Welcome to the SecAware blog

I spy with my beady eye ...

23 Dec 2019

NBlog Dec 23 - how many ISO MSSs are there?

Did you know there are fourteen ISO Management Systems Standards*?

Is this a cottage industry, ISO's sausage-machine churning out MSSs one after another? Has ISO discovered a vein of gold?

Or is it that the MSS approach works so well that organizations welcome the standards, creating demand?

Both maybe? Or something else entirely?

You tell me.  

All I know is that ISO/IEC 27001 does a pretty good job in the area of information risk and security management, based on BS 7799.  ISO 9001 set the MSS ball rolling, drawing on BS 5750. And ISO 20000 is, in effect, the ISO version of ITIL, a UK government standard. I'm not familiar with the remaining MSSs but I wouldn't be surprised to discover several of them are also based on British standards. I don't know why that would be: the Brits are certainly not alone in understanding the value of governance structures, assurance and compliance.

* I've found 14 of them anyway. A couple of them aren't listed by ISO's website search engine, for some reason. Maybe there are more.

No comments:

Post a Comment