An Introduction To Corporate
Regulation and Standardization
Optional Standards
Optional standards are those that exist in a published form either as international or national standards and it is up to the organisation whether or not they will adopt them.
The reasons for adoption vary between organisations, some do it for adopting best practice others implement standards and obtain certification to those standards to show that they have not only complied with them but that an independent third party has assessed the implementation as being appropriate for certification to that standard.
Foremost amongst the international standards in this area that have certification schemes are:
|
Standard |
Area of Business |
|
ISO 9001 |
Quality Management System |
|
ISO 14001 |
Environmental Management System |
|
ISO 27001 |
Security Management System |
|
ISO 20001 |
Service Delivery Management System |
|
ISO 18001 |
Occupational Health and Safety |
There are numerous others depending on the specific industry and whether one wants to account for local and/or international standards.
For the purposes of this course, only ISO 27001 is really relevant, though it could be argued that ISO 18001 is appropriate as it is based on legislation that may be relevant to the organisation and ISO 20001 has a section on security management in it - but defers to ISO 27001 as full guidance
If we assume that ISO 27001 is the only relevant standard, then it is interesting to see what other standards support this one that the implementer may refer to for further guidance. A taxonomy of ISO 27001 is given in Appendix A (Note: this is work in progress and is by no means complete)
ISO 270001 has been covered in depth in Part 1 of this Module and so is not covered further here.
Practitioner.Com:
An Introduction to Corporate Regulation and Standardization
