ISM3 uses the following list of security objectives:
Use of services and access to repositories is restricted to authorized users;
- Intellectual property is accessible to authorized users only;
- Personal information of clients and employees is accessible for a valid purpose to authorized users only and is held for no longer than required;
- Secrets are accessible to authorized users only;
- Third party services and repositories are appropriately licensed and accessible only to authorized users;
- Information repositories and systems are physically accessible only to authorized users;
- Availability of repositories, services and channels exceeds client needs;
Reliability and performance of services and channels exceeds client needs;
Existence of repositories and services is assured for exactly as long as client requirements;
Expired or end of life-cycle repositories are permanently destroyed;
Precision, relevance and consistency of repositories is assured;
Accurate time and date is reflected in all records;
Users are accountable for the repositories and messages they create or modify;
Users are accountable for their use of services and acceptance of contracts and agreements;
So the answer is yes and no. The concepts are there, but ISM3 expresses them in a unambiguous way.
www.ism3.com
No comments:
Post a Comment