Process reference model (PRM) for ISMS (ISO 27001)

ISO TS 33052:2016 “Process reference model (PRM) for information security management” is in interesting document which can be useful when evaluating the possible ways to implement the information security management system (ISMS) processes (see ISO 27001 ISMS requirements). This Technical Specifion (TS) contains process descriptions of 26 processes, and the relationship between ISO 27001 requirements and PRM (in annex A). The 26 processes are shown in the figure below:

ISO 33052-1

Each process description contains following elements

  • Process ID
  • Name
  • Purpose
  • Context
  • Outcomes
  • Requirements traceability

Please note that this TS is not implementation guidance, but is used as a basis for the PAM (Process assessment model) that is described in ISO TS 33072 “Process capability assessment model for information security management”.

About ISO related standards

  • ISO 27001 ISMS requirements
  • ISO 27003 for ISMS implementation guidance
  • ISO 27004 ISMS monitoring, measurement, analysis and evaluation
  • ISO 27007 Guidelines for ISMS auditing
  • ISO 27013 Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 (ie. for service providers)

BSI Standards

For looking the ways how to implement ISMS, it is also worth to have a look on the BSI standards, especially BSI 100-2! They are freely available here.

This entry was posted in Security Certifications, Security Management, Security Standardization and Practises. Bookmark the permalink.

Comments are closed.