ISO 23234:2021

INTERNATIONAL ISO
STANDARD 23234
First edition
2021-02
Corrected version
2021-05
Buildings and civil engineering
works — Security — Planning of
security measures in the built
environment
Bâtiments et ouvrages de génie civil — Sûreté — Planification des
mesures de sûreté dans l'environnement bâti
Reference number
©
ISO 2021
© ISO 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2021 – All rights reserved

Contents Page
Foreword .v
Introduction .vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Planning of security measures for the built environment . 5
4.1 General . 5
4.2 Security planning as part of risk management . 6
4.3 Size of projects . 6
4.4 Division of the building process into stages . 6
4.4.1 General. 6
4.4.2 Strategic definition . 7
4.4.3 Preparation and brief . . 8
4.4.4 Concept design . 8
4.4.5 Developed and technical design . 8
4.4.6 Construction . 8
4.4.7 Testing and handover . 9
4.4.8 In use . 9
4.4.9 Decommissioning . 9
4.5 Organization and principal . 9
4.6 Special advisers in security projects .10
4.6.1 General.10
4.6.2 Security planner .10
4.6.3 Security risk adviser .10
4.6.4 Technical security adviser .11
4.6.5 Operational security adviser .12
4.6.6 Project information security adviser .12
5 Security deliverables in stages.13
5.1 Strategic definition .13
5.1.1 Asset inventory.13
5.1.2 Protective security objectives .13
5.1.3 Requirements for protective security planning .14
5.1.4 Threat assessment, scenario selection and design-basis threats .14
5.1.5 Information security for the project .15
5.1.6 Security risk analysis (strategic) .15
5.1.7 Clarification of conditions .15
5.2 Preparation and brief .16
5.2.1 Input to the dependency map .16
5.2.2 Security risk analysis (preparation and brief) .16
5.2.3 External requirements report .16
5.2.4 Security strategy .17
5.2.5 Input to zoning .17
5.2.6 Input to the spatial and functional programming .17
5.2.7 Identification and assessment of security measures.17
5.2.8 Cost survey .17
5.2.9 Contributions to preliminary design report .18
5.3 Concept design .18
5.3.1 Reassessment of security objectives.18
5.3.2 Security risk analysis (concept) .18
5.3.3 Reassessment of security strategy .18
5.3.4 Description of security measures .18
5.3.5 Integration of security measures .19
5.3.6 Selection of security measures .19
5.3.7 Input to operational requirements .19
5.3.8 Cost survey for concept .19
5.4 Developed and technical design .19
5.4.1 Input to tender drawings .19
5.4.2 Input to delivery and job descriptions .20
5.4.3 Contributions in tender evaluation.20
5.4.4 Assessment of final design .20
5.5 Construction .20
5.5.1 Implementation control .20
5.5.2 Participation in functional tests and commissioning .21
5.5.3 Input to the operations and maintenance manuals .21
5.5.4 Input to operational requirements .21
5.5.5 Requirements for alterations in security measures .21
5.5.6 Assessment of as-built design .22
5.6 Testing and handover .22
5.6.1 Participation in handover .22
5.6.2 Completeness check .22
5.6.3 Quality and functionality check .22
5.7 In use .22
5.7.1 Contribution to trial use .22
5.7.2 Security training .23
5.7.3 Security verification .23
5.8 Decommissioning .23
5.8.1 Overview of sensitive installations .23
5.8.2 Security risk assessment (decommissioning) .23
Bibliography .
...