scope:

This document provides guidelines for creating, implementing, and maintaining a security plan. The intent of the document is to provide the fundamental elements necessary to improve and sustain the protection of an organization. The security plan describes how an organization establishes effective security planning and how it can integrate security within organizational risk management practices. This document is applicable to any organization intending to implement measures designed to protect their assets against malicious acts and mitigate their associated risks. This document does not provide specific criteria for identifying the need to implement or enhance prevention and protection measures against malicious acts. It does not cover services and operations delivered by private security companies.