Our time can be characterized by the era of rapid technological development. This is greatly helped by the endless possibilities in finding the necessary information, which is now one of the most valuable resources. Since the correct presentation of any event or technology, as well as the correct perception of them, significantly affect the results of their use, any information technology must be regulated. All information and its exchange take place at the international level, and therefore at the same level and are regulated by the relevant documents. Today we will provide a list of the most commonly used and necessary standards if the field of your company is information technology.

Information technology - Security techniques - Vulnerability handling processes (ISO/IEC 30111:2019)

SIST EN ISO/IEC 30111:2020

Security in the field of information technology is becoming an increasingly urgent issue with the pace of development of Internet technologies. In order to understand exactly how efficient data protection mechanisms should function, it is necessary to be familiar with international standards governing this industry. One of such standards is SIST EN ISO/IEC 30111:2020. This document provides requirements and recommendations for how to process and remediate reported potential vulnerabilities in a product or service.This document is applicable to vendors involved in handling vulnerabilities. In order to familiarize yourself with more detailed details of this document, you can go to our website and clarify all your questions.

Information technology - Security techniques - Vulnerability disclosure

SIST EN ISO/IEC 29147:2020

Sometimes companies underestimate the scale of the potential risks of information leakage. Ignoring these risks is fraught with negative financial consequences, which is why international standards are being created that regulate data protection processes, one of which is SIST EN ISO/IEC 29147:2020. This document provides requirements and recommendations to vendors on the disclosure of vulnerabilities in products and services. Vulnerability disclosure enables users to perform technical vulnerability management as specified in ISO/IEC 27002:2013, 12.6.1[1]. Vulnerability disclosure helps users protect their systems and data, prioritize defensive investments, and better assess risk. The goal of vulnerability disclosure is to reduce the risk associated with exploiting vulnerabilities. Coordinated vulnerability disclosure is especially important when multiple vendors are affected. This document provides: — guidelines on receiving reports about potential vulnerabilities; — guidelines on disclosing vulnerability remediation information; — terms and definitions that are specific to vulnerability disclosure; — an overview of vulnerability disclosure concepts; — techniques and policy considerations for vulnerability disclosure; — examples of techniques, policies (Annex A), and communications (Annex B). Other related activities that take place between receiving and disclosing vulnerability reports are described in ISO/IEC 30111. This document is applicable to vendors who choose to practice vulnerability disclosure to reduce risk to users of vendors’ products and services, and if you fall into this category, then we recommend that you familiarize yourself in more detail with the specifics of this document at the link.

Information technology - Security techniques - Privacy framework (ISO/IEC 29100:2011, including Amd 1:2018)

SIST EN ISO/IEC 29100:2020

In the field of technological interaction between companies, a large number of questions arise about maintaining privacy in data transmission. International standards such as SIST EN ISO 29100:2020 This International Standard provides a privacy framework which

  • specifies a common privacy terminology;
  • defines the actors and their roles in processing personally identifiable information (PII);
  • describes privacy safeguarding considerations; and
  • provides references to known privacy principles for information technology. This International Standard is applicable to natural persons and organizations involved in specifying, procuring, architecting, designing, developing, testing, maintaining, administering, and operating information and communication technology systems or services where privacy controls are required for the processing of PII. If you are interested in this standard, you can familiarize yourself with the information on our website that will help you understand the need to purchase this document.

Information technology - Security techniques - Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations (ISO/IEC 27011:2016)

SIST EN ISO/IEC 27011:2020

SIST EN ISO / IEC 27011: 2020 is an example of an international standard that regulates information security aspects. Since this issue is significant in the context of business planning, these parameters can significantly increase the productivity of your activities. The scope of this Recommendation | International Standard is to define guidelines supporting the implementation of information security controls in telecommunications organizations. The adoption of this Recommendation | International Standard will allow telecommunications organizations to meet baseline information security management requirements of confidentiality, integrity, availability and any other relevant security property.

Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors (ISO/IEC 27018:2019)

SIST EN ISO/IEC 27018:2020

Personalization of information is a necessary aspect in the 21st century. The standardization of these processes is a complex concept, and therefore one of the key aspects in the formation of productive activities. One such standard is SIST EN ISO / IEC 27018: 2020. This document establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy principles in ISO/IEC 29100 for the public cloud computing environment. In particular, this document specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which can be applicable within the context of the information security risk environment(s) of a provider of public cloud services. This document is applicable to all types and sizes of organizations, including public and private companies, government entities and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations. The guidelines in this document can also be relevant to organizations acting as PII controllers. However, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. This document is not intended to cover such additional obligations. If only part of this document meets the needs of your business, go to our website, where it is possible to select the required standard for all your stated parameters.


Information technology - Security techniques - Guidelines for privacy impact assessment (ISO/IEC 29134:2017)

SIST EN ISO/IEC 29134:2020

Although the IT industry is vast and somewhat oversaturated, there are still general standards that can be applied to any business. EN-ISO-IEC 29134 guidelines for - a process on privacy impact assessments, and - a structure and content of a PIA report. It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations. This document is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII. Since this document is generalized, we recommend that you have it in your regulatory framework if your company in one way or another comes into contact with information technology.

Information technology - Security techniques - Evaluation criteria for IT security - Part 1: Introduction and general model (ISO/IEC 15408-1:2009)

SIST EN ISO/IEC 15408-1:2020

The IT sphere is developing every day and has its own characteristics in the use and dissemination of information. That is why the standardization of this area has a large number of documents. EN-ISO/IEC 15408-1 establishes the general concepts and principles of IT security evaluation and specifies the general model of evaluation given by various parts of the standard which in its entirety is meant to be used as the basis for evaluation of security properties of IT products. Part one provides an overview of all parts of ISO/IEC 15408 standard. It describes the various parts of the standard; defines the terms and abbreviations to be used in all parts of the standard; establishes the core concept of a Target of Evaluation (TOE); the evaluation context and describes the audience to which the evaluation criteria are addressed. An introduction to the basic security concepts necessary for evaluation of IT products is given. It defines the various operations by which the functional and assurance components given in ISO/IEC 15408-2 and ISO/IEC 15408-3 may be tailored through the use of permitted operations. The key concepts of protection profiles (PP), packages of security requirements and the topic of conformance are specified and the consequences of evaluation, evaluation results are described. This part of ISO/IEC 15408 gives guidelines for the specification of Security Targets (ST) and provides a description of the organization of components throughout the model. General information about the evaluation methodology are given in ISO/IEC 18045 and the scope of evaluation schemes is provided. Since this standard is specialized, we recommend that you check with professionals whether it is suitable for the field of activity of your company.

Standards are your ship in the ocean of information

The specificity of information technologies lies in the fact that they cover various areas and have many branches. Industry standardization makes it possible to create a clear structure for a clear understanding of what information will be useful to you at a certain moment. Also worth noting is the issue of data security and privacy, which becomes more and more relevant as the pace of innovation develops. In order for your company to be able to provide, process, store and exchange information in a quality manner, we recommend having basic standards as part of the necessary documents for the successful functioning of your business. You can always contact our team, which will help you select international standards in accordance with the scope of your company. Stay ahead of the curve with iTeh.