ISO 9001 is a standard that sets out the requirements for a quality management system. It helps businesses and organizations to be more efficient and improve customer satisfaction.
The new version of the standard brings the user a number of benefits.
Quality Management Systems - Requirements for Aviation, Space, and Defense Organizations AS9100D
This standard includes ISO 9001:20152 quality management system requirements and specifies additional aviation, space, and defense industry requirements, definitions, and notes.
It is emphasized that the requirements specified in this standard are complementary (not alternative) to the customer and applicable statutory and regulatory requirements.
If there is a conflict between the requirements of this standard and customer or applicable statutory or regulatory requirements, the latter shall take precedence.
This International Standard specifies requirements for a quality management system when an organization:
ISO/IEC 90003:2014 provides guidance for organizations in the application of ISO 9001:2008 to the acquisition, supply, development, operation, and maintenance of computer software and related support services. ISO/IEC 90003:2014 does not add to or otherwise change the requirements of ISO 9001:2008.
The guidelines provided in ISO/IEC 90003:2014 are not intended to be used as assessment criteria in quality management system registration/certification.
The application of ISO/IEC 90003:2014 is appropriate to software that is
Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties.
ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).
ISO/IEC 27017:2015 gives guidelines for information security controls applicable to the provision and use of cloud services by providing:
ISO/IEC 27018:2014 establishes commonly accepted control objectives, controls, and guidelines for implementing measures to protect Personally Identifiable Information (PII) in accordance with the privacy principles in ISO/IEC 29100 for the public cloud computing environment.
In particular, ISO/IEC 27018:2014 specifies guidelines based on ISO/IEC 27002, taking into consideration the regulatory requirements for the protection of PII which might be applicable within the context of the information security risk environment(s) of a provider of public cloud services.
ISO/IEC 27018:2014 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations, which provide information processing services as PII processors via cloud computing under contract to other organizations.
The guidelines in ISO/IEC 27018:2014 might also be relevant to organizations acting as PII controllers; however, PII controllers can be subject to additional PII protection legislation, regulations and obligations, not applying to PII processors. ISO/IEC 27018:2014 is not intended to cover such additional obligations.
SO 27799:2016 and ISO/IEC 27002 taken together define what is required in terms of information security in healthcare, they do not define how these requirements are to be met. That is to say, to the fullest extent possible, ISO 27799:2016 is technology-neutral. Neutrality with respect to implementing technologies is an important feature. Security technology is still undergoing rapid development and the pace of that change is now measured in months rather than years. By contrast, while subject to periodic review, International Standards are expected on the whole to remain valid for years. Just as importantly, technological neutrality leaves vendors and service providers free to suggest new or developing technologies that meet the necessary requirements that ISO 27799:2016 describes.
As noted in the introduction, familiarity with ISO/IEC 27002 is indispensable to an understanding of ISO 27799:2016.
The following areas of information security are outside the scope of ISO 27799:2016:
ISO/IEC 20000-1:2011 is a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements.
ISO/IEC 20000-1:2011 can be used by: