ISO - International Standard for Organization
* Abbreviation is ISO of International Standard for Organization derived from the ancient Greek word ísos which means equivalent or equal. ISO develops and publishes a wide of industrial, commercial, and proprietary standards.
* Organization- International and non-governmental made up of national standard bodies. It is a committee of 162 national standard bodies and 784 technical committees and sub-committees.
* Founded/ officially established in 1947, 23 February
* Headquarters – Geneva, Switzerland
Some of the well known ISO standards are as follows:
Usually, ISO 27000 series has 60 standards regarding information security issues, and some are described here:
ISO 27000 | The ISO 27000 standard is created to handle the security and protection of information technology in a company. It was started in 2005(with two basic standards, ISO 27001:2013& ISO 27002:2013). It has provided over 22000 certifications worldwide with its different standard versions as it is a broad standard. |
ISO 27001 | This standard is a specification of an ISMS-information security management system designed to replace the old BS7799-2 standard. Organizations recommend and use this standard for certification, which can be customized to fit the need of organizations. |
ISO 27002 | It is the new version of the original ISO 17799 standard, also known as BS7799-1, and consists of guidelines for implementing SGSI with 114 controls structured in 14 domains and 35 control objectives. This standard is a technical document that puts a code of conduct and focuses on each individual. |
ISO 27003 | This standard offers new guidance for successfully implementing the information security management system and SGSI process. |
ISO 27004 | This standard includes ISO27002-aligned controls and covers information security system management measurement and metrics with correct definition and correction of metrics. |
ISO 27005 | This ISO standard handles the risk department in an industry that includes information security risk management. |
ISO 27006 | It consists of guidelines for the accreditation of organizations that offer information security system management certification with ISO/IEC-27001. |
ISO 27007 | This standard offers a guide that establishes procedures for conducting external and internal audits for verifying and certification implementation of ISO/IEC-27001. |
ISO 27008 | To review ISMS control adequacy, this standard defines how to evaluate ISMS controls because they effectively mitigate risks. |
ISO 27009 | This standard includes requirements and newly added controls to ISO 27001 standard that are applicable in specific sectors. It aims to make the implementation more effective. |
ISO 27010 | It is applicable for telecommunication organizations where it handles how information should be treated during sharing among multiple organizations. In comparison, sharing information about what risks can arise and what controls can mitigate them, especially when related to security management in critical infrastructure. |
ISO 27011 | It indicates how an organization can efficiently implement, maintain, and manage an SGSI control in telecommunication organizations. |
ISO 27013 | This standard establishes a guide for the organizations that implement both the integration of standard 27001(SGSI) and the 2000service management system (SGS). |
ISO 27014 | With this standard, organizations can monitor, evaluate and communicate information security activities due to establishing principles for information security governance. |
ISO 27015 | It provides principles regarding the implementation of SGSI in companies responsible for financial services like banking or electric banking services. |
ISO 27016 | It is designed to support the management of organizations by helping them in economic decision-making related to information security management. |
ISO 27017 | It consists of 37 specific controls based on the 27002 standards for cloud services. |
ISO 27018 | This version addresses cloud computing for third parties that implement procedures and controls to protect data in an organization and complements 27001 and 27002 standards. |
ISO 27019 | A guide is given to apply to energy-related issues in the industry. It is based on standard 27002 to implement an SGSI. |
ISO 27031 | It covers the IT disaster-related activities and recovery programs in an organization or industry. |
ISO 27037 | This ISO standard addresses the protection and collection of digital evidence. |
ISO 27040 | It addresses data storage security. |
ISO 27799 | This ISO standard is useful for health care industries that require HIPPA compliance for information security. |
Difference between ISO and ISO Standards?
ISO – It’s a national and non-governmental federation consisting of multiple standards bodies covering more than 160 countries (one standard body representing one member country).
ISO standards are the main product of ISO. These internationally agreed-upon formulas define the best way of doing a specific activity in an organization with limitations, i.e., following rules and regulations.
Conclusion
There are various ISO standards defined for a particular sector in business and can also be applied to non-business organizations. These standards work effectively by being revised constantly for a certain period to adapt and bring the changes in our environment, social attitude, technology, and legislation.