ISO/IEC JTC 1/SC 27

Project No.ISO/IEC 27036-2:2014
Title<p>ISO/IEC 27036-2:2014 specifies fundamental information security requirements for defining, implementing, operating, monitoring, reviewing, maintaining and improving supplier and acquirer relationships.</p> <p>These requirements cover any procurement and supply of products and services, such as manufacturing or assembly, business process procurement, software and hardware components, knowledge process procurement, Build-Operate-Transfer and cloud computing services.</p> <p>These requirements are intended to be applicable to all organizations, regardless of type, size and nature.</p> <p>To meet these requirements, an organization should have already internally implemented a number of foundational processes, or be actively planning to do so. These processes include, but are not limited to, the following: governance, business management, risk management, operational and human resources management, and information security.</p>
Registration number (WIID)59680
Scope<p>ISO/IEC 27036-2:2014 specifies fundamental information security requirements for defining, implementing, operating, monitoring, reviewing, maintaining and improving supplier and acquirer relationships.</p> <p>These requirements cover any procurement and supply of products and services, such as manufacturing or assembly, business process procurement, software and hardware components, knowledge process procurement, Build-Operate-Transfer and cloud computing services.</p> <p>These requirements are intended to be applicable to all organizations, regardless of type, size and nature.</p> <p>To meet these requirements, an organization should have already internally implemented a number of foundational processes, or be actively planning to do so. These processes include, but are not limited to, the following: governance, business management, risk management, operational and human resources management, and information security.</p>
StatusAtcelts
ICS group35.040
35.030