This Standard states the requirements for implementing and operating a dedicated Security Management System (SMS) for the security and safety of people, and the interests and assets of the organisation against malicious adversaries such as criminals and terrorists. In this Standard Security Management is described as a process that is risk based, stakeholder driven and continually improved in a Plan-Do-Check-Act (PDCA) cycle. This Standard is drafted in accordance with the High Level Structure for management systems of ISO. This ensures compatibility and smooth integration with other management systems, such as ISO 22301 Business Continuity Management, ISO 27001 and ISO 27002 Information Security Management, and ISO 55000 Asset Management. This Standard includes the protection of all parts, processes, sites, infrastructures, systems, and tangible and intangible assets and interests of an organisation. This Standard specifies the requirements that may be used for the certification of an SMS. Furthermore, sufficient and very helpful Guidance for Use is presented in this document.