ISO 21827 – Information Technology – Security Techniques Systems and Security Engineering

Further details

The ISO 21827 standard provides the necessary context for the growth of organizations’ processes and uses the popular SSE CMM maturity model. The focus of this standard is on the guidelines for security engineering, system engineering, organizing and improving the supplier process. The standard also provides reference points for the organization to assess itself against top-notch solutions according to a specific guideline or several guidelines.

ISO 21827 specifies the Systems Security Engineering – Capability Maturity Model (SSE-CMM), which describes the essential characteristics of an organization’s security engineering process that must exist to ensure good security engineering. ISO 21827 does not prescribe a particular process or sequence, but captures practices generally observed in industry.

The model is a standard metric for security engineering practices covering the following:

• the entire life cycle, including development, operation, maintenance and decommissioning activities;
• the whole organization, including management, organizational and engineering activities;
• concurrent interactions with other disciplines, such as system, software, hardware, human factors and test engineering; system management, operation and maintenance;
• interactions with other organizations, including acquisition, system management, certification, accreditation and evaluation.

The objective is to facilitate an increase of maturity of the security engineering processes within the organization. The SSE-CMM is related to other CMMs which focus on different engineering disciplines and topic areas and can be used in combination or conjunction with them.

ISO21827 describes the characteristics essential to the success of an organization’s security engineering process, and is applicable to all security engineering organizations including government, commercial, and academic.

ISO/IEC 21827 (IEC: International Electrotechnical Commission) does not prescribe a particular process or sequence, but captures practices generally observed in industry.

Benefits of ISO implementation:

– Increase customer and consumer confidence

– Increasing the quality of products/services

– Reduce waste and losses in products/services and ultimately reduce costs

– Save on consumables and increase profits

– Planning, implementation of affairs in the form of a predefined international system

– Improve performance, increase productivity and speed in affairs

– Increase efficiency and customer satisfaction

– Reducing the number of complaints

– Improvement and uniformity in the quality of products/services

– Timely delivery of products/services

– Global competition

– Prevent or reduce unexpected events

– Earning points in tenders, obtaining ranks and grades from government organizations, providing evidence in exports

– Advertising use in headers, company site and all advertising matters

– Earn points in selecting sample units

– Reduce waste and waste time

– Creating confidence inside and outside the organization

– Transparency of processes and indicators

– Ensuring that customer needs and expectations are met

– Production of product/service with better quality

– Help with more marketing and sales and create demand

– Increasing the productivity and motivation of human resources

– Correcting errors and preventing their recurrence

– Improving communication within the organization

– Prevention of non-compliant product/service production

– Develop sales methods and provide after-sales service