PD ISO/IEC TS 33072:2016
Current
The latest, up-to-date edition.
Information technology. Process assessment. Process capability assessment model for information security management
Hardcopy , PDF
English
09-30-2016
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Overview of the Process Assessment Model
5 The process dimension and process performance
indicators (Level 1)
6 Process capability indicators
Annex A (informative) Conformity of the
process assessment model
Annex B (informative) Input and output
characteristics
Annex C (informative) Association between base
practices and ISO/IEC 27001 requirements
Bibliography
Specifies a process assessment model (PAM) that meets the requirements of ISO/IEC 33004 and that supports the performance of an assessment of process capability by providing indicators for guidance on the interpretation of the process purposes and outcomes as defined in ISO/IEC TS 33052 and the process attributes as defined in ISO/IEC 33020.
Committee |
IST/15
|
DocumentType |
Standard
|
Pages |
196
|
PublisherName |
British Standards Institution
|
Status |
Current
|
This Technical Specification: defines a process assessment model (PAM) that meets the requirements of ISO/IEC 33004 and that supports the performance of an assessment of process capability by providing indicators for guidance on the interpretation of the process purposes and outcomes as defined in ISO/IEC TS 33052 and the process attributes as defined in ISO/IEC 33020; provides guidance, by example, on the definition, selection and use of assessment indicators. A PAM comprises a set of indicators of process performance and process capability. The indicators are used as a basis for collecting the objective evidence that enables an assessor to assign ratings. The set of indicators included in this Technical Specification is not intended to be an all-inclusive set nor is it intended to be applicable in its entirety. The PAM in this Technical Specification is directed at assessment sponsors and competent assessors who wish to select a model, and associated documented process method, for assessment (for either capability determination or process improvement). Additionally it may be of use to developers of assessment models in the construction of their own model, by providing examples of good information security management practices. It can be used by: service providers to assess and improve an Information Security Management System (ISMS); service providers to demonstrate their capability for the design, development, transition and delivery of services that fulfil information security management requirements. Any PAM meeting the requirements defined in ISO/IEC 33004 concerning models for process assessment can be used for assessment. Different models and methods might be needed to address differing business needs. The assessment model in this Technical Specification meets all the requirements expressed in ISO/IEC 33004. NOTE Copyright release for the PAM: Users of this Technical Specification may reproduce subclauses 5.2 to 5.27, 6.2, B.2 and B.3 as part of any tool or other material to support the performance of process assessments so that it can be used for its intended purpose.
Standards | Relationship |
ISO/IEC TS 33072:2016 | Identical |
ISO/IEC TR 24774:2010 | Systems and software engineering Life cycle management Guidelines for process description |
ISO/IEC 33020:2015 | Information technology Process assessment Process measurement framework for assessment of process capability |
ISO/IEC 27001:2013 | Information technology — Security techniques — Information security management systems — Requirements |
ISO/IEC 15504-5:2012 | Information technology Process assessment Part 5: An exemplar software life cycle process assessment model |
ISO/IEC 33001:2015 | Information technology Process assessment Concepts and terminology |
ISO/IEC 15289:2006 | Systems and software engineering Content of systems and software life cycle process information products (Documentation) |
ISO/IEC TS 33052:2016 | Information technology — Process reference model (PRM) for information security management |
ISO/IEC TR 20000-4:2010 | Information technology Service management Part 4: Process reference model |
ISO/IEC 15504-6:2013 | Information technology Process assessment Part 6: An exemplar system life cycle process assessment model |
ISO/IEC 20000-1:2011 | Information technology Service management Part 1: Service management system requirements |
ISO/IEC 33002:2015 | Information technology Process assessment Requirements for performing process assessment |
ISO/IEC 12207:2008 | Systems and software engineering — Software life cycle processes |
ISO/IEC 27000:2016 | Information technology Security techniques Information security management systems Overview and vocabulary |
ISO/IEC 33004:2015 | Information technology Process assessment Requirements for process reference, process assessment and maturity models |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.