ISO/IEC JTC 1/SC 27 Information Technology -- Security .
ISO/IEC JTC 1/SC 27 N16488REPLACES: N16363ISO/IEC JTC 1/SC 27Information technology -- Security techniquesSecretariat: DIN, GermanyDOC TYPE:standing documentTITLE:Text for Standing Document 16 (SD16) “Information Security Library (ISL) based onISO/IEC 27000 family of standards”SOURCE:Project editorDATE:2016-08-02PROJECT:SD16STATUS:In accordance with Resolution 29 (contained in SC 27 N16370) of the 28th SC 27Plenary Meeting in Tampa, FL, USA, 18th – 19th April 2016, this document has beenapproved and made publicly available at the SC 27 public websitewww.din.de/go/jtc1sc27 "Downloads". It is being circulated within SC 27 forinformation.ACTION:FYIDUE DATE:DISTRIBUTION:MEDIUM:NO. OF PAGES:P-, O- and L-membersW. Fumy, SC 27 ChairmanM. De Soete, SC 27 Vice-ChairE.J. Humphreys, T. Chikazawa, M. Bañón, J. Amsenga, K. Rannenberg, /open/jtc1sc271 22Secretariat ISO/IEC JTC 1/SC 27 –DIN Deutsches Institut für Normung e. V., Am DIN-Platz, Burggrafenstr. 6, D-10787 [D-10772 postal] Berlin, GermanyTelephone: 49 30 2601-2652; Facsimile: 49 30 2601-4-2652; E-mail: 27
SD16 - Information technology - Security techniques - Information Security Library (ISL) based onISO/IEC 27000 family of standardsTABLE OF CONTENTS1Introduction32Scope and expected usage5345672.1Scope52.2Expected usage5The development and structure of this document3.1Development stages of this document63.2The structure of this document6Concept and principles74.1Overview of drivers and development of projects within different SC27 WGs74.2Inter relationship within SC27 WGs7Control connection and development of ISO/IEC 27002 and Annex A in ISO/IEC 2700195.1Current connections and objectives as per ISO/IEC 27002:2013 and ISO/IEC 27001:201395.2Suggested process of changing controls of ISO/IEC2700195.3Guidance on ISL establishment9Roles and responsibilities during ISL lifecycle106.1Approval of ISL106.2First adaptation and update next version of ISO/IEC 27002 according to ISL106.3Continuous updating ISO/IEC 27002106.4ISL external communication10ISL requirements and guidance117.1Requirement of ISL structure7.1.17.2Guidance for procedure for SWG-T on ISL structureRequirement of ISL structure communication7.2.186Guidance for procedure for ISL structure communicationSD requirement of control linkage for ISO/IEC 27001 Annex A and ISO/IEC 2700211111111128.1Requirement for control connection of ISO/IEC 27002 and Annex A in ISO/IEC 27001128.2Roadmap for adapting ISL to ISO/IEC 27001 Annex A and ISO/IEC 2700212Annex A Standards and WG:s13Annex B: ISO/IEC 27001 ANNEX A control ref. to WG and standards/projects15Annex C Place holder for new project notes23
1IntroductionThe backdrop for creating an information security library (ISL) is based on both external andinternal perspectives when looking at SC 27 work and output. The number of projects is increasingand the value of content as well. The concept is that an ISL will clearly communicate how thesevarious projects relate to one another.Externally, there are two prime drivers currently for SC 27 to develop standards:a) Business and management system drivenb) Technology drivenBoth the above drivers create development, but they are different with respect to what they want toachieve. The business side wants a stable environment without too many changes and also wantsto be in control. The technology driver wants their systems to be up-to-date and with current latesttechnology.Internally within SC27 WGs, there are also two driving forces:c) A major part of the controls and ISO/IEC 27002 is about or related to technology and isdeveloped by WG1 as a management standard. ISO/EC 27002 has a strong relationship toAnnex A in ISO/IEC 27001 and thus form part of the requirements of an ISMS.d) The technology-based standards that relate to the controls are developed by other WGswithin SC27 and in particular WG4.There may be an opportunity to enhance the development of the work done in SC27 and to useskills and expertise in a better way. The basic idea is to let the internal work within other WGs drivethe change of Annex A and ISO/IEC 27002 when so fit. This requires a new structure that bringsWG1 and other WGs closer. Such a structure explained and communicated to the market willstrengthen the position of the ISO 27000 family of standards. This might be effectivelycommunicated under the “umbrella concept” called Information Security Library (ISL).There is also another motive for the ISL. Within the different working groups within SC 27, there ismuch knowledge that is spread into many different projects. This has not only to do with theorganization of SC 27, but also with the complexity of the subject “Information Security”. Thiscomplexity is also in the market place and is even more difficult to grasp for the users than forexperts participating in the standards development.If an “umbrella concept” can be established to support the users of the knowledge provided in SC27 in a more structured way, this will provide a more efficient use of the knowledge and reduce theoverlap of both work and standards produced for the market. The objective should also be not toreduce value, but the opposite; we will increase the value and usability. If successful, ISL couldhave a similar meaning as “ITIL”, but it will be different in that it is built on existing work within thestandardization and just structured for current and future work.Today, the users of ISO/IEC 27001 have to fulfill the requirements of the ISMS as well asconsidering the Annex A controls. The guidelines for these controls are provided in ISO/IEC 27002.There has been much discussion on Annex A, but it is a very good reference point and that is whatstandards are very much about. Two challenges are that ISO/IEC 27001-Annex A andISO/IEC27002 are rather quickly outdated due to the rapid change of the technology, and areconsidered by many not to be comprehensive enough. This may create confusion in themarketplace as the market is using the standards to find common ground. One way of solving thisis to make it more comprehensive, using all the knowledge within SC 27 and update the Annex A
more frequently. This then has to be organized, as the projects within the WG have their owntimelines for development and the Annex A which is being linked to ISO/IEC 27002 has its own. IfISL could lay down and explain how Annex A may be updated and supported by other standardswithin SC 27 than just ISO/IEC 27002 as per today, this would not only solve the Annex A outdaterisk, but will also increase the trust and usability of ISO/IEC 27001 certification using ISOstandards from SC 27.When it comes to the ISMS processes, the ISO/IEC 27001 is supported by manystandards/technical reports within WG1. Furthermore, the controls in Annex A are supported bymany standards/technical reports developed in other WGs of SC 27.Within the control guidelinessupporting Annex A of ISO/IEC 27001 the expertise on technical controls is not only found withinWG1, but especially within the other WGs such as cryptography expertise within WG2, networksecurity within WG 4 etc.
2Scope and expected usage2.1 ScopeThis document primarily describes the form of the information security library (ISL) for the users ofISO/IEC 27001 to comprehend and utilize the guidelines in other ISO/IEC JTC 1/SC 27 standardsand technical reports to support their ISMS and implement controls. Secondarily, the documentprovides information on how standards and technical reports are developed within ISO SC 27within the ISL to support the long-term usability.2.2 Expected usageThe SD would form the basis for other informative public material or a publically available standard(or part of ISO/IEC 27000) explaining the structure of standards and technical reports to be usedfor an ISMS according to ISO/IEC 27001 and the controls in Annex A.The document will also lay down the architectural design for how projects within SC 27 areorganized within the ISL to support the use in the market place and connect the WG roadmaps.The document should, in its first version, state how the controls in ISO/IEC 27001 Annex A relateto other standards. But preferably it will also explain how the next version of Annex A will beupdated and which standards will support this update. The latter needs decisions within SC 27 oncoordination of work. (At a later stage, other documents might take of the role of this documentsuch as ISO/IEC 27000 or even ISO/IEC 27002.)If the ISL is used, the architectural form might result in the following benefits: The main body text of ISO/IEC 27001 may not need to be revised for a longer period(depending upon the evolution of other ISO MS standards) and will serve as the base for ISL.ISO/IEC 27001 and its processes of the main text will be supported by the WG1 standardsISO/IEC 27001 – Annex A will be updated more frequently, for example every third year, andwill expand in terms of number of controlsISO/IEC 27002 will be a guideline standard for all controls that are included in Annex A ofISO/IEC 27001, but will lean on other SC 27 WG projectsThis means that the content of ISO/IEC 27002 will be produced by all WGs and subsequentlyAnnex A of ISO/IEC 27001 will be updated based on necessary changes due to changes intechnology.ISO/IEC 27009 future versions will address how Annex A within ISL should be used for differentcertifications depending on business context.
3The development and structure of this document3.1Development stages of this documentThe development of this SD will be done in two stages:a) The first version that is subject by approval will cover the SC27 internal process ofconnecting and developing controls from SC27 WG:s to ISO/IEC 27002 to establish ISLb) A second version will be developed once the internal process is established that will addbasis for the external communication process of ISL3.2 The structure of this documentClause 4 describes the overall idea behind ISL based on examples from WG1 and WG4 projectsalthough the ISL scope includes all WGs within SC27.Clause 5 describes how to connect controls and the reasoning behind the requirements set up inthe next clauses.Clause 6 describes roles and responsibilities between SC27 WGs to enable ISL.Clause 7 provides requirements and guidance for the process of keeping track of ISL under thegovernance of SWG-T.Clause 8 describes requirements for control connection.Annex A is informative and provides a list of projects to demonstrate what standards may be linkedas part of ISL. This Annex is just giving a snap shot in time.Annex B is informative and is the list of controls in ISO/IEC 27002:2013 mapped to relatedprojects. This Annex is based upon snap shot of the situation as per a certain date.Annex C is a place holder for new projects that have been identified to support ISL
4Concept and principles4.1 Overview of drivers and development of projects within different SC27 WGsThe drivers behind the start of projects within an SC27 WG are either business driven ortechnology driven. And in some cases they are driven by both business and technology.Currently this description is limited to WG1 and WG4 in order to explain the structure but theprinciple of connecting the different standards shall be applicable to all WGs within SC27.WG1 standards are mostly driven by business, but the standards of other WGs, such as WG4, aremainly driven by technology. The link especially between WG1 and WG4 can be seen in inISO/IEC 27002 and in the Annex A of ISO/IEC 27001 as duplication of the control objectives andcontrols in ISO/IEC 27002. The coordination development of projects is done by separateroadmaps (SD3).Fig 1 Showing drivers for different types of standards in this case belonging to WG1 and WG4In figure 1 the example is showing the following:a) WG1 standards/projects are management system drivenb) WG4 standards/projects are technology drivenc) The interface between them is in first instance ISO/IEC 27001- Annex and ISO/IEC 27002 andsecondly ISO/IEC 27000 containing overall concepts and definitions etc.4.2Inter relationship within SC27 WGsInter-relationship of ISMS ISO/IEC27001 to other standards is wide and complex.For an ISL concept to work the existing relationships should be made clear and those that arenot that evident should ideally be made much clearer through an ISL approach. Today this isthe intention of ISO/IEC 27000 which covers existing/published standards. But for a user, this
link is not that evident. And for ongoing projects, SD3 roadmaps are used, but these areseparated for the WG. The current situation including links to standards outside SC27 is shownin Fig 2 and the titles and WG are listed in Annex A.Fig 2 Links to other standards from ISO/EC 27001 (ISMS)
5Control connection and development of ISO/IEC 27002 and Annex A in ISO/IEC 270015.1 Current connections and objectives as per ISO/IEC 27002:2013 and ISO/IEC 27001:2013The ISO/IEC 27002 includes controls and the ISO/IEC27001-Annex A as well. The current linkagecan be seen in Annex A in this document. Many controls are not connected outside WG1 but thereare many that are connected to other projects/Standards. And even if a full investigation has notbeen made the connections are evident. This overlap and future development of controls could behandled in several ways but the objectives should be to improve usability for the users, increasequality and reduce workload for the experts.5.2 Suggested process of changing controls of ISO/IEC27001The suggested process for future development of controls which is the fundamental aspect of ISLis to cover the three principles below:a) All controls in Annex A in ISO/IEC 27001 are developed by WG1 including the guideline textin ISO/IEC 27002b) For any control if there is a corresponding project or standard in any SC27 WG, includingWG1, this standard should connect to the control by stating this clearly preferably byrepeating the objective and the underlying control or controls in the body of the standard.c) Any project that is started in any WG that wants to add controls to Annex A has to formulateobjectives and controls and provides those to WG1 for suggested update of Annex A.Subsequently a brief guidance text has also to be produced by that project forISO/IEC27002. WG1 decides whether to include the control or not.The requirements and guidance in this SD is based upon the above principlesAs an example of how development can be done as alternative c) above:Clause 16 of ISO/IEC 27002:2013 (as well as the ref in Annex a) is about Information SecurityIncident Management. In contains one objective and seven controls. The guidance in ISO/IEC27002 is one page. ISO/IEC 270035 on incident management is a multipart standard withguidance on at least 60 pages on the same subject (currently under revision). There issubsequently a risk that the guidance and the controls in ISO/IEC 27002 are not fully aligned withISO/IEC27035 or vice versa.Within the ISL concept, Clause 16 should be based upon ISO/IEC 27035 and WG4 should beresponsible for providing the controls and the guidance to ISO/IEC27002 (as well as the Annex Ain ISO/IEC 27001.) WG1 being the “owner” of ISO/IEC 27002 should decide the forms for thecontribution and time schedule etc. for revisions etc. The form could include both a given page slot(this might well still be one page) as well as the structure and format for the clause.5.3 Guidance on ISL establishmentShort-term the development of ISL may be done by setting the internal procedures within SC 27and developing a roadmap to determine the release date for the new version of ISO/IEC 27002(and Annex A in ISO/IEC 27001) based upon current projects and released standards etc. Oncedecided, the marketing of ISL may start at a given time. The short-term phase ends when the firstrevised version of ISO/IEC 27002 according to ISL is published.Long-term development should be driven by that ISO/IEC 27002 (and Annex A in ISO/IEC 27001)are revised based upon other SC27 standards revisions and new projects arising.
6Roles and responsibilities during ISL lifecycle6.1Approval of ISL SWG-T is responsible for the process up to approval of this document6.2First adaptation and update next version of ISO/IEC 27002 according to ISL WG1 is responsible for identifying projects that should be linked to objectives and/orcontrols Any SC27 WG that wants controls to be included in ISO/IEC 27002 and then also Annex Ain ISO/IEC 27001 shall notify WG1 Each WG is responsible to provide text for each identified objective and/or control andguidance text. WG1 is responsible for deciding upon inclusion and then including and adjusting textsreceived from other WG:s WG1 is responsible for updating Annex A in ISO/IEC 27001.6.3Continuous updating ISO/IEC 27002 WG1 is responsible for monitoring the need to update/change ISO/IEC 27002 and Annex Ain ISO/IEC 27001 Each WG that wants to add/change objectives and/or controls in ISO/IEC 27002 will submitthese changes to WG1 WG1 is responsible for the decision process for updating ISO/IEC 270026.4ISL external communication The responsibilities for external communication of ISL will be determined at a later date anddescribed in a later version of this document
7ISL requirements and guidance7.1 Requirement of ISL structureThe relationship between ISO/IEC 27001 Annex A controls and connected standards shall beupdated in the same process and documented in a single source.7.1.1 Guidance for procedure for SWG-T on ISL structureThe ISL connections should be handled and governed by SWG-T in a format that enables crossconnection, such as an Excel sheet or DB solution where:a) All ongoing projects are listed with linkage to Annex Ab) All published standards/TRs are linkedThe actual registration of the documented information in the ISL should be done by the WGs.The ISL DB should present at least two types of output:c) An ISL report that shows the linkage of published standards etc. to be used externallyd) An internal ISL report that shows the linkage of published standards and ongoing projectsetc. to be used within SC27SWG-T ISL editing meeting should be held to assure accuracy of the reports.(Ed note: SDx Annex A is a draft of linkage of projects to WG1 and WG4 as of 2014)7.2 Requirement of ISL structure communicationThe ISL structure shall be communicated to the users of SC27 published documents7.2.1 Guidance for procedure for ISL structure communicationThe ISL report should be prepared so that it has a ready format to be updated when so decidedand made available on ISO web as well as any other source.The format and the report should have a name such as ISO SC27 Information Security Library andversion.The report should contain a description on how to use the report, how it is updated etc.
8SD requirement of control linkage for ISO/IEC 27001 Annex A and ISO/IEC 270028.1Requirement for control connection of ISO/IEC 27002 and Annex A in ISO/IEC 27001a) All controls in Annex A in ISO/IEC 27001 shall be approved by WG1 including the guidelinetext in ISO/IEC 27002b) For a control for which a corresponding standard exists, this standard shall correspond tothe control byi.Referencing the controlii.Stating the control objective which shall be identical to the control objective in thecorresponding standardiii.The controls linked to the objective shall be identical to controls found in thecorresponding standardiv.The guidance text shall be short in ISO/IEC 27002 and based upon the text in thecorresponding standardc) Any project that is started in any WG that wants to add controls to Annex A and ISO/IEC27002 shall formulate objectives and controls provide these to WG1 for a suggested updateof Annex A and ISO/IEC 27002. Subsequently a brief guidance text should also to beproduced by that project for ISO/IEC27002. WG1 will make a decision whether to includethe control and when.8.2Roadmap for adapting ISL to ISO/IEC 27001 Annex A and ISO/IEC 27002a) Based on Annex B decide which standard the control reference should be made based onexisting version of 27001 Annex 1. Then consider the below bulletsi.The objective can stay as is and just the ref to the corresponding SC27 standardii.The objective has to be rephrased to be aligned with the corresponding standardiii.The corresponding standard has no clear reference to the objective and has to berevised in the next revisioniv.The control can stay as is and just reference the corresponding SC27 standardv.The control has to be rephrased to be aligned with the corresponding standardvi.The corresponding standard has no clear reference to the control and has to berevised in the next revisionb) Additional controlsi.Review of standards published after the last version of ISO/IEC 27002ii.Decide objectives and controls that should be added to ISO/IEC 27002 and ISO/IEC27001 Annex Aiii.Form the objective and controliv.Determine if the corresponding standard needs to be revisedc) Futurei.This should follow as 7.1 c).
Annex A Standards and WG:sStandardTitleCommentISO/IEC27000— Information technology - Security Techniques - Information securitymanagement systems — Overview and vocabularyWG1ISO/IEC27001— Information technology - Security Techniques - Information securitymanagement systems — Requirements.WG1ISO/IEC27002— Information technology - Security Techniques - Code of practice forinformation security managementWG1ISO/IEC27003— Information technology - Security Techniques - Information securitymanagement system implementation guidanceWG1ISO/IEC27004— Information technology - Security Techniques - Information securitymanagement — MeasurementWG1ISO/IEC27005— Information technology - Security Techniques - Information securityrisk managementWG1ISO/IEC27006— Requirements for bodies providing audit and certification ofinformation security management systemsWG1ISO/IEC27007— Information technology - Security Techniques - Guidelines forinformation security management systems auditing (focused on themanagement system)WG1ISO/IECTR 27008— Guidance for auditors on ISMS controls (focused on the informationsecurity controls)WG1ISO/IEC27009- Information technology — Security techniques — Sector-specificapplication of ISO/IEC 27001 — RequirementsWG1ISO/IEC27010— Information technology — Security techniques — Information securitymanagement for inter-sector and inter-organizational communicationsWG1ISO/IEC27011— Information technology - Security Techniques - Information securitymanagement guidelines for telecommunications organizations based onISO/IEC 27002WG1ISO/IEC27013— Information technology - Security Techniques - Guideline on theintegrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1WG1ISO/IEC27014— Information technology - Security Techniques - Information securitygovernanceWG1ISO/IECTR 27015IT Security — Security techniques — Information security management –Organizational economicsWG1ISO/IECTR 27016— IT Security — Security techniques — Information securitymanagement – Organizational economicsWG1ISO/IEC— Information security management for cloud systemsWG1
27017ISO/IEC27018— Data protection for cloud systemsWG1ISO/IEC27019— Information security management guidelines based on ISO/IEC 27002for process control systems specific to the energy utility industryWG1ISO/IEC27031— Information technology - Security Techniques - Guidelines forinformation and communication technology readiness for businesscontinuityWG4ISO/IEC27032— Information technology - Security Techniques - Guideline forcybersecurityWG4ISO/IEC27033— Information technology - Security Techniques - Network securityWG4ISO/IEC27034— Information technology - Security Techniques - Application securityWG4ISO/IEC27035— Information technology - Security Techniques - Information securityincident managementWG4ISO/IEC27036— Information technology - Security Techniques - Information securityfor supplier relationships -WG4ISO/IEC27037— Information technology - Security Techniques - Guidelines foridentification, collection, acquisition and preservation of digital evidenceWG4ISO/IEC27038— Specification for redaction of digital documentsWG4ISO/IEC27039— Intrusion detection and protection systemsWG4ISO/IEC27040— Guideline on storage securityWG4ISO/IEC27041— Assurance for digital evidence investigation methodsWG4ISO/IEC27042— Analysis and interpretation of digital evidenceWG4ISO/IEC27043— Digital evidence investigation principles and processesWG4ISO/IEC27044- Information technology — Security techniques — Guidelines forsecurity information and event management (SIEM)WG4ISO/IEC27050- Information technology -- Security techniques -- Electronic discoveryWG4ISO 27799— Information security management in health using ISO/IEC 27002Not SC27
Annex B: ISO/IEC 27001 ANNEX A control ref. to WG and standards/projectsFirst Drafted table 2014-09-12Last to columns is for notes during editing development of the annexRef toISO/IEC27001:2013ControlA.5.1.1Policies forinformationsecurityA.5.1.2Review of the policiesfor informationsecurityA.6.1.1Information securityroles andresponsibilitiesA.6.1.2Segregation of dutiesA.6.1.3Contact withauthoritiesA.6.1.4Contact with specialinterest groupsA.6.1.5A.6.2.1Information securityin projectmanagementMobile device ms and conditionsof y measure descriptionRefWGA set of policies for information securityshall be defined, approved bymanagement, published andcommunicated to employees and relevantexternal parties.The policies for information security shallbe reviewed at planned intervals or ifsignificant changes occur to ensure theircontinuing suitability, adequacy andeffectiveness.All information security responsibilitiesshall be defined and allocated.27001 5.2WG1Nonespecific27001:5.3WG1WG1Conflicting duties and areas ofresponsibility shall be segregated to reduceopportunities for unauthorized orunintentional modification or misuse of theorganization’s assets.Appropriate contacts with relevantauthorities shall be ate contacts with special interestgroups or other specialist security forumsand professional associations shall bemaintained.Information security shall be addressed inproject management, regardless of thetype of the project.A policy and supporting security measuresshall be adopted to manage the risksintroduced by using mobile devices.NonespecificWG1A policy and supporting security measuresshall be implemented to protectinformation accessed, processed or storedat teleworking sites.Background verification checks on allcandidates for employment shall be carriedout in accordance with relevant laws,regulations and ethics and shall beproportional to the business requirements,the classification of the information to beaccessed and the perceived risks.The contractual agreements withemployees and contractors shall state theirand the organization’s responsibilities forinformation security.Management shall require all employeesand contractors to apply informationsecurity in accordance with the establishedpolicies and procedures of pecificNonespecificNonespecificCommentCovers IS policy No relevanceto controldevelopmentjustalignmentCover rolesetc.Might be moreref (Contentcheck?)WG1WG1WG1WG1ViewNo relevanceto controldevelopmentjustalignment
8.1.3A.8.1.4Information securityawareness, educationand trainingAll employees of the organization and,where relevant, contractors shall receiveappropriate awareness education andtraining and regular updates inorganizational policies and procedures,asrelevant for their job function.Disciplinary processThere shall be a formal and communicateddisciplinary process in place to take actionagainst employees who have committed aninformation security breach.Termination or change Information security responsibilities andof employmentduties that remain valid after terminationresponsibilitiesor change of employment shall be defined,communicated to the employee orcontractor and enforced.Inventory of assetsAssets associated with information andinformation processing facilities shall beidentified and an inventory of these assetsshall be drawn up and maintained.Ownership of assetsAssets maintained in the inventory shall beownedAcceptable use ofRules for the acceptable use of informationassetsand of assets associated with informationand information processing facilities shallbe identified, documented andimplemented.Return of assetsAll employees and external party usersshall return all of the organizational assetsin their possession upon termination oftheir employment, contract or agreement.A.8.2.1Classification ofinformationA.8.2.2Labelling ofinformationA.8.2.3Handling of assetsA.8.3.1Management ofremovable mediaA.8.3.2Disposal of mediaA.8.3.3Physical mediatransferA.9.1.1Access control policyInformation shall be classified in terms oflegal requirements, value, criticality andsensitivity to unauthorised disclosure ormodification.An appropriate set of procedures forinformation labelling shall be developedand implemented in accordance with theinformation classification scheme adoptedby the organization.Procedures for handling assets shall bedeveloped and implementedin accordance with the informationclassification scheme adopted by theorganization.Procedures shall be implemented for themanagement of removable media inaccordance with the classification schemeadopted by the organization.Media shall be disposed of securely whenno longer required, usingformal procedures.Coverscompetenceand awareness27001: 40Media containing information shall be?protected against unauthorizeda
Aug 02, 2016 · 5 Control connection and development of ISO/IEC 27002 and Annex A in ISO/IEC 27001 9 5.1 Current connections and objectives as per ISO/IEC 27002:2013 and ISO/IEC 27001:2013 9 5.2 Suggested process of changing controls of ISO/IEC27001 9 5.3 Guidance on ISL establishment 9 6 Roles and respon
IEC 61215 IEC 61730 PV Modules Manufacturer IEC 62941 IEC 62093 IEC 62109 Solar TrackerIEC 62817 PV Modules PV inverters IEC 62548 or IEC/TS 62738 Applicable Standard IEC 62446-1 IEC 61724-1 IEC 61724-2 IEC 62548 or IEC/TS 62738 IEC 62548 or IEC/TS 62738 IEC 62548 or IEC/TS 62738 IEC 62548 or IEC/
Cloud Computing ISO/IEC JTC 1/WG 9 Big Data ISO/IEC JTC 1/WG 11 Smart Cities ISO/IEC JTC 1/SC 41 Internet of Things (WG 10 in 2015) ISO/IEC JTC 1/SC 42 Artifici
ISO/IEC JTC 1/SC 25/WG 3 N 755 2005-05-18 ISO/IEC JTC 1/SC 25/WG 3n755c.doc page 1 To: IEEE 802.3 Bob Grow copy to Brad Booth, Alan Flatman From: IEC/JTC1/SC25/WG 3 Secretariat Date: 2005-05-17 Letter to the chairman of IEEE 802.3 on a WD for an amendment to ISO/IEC 11
ISO/IEC 27002 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. This first edition of ISO/IEC 27002 comprises ISO/IEC 17799:2005 and ISO/IEC 17799:2005/Cor.1:2007. Its technical content is identical to that of ISO/IEC 17799:2005.
ISO/IEC JTC 1/SC 38/WG 3 - Cloud Computing Service Level Agreements (CCSLA) ISO/IEC JTC 1/SC 38/WG 4 - Cloud Computing Interoperability and Portability (CCIP) ISO/IEC JTC 1/SC 38/WG 5 - Cloud Computing Data and its Flow (CCDF) Published Standards: 11 International Standards and 1 Technical Report Projects under development: 5 standards and/or .
IEC has formed IECRE for Renewable Energy System verification - Component quality (IEC 61215, IEC 61730, IEC 62891, IEC 62109, IEC 62093, IEC 61439, IEC 60947, IEC 60269, new?) - System: - Design (IEC TS 62548, IEC 60364-7-712, IEC 61634-9-1, IEC 62738) - Installation (IEC 62548, IEC 60364-7-712)
Consolidated JTC 1 Supplement 2019 — Procedures specific to JTC 1 . Procédures spécifiques à JTC 1. Based on ISO/IEC Directives Part 1 Fifteenth Edition- 2019 . International Organization for Standardization (ISO) Chem
ISO/IEC 27011:2008 . Information security management guidelines for tele-communications organizations based on ISO/IEC 27002. ISO/IEC 27013:2015 . Guidance on the integrated implementation of ISO/IEC 27001 . and ISO/IEC 20000-1. ISO/IEC 27014:2013includes nearly 20 standards. The . Governance of information security. ISO/IEC 27015:2012
