ISO/IEC JTC 1/SC 27/WG 4 - Security controls and services

This document provides guidelines for multiple organizations handling information security incidents in a coordinated manner. It also addresses the impacts of external cooperation on the internal incident management of an individual organization and provides guidelines for an individual organization to adapt to the coordination process. Furthermore, it provides guidelines for the coordination team, if it exists, to perform coordination activities supporting the cross-organization incident response. The principles given in this document are generic and are intended to be applicable to multiple organizations to work together to handle information security incidents, regardless of their types, sizes or nature. Organizations can adjust the guidance given in this document according to their type, sizes and nature of business in relation to the information security risk situation. This document is also applicable to an individual organization that participates in partner relationships.

This document provides guidelines to analyse security and privacy risks and identifies controls that can be implemented in Internet of Things (IoT)-domotics systems.

This document provides detailed technical requirements and guidance on how organizations can achieve an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, design, documentation, and implementation of data storage security. Storage security applies to the protection of data both while stored in information and communications technology (ICT) systems and while in transit across the communication links associated with storage. Storage security includes the security of devices and media, management activities related to the devices and media, applications and services, and controlling or monitoring user activities during the lifetime of devices and media, and after end of use or end of life. Storage security is relevant to anyone involved in owning, operating, or using data storage devices, media, and networks. This includes senior managers, acquirers of storage products and services, and other non-technical managers or users, in addition to managers and administrators who have specific responsibilities for information or storage security, storage operation, or who are responsible for an organization’s overall security programme and security policy development. It is also relevant to anyone involved in the planning, design, and implementation of the architectural aspects of storage network security. This document provides an overview of storage security concepts and related definitions. It includes requirements and guidance on the threats, design, and control aspects associated with typical storage scenarios and storage technology areas. In addition, it provides references to other international standards and technical reports that address existing practices and techniques that can be applied to storage security.

This document aims to identify security risks of network virtualization and proposes guidelines for the implementation of network virtualization security. Overall, this document intends to considerably aid the comprehensive definition and implementation of security for any organization’s virtualization environments. It is aimed at users and implementers who are responsible for the implementation and maintenance of the technical controls required to provide secure virtualization environments.

This document provides baseline ICT requirements for IoT devices to support security and privacy controls.

This document provides a framework and recommendations for establishing trusted connections between devices and services based on hardware security modules. It includes recommendations for components such as: hardware security module, roots of trust, identity, authentication and key establishment, remote attestation, data integrity and authenticity. This document is applicable to scenarios that establish trusted connections between devices and services based on hardware security modules. This document does not address privacy concerns.

This document presents specific characteristics of industrial internet platforms (IIPs), including related security threats, context-specific security control objectives and security controls. This document covers specific security concerns in the industrial context and thus complements generic security standards and reference models. In particular, this document includes secure data collection and transmission among industrial devices, data security of industrial cloud platforms, and secure collaborations with various industry stakeholders. The users of this document are organizations who develop, operate, or use any components of IIPs, including third parties who provide services to the abovementioned stakeholders. This document provides recommendations for users on how to protect IIPs against IIP-specific threats.

This document provides: — an explanation of the relationship between Internet security, web security, network security and cybersecurity; — an overview of Internet security; — identification of interested parties and a description of their roles in Internet security; — high-level guidance for addressing common Internet security issues. This document is intended for organizations that use the Internet.

This document is the foundation of the ISO/IEC 27035 series. It presents basic concepts, principles and process with key activities of information security incident management, which provide a structured approach to preparing for, detecting, reporting, assessing, and responding to incidents, and applying lessons learned. The guidance on the information security incident management process and its key activities given in this document are generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the guidance according to their type, size and nature of business in relation to the information security risk situation. This document is also applicable to external organizations providing information security incident management services.

This document provides guidelines to plan and prepare for incident response and to learn lessons from incident response. The guidelines are based on the “plan and prepare” and “learn lessons” phases of the information security incident management phases model presented in ISO/IEC 27035-1:2023, 5.2 and 5.6. The major points within the “plan and prepare” phase include: — information security incident management policy and commitment of top management; — information security policies, including those relating to risk management, updated at both organizational level and system, service and network levels; — information security incident management plan; — Incident Management Team (IMT) establishment; — establishing relationships and connections with internal and external organizations; — technical and other support (including organizational and operational support); — information security incident management awareness briefings and training. The “learn lessons” phase includes: — identifying areas for improvement; — identifying and making necessary improvements; — Incident Response Team (IRT) evaluation. The guidance given in this document is generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the guidance given in this document according to their type, size and nature of business in relation to the information security risk situation. This document is also applicable to external organizations providing information security incident management services.

This document sets out a framework of requirements to manage information security for Public key infrastructure (PKI) trust service providers through certificate policies, certificate practice statements, and, where applicable, their internal underpinning by an information security management system (ISMS). The framework of requirements includes the assessment and treatment of information security risks, tailored to meet the agreed service requirements of its users as specified through the certificate policy. This document is also intended to help trust service providers to support multiple certificate policies. This document addresses the life cycle of public key certificates that are used for digital signatures, authentication, or key establishment for data encryption. It does not address authentication methods, non-repudiation requirements, or key management protocols based on the use of public key certificates. For the purposes of this document, the term “certificate” refers to public key certificates. This document is not applicable to attribute certificates. This document uses concepts and requirements of an ISMS as defined in the ISO/IEC 27000 family of standards. It uses the code of practice for information security controls as defined in ISO/IEC 27002. Specific PKI requirements (e.g. certificate content, identity proofing, certificate revocation handling) are not addressed directly by an ISMS such as defined by ISO/IEC 27001 [26]. The use of an ISMS or equivalent is adapted to the application of PKI service requirements specified in the certificate policy as described in this document. A PKI trust service provider is a special class of trust service for the use of public key certificates. This document draws a distinction between PKI systems used in closed, open and contractual environments. This document is intended to facilitate the implementation of operational, baseline controls and practices in a contractual environment. While the focus of this document is on the contractual environment, application of this document to open or closed environments is not specifically precluded.

This document specifies fundamental information security requirements for defining, implementing, operating, monitoring, reviewing, maintaining and improving supplier and acquirer relationships. These requirements cover any procurement and supply of products and services, such as manufacturing or assembly, business process procurement, software and hardware components, knowledge process procurement, build-operate-transfer and cloud computing services. This document is applicable to all organizations, regardless of type, size and nature. To meet the requirements, it is expected that an organization has internally implemented a number of foundational processes or is actively planning to do so. These processes include, but are not limited to: business management, risk management, operational and human resources management, and information security.

This document provides guidelines on risks, principles and controls for security and privacy of Internet of Things (IoT) solutions.

This document specifies requirements for establishing virtualized roots of trust.

This document is an introductory part of ISO/IEC 27036. It provides an overview of the guidance intended to assist organizations in securing their information and information systems within the context of supplier relationships. It also introduces concepts that are described in detail in the other parts of ISO/IEC 27036. This document addresses perspectives of both acquirers and suppliers.

This document provides guidance on the ways an organization can plan and prepare for, and implement, electronic discovery from the perspective of both technology and processes. This document provides guidance on proactive measures that can help enable effective and appropriate electronic discovery and processes. This document is relevant to both non-technical and technical personnel involved in some or all of the electronic discovery activities.

This document specifies the security and privacy aspects applicable to the big data reference architecture (BDRA) including the big data roles, activities and functional components and also provides guidance on security and privacy operations for big data.

This document gives guidelines for information security incident response in ICT security operations. This document does this by firstly covering the operational aspects in ICT security operations from a people, processes and technology perspective. It then further focuses on information security incident response in ICT security operations including information security incident detection, reporting, triage, analysis, response, containment, eradication, recovery and conclusion. This document is not concerned with non-ICT incident response operations such as loss of paper-based documents. This document is based on the "Detection and reporting" phase, the "Assessment and decision" phase and the "Responses" phase of the "Information security incident management phases" model presented in ISO/IEC 27035‑1:2016. The principles given in this document are generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the provisions given in this document according to their type, size and nature of business in relation to the information security risk situation. This document is also applicable to external organizations providing information security incident management services.

This document provides requirements and recommendations on activities in electronic discovery, including, but not limited to, identification, preservation, collection, processing, review, analysis and production of electronically stored information (ESI). In addition, this document specifies relevant measures that span the lifecycle of the ESI from its initial creation through to final disposition. This document is relevant to both non-technical and technical personnel involved in some or all of the electronic discovery activities. It is important to note that the user is expected to be aware of any applicable jurisdictional requirements.

Electronic discovery is the process of discovering pertinent Electronically Stored Information (ESI) or data by one or more parties involved in an investigation or litigation, or similar proceeding. This document provides an overview of electronic discovery. In addition, it defines related terms and describes the concepts, including, but not limited to, identification, preservation, collection, processing, review, analysis, and production of ESI. This document also identifies other relevant standards (e.g. ISO/IEC 27037) and how they relate to, and interact with, electronic discovery activities. This document is relevant to both non-technical and technical personnel involved in some or all of the electronic discovery activities.

This document specifies security and protection of personally identifiable information components, SLOs and SQOs for cloud service level agreements (cloud SLA) including requirements and guidance. This document is for the benefit and use of both CSPs and CSCs.

This document specifies security guidelines for the design and implementation of VSs. Design considerations focusing on identifying and mitigating risks, and implementation recommendations with respect to typical VSs are covered in this document. This document is not applicable to: (see also 5.3.2 Exclusions) — desktop, OS, network, and storage virtualization; and — vendor attestation. This document is intended to benefit any organization using and/or providing VSs.

This document provides guidance for technical and non-technical personnel at senior management levels within an organization, including those with responsibility for compliance with statuary and regulatory requirements, and industry standards. It describes how such personnel can identify and take ownership of risks related to electronic discovery, set policy and achieve compliance with corresponding external and internal requirements. It also suggests how to produce such policies in a form which can inform process control. Furthermore, it provides guidance on how to implement and control electronic discovery in accordance with the policies.

This document provides a detailed description and implementation guidance for the Application Security Management Process.

This document describes the minimum requirements when the required activities specified by an Application Security Control (ASC) are replaced with a Prediction Application Security Rationale (PASR). The ASC mapped to a PASR define the Expected Level of Trust for a subsequent application. In the context of an Expected Level of Trust, there is always an original application where the project team performed the activities of the indicated ASC to achieve an Actual Level of Trust. The use of Prediction Application Security Rationales (PASRs), defined by this document, is applicable to project teams which have a defined Application Normative Framework (ANF) and an original application with an Actual Level of Trust. Predictions relative to aggregation of multiple components or the history of the developer in relation to other applications is outside the scope of this document.

ISO/IEC TS 27034-5-1:2018 defines XML Schemas that implement the minimal set of information requirements and essential attributes of ASCs and the activities and roles of the Application Security Life Cycle Reference Model (ASLCRM) from ISO/IEC 27034-5.

ISO/IEC 27034-5 outlines and explains the minimal set of essential attributes of ASCs and details the activities and roles of the Application Security Life Cycle Reference Model (ASLCRM).

ISO/IEC 27034-6:2016 provides usage examples of ASCs for specific applications. NOTE Herein specified ASCs are provided for explanation purposes only and the audience is encouraged to create their own ASCs to assure the application security.

ISO/IEC 27036-4:2016 provides cloud service customers and cloud service providers with guidance on a) gaining visibility into the information security risks associated with the use of cloud services and managing those risks effectively, and b) responding to risks specific to the acquisition or provision of cloud services that can have an information security impact on organizations using these services. ISO/IEC 27036-4:2016 does not include business continuity management/resiliency issues involved with the cloud service. ISO/IEC 27031 addresses business continuity. ISO/IEC 27036-4:2016 does not provide guidance on how a cloud service provider should implement, manage and operate information security. Guidance on those can be found in ISO/IEC 27002 and ISO/IEC 27017. The scope of ISO/IEC 27036-4:2016 is to define guidelines supporting the implementation of information security management for the use of cloud services.

ISO/IEC 27033-6:2016 describes the threats, security requirements, security control and design techniques associated with wireless networks. It provides guidelines for the selection, implementation and monitoring of the technical controls necessary to provide secure communications using wireless networks. The information in this part of ISO/IEC 27033 is intended to be used when reviewing or selecting technical security architecture/design options that involve the use of wireless network in accordance with ISO/IEC 27033‑2. Overall, ISO/IEC 27033‑6 will aid considerably the comprehensive definition and implementation of security for any organization's wireless network environment. It is aimed at users and implementers who are responsible for the implementation and maintenance of the technical controls necessary to provide secure wireless networks.

ISO/IEC 27033-1:2015 provides an overview of network security and related definitions. It defines and describes the concepts associated with, and provides management guidance on, network security. (Network security applies to the security of devices, security of management activities related to the devices, applications/services, and end-users, in addition to security of the information being transferred across the communication links.) It is relevant to anyone involved in owning, operating or using a network. This includes senior managers and other non-technical managers or users, in addition to managers and administrators who have specific responsibilities for information security and/or network security, network operation, or who are responsible for an organization's overall security program and security policy development. It is also relevant to anyone involved in the planning, design and implementation of the architectural aspects of network security. ISO/IEC 27033-1:2015 also includes the following: - provides guidance on how to identify and analyse network security risks and the definition of network security requirements based on that analysis, - provides an overview of the controls that support network technical security architectures and related technical controls, as well as those non-technical controls and technical controls that are applicable not just to networks, - introduces how to achieve good quality network technical security architectures, and the risk, design and control aspects associated with typical network scenarios and network "technology" areas (which are dealt with in detail in subsequent parts of ISO/IEC 27033), and briefly addresses the issues associated with implementing and operating network security controls, and the on-going monitoring and reviewing of their implementation. Overall, it provides an overview of this International Standard and a "road map" to all other parts.

ISO/IEC 27034-2:2015 provides a detailed description of the Organization Normative Framework and provides guidance to organizations for its implementation.

ISO/IEC 27041:2015 provides guidance on mechanisms for ensuring that methods and processes used in the investigation of information security incidents are "fit for purpose". It encapsulates best practice on defining requirements, describing methods, and providing evidence that implementations of methods can be shown to satisfy requirements. It includes consideration of how vendor and third-party testing can be used to assist this assurance process. This document aims to ? provide guidance on the capture and analysis of functional and non-functional requirements relating to an Information Security (IS) incident investigation, ? give guidance on the use of validation as a means of assuring suitability of processes involved in the investigation, ? provide guidance on assessing the levels of validation required and the evidence required from a validation exercise, ? give guidance on how external testing and documentation can be incorporated in the validation process.

ISO/IEC 27042:2015 provides guidance on the analysis and interpretation of digital evidence in a manner which addresses issues of continuity, validity, reproducibility, and repeatability. It encapsulates best practice for selection, design, and implementation of analytical processes and recording sufficient information to allow such processes to be subjected to independent scrutiny when required. It provides guidance on appropriate mechanisms for demonstrating proficiency and competence of the investigative team. Analysis and interpretation of digital evidence can be a complex process. In some circumstances, there can be several methods which could be applied and members of the investigative team will be required to justify their selection of a particular process and show how it is equivalent to another process used by other investigators. In other circumstances, investigators may have to devise new methods for examining digital evidence which has not previously been considered and should be able to show that the method produced is "fit for purpose". Application of a particular method can influence the interpretation of digital evidence processed by that method. The available digital evidence can influence the selection of methods for further analysis of digital evidence which has already been acquired. ISO/IEC 27042:2015 provides a common framework, for the analytical and interpretational elements of information systems security incident handling, which can be used to assist in the implementation of new methods and provide a minimum common standard for digital evidence produced from such activities.

ISO/IEC 27043:2015 provides guidelines based on idealized models for common incident investigation processes across various incident investigation scenarios involving digital evidence. This includes processes from pre-incident preparation through investigation closure, as well as any general advice and caveats on such processes. The guidelines describe processes and principles applicable to various kinds of investigations, including, but not limited to, unauthorized access, data corruption, system crashes, or corporate breaches of information security, as well as any other digital investigation. In summary, this International Standard provides a general overview of all incident investigation principles and processes without prescribing particular details within each of the investigation principles and processes covered in this International Standard. Many other relevant International Standards, where referenced in this International Standard, provide more detailed content of specific investigation principles and processes.

ISO/IEC 27039:2015 provides guidelines to assist organizations in preparing to deploy intrusion detection and prevention systems (IDPS). In particular, it addresses the selection, deployment, and operations of IDPS. It also provides background information from which these guidelines are derived.

ISO/IEC 27038:2014 specifies characteristics of techniques for performing digital redaction on digital documents. It also specifies requirements for software redaction tools and methods of testing that digital redaction has been securely completed. ISO/IEC 27038:2014 does not include the redaction of information from databases.

ISO/IEC 27033-4:2014 gives guidance for securing communications between networks using security gateways (firewall, application firewall, Intrusion Protection System, etc.) in accordance with a documented information security policy of the security gateways, including: identifying and analysing network security threats associated with security gateways; defining network security requirements for security gateways based on threat analysis; using techniques for design and implementation to address the threats and control aspects associated with typical network scenarios; and addressing issues associated with implementing, operating, monitoring and reviewing network security gateway controls.

ISO/IEC 27033-5:2013 gives guidelines for the selection, implementation, and monitoring of the technical controls necessary to provide network security using Virtual Private Network (VPN) connections to interconnect networks and connect remote users to networks.

ISO/IEC 27037:2012 provides guidelines for specific activities in the handling of digital evidence, which are identification, collection, acquisition and preservation of potential digital evidence that can be of evidential value. It provides guidance to individuals with respect to common situations encountered throughout the digital evidence handling process and assists organizations in their disciplinary procedures and in facilitating the exchange of potential digital evidence between jurisdictions. ISO/IEC 27037:2012 gives guidance for the following devices and circumstances: Digital storage media used in standard computers like hard drives, floppy disks, optical and magneto optical disks, data devices with similar functions, Mobile phones, Personal Digital Assistants (PDAs), Personal Electronic Devices (PEDs), memory cards, Mobile navigation systems, Digital still and video cameras (including CCTV), Standard computer with network connections, Networks based on TCP/IP and other digital protocols, and Devices with similar functions as above. The above list of devices is an indicative list and not exhaustive.

ISO/IEC 27033-2:2012 gives guidelines for organizations to plan, design, implement and document network security.

ISO/IEC 27034 provides guidance to assist organizations in integrating security into the processes used for managing their applications. ISO/IEC 27034-1:2011 presents an overview of application security. It introduces definitions, concepts, principles and processes involved in application security. ISO/IEC 27034 is applicable to in-house developed applications, applications acquired from third parties, and where the development or the operation of the application is outsourced.

ISO/IEC 27031:2011 describes the concepts and principles of information and comunication technology (ICT) readiness for business continuity, and provides a framework of methods and processes to identify and specify all aspects (such as performance criteria, design, and implementation) for improving an organization's ICT readiness to ensure business continuity. It applies to any organization (private, governmental, and non-governmental, irrespective of size) developing its ICT readiness for business continuity program (IRBC), and requiring its ICT services/infrastructures to be ready to support business operations in the event of emerging events and incidents, and related disruptions, that could affect continuity (including security) of critical business functions. It also enables an organization to measure performance parameters that correlate to its IRBC in a consistent and recognized manner. The scope of ISO/IEC 27031:2011 encompasses all events and incidents (including security related) that could have an impact on ICT infrastructure and systems. It includes and extends the practices of information security incident handling and management and ICT readiness planning and services.

ISO/IEC 27033-3:2010 describes the threats, design techniques and control issues associated with reference network scenarios. For each scenario, it provides detailed guidance on the security threats and the security design techniques and controls required to mitigate the associated risks. Where relevant, it includes references to ISO/IEC 27033-4 to ISO/IEC 27033-6 to avoid duplicating the content of those documents. The information in ISO/IEC 27033-3:2010 is for use when reviewing technical security architecture/design options and when selecting and documenting the preferred technical security architecture/design and related security controls, in accordance with ISO/IEC 27033-2. The particular information selected (together with information selected from ISO/IEC 27033-4 to ISO/IEC 27033-6) will depend on the characteristics of the network environment under review, i.e. the particular network scenario(s) and ‘technology' topic(s) concerned. Overall, ISO/IEC 27033-3:2010 will aid considerably the comprehensive definition and implementation of security for any organization's network environment.

Associated with the provision and operation of a Trusted Third Party (TTP) are a number of security-related issues for which general guidance is necessary to assist business entities, developers and providers of systems and services, etc. This includes guidance on issues regarding the roles, positions and relationships of TTPs and the entities using TTP services, the generic security requirements, who should provide what type of security, what the possible security solutions are, and the operational use and management of TTP service security. This Recommendation | Technical Report provides guidance for the use and management of TTPs, a clear definition of the basic duties and services provided, their description and their purpose, and the roles and liabilities of TTPs and entities using their services. It is intended primarily for system managers, developers, TTP operators and enterprise users to select those TTP services needed for particular requirements, their subsequent management, use and operational deployment, and the establishment of a Security Policy within a TTP. It is not intended to be used as a basis for a formal assessment of a TTP or a comparison of TTPs. This Recommendation | Technical Report identifies different major categories of TTP services including: time stamping, non-repudiation, key management, certificate management, and electronic notary public. Each of these major categories consists of several services which logically belong together.

This Recommendation | International Standard will define those TTP services needed to support the application of digital signatures for the purpose of non-repudiation of creation of documents. This Recommendation | International Standard will also define interfaces and protocols to enable interoperability between entities associated with these TTP services. Definitions of technical services and protocols are required to allow for the implementation of TTP services and related commercial applications. This Recommendation | International Standard focuses on: ? implementation and interoperability; ? service specifications; and ? technical requirements. This Recommendation | International Standard does not describe the management of TTPs or other organizational, operational or personal issues. Those topics are mainly covered in ITU-T Rec. X.842 | ISO/IEC TR 14516, Information technology ? Security techniques ? Guidelines on the use and management of Trusted Third Party services. NOTE 1 ? Because interoperability is the main issue of this Recommendation | International Standard, the following restrictions hold: i) Only those services which may be offered by a TTP, either to end entities or to another TTP, are covered in this Recommendation | International Standard. ii) Only those services which may be requested and/or delivered by means of standardizable digital messages are covered. iii) Only those services for which widely acceptable standardized messages can be agreed upon at the time this Recommendation | International Standard is published are specified in detail. Further services will be specified in separate documents when widely acceptable standardized messages are available for them. In particular, time stamping services will be defined in a separate document. NOTE 2 ? The data structures and messages in this Recommendation | International Standard will be specified in accordance to RFC documents, RFC 2510 and RFC 2511 (for certificate management services) and to RFC 2560 (for OCSP services). The certificate request format also allows interoperability with PKCS#10. See Annex C for references to the documents mentioned in this Note. NOTE 3 ? Other standardization efforts for TTP services in specific environments and applications, like SET or EDIFACT, exist. These are outside of the scope of this Recommendation | International Standard. NOTE 4 ? This Recommendation | International Standard defines technical specifications for services. These specifications are independent of policies, specific legal regulations, and organizational models (which, for example, might define how duties and responsibilities are shared between Certification Authorities and Registration Authorities). Of course, the policy of TTPs offering the services described in this Recommendation | International Standard will need to specify how legal regulations and the other aspects mentioned before will be fulfilled by the TTP. In particular, the policy has to specify how the validity of digital signatures and certificates is determined.

The scope of this Recommendation | International Standard is: a) the definition of guidelines for specifying the abstract syntax of generic and specific Security Information Objects (SIOs) for Access Control; b) the specification of generic SIOs for Access Control; c) the specification of specific SIOs for Access Control. The scope of this Recommendation | International Standard covers only the "statics" of SIOs through syntactic definitions in terms of ASN.1 descriptions and additional semantic explanations. It does not cover the "dynamics" of SIOs, for example rules relating to their creation and deletion. The dynamics of SIOs are a local implementation issue.

This document describes the concepts and principles of information and communication technology (ICT) readiness for business continuity (IRBC). It provides a framework of methods and processes to identify and specify aspects for improving an organization's ICT readiness to ensure business continuity. This document serves the following business continuity objectives for ICT: — Maximum Tolerable Period of Disruption (MTPD), — Recovery Point Objective (RPO), — Recovery Time Objective (RTO) as part of the ICT Business Continuity Planning. This document applies to all types and sizes of organizations. This document describes how the ICT department plan and prepare to contribute to the resilience objectives desired by the organization.

Electronic discovery is the process of discovering pertinent Electronically Stored Information (ESI) or data by one or more parties involved in an investigation or litigation, or similar proceeding. ISO/IEC 27050:2016 provides an overview of electronic discovery. In addition, it defines related terms and describes the concepts, including, but not limited to, identification, preservation, collection, processing, review, analysis, and production of ESI. This document also identifies other relevant standards (e.g. ISO/IEC 27037) and how they relate to, and interact with, electronic discovery activities. ISO/IEC 27050-1:2016 is relevant to both non-technical and technical personnel involved in some or all of the electronic discovery activities, and it is not intended to contradict or supersede local jurisdictional laws and regulations, so exercise care to ensure compliance with the prevailing jurisdictional requirements.

ISO/IEC 27035-1:2016 is the foundation of this multipart International Standard. It presents basic concepts and phases of information security incident management and combines these concepts with principles in a structured approach to detecting, reporting, assessing, and responding to incidents, and applying lessons learnt. The principles given in ISO/IEC 27035-1:2016 are generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the guidance given in ISO/IEC 27035-1:2016 according to their type, size and nature of business in relation to the information security risk situation. It is also applicable to external organizations providing information security incident management services.