ISO 27001 – Information Security Management System
This International Standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The adoption of an information security management system is a strategic decision for an organization.
ISO 20000-1 – Information Technology – Service Management System
ISO 20000 is the first worldwide standard specifically focused at IT Service Management. It describes an integrated set of management processes for the effective delivery of services to the business and its customers.
ISO 15504 / ISO 12207 – Software Process Improvement and Capability Determination (SPICE)
ISO/IEC 15504-5 provides a detailed description of the structure and key components of the Process Assessment Model, which includes two dimensions: a process dimension and a capability dimension. It also introduces assessment indicators.
ISO/IEC 12207 establishes a common framework for software life cycle processes, with well-defined terminology, that can be referenced by the software industry.
This provides guidance for establishing, implementing, maintaining and continually improving a Privacy Information Management System (PIMS) in the form of an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy management within the context of the organization. It specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.