ISO/IEC 27036-3:2023
Current
The latest, up-to-date edition.
Cybersecurity — Supplier relationships — Part 3: Guidelines for hardware, software, and services supply chain security
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
English
13-06-2023
This document provides guidance for product and service acquirers, as well as suppliers of hardware, software and services, regarding:
a) gaining visibility into and managing the information security risks caused by physically dispersed and multi-layered hardware, software, and services supply chains;
b) responding to risks stemming from this physically dispersed and multi-layered hardware, software, and services supply chain that can have an information security impact on the organizations using these products and services;
c) integrating information security processes and practices into the system and software life cycle processes, as described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE12207, while supporting information security controls, as described in ISO/IEC27002.
This document does not include business continuity management/resiliency issues involved with the hardware, software, and services supply chain. ISO/IEC 27031 addresses information and communication technology readiness for business continuity.
Committee |
ISO/IEC JTC 1/SC 27
|
DocumentType |
Standard
|
Pages |
35
|
PublisherName |
International Organization for Standardization
|
Status |
Current
|
Supersedes |
Standards | Relationship |
NEN-ISO/IEC 27036-3:2023 | Identical |
DS/ISO/IEC 27036-3:2023 | Identical |
SS-ISO/IEC 27036-3:2024 | Identical |
NS-ISO/IEC 27036-3:2023 | Identical |
SN ISO/IEC 27036-3:2023 | Identical |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.