ISO 23234:2021 download.Buildings and civil engineering works — Security — Planning of security measures in the built environment.
1 Scope
ISO 23234 provides requirements and recommendations for effective planning and design of security measures in the built environment.
The purpose of the document is to achieve optimal protection of assets against all kinds of malicious acts, while ensuring functional, financial, and aesthetic aspects.
The document describes which methods and routines need to be implemented in various stages of a building or civil engineering works project, as well as the competencies needed to achieve a good result.
ISO 23234 is applicable to new builds, refurbishments and development projects by government and private entities, for various environments, buildings and infrastructure.
2 Normative references
The following documents are referred to in the text in such a way that some or afl of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
Iso 6707-1, Buildings and civil engineering works — Vocabulary — Part 1: General terms
150 19650-5, Organization and digitization of information about buildings and civil engineering works, including building information modelling (BIM,) — information management using buiidin,q information modelling — PartS: Security-minded approach to information management
and requirements. Security reqwrements should be defined through processes for security risk management in the principars organization before the profrct Is established.
4.2 Security planning as part of risk management
In a construction project where protective security measures are to be Implemented in accordance with ISO 23234, there can often be a number of activities In parallel with, or in advance of, what Is defined as the construction project Itself. During the planning processes, public stakeholders should be asked whether their needs are sufficiently taken Into account.
The principal shall decide which security measures to implement. The basis for such recognition often emerges from the organization performing security risk assessments as an on-going activity in the organization’s security risk management.
The organization is expected to have ongoing processes for mapping, analysing, and assessing Its threat profile In relation to assets and known threats. Changes In the asset Inventory or the threat picture can result In the need to alter security measures. The same can be true after Incidents that have affected the organizatIon.
Which security deliverables are induded at each stage within a specific construction project depends on the nature of the project and how It is being organized. Sometimes, a security risk analysis has already been conducted by the principal before the construction project begins. The project organization can then use the security risk analysis as supporting documentation for its work.
The principal can choose to Indude the Introductory security deliverables in the strategic definition project stage, as part of its ongoing operations, as a concept for the construction project, or as the first stage of the construction project. A construction project organised in accordance with this document shall always use design•basis threats and security risk analyses in the project planning and execution of the security works.
4.3 Size of projects
Organizations with a need for security measures against undesirable intentional actions shall perform mapping, assessments, and analyses as a basis for their choice of final security measures. The organization and scope of the work should be modifed according to the type and size of the project. For smaller projects, it can be appropriate to use this document for parts of the process only. and the security deliverables can have a lesser scope. This gives the organization the opportunity to adapt the usage of this document to its own needs.
4.4 DivIsion of the building process into stages
4.4.1 General
The deliverables in the stage descriptions show which information and documentation is necessary to complete the project tasks during that individual stage.
Tah1e1 shows where the individual security deliverables belong in different stages of the construction project.
basis threats. The security strategy can include organizational needs, such as staffing and operatmns. It can also include any security-related instructions for the location of the construction works on the site, spacing requirements, and design. The security strategy Is summarised In a document that forms part of the supporting documentation for the cullcept design project stage.
The security strategy shall clearly show how the organization should be protected against the defined design-basis threats. The security strategy shall show what zone partitions are intended to be established. It shall also make clear the need For rwganizational measures such as need of security staff and other considerations that affect the operational stage. This security deliverable includes security measures similar to what the fire protection concept offers within fire protection strategy. This includes topics such as siting of the plot, spacing requirements, entry and exit routes, building design (volume above and below ground), landscaping. etc.
5.2.5 Input to zoning
The security planner and security risk adviser shall prepare security input for zoning.
When building In un-zoned areas, or If a proposed development does not lit Into the applicable zoning. a proposal for a new zoning plan shall be prepared. The security strategy’s expectations shall be Incorporated in the zoning plan, including access conditions, relations with neighbours, spacing distances, visibility conditions. etc The inputs should be documented in separate documents to help protect sensitive information.
5.2.6 Input to the spatial and functional programming
The security planner and operational security adviser shall prepare functional security requirements as input to the construction proect’s spatial and functional programme. This shall show security requirements for each individual space, groups of spaces and for Functions of the organization. It shall also be specified which spaces or areas shall have free access without security requirements.
The programme shall be updated continuously and be detailed during the two protect planning stages (concept design and developed and technical design). The inputs should be documented In separate documents.
5.2.7 IdentifIcation and assessment of security measures
The security risk adviser, technical security adviser and operational security adviser shall identify and assess technical, human, and organizational requirements for security.
The security measure requirements define any absolute and recommended preconditions for security measures. They can include requirements from insurance companies and any technical requirements such as distances, the minimum strength of structures, façades, doors, windows. etc. Any preferred solutions shall be stated so that they can be used as a basis for future planning. This Is Important in order to achieve the security level that the asset shall maintain, and so that future work in the project incorporates both needs for solutions and associated costs.
Organizational and human security measures shall be harmonised with the technical measures In order to achieve the security objectives. For projects with an established user organization, It is appropriate to Involve this body in the definition of requirements for organizatIonal and human security measures.
5.2.8 Cost survey
The technical security adviser shall prepare a cost estImate for the Identified security measures.
This constitutes the initial cost estimates. At this early stage of the project, the estimates are usually relatively general.