceptance level for residual security risk
5.3.6 Communication and consultation
5.3.7 Monitoring and review
5.3.8 Documentation management and recording
5.4 Security controls
5.4.1 General
5.4.2 Levels of protection
5.4.3 Procedures for security controls
5.4.4 Operational level controls and treatments
5.4.5 Contingency planning for low likelihood and unforeseen situations
5.4.6 Timelines for security activities
5.5 Security controls process
5.5.1 General
5.5.2 Selection
5.5.3 Implementation, testing and evaluation
5.5.4 Monitoring activities
5.5.5 Determining effectiveness
Bibliography
Keep me up-to-date
Sign up to receive updates when there are changes to this standard
Related Information
Similar Standards
-
AS/NZS 2201.1:2007
Intruder alarm systems - Client's premises - Design, installation, commissioning and maintenance
-
AS/NZS 2201.5:2008
Intruder alarm systems - Alarm transmission systems
-
AS/NZS 3016:2002
Electrical installations - Electric security fences
-
AS/NZS 3016:2002 A1
Electrical installations - Electric security fences: Amendment 1
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Security planning
5 Components of the security plan
5.1 General
5.2 Governance
5.2.1 General
5.2.2 Security objectives
5.2.3 Scope of the security plan
5.2.4 Leadership
5.2.5 Legal and regulatory
5.2.6 Roles, accountabilities and responsibilities
5.2.7 Communication
5.2.8 Documented information
5.2.9 Reporting
5.2.10 Evaluation
5.2.11 Continuous improvement
5.3 Management of risk
5.3.1 General
5.3.2 Security risk scope, context and criteria
5.3.3 Assessment
5.3.4 Treatment
5.3.5 Acceptance level for residual security risk
5.3.6 Communication and consultation
5.3.7 Monitoring and review
5.3.8 Documentation management and recording
5.4 Security controls
5.4.1 General
5.4.2 Levels of protection
5.4.3 Procedures for security controls
5.4.4 Operational level controls and treatments
5.4.5 Contingency planning for low likelihood and unforeseen situations
5.4.6 Timelines for security activities
5.5 Security controls process
5.5.1 General
5.5.2 Selection
5.5.3 Implementation, testing and evaluation
5.5.4 Monitoring activities
5.5.5 Determining effectiveness
Bibliography