ISO IEC 27036-1-2021 pdf Cybersecurity — Supplier relationships — Part 1: Overview and concepts
3.4 life cycle evolution of a system (3.11), product, service, project, or other human-made entity from conception through retirement [SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.23] 3.5 downstream handling processes (3.7 ) and movements of products and services that occur after an entity in the supply chain (3.10) takes custody of the products and responsibility for services [SOURCE: ISO 28001:2007, 3.10, modified — The word “goods” was replaced by “products and services”, and the definition was changed to better reflect this change in focus.] 3.6 outsourcing acquisition (3.2) of services (with or without products) in support of a business function for performing activities using supplier’s (3.8) resources rather than the acquirer’s (3.1) 3.7 process set of interrelated or interacting activities which transforms inputs into outputs [SOURCE: ISO 9000:2015, 3.4.1, modified — Notes were removed.] 3.8 supplier organization or an individual that enters into an agreement (3.3) with the acquirer (3.1) for the supply of a product or service Note 1 to entry: Other terms commonly used for supplier are contractor, producer, seller, or vendor. Note 2 to entry: The acquirer and the supplier can be part of the same organization. Note 3 to entry: Types of suppliers include those organizations that permit agreement negotiation with an acquirer and those that do not permit negotiation with agreements, e.g. end-user license agreements, terms of use, or open source products’ copyright or intellectual property releases. [SOURCE: ISO/IEC/IEEE 15288:2015, 4.1.45, modified — Note 3 to entry was added.]
5.2.1 Supplier relationships for products When an acquirer enters a supplier relationship for products, it typically purchases products with agreed specifications for a predetermined period for manufacturing the acquirer ’s products. The supplier can have access to the acquirer ’s information when delivering and supporting the product which can result in information security risks to the acquirer ’s information. Failures to fulfil requirements, software vulnerabilities and malfunctions of products and inadvertent release of sensitive information can also cause information security risks to the acquirer. To manage these information security risks, the acquirer may wish to control supplier ’s access to the acquirer ’s information. The acquirer may also wish to control elements of the supplier ’s production processes to maintain quality of the products and to reduce information security risks derived from vulnerabilities, malfunctions or other failures to fulfil requirements. This, in turn, can pose information security risks to the supplier because the acquirer can have access to the supplier ’s information when controlling elements of the supplier ’s processes. Further, the acquirer may wish to have assurances regarding the specification of products, by monitoring or auditing of the production processes or requiring the supplier to obtain an independent certification to demonstrate existence of good practices and required processes. These assurance requirements need be agreed between the acquirer and supplier.
- ISO IEC 27050-4-2021 pdf Information technology — Electronic discovery — Part 4: Technical readiness
- ISO IEC 27013-2021 pdf Information security, cybersecurity and privacy protection — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
- ISO IEC 26580-2021 pdf Software and systems engineering — Methods and tools for the feature- based approach to software and systems product line engineering
- ISO IEC 24735-2021 pdf Information technology — Office equipment — Method for measuring digital copying productivity
- ISO IEC 24711-2021 pdf Information technology — Office equipment — Method for the determination of ink cartridge yield for colour inkjet printers and multi- function devices that contain printer components
- ISO IEC 23544-2021 pdf Information Technology — Data centres — Application Platform Energy Effectiveness (APEE)
- ISO IEC 23510-2021 pdf Information technology — 3D printing and scanning — Framework for an Additive Manufacturing Service Platform (AMSP)
- ISO IEC 23127-1-2021 pdf Information technology — Learning, education, and training — Metadata for facilitators of online learning — Part 1: Framework
- ISO IEC 23126-2021 pdf Information technology for learning, education and training — Ubiquitous learning resource organization and description framework
- ISO IEC 21838-2-2021 pdf Information technology — Top-level ontologies (TLO) — Part 2: Basic Formal Ontology (BFO)
- IEC 60938-1-2021 pdf Fixed inductors for electromagnetic interference suppression – Part 1: Generic specification
- IEC TR 63042-303-2021 pdf UHV AC transmission systems – Part 303: Guideline for the measurement of UHV AC transmission line power frequency parameters
- ISO IEC 23127-1-2021 pdf Information technology — Learning, education, and training — Metadata for facilitators of online learning — Part 1: Framework
- IEC 62397-2007 pdf Nuclear power plants – Instrumentation and control important to safety – Resistance temperature detectors
- IEC 61386-23-2021 pdf Conduit systems for cable management – Part 23: Particular requirements – Flexible conduit systems
- BS ISO IEC 15420-2009 pdf Information technology一 Automatic identification and data capture techniques EAN/UPC bar code symbology specification
- BS IEC 60860-2014 pdf Radiation protection instrumentation一 Warning equipment for criticality accidents
- BS ISO IEC 19762.5-2008 pdf Information technology一 Automatic identification and data capture (AIDC) techniques – Harmonized vocabulary Part 5: Locating systems
- ISO IEC 24735-2021 pdf Information technology — Office equipment — Method for measuring digital copying productivity
- ISO IEC 24711-2021 pdf Information technology — Office equipment — Method for the determination of ink cartridge yield for colour inkjet printers and multi- function devices that contain printer components