by Brianna Crandall — July 15, 2015—BSI, the U.K.-based business standards company, has published guidance that provides the basic principles of security management in simple, jargon-free language, and describes what should be included to effectively manage security in organizations of all types and sizes at a strategic level.
BS 16000 Security management—strategic and operational guidelines includes vocabulary, principles and a framework for anyone involved in security functions within an organization, to use either as a starting point or to review and improve their existing security arrangements. BSI says it can be a gateway to additional, sector-specific security standards.
Security management is an important strategic capability that can help organizations achieve their objectives by protecting its reputation and financial well-being, explains BSI. Effective security management goes beyond simply reacting to threats and risks and can help organizations identify opportunities and gain competitive advantage. BS 16000 describes the security principles and devices that help organizations develop a security strategy as well as plan and implement security processes.
An organization might already have implemented security solutions that have addressed some or all of its security needs, and this standard can be used to assist in the monitoring and review of the organization’s security management to determine how it might be improved.
BS 16000 includes guidance on:
- Understanding the organization’s context
- Developing a security framework
- Security risk assessment
- Implementing security solutions
- Implementing the security program
- Security solutions (including physical, technical, manned, information, procedural, and personnel)
- Monitoring the security program
BS 16000 was developed using a consensus-based collaboration from industry experts such as ASIS, British Security Industry Association (BSIA), The Security Industry Authority (SIA) and others.
