Résumé
PrévisualiserThis document provides guidance for product and service acquirers, as well as suppliers of hardware, software and services, regarding:
a) gaining visibility into and managing the information security risks caused by physically dispersed and multi-layered hardware, software, and services supply chains;
b) responding to risks stemming from this physically dispersed and multi-layered hardware, software, and services supply chain that can have an information security impact on the organizations using these products and services;
c) integrating information security processes and practices into the system and software life cycle processes, as described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207, while supporting information security controls, as described in ISO/IEC 27002.
This document does not include business continuity management/resiliency issues involved with the hardware, software, and services supply chain. ISO/IEC 27031 addresses information and communication technology readiness for business continuity.
-
État actuel: PubliéeDate de publication: 2023-06
-
Edition: 2
-
Comité technique: ISO/IEC JTC 1/SC 27 Sécurité de l’information, cybersécurité et protection de la vie privée
-
- ICS :
- 35.030 Sécurité des technologies de l’information
Acheter cette norme
| Format | Langue | |
|---|---|---|
| std 1 145 | PDF + ePub | |
| std 2 145 | Papier |
- CHF145
Cycle de vie
-
Précédemment
AnnuléeISO/IEC 27036-3:2013
-
Actuellement
Vous avez une question?
Consulter notre FAQ
Horaires d’ouverture:
De lundi à vendredi - 09:00-12:00, 14:00-17:00 (UTC+1)