ISO 22300:2012

Titel:

Societal security – Terminology

Herausgeber:

ISO (ISO/TC 292 Security and resilience)

Veröffentlichung:

2012

Beschreibung:

Begriffsdefinitionen für die Standards des TC 223

Abstract (TC 223):

ISO 22300:2012 contains terms and definitions applicable to societal security to establish a common understanding so that consistent terms are used.

Zertifizierung:

Zertifizierung des BCM nach ISO 22301 möglich, Nachfolger des BS 25999-2

Bezug:

ISO

ISO 22301:2012

Derzeit liegt die Draft-Version der Überarbeitung ISO 22301:2019 vor

Titel:

Societal security – Business continuity management systems – Requirements

Herausgeber:

ISO (ISO/TC 292 Security and resilience)

Veröffentlichung:

Mai 2012

Beschreibung:

Der internationale ISO-Standard für Business Continuity Management Systeme

Abstract (TC 223):

ISO 22301:2012 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.

The requirements specified in ISO 22301:2012 are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization’s operating environment and complexity.

Zertifizierung:

Zertifizierung des BCM nach ISO 22301 möglich, Nachfolger des BS 25999-2

Bezug:

BSI, ISO

ISO 22313:2012

Titel:

Societal security – Business continuity management systems – Guidance

Herausgeber:

ISO (ISO/TC 292 Security and resilience)

Veröffentlichung:

Dezember 2012

Beschreibung:

Guidance für den ISO 22301:2012

Abstract (TC 223):

ISO 22313:2012 for business continuity management systems provides guidance based on good international practice for planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving a documented management system that enables organizations to prepare for, respond to and recover from disruptive incidents when they arise.

It is not the intent of ISO 22313:2012 to imply uniformity in the structure of a BCMS but for an organization to design a BCMS that is appropriate to its needs and that meets the requirements of its interested parties. These needs are shaped by legal, regulatory, organizational and industry requirements, the products and services, the processes employed, the environment in which it operates, the size and structure of the organization and the requirements of its interested parties.

ISO 22313 is generic and applicable to all sizes and types of organizations, including large, medium and small organizations operating in industrial, commercial, public and not-for-profit sectors that wish to:

  • establish, implement, maintain and improve a BCMS;
  • ensure conformance with the organization’s business continuity policy; or
  • make a self-determination and self-declaration of compliance with this International Standard.

Zertifizierung:

Zertifizierung des BCM nach ISO 22301 möglich, Nachfolger des BS 25999-2

Bezug:

BSI, ISO

ISO 22398:2013

Titel:

Societal security – Guidelines for exercises and tests

Herausgeber:

ISO (ISO/TC 292 Security and resilience)

Veröffentlichung:

13.09.2013

Beschreibung:

Guidance für die Durchführung von Tests und Übungen

Zertifizierung:

Zertifizierung des BCM nach ISO 22301 möglich, Nachfolger des BS 25999-2

Bezug:

ISO

ISO 27005

Titel:

ISO 27005:2011  Information technology — Security techniques — Information security risk management

Herausgeber:

ISO

Veröffentlichung:

Juni 2008, Revision 2011

Beschreibung:

ISO 27005 gibt Guidelines für das Risikomanagement in der Informationssicherheit und konkretisiert die Anforderungen des ISO 27001 an den Risk Management-Prozess.

“ISO/IEC 27005:2011 provides guidelines for information security risk management.

It supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach.

Knowledge of the concepts, models, processes and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is important for a complete understanding of ISO/IEC 27005:2011.

ISO/IEC 27005:2011 is applicable to all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) which intend to manage risks that could compromise the organization’s information security.”

Zertifizierung:

Zertifizierung nach ISO 27001

Bezug:

ISO

ISO 27014:2013

Titel:

ISO/IEC 27014:2013

Information technology — Security techniques — Governance of information security

Beschreibung:

ISO/IEC 27014:2013 provides guidance on concepts and principles for the governance of information security, by which organizations can evaluate, direct, monitor and communicate the information security related activities within the organization.

ISO/IEC 27014:2013 is applicable to all types and sizes of organizations

Bezug:

ISO

ISO 28000:2007-9

Specification for security management systems for the supply chain

Foreword ……………………………………………………………………………………iv

Introduction …………………………………………………………………………………v

1 Scope ……………………………………………………………………………………..1

2 Normative references ………………………………………………………………………..1

3 Terms and definitions ……………………………………………………………………….1

4 Security management system elements …………………………………………………………..3
4.1 General requirements ………………………………………………………………………3
4.2 Security management policy …………………………………………………………………4
4.3 Security risk assessment and planning ……………………………………………………….4
4.4 Implementation and operation ……………………………………………………………….7
4.5 Checking and corrective action …………………………………………………………….10
4.6 Management review and continual improvement …………………………………………………12

ISO 9001:2000 ……………………………………………………………………………….13

Bibliography ………………………………………………………………………………..16

ISO 44001:2017 Collaborative business relationship management systems — Requirements and framework

ISO 44001:2017 specifies requirements for the effective identification, development and management of collaborative business relationships within or between organizations.

ISO 44001:2017 is applicable to private and public organizations of all sizes, from large multinational corporations and government organizations, to non-profit organizations and micro/small businesses.

Application of ISO 44001:2017 can be on several different levels, e.g.

· a single application (including operating unit, operating division, single project or programme, mergers and acquisitions);

· an individual relationship (including one-to-one relationships, alliance, partnership, business customers, joint venture);

· multiple identified relationships (including multiple partner alliances, consortia, joint ventures, networks, extended enterprise arrangements and end-to-end supply chains);

· full application organization-wide for all identified relationship types.

Quelle: ISO

ISO/IEC 20000-1:2011

Titel:
Information technology — Service management — Part 1: Service management system requirements

Beschreibung:

ISO/IEC 20000 ist die Standardisierungsnorm für ITIL (IT Infrastructure Library).

Die Norm besteht aus

  • ISO/IEC20000-1 – requirements
  • ISO/IEC20000-2 – code of practice.

“ISO/IEC 20000-1:2011 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements.”

ISO 20000 beschreibt IT-Prozesse.

In der Service Delivery Group sind folgende Prozesse beschrieben:

  • Capacity Management
  • Service Continuity & Availability Management
  • Service Level Management
  • Service Reporting
  • Information Security Management
  • Budgeting & Accounting for Services.

Hier finden sich die für BCM und ITSCM relevanten Prozesse.

Zertifizierung:

Eine Zertifizierung nach ISO/IEC 20000-1:2011 ist möglich

Verweis:

ISO

ISO/IEC 24762:2008

Titel:

Guidelines for information and communications technology disaster recovery services

Herausgeber:

ISO

Veröffentlichung:

Februar 2008

Beschreibung:

ISO/IEC 24762:2008 provides guidelines on the provision of information and communications technology disaster recovery (ICT DR) services as part of business continuity management, applicable to both “in-house” and “outsourced” ICT DR service providers of physical facilities and services.

ISO/IEC 24762:2008 specifies:

  • the requirements for implementing, operating, monitoring and maintaining ICT DR services and facilities;
  • the capabilities which outsourced ICT DR service providers should possess and the practices they should follow, so as to provide basic secure operating environments and facilitate organizations’ recovery efforts;
  • the guidance for selection of recovery site; and
  • the guidance for ICT DR service providers to continuously improve their ICT DR services.

Zertifizierung:

keine Zertifizierung

Bezug:

ISO

ISO/IEC 27001

Titel:

ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements

Herausgeber:

ISO

Veröffentlichung:

erstmals 2005, letzte Ausgabe 2008

Beschreibung:

Der Standard definiert die Anforderungen für Herstellung, Einführung, Betrieb, Überwachung, Wartung und Verbesserung eines dokumentierten Informationssicherheits-Managementsystems.

Die ISO/IEC 27001:2005 wurde aus dem britischen Standard BS 7799-2:2002 entwickelt.

Zu den explizit genannten Anforderungen gehört auch das Business Continuity Management (Abschnitt A.14).

Anforderungen:

  • Including information security in the business continuity management process
  • Business continuity and risk assessment
  • Developing and implementing continuity plans including information security
  • Business continuity planning framework
  • Testing, maintaining and re-assessing business continuity plans

Zu den genannten Anforderungen sind jeweils controls definert.

Zertifizierung:

Zertifizierung nach ISO/IEC 27001 möglich

Bezug:

ISO