Online collections from ISO.org can be a fantastically good deal. With an online collection you get the most up-to-date versions by paying a yearly or monthly subscription fee. By paying the fee, the various standards in the collection can be accessed via ISO’s “Online Browsing Platform”.
I should point out, by the way, that I don’t have any kind of “kickback” deal with ISO.org- I’m just pointing to a good deal and saying, “Hey, that’s a good deal!”
The online browsing platform for online collections is a tabbed interface where multiple standards can be viewed at once.
Depending on your subscription or purchase license status, documents may be downloaded as well. As with all things in the cloud, however, if you don’t have Internets – you won’t have access to your documents. Not such a big deal these days.
The online collections aren’t exactly inexpensive in themselves, but when compared to the cost of the individual standards – literally thousands can be saved.
IT Management – Online Collections
Recently (last week), ISO.org made available a collection of IT related documents as one of the online collections. It consists of 80 documents that are intended to assist an Information Technology professional.
It is a surprisingly comprehensive list within the following categories:
- Governance
- Project management
- Service management
- Information security management (ISO/IEC 27000)
- Risk management (ISO 31000)
- Records management
- Systems and software engineering: application management, software life-cycle processes, system life-cycle processes, architecture description
- Business continuity and disaster recovery
- Energy efficiency
- Quality (ISO 9000)
If you were considering starting down the path of an ISO 27001 or 20001 Registration, this should be one of your first steps.
Hey, I get a quantity discount on space – here’s the whole list:
| ISO/Guide 73:2009(en) | Risk management — Vocabulary |
| ISO 5127:2001(en) | Information and documentation — Vocabulary |
| ISO/IEC 7498-1:1994(en) | Information technology — Open Systems Interconnection — Basic Reference Model: The Basic Model — Part 1 |
| ISO 7498-2:1989(en) | Information processing systems — Open Systems Interconnection — Basic Reference Model — Part 2: Security Architecture |
| ISO/IEC 7498-3:1997(en) | Information technology — Open Systems Interconnection — Basic Reference Model: Naming and addressing — Part 3 |
| ISO/IEC 7498-4:1989(en) | Information processing systems — Open Systems Interconnection — Basic Reference Model — Part 4: Management framework |
| ISO 9000:2005(en) | Quality management systems — Fundamentals and vocabulary |
| ISO 9001:2008(en) | Quality management systems — Requirements |
| ISO 9001:2008/Cor.1:2009(en) | Quality management systems — Requirements TECHNICAL CORRIGENDUM 1 |
| ISO 9004:2009(en) | Managing for the sustained success of an organization — A quality management approach |
| ISO 10006:2003(en) | Quality management systems — Guidelines for quality management in projects |
| ISO/IEC 12207:2008(en) | Systems and software engineering — Software life cycle processes |
| ISO 14001:2004(en) | Environmental management systems — Requirements with guidance for use |
| ISO 14004:2004(en) | Environmental management systems — General guidelines on principles, systems and support techniques |
| ISO 14050:2009(en) | Environmental management — Vocabulary |
| ISO/IEC 15288:2008(en) | Systems and software engineering — System life cycle processes |
| ISO/IEC 15504-1:2004(en) | Information technology — Process assessment — Part 1: Concepts and vocabulary |
| ISO/IEC 15504-2:2003(en) | Information technology — Process assessment — Part 2: Performing an assessment |
| ISO/IEC 15504-2:2003/Cor.1:2004(en) | Information technology — Process assessment — Part 2: Performing an assessment TECHNICAL CORRIGENDUM 1 |
| ISO/IEC 15504-3:2004(en) | Information technology — Process assessment — Part 3: Guidance on performing an assessment |
| ISO/IEC 15504-4:2004(en) | Information technology — Process assessment — Part 4: Guidance on use for process improvement and process capability determination |
| ISO/IEC 15504-9:2011(en) | Information technology — Process assessment — Part 9: Target process profiles |
| ISO/IEC 15504-10:2011(en) | Information technology — Process assessment — Part 10: Safety extension |
| ISO 15489-1:2001(en) | Information and documentation — Records management — Part 1: General |
| ISO/TR 15489-2:2001(en) | Information and documentation — Records management — Part 2: Guidelines |
| ISO/IEC 15504-5:2012(en) | Information technology — Process assessment — Part 5: An exemplar software life cycle process assessment model |
| ISO/IEC 15504-8:2012(en) | Information technology — Process assessment — Part 8: An exemplar process assessment model for IT service management |
| ISO/TR 15801:2009(en) | Document management — Information stored electronically — Recommendations for trustworthiness and reliability |
| ISO/IEC 17020:2012(en) | Conformity assessment — Requirements for the operation of various types of bodies performing inspection |
| ISO/IEC 17021:2011(en) | Conformity assessment — Requirements for bodies providing audit and certification of management systems |
| ISO/IEC 17025:2005(en) | General requirements for the competence of testing and calibration laboratories |
| ISO 19011:2011(en) | Guidelines for auditing management systems |
| ISO/IEC 20000-1:2011(en) | Information technology — Service management — Part 1: Service management system requirements |
| ISO/IEC 20000-2:2012(en) | Information technology — Service management — Part 2: Guidance on the application of service management systems |
| ISO/IEC 20000-3:2012(en) | Information technology — Service management — Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1 |
| ISO/IEC TR 20000-4:2010(en) | Information technology — Service management — Part 4: Process reference model |
| ISO/IEC TR 20000-5:2013(en) | Information technology — Service management — Part 5: Exemplar implementation plan for ISO/IEC 20000-1 |
| ISO/IEC TR 20000-10:2013(en) | Information technology — Service management — Part 10: Concepts and terminology |
| ISO 20121:2012(en) | Event sustainability management systems — Requirements with guidance for use |
| ISO 21500:2012(en) | Guidance on project management |
| ISO 22300:2012(en) | Societal security — Terminology |
| ISO 22301:2012(en) | Societal security — Business continuity management systems — Requirements |
| ISO 22313:2012(en) | Societal security — Business continuity management systems — Guidance |
| ISO/IEC 24762:2008(en) | Information technology — Security techniques — Guidelines for information and communications technology disaster recovery services |
| ISO/IEC 27000:2014(en) | Information technology — Security techniques — Information security management systems — Overview and vocabulary |
| ISO/IEC 27001:2013(en) | Information technology — Security techniques — Information security management systems — Requirements |
| ISO/IEC 27003:2010(en) | Information technology — Security techniques — Information security management system implementation guidance |
| ISO/IEC 27004:2009(en) | Information technology — Security techniques — Information security management — Measurement |
| ISO/IEC 27005:2011(en) | Information technology — Security techniques — Information security risk management |
| ISO/IEC 27006:2011(en) | Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems |
| ISO/IEC 27007:2011(en) | Information technology — Security techniques — Guidelines for information security management systems auditing |
| ISO/IEC TR 27008:2011(en) | Information technology — Security techniques — Guidelines for auditors on information security controls |
| ISO/IEC 27010:2012(en) | Information technology — Security techniques — Information security management for inter-sector and inter-organizational communications |
| ISO/IEC 27011:2008(en) | Information technology — Security techniques — Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 |
| ISO/IEC 27013:2012(en) | Information technology — Security techniques — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 |
| ISO/IEC 27014:2013(en) | Information technology — Security techniques — Governance of information security |
| ISO/IEC TR 27015:2012(en) | Information technology — Security techniques — Information security management guidelines for financial services |
| ISO/IEC TR 27019:2013(en) | Information technology — Security techniques — Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry |
| ISO/IEC 27031:2011(en) | Information technology — Security techniques — Guidelines for information and communication technology readiness for business continuity |
| ISO/IEC 27032:2012(en) | Information technology — Security techniques — Guidelines for cybersecurity |
| ISO/IEC 27033-1:2009(en) | Information technology — Security techniques — Network security — Part 1: Overview and concepts |
| ISO/IEC 27033-2:2012(en) | Information technology — Security techniques — Network security — Part 2: Guidelines for the design and implementation of network security |
| ISO/IEC 27033-3:2010(en) | Information technology — Security techniques — Network security — Part 3: Reference networking scenarios — Threats, design techniques and control issues |
| ISO/IEC 27033-4:2014(en) | Information technology — Security techniques — Network security — Part 4: Securing communications between networks using security gateways |
| ISO/IEC 27033-5:2013(en) | Information technology — Security techniques — Network security — Part 5: Securing communications across networks using Virtual Private Networks (VPNs) |
| ISO/IEC 27034-1:2011(en) | Information technology — Security techniques — Application security — Part 1: Overview and concepts |
| ISO/IEC 27035:2011(en) | Information technology — Security techniques — Information security incident management |
| ISO/IEC 27036-3:2013(en) | Information technology — Security techniques — Information security for supplier relationships — Part 3: Guidelines for information and communication technology supply chain security |
| ISO/IEC 27036-1:2014(en) | Information technology — Security techniques — Information security for supplier relationships — Part 1: Overview and concepts |
| ISO/IEC 27037:2012(en) | Information technology — Security techniques — Guidelines for identification, collection, acquisition and preservation of digital evidence |
| ISO 31000:2009(en) | Risk management — Principles and guidelines |
| ISO/IEC 38500:2008(en) | Corporate governance of information technology |
| ISO/IEC TR 38502:2014(en) | Information technology — Governance of IT — Framework and model |
| ISO/IEC/IEEE 42010:2011(en) | Systems and software engineering — Architecture description |
| ISO 55000:2014(en) | Asset management — Overview, principles and terminology |
| ISO 50001:2011(en) | Energy management systems — Requirements with guidance for use |
| ISO 55001:2014(en) | Asset management — Management systems — Requirements |
| ISO 55002:2014(en) | Asset management — Management systems — Guidelines for the application of ISO 55001 |
| ISO/IEC 90003:2004(en) | Software engineering — Guidelines for the application of ISO 9001:2000 to computer software |
| ISO/IEC TR 90006:2013(en) | Information technology — Guidelines for the application of ISO 9001:2008 to IT service management and its integration with ISO/IEC 20000-1:2011 |
Pretty Amazing, right?
Pricing, like I noted earlier, isn’t inexpensive – but it is a bargain. The yearly 1 user license is 488 CHF (about $545 USD) and the monthly is only 54 CHF ($60 USD). If one needed to do an intense investigation, a one month license could yield a fast trove of information.
There are also 2-5 and 6-10 user yearly and monthly licenses available.
There are other collections being added – I’ll discuss those in future posts. Here is a link to the current collection of online collections.
I hope you find something you like.
Happy Collecting.