BS ISO/IEC 27036-3:2023
Cybersecurity. Supplier relationships Guidelines for information and communication technology supply chain security (British Standard)
- Standard No.
- BS ISO/IEC 27036-3:2023
- Published By
- American National Standards Institute (ANSI)
- Latest
- BS ISO/IEC 27036-3:2023
- Scope
- This document provides guidance for product and service acquirers, as well as suppliers of hardware, software and services, regarding: a) gaining visibility into and managing the information security risks caused by physically dispersed and multi-layered hardware, software, and services supply chains; b) responding to risks stemming from this physically dispersed and multi-layered hardware, software, and services supply chain that can have an information security impact on the organizations using these products and services; c) integrating information security processes and practices into the system and software life cycle processes, as described in ISO/IEC/IEEE 15288 and ISO/IEC/IEEE 12207 , while supporting information security controls, as described in ISO/IEC 27002 . This document does not include business continuity management/resiliency issues involved with the hardware, software, and services supply chain. ISO/IEC 27031 addresses information and communication technology readiness for business continuity.
BS ISO/IEC 27036-3:2023 history
- 1970 BS ISO/IEC 27036-3:2023 Cybersecurity. Supplier relationships Guidelines for information and communication technology supply chain security (British Standard)
- 2013 BS ISO/IEC 27036-3:2013 Information technology. Security techniques. Information security for supplier relationships. Guidelines for information and communication technology supply chain securit
