• Shopping Cart
    There are no items in your cart

CAN/CSA-ISO/IEC TS 33072:18

Current

Current

The latest, up-to-date edition.

Information technology ? Process assessment ? Process capability assessment model for information security management (Adopted ISO/IEC TS 33072:2016, first edition, 2016-07-15, corrected version 2016-09-01)

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

01-01-2018

€205.49
Excluding VAT

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Overview of the Process Assessment Model
5 The process dimension and process performance
  indicators (Level 1)
6 Process capability indicators
Annex A (informative) Conformity of the
        process assessment model
Annex B (informative) Input and output
        characteristics
Annex C (informative) Association between base
        practices and ISO/IEC 27001 requirements
Bibliography

Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). Scope This Technical Specification: defines a process assessment model (PAM) that meets the requirements of ISO/IEC 33004 and that supports the performance of an assessment of process capability by providing indicators for guidance on the interpretation of the process purposes and outcomes as defined in ISO/IEC TS 33052 and the process attributes as defined in ISO/IEC 33020; provides guidance, by example, on the definition, selection and use of assessment indicators. A PAM comprises a set of indicators of process performance and process capability. The indicators are used as a basis for collecting the objective evidence that enables an assessor to assign ratings. The set of indicators included in this Technical Specification is not intended to be an all-inclusive set nor is it intended to be applicable in its entirety. The PAM in this Technical Specification is directed at assessment sponsors and competent assessors who wish to select a model, and associated documented process method, for assessment (for either capability determination or process improvement). Additionally it may be of use to developers of assessment models in the construction of their own model, by providing examples of good information security management practices. It can be used by: a)service providers to assess and improve an Information Security Management System (ISMS); b)service providers to demonstrate their capability for the design, development, transition and delivery of services that fulfil information security management requirements. Any PAM meeting the requirements defined in ISO/IEC 33004 concerning models for process assessment can be used for assessment. Different models and methods might be needed to address differing business needs. The assessment model in this Technical Specification meets all the requirements expressed in ISO/IEC 33004. NOTE Copyright release for the PAM: Users of this Technical Specification may reproduce subclauses 5.2 to 5.27, 6.2, B.2 and B.3 as part of any tool or other material to support the performance of process assessments so that it can be used for its intended purpose.

DocumentType
Standard
ISBN
978-1-4883-1008-9
Pages
203
PublisherName
Canadian Standards Association
Status
Current

Preface Standards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the SCC Mirror Committee (SMC) on ISO/IEC Joint Technical Committee 1 on Information Technology (ISO/IEC JTC1) for the Standards Council of Canada (SCC), the ISO member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultative Committee (ITU-T). Scope This Technical Specification: defines a process assessment model (PAM) that meets the requirements of ISO/IEC 33004 and that supports the performance of an assessment of process capability by providing indicators for guidance on the interpretation of the process purposes and outcomes as defined in ISO/IEC TS 33052 and the process attributes as defined in ISO/IEC 33020; provides guidance, by example, on the definition, selection and use of assessment indicators. A PAM comprises a set of indicators of process performance and process capability. The indicators are used as a basis for collecting the objective evidence that enables an assessor to assign ratings. The set of indicators included in this Technical Specification is not intended to be an all-inclusive set nor is it intended to be applicable in its entirety. The PAM in this Technical Specification is directed at assessment sponsors and competent assessors who wish to select a model, and associated documented process method, for assessment (for either capability determination or process improvement). Additionally it may be of use to developers of assessment models in the construction of their own model, by providing examples of good information security management practices. It can be used by: a)service providers to assess and improve an Information Security Management System (ISMS); b)service providers to demonstrate their capability for the design, development, transition and delivery of services that fulfil information security management requirements. Any PAM meeting the requirements defined in ISO/IEC 33004 concerning models for process assessment can be used for assessment. Different models and methods might be needed to address differing business needs. The assessment model in this Technical Specification meets all the requirements expressed in ISO/IEC 33004. NOTE Copyright release for the PAM: Users of this Technical Specification may reproduce subclauses 5.2 to 5.27, 6.2, B.2 and B.3 as part of any tool or other material to support the performance of process assessments so that it can be used for its intended purpose.

Standards Relationship
ISO/IEC TS 33072:2016 Identical

ISO/IEC TR 24774:2010 Systems and software engineering Life cycle management Guidelines for process description
ISO/IEC 33020:2015 Information technology Process assessment Process measurement framework for assessment of process capability
ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
ISO/IEC 15504-5:2012 Information technology Process assessment Part 5: An exemplar software life cycle process assessment model
ISO/IEC 33001:2015 Information technology Process assessment Concepts and terminology
ISO/IEC 15289:2006 Systems and software engineering Content of systems and software life cycle process information products (Documentation)
ISO/IEC TS 33052:2016 Information technology — Process reference model (PRM) for information security management
ISO/IEC TR 20000-4:2010 Information technology Service management Part 4: Process reference model
ISO/IEC 15504-6:2013 Information technology Process assessment Part 6: An exemplar system life cycle process assessment model
ISO/IEC 20000-1:2011 Information technology Service management Part 1: Service management system requirements
ISO/IEC 33002:2015 Information technology Process assessment Requirements for performing process assessment
ISO/IEC 12207:2008 Systems and software engineering — Software life cycle processes
ISO/IEC 27000:2016 Information technology Security techniques Information security management systems Overview and vocabulary
ISO/IEC 33004:2015 Information technology Process assessment Requirements for process reference, process assessment and maturity models

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.