ISO27036-3 (ISO 27036-3) Guidelines for ICT Supply Chain Security

Description

You may have confidence in the strength of your own information security systems, but how can you guarantee the security of your information and communication technology (ICT) supply chain?

This new addition to the ISO27000 series of information security standards, ISO/IEC 27036-3:2013, gives guidance on ICT supply chain security, and as such is a key support for ISO27001:2013, which introduced supply chain management as a  control category.

Applicable to product and service acquirers and suppliers, ISO27036-3 provides guidance on:

• How to manage the information security risks caused by physically widespread and multi-layered supply chains.
• Responding to the risks to ICT products and services caused by global ICT supply chains (such as the insertion of malicious code or the presence of the counterfeit information technology products).
• Integrating information security processes and practices into ISO/IEC 15288 and ISO/IEC 12207 system and software lifecycle processes, while supporting ISO/IEC 27002 information security controls.

ISO/IEC 27036-3:2013 does not include business continuity management/resiliency issues involved with the ICT supply chain, which is covered by ISO/IEC 27031.

Customer Reviews

(0# of Ratings:)