Copyright © 2014. Know Standards of Excellence. All rights reserved. By using this website you agree to the User Agreement and the Privacy Policy
STANDARDS
KNOW
of
Excellence
ISO 27001 -
ISO 27001 has now emerged as the most popular standard after ISO 9001. Its a standards, if well implemented, the organizations can see well structured continuous improvement in Information Security through Information Security Management System (ISMS). The controls are designed considering the Confidentiality, Integrity & Availability (CIA) matrix. The level of demonstrated assurance of organizations successfully implementing this framework is much higher compared to others. This standard was first mooted by BSI as BS 7799, later evolved as ISO 17799 and now adopted as ISO 27001. The implementation involves effectively utilizing PDCA cycle while implementing controls in various areas & activities like risk assessment & treatment, documenting security policies, asset management, HR security, physical & environmental security, access controls, communication & operation management, information systems management, incident management, BCM, legal & regulatory compliance, IPR ,Data protection & privacy, audits, etc. The First step would be to purchase the Standard in your organizations name & prepare a preliminary Statement of Applicability (SoA).
Request for Free !!! Compliance templates to track, monitor & improve your ISMS (1) Information Asset Inventory Template, (2) Risk Assessment Tool, (3) Incident Management Template, (4) Business Continuity Planning (BCP) Test Manegement Template.
ISO 22301 -
ISO 22301 is the current the standard that organisations are looking at to demonstreate
their business continuity capabilities. The standard gives you the requirements for
establishing, implementing, operating, monitoring, reviewing, exercising, maintaining
and improving a documented Business Continuity Management System (BCMS). ISO 22301
is Societal security. Business continuity management systems. Requirements. ISO 22313
the Code pf Practice for this new standard is to be published yet. With this standard
earlier BS 25999 -
Request for Free !!! Compliance templates to track, monitor & improve your BCMS (1) Business Impact Analysis Template, (2) Risk Assessment Tool, (3) Incident Management Template, (4) Business Continuity Planning (BCP) Test Management Template.
SAS 70 Superseded for Service for Service Provider Controls Reporting by SSAE 16 established by the American Institute of Certified Public Accountants (AICPA).
With the AICPA’s issuance of its Guide: Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy, updated May 1, 2011 (SOC 2 Guide), accountants for service organizations (service auditors) are now able to issue three service organization control reports in the AICPA framework – SOC 1, SOC 2 and SOC 3 reports. This framework of reports provides user entities’ management with tools to obtain certain assurances regarding the performance of outsource service providers’ service delivery systems.
Request for Free !!! Guidance on your clarifications on SOC 1, SOC 2 and SOC 3 reports
Standards
ISO 31000 -
This International Standard recognizes the variety of the nature, level and complexity of risks and provides generic guidelines on principles and implementation of risk management. To apply these generic guidelines in a specific situation, this International Standard sets out how an organization should understand the specific context in which it implements risk management. Risk management can be applied to the entire organization, across its many areas and levels, at any time as well as to specific functions and activities.
Request for Free !!! Guidance on ISO 31000 practices to be implemented
ISO 28001 -
International supply chains are highly dynamic and consist of many entities and business partners. This standard recognizes this complexity. It has been developed to allow an individual organization in the supply chain to apply its requirements in conformance with the organization’s particular business model and its role and function in the international supply chain. This standard provides an option for organizations to establish and document reasonable levels of security within international supply chains and their components. It will enable such organizations to make better risk based decisions concerning the security in those international supply chains.
Request for Free !!! Guidance on security practices to be implemented for yout supply chain
ISO 26000 -
This International Standard provides guidance on the underlying principles of social responsibility, recognizing social responsibility and engaging stakeholders, the core subjects and issues pertaining to social responsibility (Human rights, Labour practices, The environment, Fair operating practices, Consumer issues, Community involvement and development, ) and on ways to integrate socially responsible behavior into the organization. This International Standard emphasizes the importance of results and improvements in performance on social responsibility.
Request for Free !!! Guidance on CSR practices to be implemented
ISO 14001 -
This International Standard specifies requirements for an environmental management
system to enable an organization to develop and implement a policy and objectives
which take into account legal requirements and information about significant environmental
aspects. It is intended to apply to all types and sizes of organization and to accommodate
diverse geographical, cultural and social conditions. The overall aim of this International
Standard is to support environmental protection and prevention of pollution in balance
with socio-
Request for Free !!! Guidance on EMS practices to be implemented
OHSAS 18002 -
OHSAS 18002 seeks to explain the underlying principles of OHSAS 18001. It describes the intent, typical inputs, processes and typical outputs, against each requirement of OHSAS 18001, to aid in the understanding and implementation of OHSAS 18001. It does not create additional requirements to those specified in OHSAS 18001 nor does it prescribe mandatory approaches to the implementation of OHSAS 18001. It is intended to address occupational health and safety (OH&S) rather than product and services safety.
Request for Free !!! Guidance on Health and Safety practices to be implemented
ISO 27002 -
This International Standard is designed for organizations to use as a reference for
selecting controls within the process of implementing an Information Security Management
System (ISMS) based on ISO/IEC 27001or as a guidance document for organizations implementing
commonly accepted information security controls. This standard is also intended for
use in developing industry-
Request for Free !!! Guidance on ISMS practices to be implemented
ISO 27005 -
This International Standard provides guidelines for Information Security Risk Management in an organization, supporting in particular the requirements of an ISMS according to ISO/IEC 27001. However, this International Standard does not provide any specific methodology for information security risk management. It is up to the organization to define their approach to risk management, depending for example on the scope of the ISMS, context of risk management, or industry sector. A number of existing methodologies can be used under the framework described in this International Standard to implement the requirements of an ISMS..
Request for Free !!! Guidance on ISMS & IT risk management practices to be implemented
ISO 27799 – Health informatics — Information security management in health using ISO/IEC 27002
This Standard draws upon the experience gained in dealing with the security of personal health information and is intended as a companion document to ISO 27002. It is not intended to supplant ISO/IEC 27002 or ISO/IEC 27001. Rather, it is a complement to these more generic standards.
ISO 22313 -
This International Standard provides guidance to ISO 22301 for setting up and managing an effective business continuity management system (BCMS)
Request for Free !!! Guidance on BCMS practices to be implemented
ISO 22398 -
This International Standard describes the procedures necessary for planning, implementing, managing, evaluating, reporting and improving exercises, and the testing designs to assess the readiness of an organization to perform the mission. The organization should make maximum use of the controlled, risk managed environment of exercises and testing. Furthermore, practice for improvisation is only possible in the exercises and testing environment; once a real event occurs, the time for practice has ended.
Request for Free !!! Guidance on ISMS, BCMS exercises & testing practices to be implemented
ANSI/ASIS SCRM.1-
This Standard, developed in collaboration with the Supply Chain Risk Leadership Council,
provides a framework for collecting, developing, understanding, and implementing
current best practices for supply chain risk management (SCRM). It is a practitioner’s
guide to SCRM and associated processes for the management of risks within the organization
and its end to end supply chain. This Standard provides some guidelines and possible
approaches for an organization to consider, including examples of tools other organizations
have used. It can serve as a baseline for helping enterprises assess and address
supply -
Request for Free !!! Guidance on SCRM practices to be implemented
ISO 22857 -
This International Standard seeks to draw on, and harmonise, data protection requirements relating to the transfer of personal health data across international boundaries as given in authoritative international documents. It also seeks to take into account a range of national requirements so as to avoid, as far as practicable, conflict between the requirements of this International Standard and national specifications..
Request for Free !!! Guidance on Data Protection practices to be implemented
BS 8903 -
This British Standard is intended to help organizations and individuals consider and implement sustainable practices within their procurement processes, and ongoing management of their respective supply chains. Sustainable procurement means only purchasing goods that are really needed, and buying items or services whose production, use and disposal both minimize negative impacts and encourage positive outcomes for the environment, economy and society. Sustainable procurement is basically good procurement achieving the optimum balance of economic, social and environmental impacts to ensure an organization can operate both efficiently and responsibly.
Request for Free !!! Guidance on sustainable procurement practices to be implemented
IEC 31010 -
This standard is general in nature, so that it may give guidance across many industries and types of system. There may be more specific standards in existence within these industries that establish preferred methodologies and levels of assessment for particular applications. If these standards are in harmony with this standard, the specific standards will generally be sufficient. This standard is intended to reflect current good practices in selection and utilization of risk assessment techniques, and does not refer to new or evolving concepts which have not reached a satisfactory level of professional consensus.
Request for Free !!! Guidance on risk assessment techniques & practices to be implemented
ISO 17316 -
The fundamental structure of the world-
Request for Free !!! Guidance on documentation practices to be implemented
ISO/IEC 27042 -
This International Standard provides guidance on the conduct of the analysis and interpretation of potential digital evidence in order to identify and evaluate digital evidence which can be used to aid understanding of an incident. The exact nature of the data and information making up the potential digital evidence will depend on the nature of the incident and the digital evidence sources involved in that incident..
Request for Free !!! Guidance on best practices tin digital evidencing