Jul,03

ISO IEC TS 27022 pdf – Information technology — Guidance on information security management system processes

ISO IEC TS 27022 pdf – Information technology — Guidance on information security management system processes

ISO IEC TS 27022 pdf – Information technology — Guidance on information security management system processes
1 Scope
This document defines a process reference model (PRM) for the domain of information securitymanagement, which is meeting the criteria defined in lSO/IEC 33004 for process reference models (seeAnnex A). It is intended to guide users of lSO/IEC 27001 to:
– incorporate the process approach as described by ISO/IEC 27000:2018,4.3, within the ISMS;一be aligned to all the work done within other standards of the ISO/IEC 27000 family from the
perspective of the operation of ISMS processes
support users in the operation of an ISMs – this document is complementing the requirements-oriented perspective of lSO/IEC 27003 with an operational, process-oriented point of view.
2Normative references
The following documents are referred to in the text in such a way that some or all of their contentconstitutes requirements of this document. For dated references, only the edition cited applies. Forundated references, the latest edition of the referenced document(including any amendments) applies.ISO/IEC 27000,Information technology – Security techniques — Information security managementsystems -Overview and vocabulary
3Terms and definitions
For the purposes of this document, the terms and definitions given in ISo/IEC 27000 and thefollowing apply.
IS0 and IEC maintain terminological databases for use in standardization at the following addresses:- ISO online browsing platform: available at https:// www.iso .org/obp
— IEC Electropedia: available at http:/ /www.electropedia .org/
3.1
core process
process that delivers apparent and direct customer value and is derived from the core competencies(3.1) of the management systems
Note 1 to entry: This definition relies on and extends the definitions in IS0 9000:2015 and IS0 38500:2015.Note2 to entry: In this definition, “core competency” is understood as the set of skills and know-how present
within a management system, directly aligned with the objectives of the management system, supporting theachievement of the objectives and not elsewhere present within the organization at a competitive level.
3.2
integrated management systemIMS
management system that integrates all of an organization’s systems – like information securitymanagement and business continuity management – and processes in to one complete framework,enabling an organization to work as a single unit with unified objectives
3.3
key goal indicator
indicator that is an ex post measure for the achievement of a goal/ objective
3.4
key performance indicator
indicator that is an ex ante measure, which allow a prediction if a goal/objective is achieved in the future
3.5
management process
process that defines the objectives of the management system to achieve the strategic objectives set by the organization’s governing body
Note 1 to entry: This definition relies on and extends the definitions in ISO 9000:2015 and ISO/IEC 38500:2015.
3.6
support process
process that supports core processes by providing and managing necessary resources without delivering direct customer value
Note 1 to entry: This definition relies on and extends the definitions in ISO 9000:2015 and ISO/IEC 38500:2015.
4 Structure and usage of this document
The objective of this document is to guide the users of ISO/IEC 27001 on the operation of the ISMS. No additional requirements are defined within this document.
It is not intended to be used“out of the box” without adapting it to the implementing organization and it should not be used as requirements within ISMS certification audits.
The model architecture specifies a process architecture for the domain and comprises a set of processes, with each described in terms of process, purpose and results. The PRM is closely aligned to the information security requirements as contained in ISO/IEC 27001:2013. Processes are differentiated in core, management and supporting processes. The PRM is also meeting the criteria defined in ISO/IEC 33004 for process reference models.
Each process of this PRM is described in terms of:
process category;
一brief description;
一process flowchart;
一objective/purposes;
一input and results;
activities/functions; .
references.
The PRM does not attempt to place the processes in any specific environment nor does it pre-determine any level of process capability/ maturity required to fulfil the ISO/IEC 27001 requirements.

Download
The previous

ISO IEC TS 22924 pdf - Identification cards — Transport layer topologies — Configuration for HCI/ HCP interchange

The next

ISO IEC TS 27110 pdf - Information technology, cybersecurity and privacy protection — Cybersecurity framework development guidelines

Related Standards

IEC 63245-1 pdf – Spatial wireless power transfer based on multiple magnetic resonances – Part 1: Requirements
Jul,05 326
IEC 63245-1 pdf – Spatial wireless power transfer based on multiple magnetic resonances – Part 1: Requirements
IEC 63252 pdf – Energy consumption of vending machines
Jul,05 393
IEC 63252 pdf – Energy consumption of vending machines
IEC Guide 115 pdf – Application of uncertainty of measurement to conformity assessment activities in the electrotechnical sector
Jul,05 407
IEC Guide 115 pdf – Application of uncertainty of measurement to conformity assessment activities in the electrotechnical sector
IEC IEEE 63113 pdf – Nuclear facilities – Instrumentation important to safety – Spent fuel pool instrumentation
Jul,05 438
IEC IEEE 63113 pdf – Nuclear facilities – Instrumentation important to safety – Spent fuel pool instrumentation
IEC PAS 61162-103 pdf – Maritime navigation and radiocommunication equipment and systems – Digital interfaces – Part 103: Single talker and multiple listeners – New and amended sentences and Talker IDs
Jul,05 278
IEC PAS 61162-103 pdf – Maritime navigation and radiocommunication equipment and systems – Digital interfaces – Part 103: Single talker and multiple listeners – New and amended sentences and Talker IDs
IEC PAS 63325 pdf – Lifecycle requirements for functional safety and security for IACS
Jul,05 276
IEC PAS 63325 pdf – Lifecycle requirements for functional safety and security for IACS
IEC SRD 63235 pdf – Smart city system – Methodology for concepts building
Jul,05 332
IEC SRD 63235 pdf – Smart city system – Methodology for concepts building
IEC TR 61188-8 pdf – Circuit boards and circuit board assemblies – Design and use – Part 8: 3D shape data for CAD component library
Jul,05 284
IEC TR 61188-8 pdf – Circuit boards and circuit board assemblies – Design and use – Part 8: 3D shape data for CAD component library
IEC TR 62222 pdf – Fire performance of communication cables installed in buildings
Jul,05 393
IEC TR 62222 pdf – Fire performance of communication cables installed in buildings
IEC TR 63042-303 pdf – UHV AC transmission systems – Part 303: Guideline for the measurement of UHV AC transmission line power frequency parameters
Jul,05 272
IEC TR 63042-303 pdf – UHV AC transmission systems – Part 303: Guideline for the measurement of UHV AC transmission line power frequency parameters

Tags

www.standard-codes.com