ISO/DIS 28022

Security and resilience ― Security management systems ― Guidelines on security management system (SMS) processes

Апстракт

This document provides a process reference model (PRM) for a security management system (SMS) aligned with ISO 28000, which will meet the criteria defined in ISO/IEC 33004 for process reference models. It provides guidelines for users of ISO 28000 on the establishment, implementation, maintenance and improvement of the SMS. It is intended to guide users in the operation of a SMS aligned with ISO 28000 and explain this SMS with a process-oriented view.

This document is applicable to all types and sizes of organizations (e. g. commercial enterprises, government or other public agencies and non-profit organizations) which intend to establish, implement, apply, maintain and improve a security management system. It provides a holistic and common approach and is not industry or sector specific.
This document can be used throughout the life of the organization and can be applied to any activity, internal or external, at all levels.