Search

This document: — describes a framework for the structured expression of data-related policies and practices in the cloud computing environment, based on the data taxonomy in ISO/IEC 19944; — provides guidelines on application of the taxonomy for handling of data based on data subcategory and classification; — covers expression of data-related policies and practices including, but not…

This document provides governance rules to be used for executing an organized process for business entities to connect to one another electronically for the conduct of electronic trade in a secure and open environment through a standardized framework for information exchange. This standardized framework includes processes and process tools to ease connections between trading partners, to provide…

1 Scope This document provides guidance for technical and non-technical personnel at senior management levels within an organization, including those with responsibility for compliance with statuary and regulatory requirements, and industry standards. It describes how such personnel can identify and take ownership of risks related to electronic discovery, set policy and achieve compliance with…

1 Scope This document provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards. This document is applicable to all types and sizes of organization (e.g. commercial enterprises, government agencies, not-for-profit organizations). The terms and definitions provided in this document — cover…

This document specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization. This document specifies PIMS-related requirements and provides guidance for PII controllers and…

This document specifies requirements and provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization. This document specifies PIMS-related requirements and provides guidance for PII controllers and…

This document specifies the International Standard identifier for libraries and related organizations (ISIL), which comprises a set of standard identifiers used for the unique identification of libraries and related organizations such as museums and archives with a minimum impact on already existing systems. An ISIL identifies an organization, i.e. a library or a related organization, or one of…

1 Scope 1.1 Fields of application These Service Delivery guidelines are applicable to Very Small Entities (VSEs). A VSE is an enterprise, an organization, a department or a project having up to 25 people. This document provides guidance to manage a set of services delivered to customers. The VSE can act as an internal service provider (providing services internal to the VSE) or as an external…

1 Scope This document provides guidance to the members of governing bodies of organizations and their executive managers on the implications of ISO/IEC 38505-1 for data management. It assumes understanding of the principles of ISO/IEC 38500 and familiarization with the data accountability map and associated matrix of considerations, as presented in ISO/IEC 38505-1. This document enables an…

1 Scope This document provides recommendations and checklists which can be used to support the specification and operational testing of cryptographic modules in their operational environment within an organization’s security system. The cryptographic modules have four security levels which ISO/IEC 19790 defines to provide for a wide spectrum of data sensitivity (e.g. low-value administrative…