iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO 22340:2024

(Main)

Security and resilience — Protective security — Guidelines for an enterprise protective security architecture and framework

Security and resilience — Protective security — Guidelines for an enterprise protective security architecture and framework

This document provides guidance on the enterprise protective security architecture and the framework of protective security policies, processes and types of controls necessary to mitigate and manage security risks across the protective security domains, including: a) security governance; b) personnel security; c) information security; d) cybersecurity; e) physical security. This document is applicable for any organization.

Sécurité et résilience — Sûreté préventive — Lignes directrices pour une architecture et un cadre de sûreté préventive de l’entreprise

Le présent document fournit des recommandations relatives à l’architecture de sûreté préventive de l’entreprise et au cadre des politiques, processus et types de contrôles en matière de sûreté préventive, nécessaires pour atténuer et gérer les risques liés à la sûreté dans l’ensemble des domaines de la sûreté préventive, y compris: a) la gouvernance de la sûreté; b) la sûreté du personnel; c) la sécurité de l’information; d) la cybersécurité; e) la sûreté physique. Le présent document est applicable à tout organisme.

General Information

Status
Published
Publication Date
31-Oct-2024
ICS
03.100.01 - Company organization and management in general
13.310 - Protection against crime
Technical Committee
ISO/TC 292 - Security and resilience
Drafting Committee
ISO/TC 292 - Security and resilience
Current Stage
6060 - International Standard published
Start Date
01-Nov-2024
Due Date
01-Nov-2024
Completion Date
01-Nov-2024
Ref Project

Buy Standard

ISO 22340:2024 - Security and resilience — Protective security — Guidelines for an enterprise protective security architecture and framework Released:11/1/2024ISO 22340:2024 - Security and resilience — Protective security — Guidelines for an enterprise protective security architecture and framework Released:11/1/2024
PreviousNext
Standard
ISO 22340:2024 - Security and resilience — Protective security — Guidelines for an enterprise protective security architecture and framework Released:11/1/2024
English language
31 pages
sale 15% off
Preview
sale 15% off
Preview
ISO 22340:2024 - Sécurité et résilience — Sûreté préventive — Lignes directrices pour une architecture et un cadre de sûreté préventive de l’entreprise Released:11/1/2024ISO 22340:2024 - Sécurité et résilience — Sûreté préventive — Lignes directrices pour une architecture et un cadre de sûreté préventive de l’entreprise Released:11/1/2024
PreviousNext
Standard
ISO 22340:2024 - Sécurité et résilience — Sûreté préventive — Lignes directrices pour une architecture et un cadre de sûreté préventive de l’entreprise Released:11/1/2024
French language
31 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)


International
Standard
ISO 22340
First edition
Security and resilience — Protective
2024-11
security — Guidelines for an
enterprise protective security
architecture and framework
Sécurité et résilience — Sûreté préventive — Lignes directrices
pour une architecture et un cadre de sûreté préventive de
l’entreprise
Reference number
© ISO 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Enterprise protective security architecture . 4
4.1 General .4
4.2 Integration.5
4.3 Elements of the architecture .5
5 Protective security principles and domains . 6
5.1 Protective security principles .6
5.2 Protective security domains .7
6 Security governance domain . 7
6.1 Objective.7
6.2 Security controls .8
6.2.1 The responsible security executive .8
6.2.2 Security management structure .9
6.3 Implementation . .19
7 Personnel security domain .20
7.1 Objective. 20
7.2 Security controls . 20
7.2.1 General . 20
7.2.2 Eligibility and suitability of personnel .21
7.2.3 Ongoing assessment of personnel .21
7.2.4 Separating personnel .21
7.2.5 Cooperation between human resources and security in applying controls .21
7.3 Implementation . .21
8 Information security domain .22
8.1 Objective. 22
8.2 Security controls . 23
8.2.1 Business impact and security classification of information . 23
8.2.2 Control access to the organization’s information . 23
8.3 Implementation . .24
9 Cybersecurity domain . .24
9.1 Objective.24
9.2 Security controls . 25
9.2.1 Defining the system and selecting security controls . 25
9.2.2 Implementing and evaluating security controls . 25
9.2.3 Authorizing cyber systems . 25
9.2.4 M onitoring cyber systems . 25
9.3 Implementation . 26
9.4 Rapid development of the digital domain . 26
10 Physical security domain . .26
10.1 Objective. 26
10.2 Security controls .27
10.2.1 Organizational physical assets .27
10.2.2 Organizational facilities.27
10.3 Implementation . .27
11 Developing the organization’s security maturity .28
Bibliography .31

iii
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 292, Security and resilience.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

iv
Introduction
This document aims to meet a global need for organizations to formulate and integrate their protective
security controls in a way that is based on risk management principles and strategically aligned with the
interests of the organization. It details an enterprise architecture and integrated framework within which a
diverse suite of security-related policy, processes and practices can be coordinated.
Clarity on what protective security is, what it means, how it can be implemented, and how its benefits can
be measured, will be helpful to managers, regardless of the sector. This is particularly important for the
many organizations that have expended substantial resources on various security measures that have not
necessarily been coordinated or informed by the full range of security risk. In an increasingly complex
security environment, this document aims to provide clarity in this regard and to provide a basis for better
enterprise security outcomes as a result.
This document:
a) Provides guidance on how organizations and their managers can implement and manage coherent
protective security arrangements.
b) Demonstrates t
...


Norme
internationale
ISO 22340
Première édition
Sécurité et résilience — Sûreté
2024-11
préventive — Lignes directrices
pour une architecture et un cadre
de sûreté préventive de l’entreprise
Security and resilience — Protective security — Guidelines for an
enterprise protective security architecture and framework
Numéro de référence
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO 2024
Tous droits réservés. Sauf prescription différente ou nécessité dans le contexte de sa mise en œuvre, aucune partie de cette
publication ne peut être reproduite ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique,
y compris la photocopie, ou la diffusion sur l’internet ou sur un intranet, sans autorisation écrite préalable. Une autorisation peut
être demandée à l’ISO à l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Genève
Tél.: +41 22 749 01 11
E-mail: copyright@iso.org
Web: www.iso.org
Publié en Suisse
ii
Sommaire Page
Avant-propos .v
Introduction .vi
1 Domaine d’application . 1
2 Références normatives . 1
3 Termes et définitions . 1
4 Architecture de sûreté préventive de l’entreprise . 5
4.1 Généralités .5
4.2 Intégration.5
4.3 Éléments de l’architecture .5
5 Principes et domaines de la sûreté préventive . 6
5.1 Principes de sûreté préventive .6
5.2 Domaines de la sûreté préventive .7
6 Domaine de gouvernance de la sûreté . 8
6.1 Objectif.8
6.2 Contrôles de sûreté .8
6.2.1 Le responsable de la sûreté .8
6.2.2 Structure de management de la sûreté .9
6.3 Mise en œuvre .19
7 Domaine de la sûreté du personnel .20
7.1 Objectif. 20
7.2 Contrôles de sûreté .21
7.2.1 Généralités .21
7.2.2 Éligibilité et adéquation du personnel .21
7.2.3 Évaluation continue du personnel .21
7.2.4 Départ du personnel.21
7.2.5 Coopération entre les ressources humaines et la sûreté dans l’application des
contrôles .21
7.3 Mise en œuvre . 22
8 Domaine de la sécurité de l’information .23
8.1 Objectif. 23
8.2 Contrôles de sûreté . 23
8.2.1 Classification des informations en fonction de l’impact sur l’activité et de la
sûreté . 23
8.2.2 Contrôler l’accès aux informations de l’organisme .24
8.3 Mise en œuvre .24
9 Domaine de la cybersécurité .25
9.1 Objectif. 25
9.2 Contrôles de sûreté . 25
9.2.1 Définition du système et sélection des contrôles de sûreté . 25
9.2.2 Mise en œuvre et évaluation des contrôles de sûreté . 25
9.2.3 Autorisation des cybersystèmes . 26
9.2.4 Surveillance des cybersystèmes. 26
9.3 Mise en œuvre . 26
9.4 Développement rapide du domaine du numérique .27
10 Domaine de la sûreté physique .27
10.1 Objectif.27
10.2 Contrôles de sûreté . 28
10.2.1 Actifs matériels de l’organisme . 28
10.2.2 Installations organisationnelles . 28
10.3 Mise en œuvre . 28

iii
11 Développer la maturité de l’organisme en matière de sûreté .29
Bibliographie .31

iv
Avant-propos
L'ISO (Organisation internationale de normalisation) est une fédération mondiale d'organismes nationaux
de normalisation (comités membres de l'ISO). L'élaboration des Normes internationales est en général
confiée aux comités techniques de l'ISO. Chaque comité membre intéressé par une étude a le droit de faire
partie du comité technique créé à cet effet. Les organisations internationales, gouvernementales et non
gouvernementales, en liaison avec l'ISO participent également aux travaux. L'ISO collabore étroitement avec
la Commission électrotechnique internationale (IEC) en ce qui concerne la normalisation électrotechnique.
Les procédures utilisées pour élaborer le présent document et celles destinées à sa mise à jour sont
décrites dans les Directives ISO/IEC, Partie 1. Il convient, en particulier, de prendre note des différents
critères d'approbation requis pour les différents types de documents ISO. Le présent document a
été rédigé conformément aux règles de rédaction données dans les Directives ISO/IEC, Partie 2 (voir
www.iso.org/directives).
L’ISO attire l’attention sur le fait que la mise en application du présent document peut entraîner l’utilisation
d’un ou de plusieurs brevets. L’ISO ne prend pas position quant à la preuve, à la validité et à l’applicabilité de
tout droit de brevet revendiqué à cet égard. À la date de publication du présent document, l’ISO n'avait pas
reçu notification qu’un ou plusieurs brevets pouvaient être nécessaires à sa mise en application. Toutefois,
il y a lieu d’avertir les responsables de la mise en application du présent document que des informations
plus récentes sont susceptibles de figurer dans la base de données de brevets, disponible à l'adresse
www.iso.org/brevets. L’ISO ne saurait être tenue pour responsable de ne pas avoir identifié tout ou partie de
tels droits de propriété.
Les appellations commerciales éventuellement mentionnées dans le présent document sont données pour
information, par souci de commodité, à l’intention des utilisateurs et ne sauraient constituer un engagement.
Pour une explication de la nature volontaire des normes, la signification des termes et expressions
spécifiques de l'ISO liés à l'évaluation de la conformité, ou pour toute information au sujet de l'adhésion de
l'ISO aux principes de l’Organisation mondiale du commerce (OMC) concernant les obstacles techniques au
commerce (OTC), voir www.iso.org/avant-propos.
Le présent document a été élaboré par le comité technique ISO/TC 292, Sécurité et résilience.
Il convient que l’utilisateur adresse tout retour d’information ou toute question concernant le présent
document à l’organisme national de normalisation de son pays. Une liste exhaustive desdits organismes se
trouve à l’adresse www.iso.org/fr/members.html.

v
Introduction
Le présent document vise à répondre à un besoin global des organismes de formuler et d’intégrer leurs
contrôles de sûreté préventive d’une manière qui soit fondée sur les principes de management du risque
et stratégiquement alignée sur les intérêts de l’organisme. Il décrit en détail une architecture d’entreprise
et un cadre intégré au sein desquels un ensemble divers de politiques, de processus et de pratiques lié
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO 22388:2023(Main)
Security and resilience — Authenticity, integrity and trust for products and documents — Guidelines for securing physical documents

This document gives guidance on how to secure physical documents for specifying entities of physical documents. It establishes a procedure for security design, which includes: — risk assessment; — determination of document classes; — introduction of security features; — security evaluation; — document risk mitigation. This document is applicable to secure physical documents that are used for important actions such as validating value transactions, providing access, demonstrating compliance and securing products. This document does not apply to banknotes, machine-readable travel documents, driving licences, postage stamps, tax stamps, health cards or national identity cards covered by existing standards and regulations.

  • Standard
    36 pages
    English language
    sale 15% off
  • Standard
    39 pages
    French language
    sale 15% off
ISO
ISO 22342:2023(Main)
Security and resilience — Protective security — Guidelines for the development of a security plan for an organization

This document gives guidance on developing and maintaining security plans. The security plan describes how an organization establishes effective security planning and how it can integrate security within organizational risk management practices. This document is applicable to all organizations regardless of type, size and nature, whether in the private, public or not-for-profit sectors, that wish to develop effective security plans in a consistent manner. This document is applicable to any organization intending to implement measures designed to protect their assets against malicious acts and mitigate their associated risks. This document does not provide specific criteria for identifying the need to implement or enhance prevention and protection measures against malicious acts. It does not apply to services and operations delivered by private security companies.

  • Standard
    11 pages
    English language
    sale 15% off
  • Standard
    12 pages
    French language
    sale 15% off
ISO
ISO 22341:2021(Main)
Security and resilience — Protective security — Guidelines for crime prevention through environmental design

This document provides guidelines to organizations for establishing the basic elements, strategies and processes for preventing and reducing crime and the fear of crime at a new or existing built environment. It recommends the establishment of countermeasures and actions to treat crime and security risks in an effective and efficient manner by leveraging environmental design. Within this document, the term "security" is used in a broad manner to include all crime, safety and security-specific applications, so it is applicable to public and private organizations, regardless of type, size or nature. While this document provides general examples of implementation strategies and best practices, it is not intended to provide an exhaustive listing of detailed design, architectural or physical security crime prevention through environmental design (CPTED) implementation strategies or restrict the potential applications to only those examples provided in this document.

  • Standard
    23 pages
    English language
    sale 15% off
  • Standard
    23 pages
    English language
    sale 15% off
  • Standard
    25 pages
    French language
    sale 15% off
  • Standard
    25 pages
    French language
    sale 15% off
  • Standard
    25 pages
    French language
    sale 15% off
ISO
ISO 22388:2023(Main)
Security and resilience — Authenticity, integrity and trust for products and documents — Guidelines for securing physical documents

This document gives guidance on how to secure physical documents for specifying entities of physical documents. It establishes a procedure for security design, which includes: — risk assessment; — determination of document classes; — introduction of security features; — security evaluation; — document risk mitigation. This document is applicable to secure physical documents that are used for important actions such as validating value transactions, providing access, demonstrating compliance and securing products. This document does not apply to banknotes, machine-readable travel documents, driving licences, postage stamps, tax stamps, health cards or national identity cards covered by existing standards and regulations.

  • Standard
    36 pages
    English language
    sale 15% off
  • Standard
    39 pages
    French language
    sale 15% off
ISO
ISO 22342:2023(Main)
Security and resilience — Protective security — Guidelines for the development of a security plan for an organization

This document gives guidance on developing and maintaining security plans. The security plan describes how an organization establishes effective security planning and how it can integrate security within organizational risk management practices. This document is applicable to all organizations regardless of type, size and nature, whether in the private, public or not-for-profit sectors, that wish to develop effective security plans in a consistent manner. This document is applicable to any organization intending to implement measures designed to protect their assets against malicious acts and mitigate their associated risks. This document does not provide specific criteria for identifying the need to implement or enhance prevention and protection measures against malicious acts. It does not apply to services and operations delivered by private security companies.

  • Standard
    11 pages
    English language
    sale 15% off
  • Standard
    12 pages
    French language
    sale 15% off
ISO
ISO 22341:2021(Main)
Security and resilience — Protective security — Guidelines for crime prevention through environmental design

This document provides guidelines to organizations for establishing the basic elements, strategies and processes for preventing and reducing crime and the fear of crime at a new or existing built environment. It recommends the establishment of countermeasures and actions to treat crime and security risks in an effective and efficient manner by leveraging environmental design. Within this document, the term "security" is used in a broad manner to include all crime, safety and security-specific applications, so it is applicable to public and private organizations, regardless of type, size or nature. While this document provides general examples of implementation strategies and best practices, it is not intended to provide an exhaustive listing of detailed design, architectural or physical security crime prevention through environmental design (CPTED) implementation strategies or restrict the potential applications to only those examples provided in this document.

  • Standard
    23 pages
    English language
    sale 15% off
  • Standard
    23 pages
    English language
    sale 15% off
  • Standard
    25 pages
    French language
    sale 15% off
  • Standard
    25 pages
    French language
    sale 15% off
  • Standard
    25 pages
    French language
    sale 15% off
ISO
ISO/TR 5863:2025(Main)
Integrative design of the building envelope — General principles

This document provides an overview of the design principles for the building envelope in order to achieve a high quality and energy efficient built environment. The design principles include: — thermal performance; — daylight and visual environment; — air quality; — provisions of natural and mechanical ventilation; — air barrier (airtightness); — watertightness; — moisture proof; — soundproofing; — sustainability and integration with technical building systems and controls. This document is applicable to new buildings and the retrofit of existing buildings.

  • Technical report
    18 pages
    English language
    sale 15% off
ISO
ISO 16823:2025(Main)
Non-destructive testing — Ultrasonic testing — Through-transmission technique

This document specifies the principles of ultrasonic through-transmission techniques. Through-transmission techniques can be used for: — detection of discontinuities; — determination of sound attenuation. The general principles required for the use of ultrasonic testing of industrial products are described in ISO 16810. The through-transmission technique is used for the testing of flat products, e.g. plates and sheets. Further, it can be used for tests, for example: — where the shape, dimensions or orientation of possible discontinuities are unfavourable for direct reflection; — of materials with high sound attenuation; — on thin test objects.

  • Standard
    12 pages
    English language
    sale 15% off
ISO
ISO 4379:2024(Main)
Plain bearings — Copper alloy bushes — Dimensions and tolerances

This document specifies dimensions and tolerances for cylindrical and flanged bushes with inside diameter, d1, in the range 6 mm to 200 mm. This document applies to solid mono-metal copper alloy bushes to be used as plain bearings with and without oil holes and oil grooves.

  • Standard
    8 pages
    English language
    sale 15% off
ISO
ISO/TR 5914:2024(Main)
Railway applications — Rolling stock — Interior passive safety

This document reports worldwide best practice to minimize the risk of death and injury to occupants of rail vehicles in the event of a collision or derailment. This document investigates recent interior designs for passenger areas in heavy rail vehicles (e.g. coaches, fixed units, trainsets), including refurbished interiors.

  • Technical report
    62 pages
    English language
    sale 15% off