Information technology — MPEG systems technologies — Part 12: Image File Format
Scope
This document specifies the Image File Format, an interoperable storage format for a single image, a collection of images, and sequences of images.
The format defined in this document is built on tools defined in ISO/IEC 14496-12 and enables the interchange, editing, and display of images, as well as the carriage of metadata associated with those images. The Image File Format defines…
Information technology — Artificial intelligence — Guidance on risk management
1 Scope
This document provides guidance on how organizations that develop, produce, deploy or use products, systems and services that utilize artificial intelligence (AI) can manage risk specifically related to AI. The guidance also aims to assist organizations to integrate risk management into their AI-related activities and functions. It moreover describes processes for the effective…
Information technology — Smart city digital platform reference architecture — Data and service
1 Scope
This document specifies the reference architecture of smart city digital platforms (SCDPs), with a focus on supporting access to data and services for applications in smart cities.
Information security, cybersecurity and privacy protection — Information security management systems...
1 Scope
This document specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. This document also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this document are…
Sécurité de l'information, cybersécurité et protection de la vie privée — Systèmes de managemen...
1 Domaine d'application
Le présent document spécifie les exigences relatives à l'établissement, à la mise en oeuvre, à la mise à jour et à l'amélioration continue d'un système de management de la sécurité de l'information dans le contexte d'une organisation. Le présent document comporte également des exigences sur l'appréciation et le traitement des risques de…
Information security, cybersecurity and privacy protection — Guidance on managing information securi...
1 Scope
This document provides guidance to assist organizations to:
— fulfil the requirements of ISO/IEC 27001 concerning actions to address information security risks;
— perform information security risk management activities, specifically information security risk assessment and treatment.
This document is applicable to all organizations, regardless of type, size or sector.
Sécurité de l’information, cybersécurité et protection de la vie privée — Préconisations pour la ges...
1 Domaine d'application
Le présent document fournit des recommandations pour aider les organismes à:
— satisfaire aux exigences de l'ISO/IEC 27001 concernant les actions visant à traiter les risques liés à la sécurité de l'information;
— réaliser des activités de gestion des risques liés à la sécurité de l'information, en particulier l'appréciation et le traitement de…
Information technology — Information security incident management — Part 1: Principles and process
Scope
This document is the foundation of the ISO/IEC 27035 series. It presents basic concepts, principles and process with key activities of information security incident management, which provide a structured approach to preparing for, detecting, reporting, assessing, and responding to incidents, and applying lessons learned.
The guidance on the information security incident management process…
Information technology — Information security incident management — Part 2: Guidelines to plan and p...
Scope
This document provides guidelines to plan and prepare for incident response and to learn lessons from incident response. The guidelines are based on the “plan and prepare” and “learn lessons” phases of the information security incident management phases model presented in ISO/IEC 27035-1:2023, 5.2 and 5.6.
The major points within the “plan and prepare” phase include:
— information…
Cybersecurity — Supplier relationships — Part 3: Guidelines for hardware, software, and services sup...
Scope
This document provides guidance for product and service acquirers, as well as suppliers of hardware, software and services, regarding:
a) gaining visibility into and managing the information security risks caused by physically dispersed and multi-layered hardware, software, and services supply chains;
b) responding to risks stemming from this physically dispersed and multi-layered…