ISO/IEC 27036-3:2023 PDF

Standard No.: ISO/IEC 27036-3:2023
Release Date: 2023
Published By: Standard Association of Australia （SAA）
Latest: ISO/IEC 27036-3:2023

Scope

This document provides guidance for product and service acquirers, as well as suppliers of hardware, software and services, regarding:

a) gaining visibility into and managing the information security risks caused by physically dispersed and multi-layered hardware, software, and services supply chains;

b) responding to risks stemming from this physically dispersed and multi-layered hardware, software, and services supply chain that can have an information security impact on the organizations using these products and services;

c) integrating information security processes and practices into the system and software life cycle processes, as described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207, while supporting information security controls, as described in ISO/IEC 27002.

This document does not include business continuity management/resiliency issues involved with the hardware, software, and services supply chain. ISO/IEC 27031 addresses information and communication technology readiness for business continuity.

ISO/IEC 27036-3:2023 history

2023 ISO/IEC 27036-3:2023 Cybersecurity — Supplier relationships — Part 3: Guidelines for hardware, software, and services supply chain security
2013 ISO/IEC 27036-3:2013 Information technology.Security techniques.Information security for supplier relationships.Part 3: Guidelines for information and communication technology supply chain security

ISO/IEC 27036-3:2023Cybersecurity — Supplier relationships — Part 3: Guidelines for hardware, software, and services supply chain security

ISO/IEC 27036-3:2023 history

ISO/IEC 27036-3:2023
Cybersecurity — Supplier relationships — Part 3: Guidelines for hardware, software, and services supply chain security