Organisations across Australia face an increasingly complex security environment, with risks spanning physical, cyber, and human domains. SA HB 167:2025, Managing Security-Related Risks, is the latest edition of Standards Australia’s key guidance for organisations seeking to address the complex and evolving landscape of security-related risk. This Handbook provides a comprehensive framework for identifying, assessing, and managing risks that can impact people, assets, information, and reputation.
‍

What is SA HB 167:2025?

SA HB 167:2025 is an Australian Handbook developed by Committee MB-025, Security and Resilience. It supersedes the 2006 edition and reflects contemporary approaches to security risk management. The Handbook covers:

• Principles and frameworks for managing security-related risk
• Integration of security, risk, and resilience
• Updated methodologies for risk assessment, including critical infrastructure and deep uncertainty
• The role of security intelligence and the interplay between physical, people, cyber, and information security
  ‍

Who should use this Handbook?

This Handbook is intended for:

• Executives and board members
• Risk and security managers
• Compliance and governance professionals
• IT and cyber teams
• Facility and asset managers
• HR and safety officers
• Any organisation seeking to strengthen its approach to security-related risk
  ‍

What’s new in SA HB 167:2025

• Broader focus: Expands from “security risk” to “security-related risk,” recognising the interconnected nature of modern threats.
• Updated methodologies: Incorporates the latest thinking on critical infrastructure, deep uncertainty, and hybrid threats.
• Integration: Brings together physical, cyber, people, and information security in a unified framework.
• Emphasis on resilience: Aligns with AS ISO 31000 and AS/NZS 5050 for a holistic approach.
  ‍

Why is this important?

Security-related risks are now an enterprise-wide concern, not just the responsibility of security teams. SA HB 167:2025 supports organisations to:

• Understand and address emerging threats
• Integrate security risk management with overall strategy and governance
• Build a culture of resilience and proactive risk management
• Make informed decisions in uncertain environments
• Meet regulatory and stakeholder expectations
  ‍

Key topics covered

• Key concepts and definitions: Clear explanations of risk, threat, vulnerability, resilience, and controls.
• Framework for managing risk: Organisational structures, policies, and processes for effective risk management.
• Risk management process: Step-by-step guidance from context-setting to monitoring and review.
• Threat and vulnerability assessment: Practical tools and techniques, including scenario analysis and red teaming.
• Continuous improvement: Encourages ongoing evaluation and lessons learned.
  ‍

Accessing SA HB 167:2025

SA HB 167:2025 is available through the Standards Australia Store and our distribution partners.

• Purchase SA HB 167:2025 - Get the latest guidance of managing security-related risks to help strengthen your organisation's resilience.

‍

Frequently Asked Questions

What is the main change in SA HB 167:2025?
The Handbook now addresses “security-related risk,” recognising that threats are often interconnected and require a holistic, organisation-wide response.

Is SA HB 167:2025 relevant for small businesses?
Yes. The principles and processes are scalable and can be adapted to any organisation, regardless of size or sector.

How does SA HB 167:2025 address cyber risks?
Cybersecurity is treated as a core component, integrated alongside physical and people security.

Is SA HB 167:2025 aligned with AS ISO 31000 or other standards?

‍Yes. SA HB 167:2025 is designed to complement and build upon AS ISO 31000:2018, Risk Management—Guidelines. It also references related standards such as AS/NZS 5050 (Managing disruption-related risk) and incorporates principles and methodologies consistent with international best practice. Organisations using SA HB 167:2025 will find it supports and enhances their existing risk management frameworks.