Security management standard is published

1 July 2015

 BSI, the business standards company has published BS 16000 Security management - strategic and operational guidelines. This guidance provides the basic principles of security management and describes what should be included to effectively manage security in organizations of all types and sizes. It includes vocabulary, principles and a framework for anyone involved in security functions within an organization, to use either as a starting point or to review and improve their existing security arrangements.

Security management is an important strategic capability that can help organizations achieve their objectives by protecting its reputation and financial well-being. Effective security management goes beyond simply reacting to threats and risks and can help organizations identify opportunities and gain competitive advantage. BS 16000 describes the security principles and devices that help organizations develop a security strategy as well as plan and implement security processes.

An organization might already have implemented security solutions that have addressed some or all of its security needs, and this standard can be used to assist in the monitoring and review of the organization’s security management to determine how it might be improved.

Anne Hayes Head of Market Development for Governance & Risk at BSI said: “There is no single business that cannot benefit from having a clear view of security and embedding it at a strategic level. As a high-level standard, BS 16000 has a wide range of applications across businesses of all sectors and sizes. The major management systems standards such environment, business continuity, risk and quality all include elements of security so BS 16000 complements these but looks more closely at security management.” 

BS 16000 includes guidance on:

  • Understanding the organization’s context
  • Developing a security framework
  • Security risk assessment
  • Implementing security solutions
  • Implementing the security programme
  • Security solutions (including physical, technical, manned, information, procedural, and personnel security solutions)
  • Monitoring the security programme

Mike Bluestone, Committee Chairman for BS 16000 said: “This standard brings together the essential aspects of security management in simple, jargon-free language, and is just as relevant to SMEs as larger organizations. BS 16000 includes the fundamental security management principles on which organizations can gain a better understanding of good security practice.  It is a gateway to additional, sector specific security standards.”

BS 16000 was developed using a consensus-based collaboration from industry experts such as: ASIS, British Security Industry Association (BSIA), Corps Security, City Security and Resilience (CSARN), the Continuity Forum, National Security Inspectorate (NSI), NHS Protect, The Security Institute, The Security Industry Authority (SIA), IPSA, Security Systems & Alarms Inspection Board (SSAIB) and the UK Cards Association amongst others.