International standards
- BS 7799-1:2005 - British Standard BS 7799 first part. BS 7799 Part 1 - Code of Practice for Information Security Management describes the 127 controls required to build information security management systems(ISMS) of the organization, defined on the basis best examples world experience (best practices) in this area. This document serves practical guide on creating an ISMS
- BS 7799-2:2005 - British Standard BS 7799 is the second part of the standard. BS 7799 Part 2 - Information Security management - specification for information security management systems specifies the ISMS specification. The second part of the standard is used as criteria during the official certification procedure for the organization's ISMS.
- BS 7799-3:2006 - British Standard BS 7799 third part of the standard. A new standard in risk management information security
- ISO/IEC 17799:2005 - “Information technology - Security technologies - Information security management practice.” International standard based on BS 7799-1:2005.
- ISO/IEC 27000 - Vocabulary and definitions.
- ISO/IEC 27001:2005 - "Information technology - Security techniques - Information security management systems - Requirements." International standard based on BS 7799-2:2005.
- ISO/IEC 27002 - Now: ISO/IEC 17799:2005. "Information technologies - Security technologies - Practical rules for information security management." Release date: 2007.
- ISO/IEC 27005 - Now: BS 7799-3:2006 - Guidance on information security risk management.
- German Information Security Agency. IT Baseline Protection Manual - Standard security safeguards information technologies).
State (national) standards of the Russian Federation
- GOST R 50922-2006 - Information protection. Basic terms and definitions.
- R 50.1.053-2005 - Information technologies. Basic terms and definitions in the field technical protection information.
- GOST R 51188-98 - Information protection. Trial software for availability computer viruses. Model manual.
- GOST R 51275-2006 - Information protection. Information object. Factors influencing information. General provisions.
- GOST R ISO/IEC 15408-1-2008 - Information technology. Methods and means of ensuring security. Criteria for assessing the security of information technologies. Part 1. Introduction and general model.
- GOST R ISO/IEC 15408-2-2008 - Information technology. Methods and means of ensuring security. Criteria for assessing the security of information technologies. Part 2. Functional safety requirements.
- GOST R ISO/IEC 15408-3-2008 - Information technology. Methods and means of ensuring security. Criteria for assessing the security of information technologies. Part 3. Security assurance requirements.
- GOST R ISO/IEC 15408 - “General criteria for assessing the security of information technologies” - a standard that defines tools and methods for assessing the security of information products and systems; it contains a list of requirements against which the results of independent safety assessments can be compared - allowing the consumer to make decisions about the safety of products. The scope of the application of the “General Criteria” is the protection of information from unauthorized access, modification or leakage, and other methods of protection implemented by hardware and software.
- GOST R ISO/IEC 17799 - “Information technologies. Practical rules for information security management." Direct application of the international standard with the addition of ISO/IEC 17799:2005.
- GOST R ISO/IEC 27001 - “Information technologies. Security methods. Information security management system. Requirements". The direct application of the international standard is ISO/IEC 27001:2005.
- GOST R 51898-2002: Safety aspects. Rules for inclusion in standards.
Guiding Documents
- RD SVT. Protection against NSD. Security indicators from NSD to information - contains a description of security indicators information systems and requirements for security classes.
see also
- Undeclared capabilities
External links
Wikimedia Foundation. 2010.
See what “Information Security Standards” are in other dictionaries:
Information security audit system process obtaining objective qualitative and quantitative assessments of the current state of the company’s information security in accordance with certain security criteria and indicators... ... Wikipedia
GOST R 53114-2008: Information protection. Ensuring information security in the organization. Basic terms and definitions- Terminology GOST R 53114 2008: Information protection. Ensuring information security in the organization. Basic terms and definitions original document: 3.1.19 automated system in a secure design; Protected speaker:... ... Dictionary-reference book of terms of normative and technical documentation
OCCUPATIONAL SAFETY STANDARDS- documents that, for the purpose of voluntary repeated use, establish product safety characteristics, rules for safe implementation and characteristics of production processes, operation, storage, transportation, sales... Russian encyclopedia of labor protection
Contents 1 Defining a security policy 2 Assessment methods 3 ... Wikipedia
National Security Agency/Central Security Service ... Wikipedia
Audit Types of audit Internal audit External audit Tax audit Environmental audit Social audit Fire audit Due diligence Basic concepts Auditor Material ... Wikipedia
State standards for products, works and services- State standards are developed for products, works and services that have intersectoral significance and should not contradict the legislation of the Russian Federation. State standards must contain: requirements for products, work... ... Vocabulary: accounting, taxes, business law
Ministry of Emergency Situations of Ukraine (LGUBZhD, LDU BZD) ... Wikipedia
It was classically believed that ensuring information security consists of three components: Confidentiality, Integrity, Availability. The points of application of the information security process to the information system are Hardware... Wikipedia
Books
- Information security standards. Protection and processing of confidential documents. Training manual, Sychev Yuri Nikolaevich. It is impossible for specialists working in the field of information security to do without knowledge of international and national standards and guidance documents. The need to use...
- International foundations and standards of information security of financial and economic systems. Study guide, Yulia Mikhailovna Beketnova. The publication is intended for undergraduate and graduate students studying Information Security, as well as researchers, teachers, graduate students,…
Ensure the security of information systems in Currently, it is impossible without competent and high-quality creation of information security systems. This determined the work of the world community to systematize and streamline the basic requirements and characteristics of such systems in terms of information security.
One of the main results of such activities was systeminternational and national standardsinformation security, which contains more than a hundred different documents.
This is especially true for the so-called open systems for commercial use, processing restricted information that does not contain state secrets, and rapidly developing in our country.
Under understand open systems a collection of all kinds of computing and telecommunications equipment from different manufacturers, the joint functioning of which is ensured by compliance with the requirements of standards, primarily international ones.
The term " open " also implies that if a computing system complies with standards, then it will be open to interconnection with any other system that meets the same standards. This, in particular, applies to mechanisms for cryptographic information protection or protection against unauthorized access ( NSD) to information.
Information security specialists ( IS) today it is almost impossible to do without knowledge of the relevant standards.
Firstly, standards and specifications are one of the forms of knowledge accumulation, primarily about the procedural and software and hardware levels of information security. They document proven, high-quality solutions and methodologies developed by the most qualified specialists.
Secondly , both of them are the main means of ensuring mutual compatibility of hardware-software systems and their components, and in internet:-community This product really works and is very effective.
Recently, a new generation of standards in the field of information security has appeared in different countries, dedicated to practical issues of managing a company’s information security. These are, first of all, international and national information security management standards ISO 15408, ISO 17799 (BS7799), BS.I.; audit standards for information systems and information
on-line security OWLIT,SAC, COSABOUT and some others similar to them.
International standards are of particular importance ISO 15408, ISO 17799 serve as the basis for any work in the field information security, including auditing.
ISO 15408 - defines detailed requirements for software and hardware information security tools.
ISO 17799 - focused on issues organization and security management.
Use of international and national standards ensuring information security helps to solve the following five tasks:
- Firstly , determination of goals for ensuring information security of computer systems;
- Secondly , Creation effective system information security management;
- Thirdly , calculation of a set of detailed not only qualitative, but also quantitative indicators to assess the compliance of information security with the stated goals;
- fourthly , application of information security tools and assessment of its current state;
- fifthly , the use of security management techniques with a well-founded system of metrics and measures to support information system developers that allow them to objectively assess the security of information assets and manage the company’s information security.
Focus on international standard ISO/ 15408 and his Russian analogue of GOST R ISO/IEC15408 -2002 “Criteria for assessing the security of information technologies” and specifications "Internet-communities."
Conducting an audit information security is based on the use of numerous recommendations, which are set out mainly in international standards IS.
Starting from the beginning 80s, dozens of international and national standards in the field of information security have been created, which to a certain extent complement each other.
The lecture discusses the most important standards, the knowledge of which is necessary for developers and evaluators of security products, system administrators, heads of information security services, and users according to the chronology of their creation, including:
Reliability assessment criterion computer systems « Orange book"(USA);
Harmonized criteria of European countries;
German standard BSI;
British standard B.S. 7799 ;
Standard " General criteria"ISO 15408;
Standard ISO 17799;
Standard COBIT
These standards can be divided into two different types:
Evaluation Standards , aimed at classifying information systems and means of protection according to security requirements;
Technical Specifications regulating various aspects of the implementation of protective equipment.
It's important to note that between these types of regulatory documents there is no blank wall, on the contrary, there is a logical relationship.
Evaluation Standards highlight the most important aspects of information security from an information security point of view, playing the role of architectural specifications.
Technical Specifications determine how to build an IS of a prescribed architecture. The following describes the features of these standards.
2. Criteria for assessing trusted computer systems
(« Orange Book")
Let's look at the most well-known international standards in the field of information security.
ISO standard 17799 “Practical Rules for Information Security Management” considers the following aspects of information security:
Basic concepts and definitions;
Information security policy;
Organizational security issues;
Asset classification and management;
Safety issues related to personnel;
Physical and impact protection environment;
Management of data transfer and operational activities;
Access control;
Systems development and maintenance;
Business continuity management;
Internal audit of the company's information security;
Compliance with legal requirements.
The standard occupies an important place in the system of standards ISO 15408"Common Criteria for Information Technology Security", known as "Common Criteria". The “General Criteria” classifies a wide range of information technology security requirements, defines their grouping structures and principles of use.
An important component of the standards system is infrastructure public keys PKI (Public Key Infrastructure). This infrastructure involves the deployment of a network of key certification authorities and the use of digital certificates that comply with X.509 recommendations
Russian information security standards
GOST R 50739-95. Computer facilities. Protection against unauthorized access to information. General technical requirements. Gosstandart of Russia
GOST R 50922-2006. Data protection. Basic terms and definitions. Gosstandart of Russia
GOST R 51188-98. Data protection. Testing software for computer viruses. Model manual. Gosstandart of Russia
GOST R 51275-2006. Data protection. Information object. Factors influencing information. General provisions. Gosstandart of Russia
GOST R 51583-2000. Data protection. Creation order automated systems in a protected version. General provisions
GOST R 51624-2000. Data protection. Automated systems in a secure design. General requirements
GOST R 52069-2003. Data protection. System of standards. Basic provisions
GOST R 53131-2008 (ISO/IEC TO 24762-2008). Data protection. Recommendations for recovery services after emergency situations functions and security mechanisms of information and telecommunication technologies. General provisions
GOST R ISO 7498-1-99. Information technology. Relationship open systems. Basic reference model. Part 1. Basic model. Gosstandart of Russia
GOST R ISO 7498-2-99. Information technology. Interconnection of open systems. Basic reference model. Part 2. Information security architecture. Gosstandart of Russia
GOST R ISO/IEC 13335-1-2006. Information technology. Methods and means of ensuring security. Part 1. Concept and models of security management of information and telecommunication technologies
GOST R ISO/IEC TO 13335-3-2007. Information technology. Methods and means of ensuring security. Part 3. Information technology security management methods
GOST R ISO/IEC TO 13335-4-2007. Information technology. Methods and means of ensuring security. Part 4. Selection of protective measures
GOST R ISO/IEC TO 13335-5-2007. Information technology. Methods and means of ensuring security. Part 5: Network Security Management Guide
GOST R ISO/IEC 15408 -1-2008. Methods and means of ensuring security. Criteria for assessing information technology security. Part 1. Introduction and general model. Gosstandart of Russia
GOST R ISO/IEC 15408-2-2008. Methods and means of ensuring security. Criteria for assessing the security of information technologies. Part 2. Functional safety requirements. Gosstandart of Russia
GOST R ISO/IEC 15408-3-2008. Methods and means of ensuring security. Criteria for assessing the security of information technologies. Part 3. Security assurance requirements. Gosstandart of Russia
GOST R ISO/IEC TO 15443-1-2011. Information technology. Methods and means of ensuring security. Fundamentals of trust in IT security. Part 1: Overview and Basics
GOST R ISO/IEC TO 15443-2-2011. Information technology. Methods and means of ensuring security. Fundamentals of trust in IT security. Part 2. Trust Methods
GOST R ISO/IEC TO 15443-3-2011. Information technology. Methods and means of ensuring security. Fundamentals of trust in IT security. Part 3. Analysis of trust methods
GOST R ISO/IEC 17799- 2005. Information technology. Methods and means of ensuring security. Information Security Management Practices
GOST R ISO/IEC 18028-1-2008. Information technology. Methods and means of ensuring security. Network security of information technologies. Management network security
GOST R ISO/IEC TO 19791-2008. Information technology. Methods and means of ensuring security. Security assessment of automated systems
GOST R ISO/IEC 27001- 2006. Methods and means of ensuring security. Information security management systems. Requirements
GOST R ISO/IEC 27004-2011. Information technology. Methods and means of ensuring security. Information security management. Measurements
GOST R ISO/IEC 27005-2009. Information technology. Methods and means of ensuring security. Information Security Risk Management
GOST R ISO/IEC 27033-1-2011. Information technology. Methods and means of ensuring security. Network security. Part 1: Overview and Concepts
GOST 28147 -89 Information processing systems. Cryptographic protection. Cryptographic conversion algorithm.
GOST R 34.10 -2001 Information technology. Cryptographic information protection. Processes for generating and verifying electronic digital signature.
GOST R 34.11 -94 Information technology. Cryptographic information protection. Hash Functions.
Very important is the family of international standards for information security management of the ISO 27000 series (which, with some delay, are also adopted as Russian state standards). Separately, we note GOST/ISO 27001 (Information security management systems), GOST/ISO 27002 (17799) (Practical rules for information security management)
Firewall Technologies
Firewall(ME) - a complex of hardware or software that monitors and filters network packets passing through it in accordance with specified rules. ME is also called firewall(German) Brandmauer) or firewall(English) firewall). ME allows you to separate shared network into 2 parts and implement a set of rules that determine the conditions for the passage of data packets through the screen from one part of the network to another. Typically, the firewall is installed between the corporate (local) network and the Internet, protecting the enterprise’s internal network from attacks from global network, but can also protect local network from threats from the corporate network.
The main purpose of a firewall is to protect computer networks or individual nodes from unauthorized access. Firewalls often called filters, since their main task is not to pass (filter) packets that do not meet the criteria defined in the configuration.
One of the most important problems and needs modern society is the protection of human rights in the conditions of involving him in the processes of information interaction, including the right to the protection of personal information in the processes of automated information processing.
I. N. Malanych, 6th year student at VSU
The Institute for Personal Data Protection today is no longer a category that can be regulated only by national law. The most important feature of modern automated information systems is the “supranationality” of many of them, their “exit” beyond state borders, the development of publicly accessible global information networks such as the Internet, the formation of a single information space within the framework of such international structures.
Today in the Russian Federation there is a problem not only of introducing into the legal field the institution of personal data protection within the framework of automated information processes, but also its correlation with existing international legal standards in this area.
There are three main trends in the international legal regulation of the institution of personal data protection, which relates to the processes of automated information processing.
1) Declaration of the right to the protection of personal data, as an integral part of fundamental human rights, in acts of a general humanitarian nature adopted within international organizations.
2) Consolidation and regulation of the right to protect personal information in regulatory acts of the European Union, the Council of Europe, partly the Commonwealth of Independent States and some regional international organizations. This class of norms is the most universal and directly concerns the rights to the protection of personal data in the processes of automated information processing.
3) Inclusion of protection standards confidential information(including personal) into international treaties.
The first method historically appeared earlier than the others. In the modern world, information rights and freedoms are an integral part of fundamental human rights.
The Universal Declaration of Human Rights of 1948 declares: “No one shall be subjected to arbitrary interference with his privacy or family, or to arbitrary attacks on ... the privacy of his correspondence” and further: “Everyone has the right to the protection of the law against such interference or attacks.” The International Covenant on Civil and Political Rights of 1966 repeats the declaration in this part. The 1950 European Convention details this right: “Everyone has the right to freedom of expression. This right includes freedom to hold opinions and to receive and impart information and ideas without interference from public authorities and regardless of frontiers.”
These international documents establish human information rights.
Currently, a stable system of views on human information rights has been formed at the international level. In general terms, this is the right to receive information, the right to privacy in terms of protecting information about it, the right to protect information both from the point of view of state security and from the point of view of business security, including financial activities.
The second way - more detailed regulation of the right to the protection of personal information is associated with the ever-increasing intensity of processing personal information in recent years using automated computer information systems. In recent decades, a number of international documents have been adopted within the framework of a number of international organizations that develop basic information rights in connection with the intensification of cross-border information exchange and the use of modern information technologies. Among such documents are the following:
The Council of Europe in 1980 developed the European Convention on the Protection individuals in matters relating to the automatic processing of personal data, which came into force in 1985. The Convention defines the procedure for collecting and processing personal data, the principles of storage and access to this data, and methods of physical protection of data. The Convention guarantees respect for human rights in the collection and processing of personal data, principles of storage and access to this data, methods of physical protection of data, and also prohibits the processing of data on race, political opinions, health, religion without appropriate legal grounds. Russia acceded to the European Convention in November 2001.
In the European Union, issues of personal data protection are regulated by a whole range of documents. In 1979, the European Parliament Resolution “On the protection of individual rights in connection with the progress of informatization” was adopted. The resolution invited the Council and the Commission of the European Communities to develop and adopt legal acts on the protection of personal data in connection with technical progress in the field of computer science. In 1980, the Recommendations of the Organization for Cooperation of Member States of the European Union “On guidelines for the protection of privacy in the interstate exchange of personal data” were adopted. Currently, issues of personal data protection are regulated in detail by directives of the European Parliament and the Council of the European Union. These are Directives No. 95/46/EC and No. 2002/58/EC of the European Parliament and of the Council of 24 October 1995 on the protection of the rights of individuals with regard to the processing of personal data and on the free movement of such data, Directive No. 97/66 /EC of the European Parliament and of the Council of the European Union of 15 December 1997 concerning the use of personal data and the protection of privacy in telecommunications and other documents.
The acts of the European Union are characterized by a detailed elaboration of the principles and criteria for automated data processing, the rights and obligations of subjects and holders of personal data, issues of their cross-border transfer, as well as liability and sanctions for damage. In accordance with Directive No. 95/46/EC, the European Union has established a Working Group on the protection of individuals with regard to the processing of their personal data. It has the status of an advisory body and acts as an independent structure. The working group consists of a representative of the body established by each Member State for the purpose of supervising compliance on its territory with the provisions of the Directive, a representative of the body or bodies established for the Community institutions and structures, and a representative of the European Commission.
The Organization for Economic Cooperation and Development (OECD) has a Framework for the Protection of Privacy and the International Exchange of Personal Data, which was adopted on September 23, 1980. The preamble to this Directive states: “...OECD member countries have considered it necessary to develop Frameworks that could help harmonize national privacy laws and, while respecting relevant human rights, would not allow blocking of international data exchanges...”. These provisions apply in both the public and private sectors to personal data which, either due to the manner in which it is processed or due to its nature or the context in which it is used, poses a risk of violating privacy and individual freedoms. It defines the need to provide personal data with adequate protection mechanisms against risks associated with their loss, destruction, modification or disclosure, or unauthorized access. Russia, unfortunately, does not participate in this organization.
Interparliamentary Assembly of the CIS Member States on October 16, 1999. The Model Law “On Personal Data” was adopted.
According to the law, “Personal data” is information (recorded on a tangible medium) about a specific person that is identified or can be identified with him. Personal data includes biographical and identification data, personal characteristics, information about family, social status, education, profession, professional and financial status, health status, and others. The law also lists the principles of legal regulation of personal data, forms of state regulation of operations with personal data, rights and obligations of subjects and holders of personal data.
It seems that the considered second method of regulatory regulation of the protection of personal data in international legal acts is the most interesting for analysis. The norms of this class not only directly regulate public relations in this area, but also help bring the legislation of the member countries to international standards, thereby ensuring the effectiveness of these norms on their territory. Thus, the guarantee of information rights enshrined in the Universal Declaration of Human Rights is ensured in the sense of the “right to the protection of the law from ... interference or ... encroachment” declared in Article 12 of the latter.
The third way to consolidate the rules on the protection of personal data is to consolidate their legal protection in international treaties.
Articles on the exchange of information are included in international treaties on legal assistance, on the avoidance of double taxation, and on cooperation in certain public and cultural spheres.
According to Art. 25 Agreements between Russian Federation and the United States on the avoidance of double taxation and the prevention of tax evasion in relation to taxes on income and capital, states are required to provide information that constitutes professional secrets. The Treaty between the Russian Federation and the Republic of India on Mutual Legal Assistance in Criminal Matters contains Article 15 “Confidentiality”: the requested party may require that the information transmitted be kept confidential. Practice of imprisonment international treaties shows the commitment of contracting states to comply with international standards for the protection of personal data.
It seems that the most effective mechanism for regulating this institution at the international legal level is the publication of special regulatory documents within the framework of international organizations. This mechanism not only promotes appropriate internal regulation of the pressing issues of personal information protection within these organizations mentioned at the beginning of the article, but also has a beneficial effect on the national legislation of the participating countries.
Lecture outline
1. Prerequisites for the creation of international information security (IS) standards
1.1. Purpose and goals of international standardization
1.2. International Organization for Standardization, ISO
1.3. Basic international information security standards
2. Criteria for assessing trusted computer systems (“ Orange Book")
2.1.Basic information
2.2 Basic requirements and tools
3. Basic concepts
4.Security implementation mechanisms
5. Sections and safety classes.
5.1. Security Sections
5.2. Security classes
6. Brief classification
International criteria for assessing information technology security foreign countries
Lecture outline
1. Harmonized criteria of European countries
2. German standard BSI
3. British standard BS 7799
4. International standard IS O/ I EC 15408"Criteria for assessing the security of information technologies." "General Criteria"
Prerequisites for the creation of international information security standards
1.1. General issues
Abroad, the development of standards is carried out continuously; drafts and versions of standards are consistently published at different stages of coordination and approval. Some standards are gradually deepened and detailed in the form of a set of groups of standards interconnected in concepts and structure.
It is generally accepted that an integral part of the general process of information technology (IT) standardization is the development of standards related to the problem of IT security, which has become increasingly relevant due to the trends of increasing mutual integration of applied tasks, building them on the basis of distributed data processing, telecommunications systems, electronic data exchange technologies.
Development standards for open systems , including standards in the field of IT security, is implemented by a number of specialized international organizations and consortia such as, for example, ISO, IEC, ITU-T, IEEE, IAB, WOS, ECMA, X/Open, OSF, OMG.
Significant work on standardization of IT security issues is carried out by specialized organizations and at the national level. All this has made it possible to date to form a fairly extensive methodological base, in the form of international, national and industry standards, as well as regulatory and guidance materials regulating activities in the field of IT security.
1.2. State of the international regulatory and methodological framework
In order to systematize the analysis of the current state of the international regulatory and methodological framework in the field of IT security, it is necessary to use some classification of standardization areas .
In general, the following directions can be distinguished :
1. General principles information security management.
2. IT security models.
3. IT security methods and mechanisms (such as, for example: authentication methods, key management, etc.).
4. Cryptographic algorithms.
5. Methods for assessing the security of information systems.
6. Security of EDI technologies.
7. Security of internetwork interactions (firewalls).
8. Certification and certification of standardization objects.
Purpose and goals of international standardization
Standard is a document that establishes the characteristics of products, operation, storage, transportation, sales and disposal, performance of work or provision of services. Standard may also contain requirements for terminology, symbols, packaging, markings or labels and rules for their application.
International standard - a standard adopted by an international organization. In practice, international standards often also mean regional standards and standards developed by scientific and technical societies and adopted as norms by various countries around the world.
International standardization - standardization, participation in which is open to the relevant authorities of all countries.
The main purpose of international standards - this is the creation at the international level of a unified methodological basis for the development of new and improvement of existing quality systems and their certification.
Scientific and technical cooperation in the field of standardization is aimed at harmonizing the national standardization system with international, regional and progressive national standardization systems.
Both industrialized countries and developing countries creating their own national economies are interested in the development of international standardization.
International standards do not have the status of mandatory for all participating countries. Any country in the world has the right to apply or not apply them. Resolving the issue of applying an international standard ISO is connected mainly with the degree of participation of the country in the international division of labor and the state of its foreign trade. ISO is the leading international organization in the field of standardization.
1.4. International Organization for Standardization, ISO
International Organization for Standardization , IS О (International Organization for Standardization, ISO) - an international organization that produces standards.
International organization IS O began to function February 23, 1947. as a voluntary, non-governmental organization. It was established on the basis of what was achieved at a meeting in London in 1946 agreements between representatives 25 industrialized countries on the creation of an organization with the authority to coordinate at the international level the development of various industrial standards and carry out the procedure for their adoption as international standards.
When creating the organization and choosing its name, the need was taken into account for the abbreviation of the name to sound the same in all languages. For this it was decided to use the Greek word isos- equal, which is why in all languages of the world the International Organization for Standardization has a short name IS O (ISO).
Field of activity ISO concerns standardization in all areas, except electrical engineering and electronics, falling within the competence of the International Electrotechnical Commission ( IEC). Some types of work are carried out jointly by these organizations. In addition to standardization ISO also deals with certification issues.
ISO Purpose - promoting the development of standardization on a global scale to facilitate international trade and mutual assistance, as well as to expand cooperation in the field of intellectual, scientific, technical and economic activities.
Loading...
