Till innehåll på sidan

ISO 22342 Security and resilience - Protective security - Guidelines for the development of a security plan

This International Standard provides guidelines for the development of an organizational security plan. This document is applicable to any organization (regardless of size, sector and status) that wishes to implement or enhance prevention and protection measures against malicious acts, including the protection of: people, physical assets (facilities and their equipment) and intangible assets (e.g. strategic information, reputation, finance capital). This document also proposes basic elements as regards with emergency and crisis management which is fully part of an overall protection of an organization.

This document intent is to provide the fundamental elements to improve the protection of the organization. The omission of a protective security measure from this standard does not mean that such a measure is not valid and/or irrelevant. This document does not provide specific criteria for identifying the need to implement or enhance prevention and protection measures against malicious acts. It is not the intent to provide a comprehensive list of all protective security measures/devices nor all technical protective security equipment. This document is not intended to cover services and operations delivered by private security companies

Jean-Marc Picard (France), the project leader responsable for the development of ISO 22342 explains:Jean Marc Picard

"In a world that has become complex and uncertain, it is difficult today for organizations to deal with ever more numerous, protean and interlaced threats (such as terrorism, industrial espionage, cybercrime, theft against assets. Today, the question for an organization is no longer whether it will be impacted by a malicious act but when it will be.

Malicious acts against organizations impact people (e.g. employees, visitors, customers…), physical assets (facilities and equipment), intangible assets (e.g. strategic information, reputation, finance capital), and even jeopardize their survival. It is therefore essential today for organizations to protect themselves against malicious acts.

However, to date, there is only a variety of fuzzy or nonexistent practices, and there is not a common frame of reference for any organization, including small and medium-sized organizations, supporting them to develop a security plan. Such a plan allows them to reduce the occurrence and consequences of malicious acts to which they may be or are confronted, and thus improving their overall security."

ISO 22342 has the following essential characteristics:

  • Recalls the basics of security management
  • Emphasizes the importance of governance
  • Provides for accountability
  • Considers confidentiality
  • Suitable for all types of organizations included small and medium
  • Outlines an agile approach
  • Oriented process standard: it’s not a system standard
  • Adaptable to existing security plans and management systems
  • Not restrictive : accessible to everyone
  • Not overly prescriptive

ISO 22342:2023Security and resilience — Protective security — Guidelines for the development of a security plan for an organization, is available from ISO national member institutes. It may also be obtained directly from the ISO Central Secretariat, respectively through the ISO Store or by contacting the Marketing, Communication & Information department.