ISO/AWI 28022
Security and resilience ― Security management ― Guidelines on security management system (SMS) processes
Reference number
ISO/AWI 28022
Edition 1
Working draft
ISO/AWI 28022
A working group has prepared a draft.


This document provides a process reference model (PRM) for a security management system (SMS) aligned with ISO 28000, which will meet the criteria defined in ISO/IEC 33004 for process reference models. It provides guidelines for users of ISO 28000 on the establishment, implementation, maintenance and improvement of the SMS. It is intended to guide users in the operation of a SMS aligned with ISO 28000 and explain this SMS with a process-oriented view. This document is applicable to all types and sizes of organizations (e. g. commercial enterprises, government or other public agencies and non-profit organizations) which intend to establish, implement, apply, maintain and improve a security management system. It provides a holistic and common approach and is not industry or sector specific. This document can be used throughout the life of the organization and can be applied to any activity, internal or external, at all levels.

General information

  •  : Under development
    : New project registered in TC/SC work programme [20.00]
  •  : 1
  • ISO/TC 292
  • RSS updates

Got a question?

Check out our Help and Support

Check out our FAQs

Customer care
+41 22 749 08 88

Opening hours:
Monday to Friday - 09:00-12:00, 14:00-17:00 (UTC+1)