Business standards company the British Standards Institution (BSI) has published BS 16000: Security Management – Strategic and Operational Guidelines. The guidance outlines the basic principles of security management and describes what should be included to effectively manage security in organisations of all types and sizes.
Security management is, of course, a vitally important strategic capability that can help organisations achieve their objectives by protecting their reputation and financial well-being. Effective security management goes beyond simply reacting to threats and risks and can assist today’s companies in identifying opportunities and gaining competitive advantage.
BS 16000 describes the security principles and devices that help organisations to develop a security strategy as well as plan and implement security processes. Importantly, the all-new document includes vocabulary, principles and a framework for anyone involved in security functions within an organisation to use either as a starting point or to review and improve their own existing security arrangements.
An organisation may have already implemented security solutions designed to address either all or some of its security needs. BS 16000 can be employed to assist in the monitoring and review of the organisation’s security management regime in order to determine how and where it might be improved.
Commenting on the new document, Anne Hayes (head of market development for governance and risk at BSI) explained: “There’s no single business that cannot benefit from having a clear view of security and embedding the discipline at a strategic level. As a high-level standard, BS 16000 has a wide range of applications across businesses of all sectors and sizes. The major management systems standards covering the environment, business continuity, risk and quality all include elements of security so BS 16000 absolutely complements them but is specifically designed to look more closely at security management.”
Elements covered within BS 16000
BS 16000 includes guidance on:
*Understanding the host organisation’s context
*Developing a security framework
*Security risk assessment procedures
*Implementing security solutions
*Implementing the security programme
*Security solutions (including physical security, technical security, security guarding, information security, procedural security and personnel security solutions)
*Monitoring the security programme
Mike Bluestone CSyP FSyI, chairman of the the BS 16000 Committee, stated: “This British Standard brings together the essential aspects of security management in simple, jargon-free language. It’s just as relevant to SMEs as it is the larger organisations. BS 16000 includes the fundamental security management principles on which today’s businesses can gain a better understanding of good security practice. From our perspective it’s very much a gateway to additional, sector-specific security standards.”
BS 16000 was developed using a consensus-based collaboration from industry experts including ASIS International, the British Security Industry Association, Corps Security, City Security and Resilience Networks, the Continuity Forum, the National Security Inspectorate, NHS Protect, The Security Institute, the Security Industry Authority, the International Professional Security Association, the Security Systems and Alarms Inspection Board and the UK Cards Association.