Security Management System

• By : Consultant
• 06 October 16, 15:08

This International Standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system and the supply chain security management system. The adoption of an information security management system is a strategic decision for an organisation. 

The establishment and implementation of an organisation’s information, and supply chain security management system is influenced by the organization’s needs and objectives, security requirements, the organizational processes used and thesize and structure of the organization. All of these influencing factors are expected to change over time. The information and the supply chain security management system preserves the confidentiality, integrity and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed. It is important that the information and the supply chain security management system is part of and integrated with the organization’s processes and overall management structure and that information and supply chain security is considered in the design of processes, information systems, and controls. It is expected that an information security management system implementation will be scaled in accordance with the needs of the organisation. 

This International Standard can be used by internal and external parties to assess the organisation’s ability to meet the organization’s own information and supply chain security requirements. The order in which requirements are presented in this International Standard does not reflect their importance or imply the order in which they are to be implemented. The list items are enumerated for reference purpose only. This International Standard applies the high-level structure, identical sub-clause titles, identical text, common terms, and core definitions defined in Annex SL of ISO/IEC Directives, Part 1, Consolidated ISO Supplement, and therefore maintains compatibility with other management system standards that have adopted the Annex SL. This common approach defined in the Annex SL will be useful for those organizations that choose to operate a single management system that meets the requirements of two or more management system standards.

ISO Introduction

ISO 27001-ISO 28000

Comments