The Standards Australia’s Security and Resilience expert technical committee has published AS ISO 22340, a new international security standard.

AS ISO 22340 aims to provide a clearer and practical guide for Australian organisations to improve security risk management principles, and government arrangements that are designed to assist with implementation strategies.

It is the world’s first international standard to mitigate and manage security risks and unintentional incidents that can cause harm to an organisation’s infrastructure, information and people.

AS ISO 22340 moderates five security domains including security governance, personnel security, information security, cybersecurity and physical security.

Across all domains, the standard helps organisations to understand, plan and respond to security risks that impact all their assets.

It does so by adhering to the following principles: security is everyone’s responsibility, security enables business, security management is based on risk management principles, top management is accountable for the organisation’s security, security is integrated into all levels of the organisation’s activity, security is delivered within a life cycle of continual improvement.

To strive for continuous improvement of security systems, the standard emphasises the importance of security maturity.

Member of the committee and convenor of the ISO 22340 Matthew Curtis believes that the standard is foundational for businesses to mitigate security risks.

“It provides a common language and conceptual framework that any organisation can use to understand and manage their security threats and associated risks,” he says.

Curtis states that the standard outlines how enterprise governance arrangements such as a single point of truth and accountability are detrimental to security matters for all organisations.

“These attributes will be a powerful tailwind for the Australian community in responding to the current global and national security context,” he said.

The principles of AS ISO 22340 are in conjunction with those of the Australian Government’s Protective Security Policy Framework (PSPF).

Standards Australia chief operating officer Kareen Riley-Takos highlights that the standard will act as a safeguard for organisations.

“Prioritising security and resilience has numerous benefits for an organisation, including safeguarding data, ensuring the safety of its people, and contributing to its overall longevity,” she says.