ISO 22342 Security and resilience - Protective security - Guidelines for the development of a security plan
This project will result in an International Standard that provides guidelines for the development of an organizational security plan. This document is applicable to any organization (regardless of size, sector and status) that wishes to implement or enhance prevention and protection measures against malicious acts, including the protection of: people, physical assets (facilities and their equipment) and intangible assets (e.g. strategic information, reputation, finance capital). This document also proposes basic elements as regards with emergency and crisis management which is fully part of an overall protection of an organization.
This document intent is to provide the fundamental elements to improve the protection of the organization. The omission of a protective security measure from this standard does not mean that such a measure is not valid and/or irrelevant. This document does not provide specific criteria for identifying the need to implement or enhance prevention and protection measures against malicious acts. It is not the intent to provide a comprehensive list of all protective security measures/devices nor all technical protective security equipment. This document is not intended to cover services and operations delivered by private security companies
Jean-Marc Picard (France), the project leader responsable for the development of ISO 22342 explains:
"In a world that has become complex and uncertain, it is difficult today for organizations to deal with ever more numerous, protean and interlaced threats (such as terrorism, industrial espionage, cybercrime, theft against assets. Today, the question for an organization is no longer whether it will be impacted by a malicious act but when it will be.
Malicious acts against organizations impact people (e.g. employees, visitors, customers…), physical assets (facilities and equipment), intangible assets (e.g. strategic information, reputation, finance capital), and even jeopardize their survival. It is therefore essential today for organizations to protect themselves against malicious acts.
However, to date, there is only a variety of fuzzy or nonexistent practices, and there is not a common frame of reference for any organization, including small and medium-sized organizations, supporting them to develop a security plan. Such a plan allows them to reduce the occurrence and consequences of malicious acts to which they may be or are confronted, and thus improving their overall security."