ISO 27036:2023
ISO/IEC 27036:2023 Cybersecurity – Supplier relationships – Part 3: Guidelines for hardware, software, and services supply chain security
CDN $295.00
Description
This document provides guidance for product and service acquirers, as well as suppliers of hardware, software and services, regarding:
a)    gaining visibility into and managing the information security risks caused by physically dispersed and multi-layered hardware, software, and services supply chains;
b)    responding to risks stemming from this physically dispersed and multi-layered hardware, software, and services supply chain that can have an information security impact on the organizations using these products and services;
c)    integrating information security processes and practices into the system and software life cycle processes, as described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207, while supporting information security controls, as described in ISO/IEC 27002.
This document does not include business continuity management/resiliency issues involved with the hardware, software, and services supply chain. ISO/IEC 27031 addresses information and communication technology readiness for business continuity.
Edition
2
Published Date
2023-06-13
Status
PUBLISHED
Pages
35
Language
English
Format
Secure PDF
Secure – PDF details
- Save your file locally or view it via a web viewer
- Viewing permissions are restricted exclusively to the purchaser
- Device limits - 3
- Printing – Enabled only to print (1) copy
See more about our Environmental Commitment
Abstract
This document provides guidance for product and service acquirers, as well as suppliers of hardware, software and services, regarding:
a)    gaining visibility into and managing the information security risks caused by physically dispersed and multi-layered hardware, software, and services supply chains;
b)    responding to risks stemming from this physically dispersed and multi-layered hardware, software, and services supply chain that can have an information security impact on the organizations using these products and services;
c)    integrating information security processes and practices into the system and software life cycle processes, as described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207, while supporting information security controls, as described in ISO/IEC 27002.
This document does not include business continuity management/resiliency issues involved with the hardware, software, and services supply chain. ISO/IEC 27031 addresses information and communication technology readiness for business continuity.
Previous Editions
Can’t find what you are looking for?
Please contact us at:
Related Documents
-
ISO 20009:2022 Information security – Anonymous entity authentication – Part 3: Mechanisms based on blind signatures
CDN $186.00 Add to cart -
ISO/IEC 27001:2022/Amd 1:2024 Information security, cybersecurity and privacy protection – Information security management systems – Requirements – Amendment 1: Climate action changes
CDN $0.00 Add to cart -
ISO 20648:2024 Information technology – TLS specification for storage systems
CDN $186.00 Add to cart -
ISO 27013:2021 Information security, cybersecurity and privacy protection – Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
CDN $379.00 Add to cart
