Search

This document provides a reference set of generic information security controls including implementation guidance. This document is designed to be used by organizations: a) within the context of an information security management system (ISMS) based on ISO/IEC27001; b) for implementing information security controls based on internationally recognized best practices; c) for developing organization…

This document provides a reference set of generic information security controls including implementation guidance. This document is designed to be used by organizations: a) within the context of an information security management system (ISMS) based on ISO/IEC27001; b) for implementing information security controls based on internationally recognized best practices; c) for developing organization…

This document covers the protection of biometric information under various requirements for confidentiality, integrity and renewability/revocability during storage and transfer. It also provides requirements and recommendations for the secure and privacy-compliant management and processing of biometric information. This document specifies the following: —    analysis of the threats to and…

This document covers the protection of biometric information under various requirements for confidentiality, integrity and renewability/revocability during storage and transfer. It also provides requirements and recommendations for the secure and privacy-compliant management and processing of biometric information. This document specifies the following: — analysis of the threats to and…

This document describes a core set of cloud service agreements for customer-oriented health cloud services. This document covers a customer-oriented cloud service agreement that can be used in healthcare organizations and public health centers that use health cloud services. This document defines key characteristics in the health cloud service agreement that are indispensable in providing optimal…

This Standard specifies minimum requirements for federating the exchange of health information between systems and provides the basis for implementing a user-centric, interoperable health network for the delivery of healthcare services. The scope of this Standard comprises the following: — definition of a trust model (Section 4); — user agency (Section 4.2) — data standards (Section 4.3) —…

1 Scope This document specifies guidelines for developing a cybersecurity framework. It is applicable to cybersecurity framework creators regardless of their organizations’ type, size or nature.

1 Scope The document takes a multiple agency as well as a citizen-centric viewpoint. It provides guidance on: — smart city ecosystem privacy protection; — how standards can be used at a global level and at an organizational level for the benefit of citizens; and — processes for smart city ecosystem privacy protection. This document is applicable to all types and sizes of organizations,…

This document defines how to authenticate users and accessing parties on a web-services interface. It also defines how a resource owner can delegate access to its resources to an accessing party. Within this context, this document also defines the necessary roles and required separation of duties between these in order to fulfil requirements stated on security, data privacy and data protection.…

This document gives guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 for organizations intending to: a) implement ISO/IEC27001 when ISO/IEC 20000-1 is already implemented, or vice versa; b) implement both ISO/IEC27001 and ISO/IEC 20000-1 together; or c) integrate existing management systems based on ISO/IEC27001 and ISO/IEC 20000-1. This document focuses exclusively…