iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty!
ISO

ISO/FDIS 23234

(Main)

Buildings and civil engineering works -- Security -- Planning of security measures in the built environment

Buildings and civil engineering works -- Security -- Planning of security measures in the built environment

Bâtiments et ouvrages de génie civil -- Sûreté -- Planification des mesures de sûreté dans l'environnement bâti

General Information

Status
Published
ICS
91.040.01 - Buildings in general
93.010 - Civil engineering in general
Technical Committee
ISO/TC 59 - Buildings and civil engineering works
Drafting Committee
ISO/TC 59/WG 5 - Security in the built environment
Current Stage
5020 - FDIS ballot initiated: 2 months. Proof sent to secretariat
Start Date
26-Nov-2020
Completion Date
26-Nov-2020
Ref Project

Buy Standard

ISO/FDIS 23234ISO/FDIS 23234
PreviousNext
Draft
ISO/FDIS 23234 - Buildings and civil engineering works -- Security -- Planning of security measures in the built environment
English language
24 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/FDIS 23234ISO/FDIS 23234
PreviousNext
Draft
ISO/DIS 23234:Version 24-apr-2020 - Buildings and civil engineering works -- Security -- Planning of security measures in the built environment
English language
25 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

FINAL
INTERNATIONAL ISO/FDIS
DRAFT
STANDARD 23234
ISO/TC 59
Buildings and civil engineering
Secretariat: SN
works — Security — Planning of
Voting begins on:
2020­11­26 security measures in the built
environment
Voting terminates on:
2021­01­21
Bâtiments et ouvrages de génie civil — Sûreté — Planification des
mesures de sûreté dans l'environnement bâti
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
ISO/FDIS 23234:2020(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN­
DARDS TO WHICH REFERENCE MAY BE MADE IN
NATIONAL REGULATIONS. ISO 2020
---------------------- Page: 1 ----------------------
ISO/FDIS 23234:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH­1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/FDIS 23234:2020(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Planning of security measures for the built environment ........................................................................................ 5

4.1 General ........................................................................................................................................................................................................... 5

4.2 Security planning as part of risk management ........................................................................................................... 6

4.3 Size of projects ........................................................................................................................................................................................ 6

4.4 Division of the building process into stages .................................................................................................................. 6

4.4.1 General...................................................................................................................................................................................... 6

4.4.2 Strategic definition ......................................................................................................................................................... 7

4.4.3 Preparation and brief ........................................................................................................................................... ........ 8

4.4.4 Concept design .................................................................................................................................................................. 8

4.4.5 Developed and technical design ......................................................................................................................... 8

4.4.6 Construction ........................................................................................................................................................................ 8

4.4.7 Testing and handover .................................................................................................................................................. 9

4.4.8 In use .......................................................................................................................................................................................... 9

4.4.9 Decommissioning ............................................................................................................................................................ 9

4.5 Organization and principal ........................................................................................................................................................... 9

4.6 Special advisers in security projects .................................................................................................................................10

4.6.1 General...................................................................................................................................................................................10

4.6.2 Security planner ............................................................................................................................................................10

4.6.3 Security risk adviser ..................................................................................................................................................10

4.6.4 Technical security adviser ....................................................................................................................................11

4.6.5 Operational security adviser ..............................................................................................................................12

4.6.6 Project information security adviser ...........................................................................................................12

5 Security deliverables in stages............................................................................................................................................................13

5.1 Strategic definition ...........................................................................................................................................................................13

5.1.1 Asset inventory...............................................................................................................................................................13

5.1.2 Protective security objectives ............................................................................................................................13

5.1.3 Requirements for protective security planning .................................................................................14

5.1.4 Threat assessment, scenario selection and design­basis threats .......................................14

5.1.5 Information security for the project ............................................................................................................15

5.1.6 Security risk analysis (strategic) .....................................................................................................................15

5.1.7 Clarification of conditions .....................................................................................................................................15

5.2 Preparation and brief .....................................................................................................................................................................16

5.2.1 Input to the dependency map ............................................................................................................................16

5.2.2 Security risk analysis (preparation and brief) ....................................................................................16

5.2.3 External requirements report ...........................................................................................................................16

5.2.4 Security strategy ...........................................................................................................................................................16

5.2.5 Input to zoning ...............................................................................................................................................................17

5.2.6 Input to the spatial and functional programming ............................................................................17

5.2.7 Identification and assessment of security measures.....................................................................17

5.2.8 Cost survey .........................................................................................................................................................................17

5.2.9 Contributions to preliminary design report .........................................................................................18

5.3 Concept design .....................................................................................................................................................................................18

5.3.1 Reassessment of security objectives............................................................................................................18

5.3.2 Security risk analysis (concept) .......................................................................................................................18

5.3.3 Reassessment of security strategy ................................................................................................................18

5.3.4 Description of security measures ...................................................................................................................18

5.3.5 Integration of security measures ....................................................................................................................19

© ISO 2020 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/FDIS 23234:2020(E)

5.3.6 Selection of security measures .........................................................................................................................19

5.3.7 Input to operational requirements ...............................................................................................................19

5.3.8 Cost survey for concept ...........................................................................................................................................19

5.4 Developed and technical design ............................................................................................................................................19

5.4.1 Input to tender drawings .......................................................................................................................................19

5.4.2 Input to delivery and job descriptions .......................................................................................................20

5.4.3 Contributions in tender evaluation...............................................................................................................20

5.4.4 Assessment of final design ...................................................................................................................................20

5.5 Construction ...........................................................................................................................................................................................20

5.5.1 Implementation control ..........................................................................................................................................20

5.5.2 Participation in functional tests and commissioning ....................................................................21

5.5.3 Input to the operations and maintenance manuals ........................................................................21

5.5.4 Input to operational requirements ...............................................................................................................21

5.5.5 Requirements for alterations in security measures .......................................................................21

5.5.6 Assessment of as­built design ...........................................................................................................................22

5.6 Testing and handover .....................................................................................................................................................................22

5.6.1 Participation in handover .....................................................................................................................................22

5.6.2 Completeness check ...................................................................................................................................................22

5.6.3 Quality and functionality check .......................................................................................................................22

5.7 In use ............................................................................................................................................................................................................22

5.7.1 Contribution to trial use .........................................................................................................................................22

5.7.2 Security training ............................................................................................................................................................22

5.7.3 Security verification ...................................................................................................................................................23

5.8 Decommissioning ..............................................................................................................................................................................23

5.8.1 Overview of sensitive installations ...............................................................................................................23

5.8.2 Security risk assessment (decommissioning) .....................................................................................23

Bibliography .............................................................................................................................................................................................................................24

iv © ISO 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/FDIS 23234:2020(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www .iso .org/

iso/ foreword .html.

This document was prepared by Technical Committee ISO/TC 59, Buildings and civil engineering works.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2020 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/FDIS 23234:2020(E)
Introduction
0.1 General

The objective of this document is to provide requirements and recommendations for organizations to

effectively plan security measures in order to protect their built environment (e.g. buildings, plants,

infrastructure, and property) against undesirable intentional actions.

This document describes an approach to planning security measures in the built environment based

on generic stages and corresponding security deliverables in each stage. This document also defines a

number of roles that should be assigned in the project organization to ensure that the security input to

the design and construction process has been founded on professional assessment.

For practical use, the individual organization can adapt this document to its own project model and

other organization-specific factors. This can also require that individual tasks be moved or allocated to

other stages than those specified in this document.

This document is applicable independent from the chosen risk assessment methods, standards and

guidelines for the project. Risk assessment methods are not described in this document and neither is

the design of mitigation measures.
Figure 1 shows a checklist for when this document becomes applicable.

Figure 1 — Checklist as guidance for possible use of ISO 23234 in built environment projects

vi © ISO 2020 – All rights reserved
---------------------- Page: 6 ----------------------
ISO/FDIS 23234:2020(E)
0.2 National security regulations

In addition to the requirements ensuing from the organization's own risk acceptance, organizations

that are subject to national security regulations (where they exist) can be obliged by law to protect

critical assets (material and functional).

For organizations not subject to such regulations, it is natural to base their approach on the insurance

companies' requirements for their basic security. This document is general in nature and for general

use, both within and outside of the scope of application of national security regulations.

0.3 Safety and security

This document is targeted primarily at the domain referred to as protective security. In this document

the common word "safety" and the term "protective security" are used to distinguish between methods

of combating undesirable unintentional incidents or accidents (safety) and combating undesirable

intentional actions (protective security).

In the context of protective security, risk is usually understood as "an expression of the relationship

between the threat against a specific asset and this asset's vulnerability to that specific threat". The

threat derives from a threat actor and has a differing degree of severity depending on the actor's

capability (knowledge and experience, access to weapons, tools and means of assistance), intent,

previous and presumed future choice of target (targeting).

Planning of a building and civil engineering works involves two aspects related to protection

– protective security and safety (the latter including for example protection against fire, flood,

earthquake, and technical installations failure in the building and civil engineering works). The two

aspects can, under some circumstances, generate contradictory requirements, and resolving them in

a satisfactory manner is a very important task at the planning and design stage. A typical example of

such contradictory requirements is the necessity of safeguarding effective evacuation of persons from

a building in an emergency situation versus the necessity of preventing unauthorized persons from

entering the building. Universal design, i.e. accessibility and egressibility , is also an important aspect

that needs a high degree of attention.
1) Ability to leave the building or any other delimited area.
© ISO 2020 – All rights reserved vii
---------------------- Page: 7 ----------------------
FINAL DRAFT INTERNATIONAL STANDARD ISO/FDIS 23234:2020(E)
Buildings and civil engineering works — Security —
Planning of security measures in the built environment
1 Scope

This document provides requirements and recommendations for effective planning and design of

security measures in the built environment.

The purpose of the document is to achieve optimal protection of assets against all kinds of malicious

acts, while ensuring functional, financial, and aesthetic aspects.

The document describes which methods and routines need to be implemented in various stages of a

building or civil engineering works project, as well as the competencies needed to achieve a good result.

This document is applicable to new builds, refurbishments and development projects by government

and private entities, for various environments, buildings and infrastructure.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 6707­1, Buildings and civil engineering works — Vocabulary — Part 1: General terms

ISO 19650­5, Organization and digitization of information about buildings and civil engineering works,

including building information modelling (BIM) — Information management using building information

modelling — Part 5: Security-minded approach to information management
3 Terms and definitions

For the purposes of this document, the terms and definitions given in ISO 6707­1 and the following apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
security

state of relative freedom from threat (3.18) or harm caused by deliberate, unwanted, hostile or

malicious acts
[SOURCE: ISO 19650­5:2020, 3.7]
3.2
protective security

use of measures when managing risk (3.20) linked to undesirable intentional actions

3.3
preventive security

planning, preparation, implementation and overseeing of protective security (3.2) measures which seek

to eliminate or reduce risk (3.20) resulting from a threat (3.18)
© ISO 2020 – All rights reserved 1
---------------------- Page: 8 ----------------------
ISO/FDIS 23234:2020(E)
3.4
actor
organization or individual that fulfils a role
3.5
project stage
delimited stage within a project

Note 1 to entry: A project stage can in turn be divided into sub-processes. The division is often justified on

the basis of identifying deliverables, decisions, and changes of actors (3.4). It can be adapted to the individual

organization or situation.
3.6
strategic definition

project stage (3.5) during which the justification, overarching aim, and framework of the project are

identified
3.7
preparation and brief

project stage (3.5) during which it is ascertained whether the project is feasible, and determined which

conceptual solution is most appropriate
3.8
concept design

project stage (3.5) during which principles are developed for a technical solution with realistic strategies

and plans for the project, so that a final decision on implementation can be made on a correct basis

3.9
developed design

project stage (3.5) that includes coordinated and updated proposals for structural design, building

services systems, outline specifications, cost information and project strategies in accordance with the

design programme
3.10
technical design

project stage (3.5) that occurs after the developed design (3.9) has been completed and in which the

residual technical work of the core design team is completed
3.11
construction

project stage (3.5) during which deliverables are completed in accordance with plans and intentions

3.12
testing and handover

project stage (3.5) during which a fault-free technical delivery is handed over and it is ensured that all

systems are correctly adjusted to their intended use
3.13
user

organization or person which uses or is intended to use, a building or other construction works

Note 1 to entry: A user can also be the owner of the building or construction works.

[SOURCE: ISO/TR 15686-11:2014, 3.1.131, modified — "animal or object" has been deleted; Note 1 to

entry has been deleted and replaced with a new Note 1 to entry; cross-references to terminological

entries in ISO 6707­1 have been removed.]
3.14
in use

project stage (3.5) during which technically sound and economic operation is ensured that satisfies the

user's requirements to the project and that provides the intended effect
2 © ISO 2020 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/FDIS 23234:2020(E)
3.15
decommissioning

project stage (3.5) during which a viable and prudent conclusion to ownership or period of use is ensured

3.16
asset
item, thing or entity that has potential or actual value to an organization

Note 1 to entry: Value can be tangible or intangible, financial, or non-financial, and includes consideration of risks

(3.20) and liabilities. It can be positive or negative at different stages of the asset life.

Note 2 to entry: Physical assets usually refer to equipment, inventory and properties owned by the organization.

Physical assets are the opposite of intangible assets, which are non-physical assets such as leases, brands, digital

assets, use rights, licences, intellectual property rights, reputation, or agreements.

Note 3 to entry: A grouping of assets referred to as an asset system could also be considered as an asset.

Note 4 to entry: Life, health and welfare of humans and other living beings can also be an asset.

Note 5 to entry: In the context of this document, organization can be understood as both owner and user of the

physical asset in question.

[SOURCE: ISO 55000:2014, 3.2.1, modified — Notes 4 and 5 to entry have been added.]

3.17
vulnerability

lack of resilience against an undesirable intentional action or inability to recover a new stable condition

of an asset (3.16)
3.18
threat
potential, deliberate action that can cause harm to an asset (3.16)

Note 1 to entry: A threat is always related to a threat actor (3.4), which can be an individual or an organization.

3.19
design-basis threat
threat (3.18) used as a basis for preparing security measures
3.20
risk
effect of uncertainty on objectives

Note 1 to entry: An effect is a deviation from the expected. It can be positive, negative or both, and can address,

create or result in opportunities and threats (3.18).

Note 2 to entry: Objectives can have different aspects and categories, and can be applied at different levels.

Note 3 to entry: Risk is usually expressed in terms of risk sources, potential events, their consequences, and their

likelihood.

Note 4 to entry: In the context of protective security (3.2) against threats, risk is usually expressed in terms of

threat, impact, and vulnerability (3.17).

Note 5 to entry: In the context of this document, risk is used as a negative deviation.

[SOURCE: ISO 31000:2018, 3.1, modified — Notes 4 and 5 to entry have been added.]

3.21
residual risk
risk (3.20) remaining after risk treatment
Note 1 to entry: Residual risk can contain unidentified risk.
© ISO 2020 – All rights reserved 3
---------------------- Page: 10 ----------------------
ISO/FDIS 23234:2020(E)
Note 2 to entry: Residual risk can also be known as “retained risk”.

Note 3 to entry: “Risk treatment” in this document means carrying out mitigating measures to reduce the risk.

[SOURCE: ISO Guide 73:2009, 3.8.1.6, modified — Note 3 to entry has been added.]
3.22
risk assessment

overall process of risk (3.20) identification, risk analysis (3.23) and risk evaluation

[SOURCE: ISO Guide 73:2009, 3.4.1]
3.23
risk analysis

process to comprehend the nature of risk (3.20) and to determine the level of risk

Note 1 to entry: Risk analysis provides the basis for risk evaluati
...

DRAFT INTERNATIONAL STANDARD
ISO/DIS 23234
ISO/TC 59 Secretariat: SN
Voting begins on: Voting terminates on:
2020-04-13 2020-07-06
Buildings and civil engineering works — Security —
Planning of security measures in the built environment

Bâtiments et ouvrages de génie civil — Sûreté — Planification des mesures de sûreté dans

l'environnement bâti
ICS: 93.010; 91.040.01
THIS DOCUMENT IS A DRAFT CIRCULATED
FOR COMMENT AND APPROVAL. IT IS
THEREFORE SUBJECT TO CHANGE AND MAY
NOT BE REFERRED TO AS AN INTERNATIONAL
STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS
BEING ACCEPTABLE FOR INDUSTRIAL,
This document is circulated as received from the committee secretariat.
TECHNOLOGICAL, COMMERCIAL AND
USER PURPOSES, DRAFT INTERNATIONAL
STANDARDS MAY ON OCCASION HAVE TO
BE CONSIDERED IN THE LIGHT OF THEIR
POTENTIAL TO BECOME STANDARDS TO
WHICH REFERENCE MAY BE MADE IN
Reference number
NATIONAL REGULATIONS.
ISO/DIS 23234:2020(E)
RECIPIENTS OF THIS DRAFT ARE INVITED
TO SUBMIT, WITH THEIR COMMENTS,
NOTIFICATION OF ANY RELEVANT PATENT
RIGHTS OF WHICH THEY ARE AWARE AND TO
PROVIDE SUPPORTING DOCUMENTATION. ISO 2020
---------------------- Page: 1 ----------------------
ISO/DIS 23234:2020(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2020

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2020 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/DIS 23234:2020(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Planning of security measur es for the built environment ........................................................................................ 6

4.1 General ........................................................................................................................................................................................................... 6

4.2 Security planning as part of risk management ........................................................................................................... 6

4.3 Size of projects ........................................................................................................................................................................................ 7

4.4 The division of the building process into stages ........................................................................................................ 7

4.4.1 Strategic definition ......................................................................................................................................................... 8

4.4.2 Preparation and brief ........................................................................................................................................... ........ 8

4.4.3 Concept design .................................................................................................................................................................. 9

4.4.4 Developed and technical design ......................................................................................................................... 9

4.4.5 Construction ........................................................................................................................................................................ 9

4.4.6 Testing and handover .................................................................................................................................................. 9

4.4.7 In use .......................................................................................................................................................................................10

4.4.8 Disposal ................................................................................................................................................................................10

4.5 Special advisers in security projects .................................................................................................................................10

4.5.1 General...................................................................................................................................................................................10

4.5.2 Security planner ............................................................................................................................................................11

4.5.3 Security risk adviser ..................................................................................................................................................11

4.5.4 Technical security adviser ....................................................................................................................................11

4.5.5 Operational security adviser ..............................................................................................................................13

4.5.6 Project information security adviser ...........................................................................................................13

5 Security deliverables in stages............................................................................................................................................................13

5.1 Strategic definition ...........................................................................................................................................................................13

5.1.1 Impact assessment ......................................................................................................................................................13

5.1.2 Protective security objectives ............................................................................................................................14

5.1.3 Requirements for protective security planning .................................................................................14

5.1.4 Threat assessment, scenario selection and design-basis threats .......................................15

5.1.5 Clarification of conditions .....................................................................................................................................16

5.1.6 Information Security for the project ............................................................................................................16

5.1.7 Security risk analysis (strategic) .....................................................................................................................16

5.2 Preparation and brief .....................................................................................................................................................................17

5.2.1 Input to the dependency map ............................................................................................................................17

5.2.2 Security risk analysis (preparation and brief) ....................................................................................17

5.2.3 External requirements report ...........................................................................................................................17

5.2.4 Security strategy ...........................................................................................................................................................17

5.2.5 Input to zoning ...............................................................................................................................................................18

5.2.6 Input to the spatial and functional programming ............................................................................18

5.2.7 Identifying and assessing security measures.......................................................................................18

5.2.8 Cost survey .........................................................................................................................................................................18

5.2.9 Contributions to preliminary design report .........................................................................................19

5.3 Concept design .....................................................................................................................................................................................19

5.3.1 Reassessing of security objectives .................................................................................................................19

5.3.2 Security risk analysis (concept) .......................................................................................................................19

5.3.3 Reassessing security strategy ............................................................................................................................19

5.3.4 Description of security measures ...................................................................................................................19

5.3.5 Integration of security measures ....................................................................................................................20

5.3.6 Selection of security measures .........................................................................................................................20

5.3.7 Input to operational requirements ...............................................................................................................20

© ISO 2020 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/DIS 23234:2020(E)

5.3.8 Cost survey for concept ...........................................................................................................................................20

5.4 Developed and technical design ............................................................................................................................................20

5.4.1 Input to tender drawings .......................................................................................................................................20

5.4.2 Input to delivery and job descriptions .......................................................................................................21

5.4.3 Contributions in tender evaluation...............................................................................................................21

5.4.4 Assessment of final design ...................................................................................................................................21

5.5 Construction ...........................................................................................................................................................................................21

5.5.1 Implementation control ..........................................................................................................................................21

5.5.2 Participation in functional tests and commissioning ....................................................................22

5.5.3 Input to the operations and maintenance manuals ........................................................................22

5.5.4 Input to operational requirements ...............................................................................................................22

5.5.5 Requirements for alterations in security measures .......................................................................22

5.5.6 Assessment of as-built design ...........................................................................................................................23

5.6 Testing and handover .....................................................................................................................................................................23

5.6.1 Participation in handover .....................................................................................................................................23

5.6.2 Completeness check ...................................................................................................................................................23

5.6.3 Quality and functionality check .......................................................................................................................23

5.7 In use ............................................................................................................................................................................................................23

5.7.1 Contribution to trial use .........................................................................................................................................23

5.7.2 Security training ............................................................................................................................................................23

5.7.3 Security verification ...................................................................................................................................................24

5.8 Disposal ......................................................................................................................................................................................................24

5.8.1 Overview of sensitive installations ...............................................................................................................24

5.8.2 Security risk assessment (disposal) .............................................................................................................24

Bibliography .............................................................................................................................................................................................................................25

iv © ISO 2020 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/DIS 23234:2020(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/

iso/ foreword .html.

This document was prepared by Technical Committee ISO/TC 59, Buildings and civil engineering works.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2020 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/DIS 23234:2020(E)
Introduction
General

The objective of the standard is to provide recommendations on how enterprises should effectively plan

security measures in order to protect their built environment (e.g. buildings, plants, infrastructure and

property) against undesirable intentional actions. The standard can be used by all enterprises that seek

physical security to be part of their protection against undesirable intentional actions.

For practical use, the individual enterprise can adapt the standard to its own project model and other

enterprise-specific factors. This may also require that individual tasks are moved or allocated to other

stages than those specified in this standard.

This standard describes an approach to planning security measures in the built environment based

on generic stages and corresponding security deliverables in each stage. The standard also defines a

number of roles that should be assigned in the project organization to ensure that the security input to

the design and construction process has been founded on professional assessment.

This document is applicable independent from the chosen risk assessment methods, standards and

guidelines for the project. Risk assessment methods are not described in the standard and neither is

design of mitigation measures.
Figure 1 shows a checklist for when the standard becomes applicable.
vi © ISO 2020 – All rights reserved
---------------------- Page: 6 ----------------------
ISO/DIS 23234:2020(E)

Figure 1 — Checklist as guidance for possible use of ISO 23234 in built environment projects

National security regulations

In addition to the requirements ensuing from the enterprise's own risk acceptance, enterprises that are

subject to national security regulations (where they exist) could be obliged by law to protect critical

assets and functions. For enterprises not subject to such regulations, it will be natural to base their

approach on the insurance companies' requirements for their basic security. This standard is general

in nature and for general use, both within and outside of the scope of application of national security

regulations.
Safety and security

The standard is targeted primarily at the domain referred to as protective security. In this standard

the common words "safety" and "security" are used to distinguish between methods of combating

undesirable unintentional incidents or accidents (safety) and combating undesirable intentional actions

(protective security). In this sense, protective security is an action performed to provide protection

against an actor with a deliberate undesirable intention towards an asset.

In the context of protective security, risk is usually understood as "an expression of the relationship

between the threat against a specific asset and this asset's vulnerability to this specific threat". The

threat will derive from a threat actor and will have a differing degree of severity depending on the

© ISO 2020 – All rights reserved vii
---------------------- Page: 7 ----------------------
ISO/DIS 23234:2020(E)

actor's existence, capability (knowledge and experience, access to weapons, tools and means of

assistance), intent, previous and presumed future choice of target (targeting).

The security aspects shall be coordinated at all stages of the building process with safety aspects (the

latter including for example protection against fire, flood, earthquake, and technical installations failure

in the building). The two aspects can, under some circumstances, generate contradictory requirements,

which must be resolved in a satisfactory manner at the planning and design stage. A typical example of

such contradictory requirements is the necessity of safeguarding effective evacuation of persons from

the building in an emergency situation versus the necessity of preventing unauthorized persons from

entering the building. Universal design, i.e. accessibility and egressibility , must also be taken into

consideration.
1) Ability to leave the building or any other delimited area.
viii © ISO 2020 – All rights reserved
---------------------- Page: 8 ----------------------
DRAFT INTERNATIONAL STANDARD ISO/DIS 23234:2020(E)
Buildings and civil engineering works — Security —
Planning of security measures in the built environment
1 Scope

This document provides requirements and recommendations for effective planning and design of

security measures in the built environment.

The purpose of the document is to achieve optimal protection of assets against all kinds of malicious

acts, while ensuring functional, financial and aesthetic aspects.

The document describes which methods and routines should be implemented in various stages of a

building or civil engineering works project, as well as the competencies needed to achieve a good result.

This document is applicable to new builds, refurbishments and development projects by government

and private entities, for various environments, buildings and infrastructure.
2 Normative references

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 6707-1, Buildings and civil engineering works — Vocabulary — Part 1: General terms

ISO/DIS 19650-5, Organization and digitization of information about buildings and civil engineering works,

including building information modelling (BIM) — Information management using building information

modelling — Part 5: security-minded approach to information management
3 Terms and definitions

For the purposes of this document, the following terms and definitions given in ISO 6707-1,

ISO/DIS 19650-5 and the following apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at http:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
security

state of relative freedom from threat (3.20) or harm caused by deliberate, unwanted, hostile or

malicious acts
[SOURCE: ISO/DIS 19650-5, 3.7]
3.2
protective security

use of measures when handling risk (3.22) linked to undesirable intentional actions (3.19)

3.3
preventive security

planning, preparation, implementation and overseeing of protective security measures which seek to

eliminate or reduce risk (3.22) resulting from an activity that poses a threat (3.20)

© ISO 2020 – All rights reserved 1
---------------------- Page: 9 ----------------------
ISO/DIS 23234:2020(E)
3.4
entity

individual, organization, state, grouping, enterprise, physical object or any other unit that fits the context

Note 1 to entry: In this standard, an entity will primarily be a physical object, such as a building, plant or property

or a part thereof. Examples of this are an enterprise, a building, a room for storing encryption material or a

security component such as an access control unit.
3.5
actor
entity (3.4) that fulfils a role
Note 1 to entry: An actor can be an organization or an individual.
3.6
project stage
delimited stage within a project

Note 1 to entry: A project stage may in turn be sub-divided into sub-processes. The division is often justified on

the basis of identifying deliverables, decisions and changes of actors (3.5). It is to be adapted to the individual

enterprise or situation.
3.7
strategic definition

project stage (3.6) in which the justification, overarching aim and framework of the building project are

identified
3.8
preparation and brief

project stage (3.6) in which it is ascertained whether the building project is feasible, and it is determined

which conceptual solution is most appropriate
3.9
concept design

project stage (3.6) in which principles are developed for a technical solution and realistic strategies and

plans for the building project, so that a final decision on implementation can be made on a correct basis

3.10
developed design

project stage (3.6) including co-ordinated and updated proposals for structural design, building services

systems, outline specifications, cost information and project strategies in accordance with the design

programme
3.11
technical design

project stage (3.6) which occurs after the developed design has been completed and in which the

residual technical work of the core design team is completed
3.12
construction

project stage (3.6) in which deliveries are performed in accordance with plans and intentions

3.13
testing and handover

project stage (3.6) in which a fault-free entity (3.4) is handed over and it is ensured that all systems are

correctly adjusted to their intended use
3.14
in use

project stage (3.6) in which technically sound and economic operation is ensured that satisfies the

user's needs from the project and provides the intended effect
2 © ISO 2020 – All rights reserved
---------------------- Page: 10 ----------------------
ISO/DIS 23234:2020(E)
3.15
disposal

project stage (3.6) for ensuring a viable and prudent conclusion to ownership or the building's

period of use
3.16
asset

item, thing or entity (3.4) that has potential or actual value to an organization

Note 1 to entry: Value can be tangible or intangible, financial or non-financial, and includes consideration of risks

(3.22) and liabilities. It can be positive or negative at different stages of the asset life.

Note 2 to entry: Physical assets usually refer to equipment, inventory and properties owned by the organization.

Physical assets are the opposite of intangible assets, which are non-physical assets such as leases, brands, digital

assets, use rights, licences, intellectual property rights, reputation or agreements.

Note 3 to entry: A grouping of assets referred to as an asset system could also be considered as an asset.

Note 4 to entry: Life, health and welfare of humans and other living beings can also be an asset.

Note 5 to entry: In the context of this standard, organization can be understood as both owner and user of the

built environment in question.

[SOURCE: ISO 55000:2014, 3.2.1, modified — Notes 4 and 5 to entry have been added.]

3.17
vulnerability

lack of resilience against an undesirable intentional action (3.19) or inability to recover a new stable

condition of an asset (3.16) subject to an undesirable impact
3.18
undesirable incident
incident that can have an undesirable impact on an asset (3.16)

Note 1 to entry: Undesirable impact on an asset (3.16) can for example be destruction, appropriation or

disturbance.

Note 2 to entry: Undesirable unintentional incidents can be caused by natural elements and technical or human

failure.
3.19
undesirable intentional action

undesirable incident (3.18) that is caused by an actor (3.5) (perpetrator) acting with a purpose

Note 1 to entry: The actor’s (3.5) purpose can be malicious or hostile.
3.20
threat
potential, deliberate action that can cause harm for an asset (3.16)

Note 1 to entry: A threat is always related to a threat perpetrator, which can be an individual or an organization.

3.21
design-basis threat
threat (3.20) used as a basis for preparing security measures
3.22
risk
effect of uncertainty on objectives

Note 1 to entry: An effect is a deviation from the expected. It can be positive, negative or both, and can address,

create or result in opportunities and threats (3.20).
© ISO 2020 – All rights reserved 3
---------------------- Page: 11 ----------------------
ISO/DIS 23234:2020(E)

Note 2 to entry: Objectives can have different aspects and categories, and can be applied at different levels.

Note 3 to entry: Risk is usually expressed in terms of risk sources, potential events, their consequences and their

likelihood.

Note 4 to entry: In the context of protective security (3.2) against threats (3.20), risk is usually expressed in terms

of threat (3.20), asset (3.16) and vulnerability (3.17).
Not
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO 21931-2:2019(Main)
Sustainability in buildings and civil engineering works -- Framework for methods of assessment of the environmental, social and economic performance of construction works as a basis for sustainability assessment

This document provides a general framework for improving the quality and comparability of methods for assessing the contribution of civil engineering works and their related external works to sustainable development based on a life cycle approach. This document aims to bridge the gap between regional and national methods for the assessment of the sustainability performance of civil engineering works by providing a common framework for their expression. This document identifies and describes issu...view more

    • sale 15% off
    • Standard
      25 pages
      English language
ISO
ISO 22145:2021(Main)
Fertilizers and soil conditioners -- Mineral soil amendments -- Determination of total calcium and magnesium content

This document establishes an overview of the relevant methods for the determination of calcium and magnesium as defined in ISO 8157. This document is applicable to any mineral soil amendment, neutral, basic or acid containing calcium and/or magnesium.

    • sale 15% off
    • Standard
      4 pages
      English language
    • sale 15% off
    • Standard
      5 pages
      French language
    • sale 15% off
    • Draft
      5 pages
      English language
    • sale 15% off
    • Draft
      5 pages
      English language
    • sale 15% off
    • Draft
      5 pages
      French language
    • sale 15% off
    • Draft
      5 pages
      French language
ISO
ISO 24090:2021(Main)
Dried barberry -- Specification and test methods

This document specifies requirements and test methods for the dried barberry fruit of the Berberis vulgaris L. tree. It is applicable to dried red barberries only.

    • sale 15% off
    • Standard
      5 pages
      English language
    • sale 15% off
    • Draft
      5 pages
      English language
    • sale 15% off
    • Draft
      4 pages
      English language
    • sale 15% off
    • Draft
      4 pages
      English language
ISO
ISO 15000-1:2021(Main)
Electronic business eXtensible Markup Language (ebXML)

This document provides a communication-protocol neutral method for exchanging electronic business messages. It defines specific enveloping constructs supporting reliable, secure delivery of business information. Furthermore, this document defines a flexible enveloping technique, permitting messages to contain payloads of any format type. It specifies each of the following: ? Messaging model ? Message pulling and partitioning ? Processing modes ? Message packaging ? Error handling ? Security modu...view more

    • sale 15% off
    • Standard
      115 pages
      English language
    • sale 15% off
    • Draft
      115 pages
      English language
    • sale 15% off
    • Draft
      120 pages
      English language
ISO
ISO 23748:2016/Amd 1:2021(Amendment)
ISO 23748:2016/Amd 1:2021
    • sale 15% off
    • Standard
      1 page
      English language
    • sale 15% off
    • Draft
      1 page
      English language
    • sale 15% off
    • Draft
      1 page
      English language
ISO
ISO 23875:2021(Main)
Mining -- Air quality control systems for operator enclosures -- Performance requirements and test methods

This document specifies performance and design requirements for air quality control systems for operator enclosures and their monitoring devices. The design specifications are universal in their application and do not contemplate specific mining environments. They are intended to meet identified parameters of both pressurization and respirable particulate and carbon dioxide concentrations. This document also specifies test methods to assess such parameters and provides operational and maintenanc...view more

    • sale 15% off
    • Standard
      22 pages
      English language
    • sale 15% off
    • Draft
      22 pages
      English language
    • sale 15% off
    • Draft
      21 pages
      English language
ISO
ISO 15000-2:2021(Main)
Electronic business eXtensible Markup Language (ebXML)

This document describes the AS4 Profile, which provides a subset of the functionality of ISO 15000‑1:2021, along with implementation guidelines based on the "just-enough" design principles and electronic data interchange functional requirements to trim down ISO 15000-1:2021 into a more simplified specification for web services business-to-business messaging. It specifies: - three conformance profiles of ISO 15000-1:2021 (see Clause 4); - a number of AS4 additional features (see Clause 5); - comp...view more

    • sale 15% off
    • Standard
      56 pages
      English language
    • sale 15% off
    • Draft
      56 pages
      English language
    • sale 15% off
    • Draft
      49 pages
      English language
ISO
ISO 6914:2021(Main)
Rubber, vulcanized or thermoplastic -- Determination of ageing characteristics by measurement of stress relaxation in tension
    • sale 15% off
    • Standard
      10 pages
      English language
    • sale 15% off
    • Draft
      10 pages
      English language
    • sale 15% off
    • Draft
      10 pages
      English language
ISO
ISO/TR 11633-2:2021(Main)
Health informatics -- Information security management for remote maintenance of medical devices and medical information systems

This document gives a guideline for implementation of an ISMS by showing practical examples of risk analysis on remote maintenance services (RMS) for information systems in healthcare facilities (HCFs) as provided by vendors of medical devices or health information systems in order to protect both sides' information assets (primarily the information system itself and personal health data) in a safe and efficient (i.e. economical) manner. This document consists of: — application of ISMS to RMS; —...view more

    • sale 15% off
    • Technical report
      70 pages
      English language
    • sale 15% off
    • Draft
      68 pages
      English language
ISO
ISO 14644-17:2021(Main)
Cleanrooms and associated controlled environments

This document gives direction on the interpretation and application of the results of the measurement of particle deposition rate on one or more vulnerable surfaces in a cleanroom as part of a contamination control programme. It provides some instructions on how to influence the particle deposition rate and reduce the risk of particle contamination on vulnerable surfaces. This document gives information on how a cleanroom user can use the particle deposition rate measurements to determine limits...view more

    • sale 15% off
    • Standard
      26 pages
      English language
    • sale 15% off
    • Standard
      27 pages
      French language
    • sale 15% off
    • Draft
      26 pages
      English language
    • sale 15% off
    • Draft
      22 pages
      English language
    • sale 15% off
    • Draft
      27 pages
      French language
    • sale 15% off
    • Draft
      24 pages
      French language
ISO
ISO 20893:2021(Main)
Space systems -- Detailed space debris mitigation requirements for launch vehicle orbital stages

This document defines detailed space debris mitigation requirements and recommendations for the design and operation of launch vehicle orbital stages in Earth orbit. The requirements defined in this document are applicable for: — avoiding the release of space debris; — disposing of a launch vehicle orbital stage after the end of its mission so as to avoid a break-up in orbit; — disposing of a launch vehicle orbital stage after the end of its mission so as to minimize interference with the protec...view more

    • sale 15% off
    • Standard
      8 pages
      English language
    • sale 15% off
    • Draft
      8 pages
      English language
    • sale 15% off
    • Draft
      8 pages
      English language