UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

NEN-ISO/IEC 27036-3

Cybersecurity - Supplier relationships - Part 3: Guidelines for hardware, software, and services supply chain security

active, Most Current
Organization: NEN
Publication Date: 1 June 2023
Status: active
Page Count: 46
ICS Code (IT Security): 35.030
scope:

This document provides guidance for product and service acquirers, as well as suppliers of hardware, software and services, regarding:

a) gaining visibility into and managing the information security risks caused by physically dispersed and multi-layered hardware, software, and services supply chains;

b) responding to risks stemming from this physically dispersed and multi-layered hardware, software, and services supply chain that can have an information security impact on the organizations using these products and services;

c) integrating information security processes and practices into the system and software life cycle processes, as described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207, while supporting information security controls, as described in ISO/IEC 27002.

This document does not include business continuity management/resiliency issues involved with the hardware, software, and services supply chain. ISO/IEC 27031 addresses information and communication technology readiness for business continuity.

Document History

NEN-ISO/IEC 27036-3
June 1, 2023
Cybersecurity - Supplier relationships - Part 3: Guidelines for hardware, software, and services supply chain security
This document provides guidance for product and service acquirers, as well as suppliers of hardware, software and services, regarding: a) gaining visibility into and managing the information...
November 1, 2013
Information technology - Security techniques - Information security for supplier relationships - Part 3: Guidelines for information and communication technology supply chain security
This part of ISO/IEC 27036 provides product and service acquirers and suppliers in ICT supply chain with guidance on: a) gaining visibility into and managing the information security risks caused by...

References

Advertisement