ISO 22301:2012 Societal security -- Business continuity management systems --- Requirements Abstract ISO 22301:2012 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. The requirements specified in ISO 22301:2012 are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity.
ISO/IEC 20000-1:2011 Information technology -- Service management -- Part 1: Service management system requirements Abstract ISO/IEC 20000-1:2011 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements. ISO/IEC 20000-1:2011 can be used by: • • • • •
an organization seeking services from service providers and requiring assurance that their service requirements will be fulfilled; an organization that requires a consistent approach by all its service providers, including those in a supply chain; a service provider that intends to demonstrate its capability for the design, transition, delivery and improvement of services that fulfil service requirements; a service provider to monitor, measure and review its service management processes and services; a service provider to improve the design, transition, delivery and improvement of services through the effective implementation and operation of the SMS;
•
an assessor or auditor as the criteria for a conformity assessment of a service provider's SMS to the requirements in ISO/IEC 20000-1:2011.
ISO/IEC 27000:2012 Information technology -- Security techniques -Information security management systems -Overview and vocabulary Abstract ISO/IEC 27000:2012 describes the overview and the vocabulary of information security management systems, which form the subject of the ISMS family of standards, and defines related terms and definitions. ISO/IEC 27000:2012 is applicable to all types and sizes of organisation (e.g. commercial enterprises, government agencies, not-for-profit organisations).
ISO/IEC 27010:2012 Information technology -- Security techniques -Information security management for inter-sector and inter-organizational communications Abstract ISO/IEC 27010:2012 provides guidelines in addition to guidance given in the ISO/IEC 27000 family of standards for implementing information security management within information sharing communities. ISO/IEC 27010:2012 provides controls and guidance specifically relating to initiating, implementing, maintaining, and improving information security in inter-organizational and inter-sector communications. ISO/IEC 27010:2012 is applicable to all forms of exchange and sharing of sensitive information, both public and private, nationally and internationally, within the same industry or market sector or between sectors. In particular, it may be applicable to information exchanges and sharing relating to the provision, maintenance and protection of an organization's or nation state's critical infrastructure.