ISO 44001:2017 Collaborative business relationship management systems — Requirements and framework

ISO 44001:2017 specifies requirements for the effective identification, development and management of collaborative business relationships within or between organizations.

ISO 44001:2017 is applicable to private and public organizations of all sizes, from large multinational corporations and government organizations, to non-profit organizations and micro/small businesses.

Application of ISO 44001:2017 can be on several different levels, e.g.

· a single application (including operating unit, operating division, single project or programme, mergers and acquisitions);

· an individual relationship (including one-to-one relationships, alliance, partnership, business customers, joint venture);

· multiple identified relationships (including multiple partner alliances, consortia, joint ventures, networks, extended enterprise arrangements and end-to-end supply chains);

· full application organization-wide for all identified relationship types.

Quelle: ISO

ISO 28000:2007-9

Specification for security management systems for the supply chain

Foreword ……………………………………………………………………………………iv

Introduction …………………………………………………………………………………v

1 Scope ……………………………………………………………………………………..1

2 Normative references ………………………………………………………………………..1

3 Terms and definitions ……………………………………………………………………….1

4 Security management system elements …………………………………………………………..3
4.1 General requirements ………………………………………………………………………3
4.2 Security management policy …………………………………………………………………4
4.3 Security risk assessment and planning ……………………………………………………….4
4.4 Implementation and operation ……………………………………………………………….7
4.5 Checking and corrective action …………………………………………………………….10
4.6 Management review and continual improvement …………………………………………………12

ISO 9001:2000 ……………………………………………………………………………….13

Bibliography ………………………………………………………………………………..16

ISO 27014:2013

Titel:

ISO/IEC 27014:2013

Information technology — Security techniques — Governance of information security

Beschreibung:

ISO/IEC 27014:2013 provides guidance on concepts and principles for the governance of information security, by which organizations can evaluate, direct, monitor and communicate the information security related activities within the organization.

ISO/IEC 27014:2013 is applicable to all types and sizes of organizations

Bezug:

ISO

ISO 27005

Titel:

ISO 27005:2011  Information technology — Security techniques — Information security risk management

Herausgeber:

ISO

Veröffentlichung:

Juni 2008, Revision 2011

Beschreibung:

ISO 27005 gibt Guidelines für das Risikomanagement in der Informationssicherheit und konkretisiert die Anforderungen des ISO 27001 an den Risk Management-Prozess.

“ISO/IEC 27005:2011 provides guidelines for information security risk management.

It supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach.

Knowledge of the concepts, models, processes and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is important for a complete understanding of ISO/IEC 27005:2011.

ISO/IEC 27005:2011 is applicable to all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) which intend to manage risks that could compromise the organization’s information security.”

Zertifizierung:

Zertifizierung nach ISO 27001

Bezug:

ISO

ISO 22398:2013

Titel:

Societal security – Guidelines for exercises and tests

Herausgeber:

ISO (ISO/TC 292 Security and resilience)

Veröffentlichung:

13.09.2013

Beschreibung:

Guidance für die Durchführung von Tests und Übungen

Zertifizierung:

Zertifizierung des BCM nach ISO 22301 möglich, Nachfolger des BS 25999-2

Bezug:

ISO

ISO 22300:2012

Titel:

Societal security – Terminology

Herausgeber:

ISO (ISO/TC 292 Security and resilience)

Veröffentlichung:

2012

Beschreibung:

Begriffsdefinitionen für die Standards des TC 223

Abstract (TC 223):

ISO 22300:2012 contains terms and definitions applicable to societal security to establish a common understanding so that consistent terms are used.

Zertifizierung:

Zertifizierung des BCM nach ISO 22301 möglich, Nachfolger des BS 25999-2

Bezug:

ISO

ISO 22313:2012

Titel:

Societal security – Business continuity management systems – Guidance

Herausgeber:

ISO (ISO/TC 292 Security and resilience)

Veröffentlichung:

Dezember 2012

Beschreibung:

Guidance für den ISO 22301:2012

Abstract (TC 223):

ISO 22313:2012 for business continuity management systems provides guidance based on good international practice for planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving a documented management system that enables organizations to prepare for, respond to and recover from disruptive incidents when they arise.

It is not the intent of ISO 22313:2012 to imply uniformity in the structure of a BCMS but for an organization to design a BCMS that is appropriate to its needs and that meets the requirements of its interested parties. These needs are shaped by legal, regulatory, organizational and industry requirements, the products and services, the processes employed, the environment in which it operates, the size and structure of the organization and the requirements of its interested parties.

ISO 22313 is generic and applicable to all sizes and types of organizations, including large, medium and small organizations operating in industrial, commercial, public and not-for-profit sectors that wish to:

  • establish, implement, maintain and improve a BCMS;
  • ensure conformance with the organization’s business continuity policy; or
  • make a self-determination and self-declaration of compliance with this International Standard.

Zertifizierung:

Zertifizierung des BCM nach ISO 22301 möglich, Nachfolger des BS 25999-2

Bezug:

BSI, ISO

ISO 22301:2019

Titel:

Societal security – Business continuity management systems – Requirements

Herausgeber:

ISO (ISO/TC 292 Security and resilience)

Veröffentlichung:

Oktober 2019

Beschreibung:

Der internationale ISO-Standard für Business Continuity Management Systeme

Abstract (TC 292):

This document specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise.

The requirements specified in this document are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization’s operating environment and complexity.

This document is applicable to all types and sizes of organizations that:

a) implement, maintain and improve a BCMS;

b) seek to ensure conformity with stated business continuity policy;

c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption;

d) seek to enhance their resilience through the effective application of the BCMS.

This document can be used to assess an organization’s ability to meet its own business continuity needs and obligations.

Zertifizierung:

Zertifizierung des BCM nach ISO 22301 möglich, Nachfolger des BS 25999-2

Bezug:

BSI, ISO