Standards Development

Scope

COPE The scope of the project is described in the draft document ISO 22340 as:

This document gives guidance on the enterprise protective security architecture and the framework of protective security policies, processes and controls necessary to mitigate and manage security risks across the protective security domains, including:

a) security governance;

b) personnel security;

c) information security;

d) cyber security;

e) physical security.

This document is applicable for any organization.

Purpose

As outlined in the introduction to the draft ISO 22340, the project aims to produce an international standard that meets a global need for organizations to formulate and integrate their protective security controls in a way that is based on risk management principles and strategically aligned with the interests of the organization. It details an enterprise architecture and integrated policy framework within which the diverse community of security-related policy, processes and practices can be coordinated.

Where until now there have been many un-related security standards, the clear and aligned set of principles, outcomes and controls contained in the draft document ISO 22340 will help organization better protect their assets, including people, information and physical assets from security risks; and deliver a range of benefits, including uniformity, increased dialogue among adoptees (and more uniform continual improvement), development of vertical solutions, agility through clear understanding and ease of uptake across the security profession and communities, regardless of sector. In addition, strategic alignment of standards work in the security domain that will be enabled by this framework standard will over time deliver a much more coherent constellation of security-related standards, both new and amended.