scope:

The Standard applies to planning, projecting; construction and maintenance of technical and administrative security systems in order to increase the security regarding IT systems and installations. The Standard is made to support companies and individuals who have purchased or are about to purchase IT-installations. The Standard applies to those responsible for operation and IT-security, architects, planners, engineers, accountants, and consultants who act as advisors concerning IT-technical security matters. This Standard is applicable as reference frame for managers and employees having the responsibility for introducing or maintaining the IT-security. The Standard primarily takes aim at administrative data processing. Specific requirements to the IT-equipment for the purpose of control and regulation within, e.g. the process industry, or within the device area, are not described.