Just received from Standards New Zealand:


New ISO information technology Standards – service management systems, information security risk management, and security of biometric data online

Service management systems – new ISO Standard

Information technology – Service management – Part 1: Service management system requirements ISO/IEC 20000-1:2011 specifies requirements for service providers to plan, establish, implement, operate, monitor, review, maintain, and improve a service management system (SMS). ISO/IEC 20000-1:2011 can also be used by organisations that require a consistent approach by all service providers, including those in a supply chain.

Improved ISO Standard helps organisations to manage information security risks

The revised ISO/IEC 27005:2011 helps IT departments to implement a risk management approach to manage their information security management system (ISMS) risks. Information technology – Security techniques – Information security risk management.

ISO/IEC 27005 helps users to implement ISO/IEC 27001:2005 Information technology – Security techniques – Information security management systems – Requirements, which is based on a risk management approach. Knowledge of the concepts, models, processes, and terminologies in ISO/IEC 27001 and ISO/IEC 27002:2005 Information technology – Security techniques – Code of practice for information security management, is important for a complete understanding of ISO/IEC 27005.

Related Standards

  • AS/NZS ISO/IEC 27001:2006 Information technology – Security techniques – Information security management systems – Requirements. Note: This Standard is Identical to and reproduced from ISO/IEC 27001:2005.
  • AS/NZS ISO/IEC 27002:2006 Information technology – Security techniques – Code of practice for information management
  • AS/NZS ISO 31000:2009 Risk management – Principles and guidelines. Note: This Standard is identical to and reproduced from ISO 31000:2009.
  • ISO/IEC 31010:2010 Risk management – Risk assessment techniques
  • ISO Guide 73:2009 Risk management – Vocabulary

Biometrics – new ISO/IEC Standard ensures security of biometric data online

Biometrics provide a unique link to an individual that is nearly or absolutely impossible to fake and include recognition technologies based on face, iris or palm images, voice patterns, and the like – for example, fingerprint scans used to access a computer, or iris scans to cross border control. Biometrics are increasingly being used to automatically identify individuals and as a reliable way to authenticate online transactions. Information technology – Security techniques – Biometric information protection ISO/IEC 24745:2011is a new Standard to ensure security and privacy when managing and processing biometric information.

Related article