Der News Blog zu Business Continuity Management und IT Service Continuity Management
Titel:
Societal security – Terminology
Herausgeber:
ISO (ISO/TC 292 Security and resilience)
Veröffentlichung:
2012
Beschreibung:
Begriffsdefinitionen für die Standards des TC 223
Abstract (TC 223):
ISO 22300:2012 contains terms and definitions applicable to societal security to establish a common understanding so that consistent terms are used.
Zertifizierung:
Zertifizierung des BCM nach ISO 22301 möglich, Nachfolger des BS 25999-2
Bezug:
Titel:
Societal security – Business continuity management systems – Requirements
Herausgeber:
ISO (ISO/TC 292 Security and resilience)
Veröffentlichung:
Oktober 2019
Beschreibung:
Der internationale ISO-Standard für Business Continuity Management Systeme
Abstract (TC 292):
This document specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise.
The requirements specified in this document are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization’s operating environment and complexity.
This document is applicable to all types and sizes of organizations that:
a) implement, maintain and improve a BCMS;
b) seek to ensure conformity with stated business continuity policy;
c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption;
d) seek to enhance their resilience through the effective application of the BCMS.
This document can be used to assess an organization’s ability to meet its own business continuity needs and obligations.
Zertifizierung:
Zertifizierung des BCM nach ISO 22301 möglich, Nachfolger des BS 25999-2
Bezug:
Titel:
Societal security – Business continuity management systems – Guidance
Herausgeber:
ISO (ISO/TC 292 Security and resilience)
Veröffentlichung:
Dezember 2012
Beschreibung:
Guidance für den ISO 22301:2012
Abstract (TC 223):
ISO 22313:2012 for business continuity management systems provides guidance based on good international practice for planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving a documented management system that enables organizations to prepare for, respond to and recover from disruptive incidents when they arise.
It is not the intent of ISO 22313:2012 to imply uniformity in the structure of a BCMS but for an organization to design a BCMS that is appropriate to its needs and that meets the requirements of its interested parties. These needs are shaped by legal, regulatory, organizational and industry requirements, the products and services, the processes employed, the environment in which it operates, the size and structure of the organization and the requirements of its interested parties.
ISO 22313 is generic and applicable to all sizes and types of organizations, including large, medium and small organizations operating in industrial, commercial, public and not-for-profit sectors that wish to:
Zertifizierung:
Zertifizierung des BCM nach ISO 22301 möglich, Nachfolger des BS 25999-2
Bezug:
Titel:
Societal security – Guidelines for exercises and tests
Herausgeber:
ISO (ISO/TC 292 Security and resilience)
Veröffentlichung:
13.09.2013
Beschreibung:
Guidance für die Durchführung von Tests und Übungen
Zertifizierung:
Zertifizierung des BCM nach ISO 22301 möglich, Nachfolger des BS 25999-2
Bezug:
Titel:
ISO 27005:2011 Information technology — Security techniques — Information security risk management
Herausgeber:
ISO
Veröffentlichung:
Juni 2008, Revision 2011
Beschreibung:
ISO 27005 gibt Guidelines für das Risikomanagement in der Informationssicherheit und konkretisiert die Anforderungen des ISO 27001 an den Risk Management-Prozess.
“ISO/IEC 27005:2011 provides guidelines for information security risk management.
It supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach.
Knowledge of the concepts, models, processes and terminologies described in ISO/IEC 27001 and ISO/IEC 27002 is important for a complete understanding of ISO/IEC 27005:2011.
ISO/IEC 27005:2011 is applicable to all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) which intend to manage risks that could compromise the organization’s information security.”
Zertifizierung:
Zertifizierung nach ISO 27001
Bezug:
Titel:
ISO/IEC 27014:2013
Information technology — Security techniques — Governance of information security
Beschreibung:
ISO/IEC 27014:2013 provides guidance on concepts and principles for the governance of information security, by which organizations can evaluate, direct, monitor and communicate the information security related activities within the organization.
ISO/IEC 27014:2013 is applicable to all types and sizes of organizations
Bezug:
Specification for security management systems for the supply chain
Foreword ……………………………………………………………………………………iv
Introduction …………………………………………………………………………………v
1 Scope ……………………………………………………………………………………..1
2 Normative references ………………………………………………………………………..1
3 Terms and definitions ……………………………………………………………………….1
4 Security management system elements …………………………………………………………..3
4.1 General requirements ………………………………………………………………………3
4.2 Security management policy …………………………………………………………………4
4.3 Security risk assessment and planning ……………………………………………………….4
4.4 Implementation and operation ……………………………………………………………….7
4.5 Checking and corrective action …………………………………………………………….10
4.6 Management review and continual improvement …………………………………………………12
ISO 9001:2000 ……………………………………………………………………………….13
Bibliography ………………………………………………………………………………..16
ISO 44001:2017 specifies requirements for the effective identification, development and management of collaborative business relationships within or between organizations.
ISO 44001:2017 is applicable to private and public organizations of all sizes, from large multinational corporations and government organizations, to non-profit organizations and micro/small businesses.
Application of ISO 44001:2017 can be on several different levels, e.g.
· a single application (including operating unit, operating division, single project or programme, mergers and acquisitions);
· an individual relationship (including one-to-one relationships, alliance, partnership, business customers, joint venture);
· multiple identified relationships (including multiple partner alliances, consortia, joint ventures, networks, extended enterprise arrangements and end-to-end supply chains);
· full application organization-wide for all identified relationship types.
Quelle: ISO
IT-Security Standards der ISO finden sich in der 27000er-Reihe, die vom Technical Committee JTC 1/SC 27 “IT Security techniques” erarbeitet wird.
Das aktuelle workprogramm findet sich hier.
Titel:
Information technology — Service management — Part 1: Service management system requirements
Beschreibung:
ISO/IEC 20000 ist die Standardisierungsnorm für ITIL (IT Infrastructure Library).
Die Norm besteht aus
“ISO/IEC 20000-1:2011 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements.”
ISO 20000 beschreibt IT-Prozesse.
In der Service Delivery Group sind folgende Prozesse beschrieben:
Hier finden sich die für BCM und ITSCM relevanten Prozesse.
Zertifizierung:
Eine Zertifizierung nach ISO/IEC 20000-1:2011 ist möglich
Verweis:
Titel:
Guidelines for information and communications technology disaster recovery services
Herausgeber:
ISO
Veröffentlichung:
Februar 2008
Beschreibung:
ISO/IEC 24762:2008 provides guidelines on the provision of information and communications technology disaster recovery (ICT DR) services as part of business continuity management, applicable to both “in-house” and “outsourced” ICT DR service providers of physical facilities and services.
ISO/IEC 24762:2008 specifies:
Zertifizierung:
keine Zertifizierung
Bezug:
Titel:
ISO/IEC 27001 Information technology – Security techniques – Information security management systems – Requirements
Herausgeber:
ISO
Veröffentlichung:
erstmals 2005, letzte Ausgabe 2008
Beschreibung:
Der Standard definiert die Anforderungen für Herstellung, Einführung, Betrieb, Überwachung, Wartung und Verbesserung eines dokumentierten Informationssicherheits-Managementsystems.
Die ISO/IEC 27001:2005 wurde aus dem britischen Standard BS 7799-2:2002 entwickelt.
Zu den explizit genannten Anforderungen gehört auch das Business Continuity Management (Abschnitt A.14).
Anforderungen:
Zu den genannten Anforderungen sind jeweils controls definert.
Zertifizierung:
Zertifizierung nach ISO/IEC 27001 möglich
Bezug: