Standards Download Free
BS pdf,ASME pdf,ISO pdf,ASTM pdf,AS pdf,GB pdf
Standards Download Free
ISO/IEC 27009-2016 pdf free
HomeISO StandardsISO/IEC 27009-2016 pdf free
DESCRIPTION

ISO/IEC 27009-2016 pdf free.Information technology一Security techniques一Sector-specific application of ISO/IEC 27001一 Requirements.
ISO/IEC 27009 defines the requirements for the use of ISO/IEC 27001 in any specific sector
(field, application area or market sector). It explains how to include requirements additional to those in
ISO/IEC 27001, how to refine any of the ISO/IEC 27001 requirements, and how to Include controls or
control sets in addition to ISO/IEC 27001:2013, Annex A.
This International Standard ensures that additional or refined requirements are not in conflict with the requirements in ISO/IEC 27001.
This International Standard Is applicable to those Involved in producing sector-specific standards that relate to ISO/IEC 27001.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 27000:20 16, Information technology — Security techniques — information security management systems — Overview and vocabulary
ISO/IEC 27001:2013, information technology — Security techniques — information security management systems Requirements
ISO/IEC 27002:2013, Information technology — Security techniques — Code of practice for information security controls
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 27000 and the following apply.
3.1 interpretation explanation (in form of requirement or guidance) of an ISO/IEC 27001 requirement in a sector-specific context which does not invalidate any of the ISO/IEC 27001 requirements
3.2 refinement sector-specific specification of an ISO/IEC 27001 requirement which does not remove or invalidate any of the ISO/IEC 27001 requirements
4.1 General
ISO/IEC 27001 is an International Standard that defines the requirements for establishing,implementing, maintaining and continually improving an information security management system.
It states that its requirements are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
NOTE Management system standards within ISO are built in accordance with ISO/JEC Directives, Part 1, (onsolidated ISO Supplement. 2016.111
ISO/IEC 27002 is an International Standard that provides guidelines for information security management practices including the selection, implementation and management of controls taking into consideration the organization’s information security risk environment. The guidelines have a hierarchical structure that consists of clauses, control objectives, controls, implementation guidance and other information. The guidelines of ISO/IEC 27002 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.
The control objective and controls of ISO/IEC 27002 are listed in Annex A of ISO/IEC 27001:2013 in a normative form. lSO/IEC 27001:2013 requires an organization to determine all controls that are necessary to implement the information security risk treatment option(s) chosen (see 6.1.3 b))’, and “compare the controls determined in 6.1.3 b) above with those in Annex A and verify that no necessary controls have been omitted (see 6.1.3 c)).
While ISO/IEC 27001 and ISO/IEC 27002 are widely accepted in organizations, including commercial enterprises, government agencies and not-for-profit organizations, there are emerging needs for sector- specific versions of these standards. Examples of standards which have been developed to address these sector-specific needs are:
— ISO/IEC 27010,121 Information security management for inter-sector and inter-organizational communications;
— ISO/IEC 27011,131 Information security management guidelines for telecommunications organizations based on ISO/IEC 27002;
— ISO/IEC 27017,L1 Code of practice for information security controls based on ISOfIEC 27002 for cloud services; and
— ISO/IEC 27018,[] Code of practice for protection of personally identifiable information (P11) in public clouds acting as P11 processors.
Organizations outside of ISO/I EC have also produced standards addressing sector-specific needs.
Sector-specific standards should be consistent with the requirements of the information security management system. This International Standard provides requirements for how to add to, refine or interpret the requirements of ISO/IEC 27001 and how to add or modify the guidelines of lSO/IEC 27002 for sector-specific use.ISO/IEC 27009 pdf download.


Tags:
DOWNLOAD THE FILE
Related Downloads
  • ISO 8600-1-2013 pdf free download

    ISO 8600-1-2013 pdf free download.Endoscopes  – Medical endoscopes and endotherapy devices – Part 1: General requirements. 6 Marking 6.1 Minimum marking Iach individual endoscope or endotherapy device shall have the lollowing minimum marking: a) model number and/or other mark sufficient to identify the endoscope or endotherapy device and its manufacturer; b) maximum insertion portion width, minimum instrument channel width, working length, field of view and/or direction of view where such identification is necessary for the intended use of the endoscope or endotherapy device. The Insertion portion width and instrument channel width units shall be in millimetres. The insertion portion width and instrument channel width can also be marked in French size as defined in 3.5, shown by either ‘Fr or an encircled number; c) wherever reasonable and practicable. the endoscope or endotherapy device and detachable component(s) shall be identified in terms of lot numbers or serial numbers, etc. 6.2 Marking legibility The marking shall remain legible over the lifetime of the device when the endoscope or endotherapy device is used, cleaned, disinlected, sterilized and stored in accordance with the instruction manual. 6.3 Marking exceptions When marking on the endoscope or endotherapy device or detachable component(s) is impossible to achieve due…

  • ISO 15688-2012 pdf free download

    ISO 15688-2012 pdf free download.Road construction and maintenance equipment – Soil stabilizers 一 Terminology and commercial specifications. This International Standard establishes the terminology, definitions of operation and commercial specifications for soil stabilizers and their components intended for use in road construction and pavement works. It does not apply to soil stabilizers used in agricultural applications. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.. ISO 3911, Wheels and rims for pneumatic tyres — Vocabulary, designation and marking ISO 6746-1, Earth-moving machinery — Definitions of dimensions and codes — Part 1: Base machine ISO 6746-2, Earth-moving machinery — Definitions of dimensions and codes — Part 2: Equipment and attachments ISO 7134. Earth-moving machinery — Graders — Terminology and commercial specifications 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 soil stabilizer self-propelled machine, either towed or transported, with the function of pulverizing, breaking-up, aerating, homogenizing, and loosening existing and imported soil or paving materials and mixing them…

  • ISO 18436-1-2012 pdf free

    ISO 18436-1-2012 pdf free.Condition monitoring and diagnostics of machines – Requirements for qualification and assessment of personnel一 Part 1: Requirements for assessment bodies and the assessment process. 5 Requirements for assessment body personnel 5.1 General provisions In order to ensure that the assessment process is carried out effectively and uniformly, the competence requirements for personnel involved in the entire process shall be defined by the assessment body and, in the case of a third party, be approved by the responsible TCC (in accordance with ISO/IEC 17024). The assessment body shall require its personnel (internal or external) to sign a contract, or other document, by which they commit themselves to comply with the rules defined by the assessment body, including those relating to confidentiality and those relating to independence from commercial and other interests, and from any prior or present link with the persons to be examined that would, in the opinion of the interested parties, compromise impartiality. Clearly documented instructions shall be available to the personnel, describing their duties and responsibilities. These instructions shall be maintained up to date. All personnel involved in any aspect of assessment activities shall possess appropriate educational qualifications, experience and technical expertise, which satisfy defined…

See more uploads...
Download
Latest Uploads
Popular Tags
Road vehiclesInformation technologyPaints and varnishesPlasticsMetallic materialsRubbervulcanized or thermoplasticEarth-moving machineryDentistryEnvironmental managementInfusion equipment for medical useShips and marine technologyNon-destructive testingGeometrical product specificationsRolling bearings