Legal Resources

ISO 27001

ISO/IEC 27001:2013 is an information security standard. It is a specification for an information security management system (ISMS). Organizations which meet the standard may be certified compliant by an independent and accredited certification body on successful completion of a formal compliance audit.

ISO 27002

ISO/IEC 27002 is an information security standard  titled Information technology – Security techniques – Code of practice for information security management.

ISO/IEC 27002 provides best practice recommendations on information security management for use by those responsible for initiating, implementing or maintaining information security management systems (ISMS). Information security is defined within the standard in the context of the C-I-A triad:

the preservation of confidentiality (ensuring that information is accessible only to those authorized to have access), integrity (safeguarding the accuracy and completeness of information and processing methods) and availability (ensuring that authorized users have access to information and associated assets when required)

ISO 23988

ISO/IEC 23988:2007 gives recommendations on the use of IT to deliver assessments to candidates and to record and score their responses. Its scope is defined in terms of three dimensions: the types of assessment to which it applies, the stages of the assessment “life cycle” to which it applies and its focus on specifically IT aspects.

NEN 7510 (Dutch)

De norm NEN 7510 is een door het Nederlands Normalisatie-instituut ontwikkelde norm voor Informatiebeveiliging voor de zorgsector in Nederland. De norm is gebaseerd op de Code voor Informatiebeveiliging.

Framework of Legal Standards for Cloud Services in Higher Education

SURF’s Framework of Legal Standards for Cloud Services in Higher Education provides an overview of best practice clauses for agreements with cloud service providers. These are guidelines concerning confidentiality, privacy, ownership and the availability of data. The more important and sensitive the data, the higher the risk and the more stringent the measures and contractual agreements with cloud suppliers must be.