Digital Consulting and Web Agency

This document specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. This document also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this document are generic and are intended to be applicable to all organizations, regardless of type, size or nature.

This document specifies requirements for an organization to establish, implement, maintain and continually improve a service management system (SMS). The requirements specified in this document include the planning, design, transition, delivery and improvement of services to meet the service requirements and deliver value. This document can be used by:

a) a customer seeking services and requiring assurance regarding the quality of those services;

b) a customer requiring a consistent approach to the service lifecycle by all its service providers, including those in a supply chain;

c) an organization to demonstrate its capability for the planning, design, transition, delivery and improvement of services;

d) an organization to monitor, measure and review its SMS and the services;

e) an organization to improve the planning, design, transition, delivery and improvement of services through effective implementation and operation of an SMS;

f) an organization or other party performing conformity assessments against the requirements specified in this document;

g) a provider of training or advice in service management.

The term "service" as used in this document refers to the service or services in the scope of the SMS.

ISO 9000:2015 describes the fundamental concepts and principles of quality management which are universally applicable to the following:

• organizations seeking sustained success through the implementation of a quality management system;
• customers seeking confidence in an organization's ability to consistently provide products and services conforming to their requirements;
• organizations seeking confidence in their supply chain that their product and service requirements will be met;
• organizations and interested parties seeking to improve communication through a common understanding of the vocabulary used in quality management;
• organizations performing conformity assessments against the requirements of ISO 9001;
• providers of training, assessment or advice in quality management;
• developers of related standards.

ISO 9000:2015 specifies the terms and definitions that apply to all quality management and quality management system standards developed by ISO/TC 176.

This document provides a detailed description and implementation guidance for the Application Security Management Process.

This document specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise.

The requirements specified in this document are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity.

This document is applicable to all types and sizes of organizations that:

a) implement, maintain and improve a BCMS;

b) seek to ensure conformity with stated business continuity policy;

c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption;

d) seek to enhance their resilience through the effective application of the BCMS.

This document can be used to assess an organization's ability to meet its own business continuity needs and obligations.

This document specifies requirements for establishing, implementing, maintaining and continually improving a privacy information management system (PIMS).

Guidance is also provided to assist in the implementation of the requirements in this document.

This document is intended for personally identifiable information (PII) controllers and PII processors holding responsibility and accountability for PII processing.

This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations.

This document specifies the requirements and provides guidance for establishing, implementing, maintaining and continually improving an AI (artificial intelligence) management system within the context of an organization.

This document is intended for use by an organization providing or using products or services that utilize AI systems. This document is intended to help the organization develop, provide or use AI systems responsibly in pursuing its objectives and meet applicable requirements, obligations related to interested parties and expectations from them.

This document is applicable to any organization, regardless of size, type and nature, that provides or uses products or services that utilize AI systems.

ISO 9001:2015 specifies requirements for a quality management system when an organization:

a) needs to demonstrate its ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements, and

b) aims to enhance customer satisfaction through the effective application of the system, including processes for improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.

All the requirements of ISO 9001:2015 are generic and are intended to be applicable to any organization, regardless of its type or size, or the products and services it provides.

This document gives guidelines for managing psychosocial risk within an occupational health and safety (OH&S) management system based on ISO 45001. It enables organizations to prevent work-related injury and ill health of their workers and other interested parties, and to promote well-being at work.

It is applicable to organizations of all sizes and in all sectors, for the development, implementation, maintenance and continual improvement of healthy and safe workplaces.

NOTE            When the term “worker” is used in this document, worker representatives, where they exist, are always implied.

This document provides guidelines for developing and maintaining business continuity plans and procedures. It is applicable to all organizations regardless of type, size and nature, whether in the private, public, or not-for-profit sectors, that wish to develop effective business continuity plans and procedures in a consistent manner.

This document gives guidance for business continuity strategy determination and selection. It is applicable to all organizations regardless of type, size and nature, whether in the private, public or not-for-profit sectors.

It is intended for use by those responsible for, or participating in, strategy determination and selection.

This document gives guidance on the selection and application of tools that can be used in a quality management system to:

a)       characterize a process or a variable;

b)       facilitate problem solving;

c)        highlight areas for improvement;

d)       improve effectiveness.

This document provides guidelines to plan and prepare for incident response and to learn lessons from incident response. The guidelines are based on the “plan and prepare” and “learn lessons” phases of the information security incident management phases model presented in ISO/IEC 27035-1:2023, 5.2 and 5.6.

The major points within the “plan and prepare” phase include:

—    information security incident management policy and commitment of top management;

—    information security policies, including those relating to risk management, updated at both organizational level and system, service and network levels;

—    information security incident management plan;

—    Incident Management Team (IMT) establishment;

—    establishing relationships and connections with internal and external organizations;

—    technical and other support (including organizational and operational support);

—    information security incident management awareness briefings and training.

The “learn lessons” phase includes:

—    identifying areas for improvement;

—    identifying and making necessary improvements;

—    Incident Response Team (IRT) evaluation.

The guidance given in this document is generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the guidance given in this document according to their type, size and nature of business in relation to the information security risk situation.

This document gives guidance and recommendations for applying the requirements of the business continuity management system (BCMS) given in ISO 22301. The guidance and recommendations are based on good international practice.

This document is applicable to organizations that:

a) implement, maintain and improve a BCMS;

b) seek to ensure conformity with stated business continuity policy;

c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption;

d) seek to enhance their resilience through the effective application of the BCMS.

The guidance and recommendations are applicable to all sizes and types of organizations, including large, medium and small organizations operating in industrial, commercial, public and not-for-profit sectors. The approach adopted depends on the organization's operating environment and complexity.

This document defines and establishes a framework for access management (AM) and the secure management of the process to access information and information and communications technologies (ICT) resources, associated with the accountability of a subject within some contexts.

This document provides concepts, terms and definitions applicable to distributed access management techniques in network environments.

This document also provides explanations about related architecture, components and management functions.

The subjects involved in access management can be uniquely recognized to access information systems, as defined in the ISO/IEC 24760 series.

The nature and qualities of physical access control involved in access management systems are outside the scope of this document.

This document is the foundation of the ISO/IEC 27035 series. It presents basic concepts, principles and process with key activities of information security incident management, which provide a structured approach to preparing for, detecting, reporting, assessing, and responding to incidents, and applying lessons learned.

The guidance on the information security incident management process and its key activities given in this document are generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the guidance according to their type, size and nature of business in relation to the information security risk situation.

This document gives guidance on the establishment, implementation, maintenance and continual improvement of an occupational health and safety (OH&S) management system that can help organizations conform to ISO 45001:2018.

NOTE 1   While the guidance in this document is consistent with the ISO 45001:2018 OH&S management system model, it is not intended to provide interpretations of the requirements in ISO 45001.

NOTE 2   The use of the term “should” in this document does not weaken any of the requirements in ISO 45001:2018 or add new requirements.

NOTE 3   For most of the clauses in this document, there are real-life cases on how different types of organizations have implemented the requirements. These are not intended to suggest the only or best way to do this, but to describe one way this was done by an organization.

This part of International Standard 82045 specifies principles and methods to define metadata for the management of documents associated with objects throughout their life cycle; This cycle generally covers a range from the conceptual idea of a document to its deletion. The established principles and methods are basic for all document management systems.
This part is intended as a general basic standard in all application fields and provides the framework applicable for part 2.
International Standard 82045 is primarily intended as a resource for the use in computerised systems such as Electronic Document Management Systems (EDMS) or Product Data Management Systems (PDMS) for the management, retrieval, storage and selection and archiving of documents, and as a basis for the exchange of documents.

NOTE – Part 2 of International Standard 82045 provides the collection of data element types associated with an
information reference model, which may be used in conjunction with the presentation of metadata on documents.

This document provides guidance on managing an information security management system (ISMS) audit programme, on conducting audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO 19011.

This document is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme.