{"id":2021,"date":"2017-02-09T19:47:07","date_gmt":"2017-02-09T17:47:07","guid":{"rendered":"http:\/\/saisa.eu\/blogs\/Guidance\/?p=2021"},"modified":"2017-02-10T14:36:15","modified_gmt":"2017-02-10T12:36:15","slug":"process-reference-model-prm-for-isms-iso-27001","status":"publish","type":"post","link":"https:\/\/saisa.eu\/blogs\/Guidance\/?p=2021","title":{"rendered":"Process reference model (PRM) for ISMS (ISO 27001)"},"content":{"rendered":"<p>ISO TS <a href=\"http:\/\/www.iso.org\/iso\/home\/store\/catalogue_tc\/catalogue_detail.htm?csnumber=55142\">33052:2016<\/a> &#8220;Process reference model (PRM) for information security management&#8221; is in interesting document which can be useful when evaluating the possible ways to implement the information security management system (ISMS) processes (see <a href=\"http:\/\/www.iso.org\/iso\/home\/store\/catalogue_tc\/catalogue_detail.htm?csnumber=54534\">ISO 27001<\/a> ISMS requirements). This Technical Specifion (TS) contains process descriptions of 26 processes, and the relationship between ISO 27001 requirements and PRM (in annex A). The 26 processes are shown in the figure below:<\/p>\n<p><img loading=\"lazy\" alt=\"ISO 33052-1\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2017\/02\/iso33052-1.png\" width=\"550\" height=\"357\" \/><\/p>\n<p>Each process description contains following elements<\/p>\n<ul>\n<li>Process ID<\/li>\n<li>Name<\/li>\n<li>Purpose<\/li>\n<li>Context<\/li>\n<li>Outcomes<\/li>\n<li>Requirements traceability<\/li>\n<\/ul>\n<p>Please note that this TS is not implementation guidance, but is used as a basis for the PAM (Process assessment model) that is described in ISO TS <a href=\"http:\/\/www.iso.org\/iso\/catalogue_detail.htm?csnumber=70803\">33072<\/a> &#8220;Process capability assessment model for information security management&#8221;.<\/p>\n<p><strong>About ISO related standards<\/strong><\/p>\n<ul>\n<li><a href=\"http:\/\/www.iso.org\/iso\/home\/store\/catalogue_tc\/catalogue_detail.htm?csnumber=54534\">ISO 27001<\/a> ISMS requirements<\/li>\n<li><a href=\"http:\/\/www.iso.org\/iso\/catalogue_detail?csnumber=42105\">ISO 27003<\/a> for ISMS implementation guidance<\/li>\n<li><a href=\"http:\/\/www.iso.org\/iso\/home\/store\/catalogue_tc\/catalogue_detail.htm?csnumber=64120\">ISO 27004<\/a> ISMS monitoring, measurement, analysis and evaluation<\/li>\n<li><a href=\"http:\/\/www.iso.org\/iso\/home\/store\/catalogue_tc\/catalogue_detail.htm?csnumber=42506\">ISO 27007<\/a> Guidelines for ISMS auditing<\/li>\n<li><a href=\"http:\/\/www.iso.org\/iso\/home\/store\/catalogue_tc\/catalogue_detail.htm?csnumber=64138\">ISO 27013<\/a> Guidance on the integrated implementation of ISO\/IEC 27001 and ISO\/IEC 20000-1 (ie. for service providers)<\/li>\n<\/ul>\n<p><strong>BSI Standards<\/strong><\/p>\n<p>For looking the ways how to implement ISMS, it is also worth to have a look on the BSI standards, especially <a href=\"https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Publications\/BSIStandards\/standard_100-2_e_pdf.pdf?__blob=publicationFile&amp;v=1\">BSI 100-2<\/a>! They are freely available <a href=\"https:\/\/www.bsi.bund.de\/EN\/Publications\/BSIStandards\/BSIStandards_node.html\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>ISO TS 33052:2016 &#8220;Process reference model (PRM) for information security management&#8221; is in interesting document which can be useful when evaluating the possible ways to implement the information security management system (ISMS) processes (see ISO 27001 ISMS requirements). This Technical &hellip; <a href=\"https:\/\/saisa.eu\/blogs\/Guidance\/?p=2021\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[43,32,26],"tags":[],"_links":{"self":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/2021"}],"collection":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2021"}],"version-history":[{"count":3,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/2021\/revisions"}],"predecessor-version":[{"id":2024,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/2021\/revisions\/2024"}],"wp:attachment":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2021"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2021"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2021"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}