iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

SIST ISO/IEC 27002:2008

Information technology - Security techniques - Code of practice for information security management / Note: Combines ISO/IEC 17799 (2005-06) (renumbered to ISO/IEC 27002) and ISO/IEC 17799 Technical Corrigendum 1 (2007-07)

Information technology - Security techniques - Code of practice for information security management / Note: Combines ISO/IEC 17799 (2005-06) (renumbered to ISO/IEC 27002) and ISO/IEC 17799 Technical Corrigendum 1 (2007-07)

ISO/IEC 27002:2005 comprises ISO/IEC 17799:2005 and ISO/IEC 17799:2005/Cor.1:2007. Its technical content is identical to that of ISO/IEC 17799:2005. ISO/IEC 17799:2005/Cor.1:2007 changes the reference number of the standard from 17799 to 27002.
ISO/IEC 27002:2005 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 27002:2005 contains best practices of control objectives and controls in the following areas of information security management:
security policy;
organization of information security;
asset management;
human resources security;
physical and environmental security;
communications and operations management;
access control;
information systems acquisition, development and maintenance;
information security incident management;
business continuity management;
compliance.  
The control objectives and controls in ISO/IEC 27002:2005 are intended to be implemented to meet the requirements identified by a risk assessment. ISO/IEC 27002:2005 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities.

Technologies de l'information - Techniques de sécurité - Code de bonne pratique pour la gestion de la sécurité de l'information

L'ISO/CEI 27002:2005 comprend l'ISO/CEI 17799:2005 et l'ISO/CEI 17799:2005/Cor.1:2007. Son contenu technique est identique à celui de l'ISO/CEI 17799:2005. L'ISO/CEI 17799:2005/Cor.1:2007 modifie le numéro de référence de la norme de 17799 en 27002.
L'ISO/CEI 17799:2005 établit des lignes directrices et des principes généraux pour préparer, mettre en oeuvre, entretenir et améliorer la gestion de la sécurité de l'information au sein d'un organisme. Les objectifs esquissés fournissent une orientation générale sur les buts acceptés communément dans la gestion de la sécurité de l'information. L'ISO/CEI 17799:2005 est un code de bonne pratique pour les objectifs et mesures, dans les catégories suivantes de la gestion de la sécurité de l'information:
politique de sécurité;
organisation de la sécurité de l'information;
gestion des biens;
sécurité liée aux ressources humaines;
sécurité physique et environnementale;
gestion opérationnelle et gestion de la communication;
contrôle d'accès;
acquisition, développement et maintenance des systèmes d'information;
gestion des incidents liés à la sécurité de l'information;
gestion de la continuité de l'activité;
conformité.  
Les objectifs et mesures décrits dans l'ISO/CEI 17799:2005 sont destinés à être mis en oeuvre pour répondre aux exigences identifiées par une évaluation du risque. L'ISO/CEI 17799:2005 est prévue comme base commune et ligne directrice pratique pour élaborer les référentiels de sécurité de l'organisation, mettre en oeuvre les pratiques efficaces de la gestion de la sécurité, et participer au développement de la confiance dans les activités entre organismes.

Informacijska tehnologija - Varnostne tehnike - Pravila obnašanja pri upravljanju informacijske varnosti / Opomba: Združuje ISO/IEC 17799 (2005-06) (preštevilčen v ISO/IEC 27002) in ISO/IEC 17799 Tehnični popravek 1 (2007-07)

Ta mednarodni standard določa smernice in splošna načela za začetek, izvajanje, vzdrževanje in izboljševanje upravljanja informacijske varnosti v organizaciji. Cilji, opisani v tem mednarodnem standardu, so zagotoviti glavne smernice splošno uveljavljenih ciljev upravljanja informacijske varnosti. Cilji kontrol in kontrole tega mednarodnega standarda naj bi se izvedli za izpolnitev zahtev, ki so bile prepoznane z ocenjevanjem tveganja. Ta mednarodni standard lahko služi kot praktična smernica za razvoj organizacijskih varnostnih standardov in praks uspešnega upravljanja varnosti ter kot pomoč pri gradnji zaupanja v medorganizacijskih aktivnostih.

General Information

Status
Withdrawn
Publication Date
09-Apr-2008
Withdrawal Date
03-Feb-2014
ICS
03.100.70 - Management systems
35.030 - IT Security
Technical Committee
ITC - Information technology
Current Stage
9900 - Withdrawal (Adopted Project)
Start Date
04-Feb-2014
Due Date
27-Feb-2014
Completion Date
04-Feb-2014
Ref Project
ISO/IEC 27002:2005 - Information technology — Security techniques — Code of practice for information security management

Relations

Replaces
SIST ISO/IEC 17799:2003 - Information technology -- Code of practice for information security management
Effective Date
01-May-2008
Replaces
oSIST ISO/IEC 17799:2005 - Information technology -- Security techniques -- Code of practice for information security management
Effective Date
01-May-2008
Replaced By
SIST ISO/IEC 27002:2013 - Information technology -- Security techniques -- Code of practice for information security controls
Effective Date
01-Feb-2014

Buy Standard

ISO/IEC 27002:2005 - Information technology -- Security techniques -- Code of practice for information security managementISO/IEC 27002:2005 - Information technology -- Security techniques -- Code of practice for information security management
PreviousNext
Standard
ISO/IEC 27002:2005 - Information technology -- Security techniques -- Code of practice for information security management
English language
115 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 27002:2008ISO/IEC 27002:2008
PreviousNext
Standard
ISO/IEC 27002:2008
English language
130 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
ISO/IEC 27002:2005 - Technologies de l'information -- Techniques de sécurité -- Code de bonne pratique pour le management de la sécurité de l'informationISO/IEC 27002:2005 - Technologies de l'information -- Techniques de sécurité -- Code de bonne pratique pour le management de la sécurité de l'information
PreviousNext
Standard
ISO/IEC 27002:2005 - Technologies de l'information -- Techniques de sécurité -- Code de bonne pratique pour le management de la sécurité de l'information
French language
112 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 27002:2008ISO/IEC 27002:2008
PreviousNext
Standard – translation
ISO/IEC 27002:2008
Slovenian language
117 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


INTERNATIONAL ISO/IEC
STANDARD 27002
First edition
2005-06-15
Information technology — Security
techniques — Code of practice for
information security management
Technologies de l'information — Techniques de sécurité — Code de
bonne pratique pour la gestion de la sécurité de l'information

Reference number
©
ISO/IEC 2005
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO/IEC 2005
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2005 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 27002 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 27, IT Security techniques.
This first edition of ISO/IEC 27002 comprises ISO/IEC 17799:2005 and ISO/IEC 17799:2005/Cor.1:2007. Its
technical content is identical to that of ISO/IEC 17799:2005. ISO/IEC 17799:2005/Cor.1:2007 changes the
reference number of the standard from 17799 to 27002. ISO/IEC 17799:2005 and
ISO/IEC 17799:2005/Cor.1:2007 are provisionally retained until publication of the second edition of
ISO/IEC 27002.
© ISO/IEC 2005 – All rights reserved iii

INTERNATIONAL STANDARD ISO/IEC 17799:2005
TECHNICAL CORRIGENDUM 1
Published 2007-07-01
INTERNATIONAL ORGANIZATION FOR STANDARDIZATION • МЕЖДУНАРОДНАЯ ОРГАНИЗАЦИЯ ПО СТАНДАРТИЗАЦИИ • ORGANISATION INTERNATIONALE DE NORMALISATION
INTERNATIONAL ELECTROTECHNICAL COMMISSION • МЕЖДУНАРОДНАЯ ЭЛЕКТРОТЕХНИЧЕСКАЯ КОМИССИЯ • COMMISSION ÉLECTROTECHNIQUE INTERNATIONALE

Information technology — Security techniques — Code of
practice for information security management
TECHNICAL CORRIGENDUM 1
Technologies de l'information — Techniques de sécurité — Code de bonne pratique pour la gestion de la
sécurité de l'information
RECTIFICATIF TECHNIQUE 1
Technical Corrigendum 1 to ISO/IEC 17799:2005 was prepared by Joint Technical Committee ISO/IEC JTC 1,
Information technology, Subcommittee SC 27, IT Security techniques.

Throughout the document:
Replace “17799” with “27002”.
ICS 35.040 Ref. No. ISO/IEC 17799:2005/Cor.1:2007(E)
©  ISO/IEC 2007 – All rights reserved
Published in Switzerland
INTERNATIONAL ISO/IEC
STANDARD 17799
Second edition
2005-06-15
Information technology — Security
techniques — Code of practice for
information security management
Technologies de l'information — Techniques de sécurité — Code de
pratique pour la gestion de sécurité d'information

Reference number
ISO/IEC 17799:2005(E)
©
ISO/IEC 2005
ISO/IEC 17799:2005(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO/IEC 2005
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2005 – All rights reserved

ISO/IEC 17799:2005(E)
Contents                                                Page

FOREWORD. VII
0 INTRODUCTION . VIII
0.1 WHAT IS INFORMATION SECURITY?.VIII

0.2 WHY INFORMATION SECURITY IS NEEDED? .VIII
0.3 HOW TO ESTABLISH SECURITY REQUIREMENTS .IX
0.4 ASSESSING SECURITY RISKS . IX
0.5 SELECTING CONTROLS. IX
0.6 INFORMATION SECURITY STARTING POINT. IX
0.7 CRITICAL SUCCESS FACTORS . X
0.8 DEVELOPING YOUR OWN GUIDELINES . XI
1 SCOPE. 1
2 TERMS AND DEFINITIONS . 1
3 STRUCTURE OF THIS STANDARD. 4
3.1 CLAUSES . 4
3.2 MAIN SECURITY CATEGORIES. 4
4 RISK ASSESSMENT AND TREATMENT . 5
4.1 ASSESSING SECURITY RISKS . 5
4.2 TREATING SECURITY RISKS. 5
5 SECURITY POLICY . 7
5.1 INFORMATION SECURITY POLICY. 7
5.1.1 Information security policy document . 7
5.1.2 Review of the information security policy. 8
6 ORGANIZATION OF INFORMATION SECURITY. 9
6.1 INTERNAL ORGANIZATION. 9
6.1.1 Management commitment to information security. 9
6.1.2 Information security co-ordination. 10
6.1.3 Allocation of information security responsibilities. 10
6.1.4 Authorization process for information processing facilities. 11
6.1.5 Confidentiality agreements. 11
6.1.6 Contact with authorities . 12
6.1.7 Contact with special interest groups . 12
6.1.8 Independent review of information security . 13
6.2 EXTERNAL PARTIES . 14
6.2.1 Identification of risks related to external parties. 14
6.2.2 Addressing security when dealing with customers . 15
6.2.3 Addressing security in third party agreements . 16
7 ASSET MANAGEMENT. 19
7.1 RESPONSIBILITY FOR ASSETS. 19
7.1.1 Inventory of assets . 19
7.1.2 Ownership of assets . 20
7.1.3 Acceptable use of assets. 20
7.2 INFORMATION CLASSIFICATION. 21
7.2.1 Classification guidelines. 21
7.2.2 Information labeling and handling. 21
8 HUMAN RESOURCES SECURITY . 23
8.1 PRIOR TO EMPLOYMENT . 23
8.1.1 Roles and responsibilities . 23
© ISO/IEC 2005 – All rights reserved iii

ISO/IEC 17799:2005(E)
8.1.2 Screening . 23

8.1.3 Terms and conditions of employment . 24
8.2 DURING EMPLOYMENT . 25
8.2.1 Management responsibilities . 25
8.2.2 Information security awareness, education, and training . 26
8.2.3 Disciplinary process . 26
8.3 TERMINATION OR CHA
...


SLOVENSKI STANDARD
01-maj-2008
,QIRUPDFLMVNDWHKQRORJLMD9DUQRVWQHWHKQLNH3UDYLODREQDãDQMDSULXSUDYOMDQMX
LQIRUPDFLMVNHYDUQRVWL2SRPED=GUXåXMH,62,(&   SUHãWHYLOþHQY
,62,(& LQ,62,(&7HKQLþQLSRSUDYHN 
Information technology - Security techniques - Code of practice for information security
management / Note: Combines ISO/IEC 17799 (2005-06) (renumbered to ISO/IEC
27002) and ISO/IEC 17799 Technical Corrigendum 1 (2007-07)
Technologies de l'information - Techniques de sécurité - Code de bonne pratique pour la
gestion de la sécurité de l'information
Ta slovenski standard je istoveten z:
ICS:
35.040 Nabori znakov in kodiranje Character sets and
informacij information coding
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

INTERNATIONAL ISO/IEC
STANDARD 27002
First edition
2005-06-15
Information technology — Security
techniques — Code of practice for
information security management
Technologies de l'information — Techniques de sécurité — Code de
bonne pratique pour la gestion de la sécurité de l'information

Reference number
©
ISO/IEC 2005
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO/IEC 2005
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2005 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 27002 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 27, IT Security techniques.
This first edition of ISO/IEC 27002 comprises ISO/IEC 17799:2005 and ISO/IEC 17799:2005/Cor.1:2007. Its
technical content is identical to that of ISO/IEC 17799:2005. ISO/IEC 17799:2005/Cor.1:2007 changes the
reference number of the standard from 17799 to 27002. ISO/IEC 17799:2005 and
ISO/IEC 17799:2005/Cor.1:2007 are provisionally retained until publication of the second edition of
ISO/IEC 27002.
© ISO/IEC 2005 – All rights reserved iii

INTERNATIONAL STANDARD ISO/IEC 17799:2005
TECHNICAL CORRIGENDUM 1
Published 2007-07-01
INTERNATIONAL ORGANIZATION FOR STANDARDIZATION • МЕЖДУНАРОДНАЯ ОРГАНИЗАЦИЯ ПО СТАНДАРТИЗАЦИИ • ORGANISATION INTERNATIONALE DE NORMALISATION
INTERNATIONAL ELECTROTECHNICAL COMMISSION • МЕЖДУНАРОДНАЯ ЭЛЕКТРОТЕХНИЧЕСКАЯ КОМИССИЯ • COMMISSION ÉLECTROTECHNIQUE INTERNATIONALE

Information technology — Security techniques — Code of
practice for information security management
TECHNICAL CORRIGENDUM 1
Technologies de l'information — Techniques de sécurité — Code de bonne pratique pour la gestion de la
sécurité de l'information
RECTIFICATIF TECHNIQUE 1
Technical Corrigendum 1 to ISO/IEC 17799:2005 was prepared by Joint Technical Committee ISO/IEC JTC 1,
Information technology, Subcommittee SC 27, IT Security techniques.

Throughout the document:
Replace “17799” with “27002”.
ICS 35.040 Ref. No. ISO/IEC 17799:2005/Cor.1:2007(E)
©  ISO/IEC 2007 – All rights reserved
Published in Switzerland
INTERNATIONAL ISO/IEC
STANDARD 17799
Second edition
2005-06-15
Information technology — Security
techniques — Code of practice for
information security management
Technologies de l'information — Techniques de sécurité — Code de
pratique pour la gestion de sécurité d'information

Reference number
ISO/IEC 17799:2005(E)
©
ISO/IEC 2005
ISO/IEC 17799:2005(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO/IEC 2005
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2005 – All rights reserved

ISO/IEC 17799:2005(E)
Contents                                                Page

FOREWORD. VII
0 INTRODUCTION . VIII
0.1 WHAT IS INFORMATION SECURITY?.VIII

0.2 WHY INFORMATION SECURITY IS NEEDED? .VIII
0.3 HOW TO ESTABLISH SECURITY REQUIREMENTS .IX
0.4 ASSESSING SECURITY RISKS . IX
0.5 SELECTING CONTROLS. IX
0.6 INFORMATION SECURITY STARTING POINT. IX
0.7 CRITICAL SUCCESS FACTORS . X
0.8 DEVELOPING YOUR OWN GUIDELINES . XI
1 SCOPE. 1
2 TERMS AND DEFINITIONS . 1
3 STRUCTURE OF THIS STANDARD. 4
3.1 CLAUSES . 4
3.2 MAIN SECURITY CATEGORIES. 4
4 RISK ASSESSMENT AND TREATMENT . 5
4.1 ASSESSING SECURITY RISKS . 5
4.2 TREATING SECURITY RISKS. 5
5 SECURITY POLICY . 7
5.1 INFORMATION SECURITY POLICY. 7
5.1.1 Information security policy document . 7
5.1.2 Review of the information security policy. 8
6 ORGANIZATION OF INFORMATION SECURITY. 9
6.1 INTERNAL ORGANIZATION. 9
6.1.1 Management commitment to information security. 9
6.1.2 Information security co-ordination. 10
6.1.3 Allocation of information security responsibilities. 10
6.1.4 Authorization process for information processing facilities. 11
6.1.5 Confidentiality agreements. 11
6.1.6 Contact with authorities . 12
6.1.7 Contact with special interest groups . 12
6.1.8 Independent review of information security . 13
6.2 EXTERNAL PARTIES . 14
6.2.1 Identification of risks related to external parties. 14
6.2.2 Addressing security when dealing with customers . 15
6.2.3 Addressing security in third party agreements . 16
7 ASSET MANAGEMENT. 19
7.1 RESPONSIBILITY FOR ASSETS. 19
7.1.1 Inventory of assets . 19
7.1.2 Ownership of assets . 20
7.1.3 Acceptable use of assets. 20
7.2 INFORMATION CLASSIFICATION. 21
7.2.1 Classification guidelines. 21
7.2.2 Information labeling and handling. 21
8 HUMAN RESOURCES SECURITY . 23
8.1 PRIOR TO EMPLOYMENT . 23
8.1.1 Roles and responsibilities . 23
© ISO/IEC 2005 – All rights reserved i
...


NORME ISO/CEI
INTERNATIONALE 27002
Première édition
2005-06-15
Technologies de l'information —
Techniques de sécurité — Code de bonne
pratique pour la gestion de la sécurité de
l'information
Information technology — Security techniques — Code of practice for
information security management

Numéro de référence
ISO/CEI 27002:2005(F)
©
ISO/CEI 2005
ISO/CEI 27002:2005(F)
PDF – Exonération de responsabilité
Le présent fichier PDF peut contenir des polices de caractères intégrées. Conformément aux conditions de licence d'Adobe, ce fichier
peut être imprimé ou visualisé, mais ne doit pas être modifié à moins que l'ordinateur employé à cet effet ne bénéficie d'une licence
autorisant l'utilisation de ces polices et que celles-ci y soient installées. Lors du téléchargement de ce fichier, les parties concernées
acceptent de fait la responsabilité de ne pas enfreindre les conditions de licence d'Adobe. Le Secrétariat central de l'ISO décline toute
responsabilité en la matière.
Adobe est une marque déposée d'Adobe Systems Incorporated.
Les détails relatifs aux produits logiciels utilisés pour la création du présent fichier PDF sont disponibles dans la rubrique General Info
du fichier; les paramètres de création PDF ont été optimisés pour l'impression. Toutes les mesures ont été prises pour garantir
l'exploitation de ce fichier par les comités membres de l'ISO. Dans le cas peu probable où surviendrait un problème d'utilisation,
veuillez en informer le Secrétariat central à l'adresse donnée ci-dessous.

DOCUMENT PROTÉGÉ PAR COPYRIGHT

©  ISO/CEI 2005
Droits de reproduction réservés. Sauf prescription différente, aucune partie de cette publication ne peut être reproduite ni utilisée sous
quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie et les microfilms, sans l'accord écrit
de l'ISO à l'adresse ci-après ou du comité membre de l'ISO dans le pays du demandeur.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax. + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Publié en Suisse
ii © ISO/CEI 2005 – Tous droits réservés

ISO/CEI 27002:2005(F)
Avant-propos
L'ISO (Organisation internationale de normalisation) et la CEI (Commission électrotechnique internationale)
forment le système spécialisé de la normalisation mondiale. Les organismes nationaux membres de l'ISO ou
de la CEI participent au développement de Normes internationales par l'intermédiaire des comités techniques
créés par l'organisation concernée afin de s'occuper des domaines particuliers de l'activité technique. Les
comités techniques de l'ISO et de la CEI collaborent dans des domaines d'intérêt commun. D'autres
organisations internationales, gouvernementales et non gouvernementales, en liaison avec l'ISO et la CEI
participent également aux travaux. Dans le domaine des technologies de l'information, l'ISO et la CEI ont créé
un comité technique mixte, l'ISO/CEI JTC 1.
Les Normes internationales sont rédigées conformément aux règles données dans les Directives ISO/CEI,
Partie 2.
La tâche principale du comité technique mixte est d'élaborer les Normes internationales. Les projets de
Normes internationales adoptés par le comité technique mixte sont soumis aux organismes nationaux pour
vote. Leur publication comme Normes internationales requiert l'approbation de 75 % au moins des
organismes nationaux votants.
L'attention est appelée sur le fait que certains des éléments du présent document peuvent faire l'objet de
droits de propriété intellectuelle ou de droits analogues. L'ISO et la CEI ne sauraient être tenues pour
responsables de ne pas avoir identifié de tels droits de propriété et averti de leur existence.
L'ISO/CEI 27002 a été élaborée par le comité technique mixte ISO/CEI JTC 1, Technologies de l'information,
sous-comité SC 27, Techniques de sécurité des technologies de l'information.
La première édition de l’ISO/CEI 27002 comprend l’ISO/CEI 17799:2005 et l’ISO/CEI 17799:2005/Cor.1:2007.
Son contenu technique est identique à celui de l’ISO/CEI 17799:2005. L’ISO/CEI 17799:2005/Cor.1:2007
modifie le numéro de référence de la norme de 17799 en 27002. L’ISO/CEI 17799:2005 et
l’ISO/CEI 17799:2005/Cor.1:2007 sont provisoirement retenus jusqu’à la publication de la deuxième édition de
l’ISO/CEI 27002.
© ISO/CEI 2005 – Tous droits réservés iii

NORME INTERNATIONALE ISO/CEI 17799:2005
RECTIFICATIF TECHNIQUE 1
Publié 2007-07-01
INTERNATIONAL ORGANIZATION FOR STANDARDIZATION • МЕЖДУНАРОДНАЯ ОРГАНИЗАЦИЯ ПО СТАНДАРТИЗАЦИИ • ORGANISATION INTERNATIONALE DE NORMALISATION
INTERNATIONAL ELECTROTECHNICAL COMMISSION • МЕЖДУНАРОДНАЯ ЭЛЕКТРОТЕХНИЧЕСКАЯ КОМИССИЯ • COMMISSION ÉLECTROTECHNIQUE INTERNATIONALE

Technologies de l'information — Techniques de sécurité —
Code de bonne pratique pour la gestion de la sécurité de
l'information
RECTIFICATIF TECHNIQUE 1
Information technology — Security techniques — Code of practice for information security management
TECHNICAL CORRIGENDUM 1
Le Rectificatif technique 1 à l'ISO/CEI 17799:2005 a été élaboré par le comité technique mixte ISO/CEI JTC 1,
Technologies de l'information, sous-comité SC 27, Techniques de sécurité des technologies de l’information.

Dans tout le document:
Remplacer «17799» par «27002».

o
ICS 35.040 Réf. n ISO/CEI 17799:2005/Cor.1:2007(F)
© ISO/CEI 2007 – Tous droits réservés
Publié en Suisse
NORME ISO/CEI
INTERNATIONALE 17799
Deuxième édition
2005-06-15
Technologies de l'information —
Techniques de sécurité — Code de bonne
pratique pour la gestion de la sécurité de
l'information
Information technology — Security techniques — Code of practice for
information security management

Numéro de référence
ISO/CEI 17799:2005(F)
©
ISO/CEI 2005
ISO/CEI 17799:2005(F)
PDF – Exonération de responsabilité
Le présent fichier PDF peut contenir des polices de caractères intégrées. Conformément aux conditions de licence d'Adobe, ce fichier
peut être imprimé ou visualisé, mais ne doit pas être modifié à moins que l'ordinateur employé à cet effet ne bénéficie d'une licence
autorisant l'utilisation de ces polices et que celles-ci y soient installées. Lors du téléchargement de ce fichier, les parties concernées
acceptent de fait la responsabilité de ne pas enfreindre les conditions de licence d'Adobe. Le Secrétariat central de l'ISO décline toute
responsabilité en la matière.
Adobe est une marque déposée d'Adobe Systems Incorporated.
Les détails relatifs aux produits logiciels utilisés pour la création du présent fichier PDF sont disponibles dans la rubrique General Info
du fichier; les paramètres de création PDF ont été optimisés pour l'impression. Toutes les mesures ont été prises pour garantir
l'exploitation de ce fichier par les comités membres de l'ISO. Dans le cas peu probable où surviendrait un problème d'utilisation,
veuillez en informer le Secrétariat central à l'adresse donnée ci-dessous.

©  ISO/CEI 2005
Droits de reproduction réservés. Sauf prescription différente, aucune partie de cette publication ne peut être reproduite ni utilisée sous
quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie et les microfilms, sans l'accord écrit
de l'ISO à l'adresse ci-après ou du comité membre de l'ISO dans le pays du demandeur.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax. + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Publié en Suisse
ii © ISO/CEI 2005 – Tous droits réservés

ISO/CEI 17799:2005(F)
Sommaire Page
Avant-propos. vii
0 Introduction . viii
1 Domaine d'application. 1
2 Termes et définitions. 1
3 Structure de la présente Norme internationale .3
3.1 Articles. 3
3.2 Principales rubriques. 4
4 Appréciation et traitement du risque. 4
4.1 Appréciation du risque lié à la sécurité. 4
4.2 Traitement du risque lié à la sécurité . 5
5 Politique de sécurité. 6
5.1 Politique de sécurité de l’information. 6
5.1.1 Document de politique de sécurité de l’information. 6
5.1.2 Réexamen de la politique de sécurité de l’information . 7
6 Organisation de la sécurité de l’information . 8
6.1 Organisation interne. 8
6.1.1 Engagement de la direction vis-à-vis de la sécurité de l’information . 8
6.1.2 Coordination de la sécurité de l’information . 9
6.1.3 Attribution des responsabilités en matière de sécurité de l’information . 9
6.1.4 Système d’autorisation concernant les moyens de traitement de l’information . 10
6.1.5 Engagements de confidentialité. 10
6.1.6 Relations avec les autorités . 11
6.1.7 Relations avec des groupes de spécialistes . 12
6.1.8 Revue indépendante de la sécurité de l’information . 12
6.2 Tiers. 13
6.2.1 Identification des risques provenant des tiers . 13
6.2.2 La sécurité et les clients . 15
6.2.3 La sécurité dans les accords conclus avec des tiers. 16
7 Gestion des biens. 18
7.1 Responsabilités relatives aux biens. 18
7.1.1 Inventaire des biens . 19
7.1.2 Propriété des biens. 20
7.1.3 Utilisation correcte des biens. 20
7.2 Classification des informations . 21
7.2.1 Lignes directrices pour la classification . 21
7.2.2 Marquage et manipulation de l’information . 22
8 Sécurité liée aux ressources humaines . 22
8.1 Avant le recrutement . 22
8.1.1 Rôles et responsabilités. 22
8.1.2 Sélection. 23
8.1.3 Conditions d’embauche . 24
8.2 Pendant la durée du contrat . 25
8.2.1 Responsabilités de la direction. 25
8.2.2 Sensibilisation, qualification et formations en matière de sécurité de l’information. 26
8.2.3 Processus disciplinaire. 26
8.3 Fin ou modification de contrat . 27
8.3.1 Responsabilités en fin de contrat . 27
8.3.2 Restitution des biens. 27
© ISO/CEI 2005 – Tous droits réservés
...


SLOVENSKI SIST ISO/IEC 27002
STANDARD maj 2008
Informacijska tehnologija – Varnostne tehnike – Pravila obnašanja pri

upravljanju informacijske varnosti / Opomba: Združuje ISO/IEC 17799 (2005-
06) (preštevilčen v ISO/IEC 27002) in ISO/IEC 17799 Tehnični popravek 1
(2007-07)
Information technology – Security techniques – Code of practice for information
security management / Note: Combines ISO/IEC 17799 (2005-06) (renumbered
to ISO/IEC 27002) and ISO/IEC 17799 Technical Corrigendum 1 (2007-07)

Technologies de l'information – Techniques de sécurité – Code de bonne
pratique pour la gestion de la sécurité de l'information

Referenčna oznaka
ICS 35.040 SIST ISO/IEC 27002:2008 (sl)

Nadaljevanje na straneh od 2 do 117

© 2013-05 Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

SIST ISO/IEC 27002 : 2008
NACIONALNI UVOD
Standard SIST ISO/IEC 27002 (sl), Informacijska tehnologija – Varnostne tehnike – Pravila obnašanja
pri upravljanju informacijske varnosti, 2008, ima status slovenskega standarda in je istoveten
mednarodnemu standardu ISO/IEC 27002 (en), Information technology – Security techniques – Code
of practice for information security management, prva izdaja, 2005-06-15.

NACIONALNI PREDGOVOR
Mednarodni standard ISO/IEC 27002:2005 je pripravil pododbor združenega tehničnega odbora
Mednarodne organizacije za standardizacijo in Mednarodne elektrotehniške komisije ISO/IEC JTC
1/SC 27 Varnostne tehnike v informacijski tehnologiji.

Slovenski standard SIST ISO/IEC 27002:2008 je prevod mednarodnega standarda ISO/IEC
27002:2005. Slovenski standard SIST ISO/IEC 27002:2008 je pripravil tehnični odbor SIST/TC ITC
Informacijska tehnologija. V primeru spora glede besedila slovenskega prevoda je odločilen izvirni
mednarodni standard v angleškem jeziku.

Odločitev za izdajo tega standarda je dne 27. marca 2008 sprejel SIST/TC ITC Informacijska
tehnologija.
OSNOVA ZA IZDAJO STANDARDA
– privzem standarda ISO/IEC 27002:2005

OPOMBE
– Povsod, kjer se v besedilu standarda uporablja izraz “mednarodni standard”, v SIST ISO/IEC
27002:2008 to pomeni “slovenski standard”.

– Nacionalni uvod in nacionalni predgovor nista sestavni del standarda.

– Definicije pojmov so povzete po naslednjih mednarodnih standardih:
ISO/IEC 13335-1, Information technology – Security techniques – Management of information
and communications technology security – Part 1: Concepts and models for information and
communications technology security management
ISO/IEC TR 18044, Information technology – Security techniques – Information security incident
management
ISO/IEC Guide 2, Standardization and related activities – General vocabulary
ISO/IEC Guide 73, Risk management – Vocabulary

– V besedilu SIST ISO/IEC 27002 so v točkah 2.1, 2.3, 2.6, 2.7, 2.9, 2.10, 2.11, 2.12, 2.13, 2.14,
2.15, 2.16, 2.17, 4.1, 5.1.1, 6.1.1, 6.1.8, 7.1.1, 10.6.1, 12.1.1, 12.3.1, 12.3.2, 12.4.3, 12.5.4,
13.1.1 in 15.1.3 navedeni mednarodni standardi ISO/IEC 13335-1, ISO/IEC 13335-3, ISO/IEC TR
18044, ISO 19011, ISO/IEC 18028, ISO/IEC 11770, ISO/IEC 9796, ISO/IEC 14888, ISO 10007,
ISO/IEC 12207, ISO/IEC 15408, ISO 15489-1, ISO/IEC Guide 2, ISO/IEC Guide 73 in IEEE
P1363. Pri tem je vedno mišljena njihova zadnja izdaja.

– Standard ISO/IEC 17799 je bil leta 2007 preštevilčen v ISO/IEC 27002.

SIST ISO/IEC 27002 : 2008
VSEBINA Stran
Predgovor k standardu ISO/IEC 27002:2005.8
Predgovor k standardu ISO/IEC 17799:2005.9
0 Uvod .10
0.1 Kaj je informacijska varnost.10
0.2 Zakaj je informacijska varnost potrebna.10
0.3 Kako vzpostaviti varnostne zahteve.10
0.4 Ocenjevanje varnostnih tveganj .11
0.5 Izbiranje kontrol .11
0.6 Izhodišče informacijske varnosti .11
0.7 Ključni dejavniki uspeha .12
0.8 Razvijanje lastnih smernic.12
1 Področje uporabe .13
2 Izrazi in definicije .13
3 Struktura tega standarda.15
3.1 Točke.15
3.2 Glavne varnostne kategorije.15
4 Ocenjevanje in obravnavanje tveganja .16
4.1 Ocenjevanje varnostnih tveganj .16
4.2 Obravnavanje varnostnih tveganj.16
5 Varnostna politika.17
5.1 Informacijska varnostna politika .17
5.1.1 Dokument o informacijski varnostni politiki .17
5.1.2 Pregled informacijske varnostne politike.18
6 Organiziranje informacijske varnosti .19
6.1 Notranja organizacija.19
6.1.1 Zavezanost vodstva k informacijski varnosti.19
6.1.2 Usklajevanje informacijske varnosti .20
6.1.3 Dodelitev odgovornosti na področju informacijske varnosti.20
6.1.4 Proces odobritve naprav za obdelavo informacij .21
6.1.5 Dogovori o zaupnosti.21
6.1.6 Stiki s pristojnimi organi.22
6.1.7 Stik s specifičnimi interesnimi skupinami .22
6.1.8 Neodvisni pregled informacijske varnosti.23
6.2 Zunanje stranke.23
6.2.1 Prepoznavanje tveganj, povezanih z zunanjimi strankami .23
6.2.2 Obravnavanje varnosti pri poslovanju s strankami .25
6.2.3 Obravnavanje varnosti v dogovorih s tretjimi strankami .26
7 Upravljanje dobrin.28
7.1 Odgovornost za dobrine.28
7.1.1 Popis dobrin.28
SIST ISO/IEC 27002 : 2008
7.1.2 Lastništvo nad dobrinami .29
7.1.3 Sprejemljiva uporaba dobrin.29
7.2 Razvrstitev informacij .30
7.2.1 Smernice za razvrščanje.30
7.2.2 Označevanje informacij in ravnanje z njimi.30
8 Varnost človeških virov.31
8.1 Pred zaposlovanjem.31
8.1.1 Vloge in odgovornosti.31
8.1.2 Preverjanje .32
8.1.3 Določila in pogoji za zaposlitev .32
8.2 Med zaposlitvijo.33
8.2.1 Odgovornosti vodstva.33
8.2.2 Ozaveščenost, izobraževanje in usposabljanje o informacijski varnosti .34
8.2.3 Disciplinski proces.34
8.3 Prekinitev ali sprememba zaposlitve.35
8.3.1 Odgovornosti ob prenehanju zaposlitve.35
8.3.2 Vračilo dobrin.36
8.3.3 Preklic pravic dostopa .36
9 Fizična in okoljska varnost .37
9.1 Varovana območja .37
9.1.1 Varovanje fizičnih meja območja.37
9.1.2 Kontrole fizičnega vstopa .38
9.1.3 Varovanje pisarn, sob in naprav.38
9.1.4 Zaščita pred zunanjimi in okoljskimi grožnjami .38
9.1.5 Delo na varovanih območjih.39
9.1.6 Javni dostop, dostavne in nakladalne površine .39
9.2 Varnost opreme.40
9.2.1 Namestitev in zaščita opreme .40
9.2.2 Podporna oskrba .40
9.2.3 Varnost ožičenja.41
9.2.4 Vzdrževanje opreme .42
9.2.5 Varnost opreme zunaj prostorov organizacije.42
9.2.6 Varna odstranitev ali ponovna uporaba opreme .43
9.2.7 Odstranitev premoženja .43
10 Upravljanje komunikacij in obratovanja.43
10.1 Operativni postopki in odgovornosti .43
10.1.1 Dokumentirani postopki delovanja .44
10.1.2 Upravljanje sprememb .44
10.1.3 Razmejitev dolžnosti .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST EN ISO/IEC 27001:2023/A1:2025(Amendment)
Information security, cybersecurity and privacy protection - Information security management systems - Requirements - Amendment 1: Climate action changes (ISO/IEC 27001:2022/Amd 1:2024)
EN ISO/IEC 27001:2023/A1:2024
  • Amendment
    7 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Amendment
    7 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Amendment
    7 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO/IEC 27005:2024(Main)
Information security, cybersecurity and privacy protection - Guidance on managing information security risks (ISO/IEC 27005:2022)
EN ISO/IEC 27005:2024

This document provides guidance to assist organizations to:
—    fulfil the requirements of ISO/IEC 27001 concerning actions to address information security risks;
—    perform information security risk management activities, specifically information security risk assessment and treatment.
This document is applicable to all organizations, regardless of type, size or sector.

  • Standard
    71 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    71 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST ISO/IEC 27005:2024(Main)
Information security, cybersecurity and privacy protection - Guidance on managing information security risks
ISO/IEC 27005:2022

This document provides guidance to assist organizations to:
— fulfil the requirements of ISO/IEC 27001 concerning actions to address information security risks;
— perform information security risk management activities, specifically information security risk assessment and treatment.
This document is applicable to all organizations, regardless of type, size or sector.

  • Standard
    68 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    62 pages
    English language
    sale 15% off
  • Standard
    66 pages
    French language
    sale 15% off
SIST
SIST EN ISO/IEC 27001:2023(Main)
Information security, cybersecurity and privacy protection - Information security management systems - Requirements (ISO/IEC 27001:2022)
EN ISO/IEC 27001:2023

This document specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. This document also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this document are generic and are intended to be applicable to all organizations, regardless of type, size or nature. Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to this document.

  • Standard
    27 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    27 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard – translation
    26 pages
    Slovenian language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO/IEC 27002:2022(Main)
Information security, cybersecurity and privacy protection - Information security controls (ISO/IEC 27002:2022)
EN ISO/IEC 27002:2022

This document provides a reference set of generic information security controls including implementation guidance. This document is designed to be used by organizations:
a) within the context of an information security management system (ISMS) based on ISO/IEC27001;
b) for implementing information security controls based on internationally recognized best practices;
c) for developing organization-specific information security management guidelines.

  • Standard
    164 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO/IEC 27007:2022(Main)
Information security, cybersecurity and privacy protection - Guidelines for information security management systems auditing (ISO/IEC 27007:2020)
EN ISO/IEC 27007:2022

This document provides guidance on managing an information security management system (ISMS) audit programme, on conducting audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO 19011.
This document is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme.

  • Standard
    48 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    48 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO/IEC 27017:2021(Main)
Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services (ISO/IEC 27017:2015)
EN ISO/IEC 27017:2021

ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing:
- additional implementation guidance for relevant controls specified in ISO/IEC 27002;
- additional controls with implementation guidance that specifically relate to cloud services.
This Recommendation | International Standard provides controls and implementation guidance for both cloud service providers and cloud service customers.

  • Standard
    44 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO/IEC 27011:2020(Main)
Information technology - Security techniques - Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations (ISO/IEC 27011:2016)
EN ISO/IEC 27011:2020

The scope of this Recommendation | ISO/IEC 27011:2016 is to define guidelines supporting the implementation of information security controls in telecommunications organizations.
The adoption of this Recommendation | ISO/IEC 27011:2016 will allow telecommunications organizations to meet baseline information security management requirements of confidentiality, integrity, availability and any other relevant security property.

  • Standard
    41 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO/IEC 27019:2020(Main)
Information technology - Security techniques - Information security controls for the energy utility industry (ISO/IEC 27019:2017, Corrected version 2019-08)
EN ISO/IEC 27019:2020

ISO/IEC 27019:2017 provides guidance based on ISO/IEC 27002:2013 applied to process control systems used by the energy utility industry for controlling and monitoring the production or generation, transmission, storage and distribution of electric power, gas, oil and heat, and for the control of associated supporting processes. This includes in particular the following:
-      central and distributed process control, monitoring and automation technology as well as information systems used for their operation, such as programming and parameterization devices;
-      digital controllers and automation components such as control and field devices or Programmable Logic Controllers (PLCs), including digital sensor and actuator elements;
-      all further supporting information systems used in the process control domain, e.g. for supplementary data visualization tasks and for controlling, monitoring, data archiving, historian logging, reporting and documentation purposes;
-      communication technology used in the process control domain, e.g. networks, telemetry, telecontrol applications and remote control technology;
-      Advanced Metering Infrastructure (AMI) components, e.g. smart meters;
-      measurement devices, e.g. for emission values;
-      digital protection and safety systems, e.g. protection relays, safety PLCs, emergency governor mechanisms;
-      energy management systems, e.g. of Distributed Energy Resources (DER), electric charging infrastructures, in private households, residential buildings or industrial customer installations;
-      distributed components of smart grid environments, e.g. in energy grids, in private households, residential buildings or industrial customer installations;
-      all software, firmware and applications installed on above-mentioned systems, e.g. DMS (Distribution Management System) applications or OMS (Outage Management System);
-      any premises housing the above-mentioned equipment and systems;
-      remote maintenance systems for above-mentioned systems.
ISO/IEC 27019:2017 does not apply to the process control domain of nuclear facilities. This domain is covered by IEC 62645.
ISO/IEC 27019:2017 also includes a requirement to adapt the risk assessment and treatment processes described in ISO/IEC 27001:2013 to the energy utility industry-sector?specific guidance provided in this document.

  • Standard
    46 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    46 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN ISO/IEC 27000:2020(Main)
Information technology - Security techniques - Information security management systems - Overview and vocabulary (ISO/IEC 27000:2018)
EN ISO/IEC 27000:2020

EN ISO/IEC 27000 provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards.

  • Standard
    35 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    35 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard – translation
    36 pages
    Slovenian language
    sale 10% off
    e-Library read for
    1 day