iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 27021:2017/Amd 1:2021

(Amendment)

Information technology — Security techniques — Competence requirements for information security management systems professionals — Amendment 1: Addition of ISO/IEC 27001:2013 clauses or subclauses to competence requirements

Information technology — Security techniques — Competence requirements for information security management systems professionals — Amendment 1: Addition of ISO/IEC 27001:2013 clauses or subclauses to competence requirements

Technologies de l'information — Techniques de sécurité — Exigences de compétence pour les professionnels de la gestion des systèmes de management de la sécurité — Amendement 1: Ajout d'articles ou de paragraphes de l'ISO/IEC 27001:2013 aux exigences en matière de compétence

General Information

Status
Published
Publication Date
01-Dec-2021
ICS
35.030 - IT Security
Technical Committee
ISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protection
Drafting Committee
ISO/IEC JTC 1/SC 27/WG 1 - Information security management systems
Current Stage
6060 - International Standard published
Start Date
02-Dec-2021
Due Date
11-Jun-2021
Completion Date
02-Dec-2021
Ref Project

Relations

Amends
ISO/IEC 27021:2017 - Information technology — Security techniques — Competence requirements for information security management systems professionals
Effective Date
25-Apr-2020

Buy Standard

ISO/IEC 27021:2017/Amd 1:2021 - Addition of ISO/IEC 27001:2013 clauses or subclauses to competence requirementsISO/IEC 27021:2017/Amd 1:2021 - Addition of ISO/IEC 27001:2013 clauses or subclauses to competence requirements
PreviousNext
Standard
ISO/IEC 27021:2017/Amd 1:2021 - Addition of ISO/IEC 27001:2013 clauses or subclauses to competence requirements
English language
2 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 27021:2017/FDAmd 1:Version 28-avg-2021 - Addition of ISO/IEC 27001:2013 clauses or subclauses to competence requirementsISO/IEC 27021:2017/FDAmd 1:Version 28-avg-2021 - Addition of ISO/IEC 27001:2013 clauses or subclauses to competence requirements
PreviousNext
Draft
ISO/IEC 27021:2017/FDAmd 1:Version 28-avg-2021 - Addition of ISO/IEC 27001:2013 clauses or subclauses to competence requirements
English language
2 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 27021
First edition
2017-10
AMENDMENT 1
2021-12
Information technology — Security
techniques — Competence
requirements for information security
management systems professionals
AMENDMENT 1: Addition of ISO/IEC
27001:2013 clauses or subclauses to
competence requirements
Technologies de l'information — Techniques de sécurité — Exigences
de compétence pour les professionnels de la gestion des systèmes de
management de la sécurité
AMENDEMENT 1: Ajout d'articles ou de paragraphes de l'ISO/IEC
27001:2013 aux exigences en matière de compétence
Reference number
ISO/IEC 27021:2017/Amd. 1:2021(E)
© ISO/IEC 2021

---------------------- Page: 1 ----------------------
ISO/IEC 27021:2017/Amd. 1:2021(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
  © ISO/IEC 2021 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 27021:2017/Amd. 1:2021(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identified during the development of the document will be in the
Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents) or the IEC
list of patent declarations received (see https://
...

FINAL
ISO/IEC
AMENDMENT
DRAFT
27021:2017
FDAM 1
ISO/IEC JTC 1/SC 27
Information technology — Security
Secretariat: DIN
techniques — Competence
Voting begins on:
2021­08­30 requirements for information security
management systems professionals
Voting terminates on:
2021­10­25
AMENDMENT 1: Addition of ISO/IEC
27001:2013 clauses or subclauses to
competence requirements
Technologies de l'information — Tecniques de sécurité — Exigences
de compétence pour les professionnels de la gestion des systèmes de
management de la sécurité
AMENDEMENT 1
RECIPIENTS OF THIS DRAFT ARE INVITED TO
SUBMIT, WITH THEIR COMMENTS, NOTIFICATION
OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPOR TING
DOCUMENTATION.
IN ADDITION TO THEIR EVALUATION AS
Reference number
BEING ACCEPTABLE FOR INDUSTRIAL, TECHNO­
ISO/IEC 27021:2017/FDAM 1:2021(E)
LOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON
OCCASION HAVE TO BE CONSIDERED IN THE
LIGHT OF THEIR POTENTIAL TO BECOME STAN­
DARDS TO WHICH REFERENCE MAY BE MADE IN
©
NATIONAL REGULATIONS. ISO/IEC 2021

---------------------- Page: 1 ----------------------
ISO/IEC 27021:2017/FDAM 1:2021(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH­1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2021 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 27021:2017/FDAM 1:2021(E)

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non­governmental, in liaison with ISO and IEC, also take part in the
work.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for
the different types of document should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject
of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent
rights. Details of any patent rights identi
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 9797-1:2011/Amd 1:2023(Amendment)
Information technology — Security techniques — Message Authentication Codes (MACs) — Part 1: Mechanisms using a block cipher — Amendment 1
  • Standard
    1 page
    English language
    sale 15% off
ISO
ISO/IEC TS 27560:2023(Main)
Privacy technologies — Consent record information structure

This document specifies an interoperable, open and extensible information structure for recording PII principals' consent to PII processing. This document provides requirements and recommendations on the use of consent receipts and consent records associated with a PII principal's PII processing consent, aiming to support the: — provision of a record of the consent to the PII principal; — exchange of consent information between information systems; — management of the life cycle of the recorded consent.

  • Technical specification
    52 pages
    English language
    sale 15% off
  • Draft
    51 pages
    English language
    sale 15% off
  • Draft
    51 pages
    English language
    sale 15% off
ISO
ISO/IEC 27071:2023(Main)
Cybersecurity — Security recommendations for establishing trusted connections between devices and services

This document provides a framework and recommendations for establishing trusted connections between devices and services based on hardware security modules. It includes recommendations for components such as: hardware security module, roots of trust, identity, authentication and key establishment, remote attestation, data integrity and authenticity. This document is applicable to scenarios that establish trusted connections between devices and services based on hardware security modules. This document does not address privacy concerns.

  • Standard
    24 pages
    English language
    sale 15% off
  • Draft
    24 pages
    English language
    sale 15% off
ISO
ISO/IEC 4922-1:2023(Main)
Information security — Secure multiparty computation — Part 1: General

This document specifies definitions, terminology and processes for secure multiparty computation and related technology, in order to establish a taxonomy and enable interoperability. In particular, this document defines the processes involved in cryptographic mechanisms which compute a function on data while the data are kept private; the participating parties; and the cryptographic properties. The terminology contained in this document is common to the ISO/IEC 4922 series.

  • Standard
    10 pages
    English language
    sale 15% off
ISO
ISO/IEC 24392:2023(Main)
Cybersecurity — Security reference model for industrial internet platform (SRM- IIP)

This document presents specific characteristics of industrial internet platforms (IIPs), including related security threats, context-specific security control objectives and security controls. This document covers specific security concerns in the industrial context and thus complements generic security standards and reference models. In particular, this document includes secure data collection and transmission among industrial devices, data security of industrial cloud platforms, and secure collaborations with various industry stakeholders. The users of this document are organizations who develop, operate, or use any components of IIPs, including third parties who provide services to the abovementioned stakeholders. This document provides recommendations for users on how to protect IIPs against IIP-specific threats.

  • Standard
    34 pages
    English language
    sale 15% off
  • Draft
    33 pages
    English language
    sale 15% off
ISO
ISO/IEC 27032:2023(Main)
Cybersecurity — Guidelines for Internet security

This document provides: — an explanation of the relationship between Internet security, web security, network security and cybersecurity; — an overview of Internet security; — identification of interested parties and a description of their roles in Internet security; — high-level guidance for addressing common Internet security issues. This document is intended for organizations that use the Internet.

  • Standard
    28 pages
    English language
    sale 15% off
  • Draft
    28 pages
    English language
    sale 15% off
  • Draft
    28 pages
    English language
    sale 15% off
ISO
ISO/IEC 27036-3:2023(Main)
Cybersecurity — Supplier relationships — Part 3: Guidelines for hardware, software, and services supply chain security

This document provides guidance for product and service acquirers, as well as suppliers of hardware, software and services, regarding: a) gaining visibility into and managing the information security risks caused by physically dispersed and multi-layered hardware, software, and services supply chains; b) responding to risks stemming from this physically dispersed and multi-layered hardware, software, and services supply chain that can have an information security impact on the organizations using these products and services; c) integrating information security processes and practices into the system and software life cycle processes, as described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207, while supporting information security controls, as described in ISO/IEC 27002. This document does not include business continuity management/resiliency issues involved with the hardware, software, and services supply chain. ISO/IEC 27031 addresses information and communication technology readiness for business continuity.

  • Standard
    35 pages
    English language
    sale 15% off
  • Draft
    35 pages
    English language
    sale 15% off
  • Draft
    35 pages
    English language
    sale 15% off
ISO
ISO/IEC 29134:2023(Main)
Information technology — Security techniques — Guidelines for privacy impact assessment

This document gives guidelines for: — a process on privacy impact assessments, and — a structure and content of a PIA report. It is applicable to all types and sizes of organizations, including public companies, private companies, government entities and not-for-profit organizations. This document is relevant to those involved in designing or implementing projects, including the parties operating data processing systems and services that process PII.

  • Standard
    44 pages
    English language
    sale 15% off
  • Draft
    44 pages
    English language
    sale 15% off
  • Draft
    44 pages
    English language
    sale 15% off
ISO
ISO/IEC 20008-2:2013/Amd 2:2023(Amendment)
Information technology — Security techniques — Anonymous digital signatures — Part 2: Mechanisms using a group public key — Amendment 2
  • Standard
    26 pages
    English language
    sale 15% off
  • Draft
    26 pages
    English language
    sale 15% off
  • Draft
    26 pages
    English language
    sale 15% off
ISO
ISO/IEC 29128-1:2023(Main)
Information security, cybersecurity and privacy protection — Verification of cryptographic protocols — Part 1: Framework

This document establishes a framework for the verification of cryptographic protocol specifications according to academic and industry best practices.

  • Standard
    15 pages
    English language
    sale 15% off
  • Draft
    15 pages
    English language
    sale 15% off
  • Draft
    15 pages
    English language
    sale 15% off