ISO

Definition

The International Organization for Standardization (ISO) is an independent, non-governmental international organization that develops and publishes international standards for various fields such as information technology, health, environmental management, and more.

History

The ISO was founded in 1947 by a group of scientists and engineers from various countries who were dissatisfied with the lack of standardized methods for measuring physical properties. The first standard, ISO 1, was published in 1934, but it did not gain widespread adoption until the publication of ISO 9000 in 1989.

Structure

The ISO is headquartered in Paris, France, and has regional offices around the world. It has over 150 member organizations, including national and local governments, industry associations, and non-profit organizations. The organization is divided into several committees, each focusing on specific areas such as technical standards, legal documents, and education.

Technical Standards

ISO develops and publishes technical standards for various fields, including:

• Information technology: ISO/IEC 7816 (Contactless payment cards) and ISO/IEC 7819 (Contactless smart card systems)
• Health: ISO/IEC 15199 (Medical devices) and ISO/IEC 13485 (Quality management in healthcare products)
• Environmental management: ISO 14001 (Environmental management systems) and ISO 9001 (Quality management systems)

ISO 20000

ISO 20000 is a family of standards developed by the International Organization for Standardization (ISO) to support the implementation of an enterprise information technology management system. The standard covers aspects such as IT service management, quality management, and asset management.

• ISO/IEC 20002:2011
• ISO/IEC 20003:2011
• ISO/IEC 20004:2011

ISO 27001

ISO 27001 is a standard for Information Security Management Systems (ISMS). It provides guidelines and best practices for implementing an ISMS to protect sensitive data and prevent unauthorized access.

• ISO/IEC 27001:2013
• ISO/IEC 27002:2013
• ISO/IEC 27003:2013

ISO 37007

ISO 37007 is a standard for Risk Management Frameworks. It provides guidelines and best practices for managing risks in organizations.

• ISO/IEC 37123:2020
• ISO/IEC 37124:2021

ISO 37301

ISO 37301 is an updated version of the ISM (Information Security Management System) standard, which focuses on Business Continuity Management and Disaster Recovery Planning.

• ISO/IEC 37301:2019

ISO/IEC 27000 series

The ISO/IEC 27000 series covers various aspects of Information Security Management Systems. The standard includes:

• ISO/IEC 27001 (Information Security Management Systems)
• ISO/IEC 27002 (Risk Management Frameworks for Information Security)
• ISO/IEC 27003 (Information Security Management in Practice)

Benefits

The use of ISO standards provides several benefits, including:

• Improved consistency and comparability across industries
• Increased efficiency and reduced costs
• Enhanced reputation and credibility
• Access to a global community of professionals

Criticisms and Controversies

The ISO has faced criticism for its:

• Lack of transparency in its decision-making processes
• Over-reliance on corporate interests over public needs
• Inadequate support for small and medium-sized enterprises (SMEs)

Conclusion

The International Organization for Standardization (ISO) is an independent, non-governmental international organization that develops and publishes international standards for various fields. The organization has developed a range of technical standards and certifications to support the implementation of best practices in information technology management systems, Risk Management Frameworks, and information security.

Note: This article is not intended to promote or criticize any specific ISO standard or certification. It provides an overview of the topic and its benefits, as well as some of the criticisms and controversies surrounding the organization.