1. Home
  2. Moldova standards
  3. STM
  4. St ISO IEC TS 33072-2016

ISO IEC TS 33072-2016 PDF

St ISO IEC TS 33072-2016

Name in English:
St ISO IEC TS 33072-2016

Name in Russian:
Ст ISO IEC TS 33072-2016

Description in English:

Original standard ISO IEC TS 33072-2016 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO IEC TS 33072-2016 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso27811
Choose Document Language:
€25

Full title and description

ISO/IEC TS 33072:2016 — Information technology — Process assessment — Process capability assessment model for information security management. This Technical Specification defines a Process Assessment Model (PAM) tailored to information security management that supports capability assessment by providing indicators and guidance for interpreting process purposes, outcomes and attributes in the ISO/IEC 33000 family.

Abstract

ISO/IEC TS 33072:2016 specifies a PAM that conforms to the requirements of ISO/IEC 33004 and supports performance of process capability assessments by supplying assessment indicators and examples for their definition, selection and use. It clarifies interpretation of process purposes and outcomes (as in ISO/IEC TS 33052) and of process attributes (as in ISO/IEC 33020), and is structured to support assessment of processes that enable implementation of ISO/IEC 27001.

General information

  • Status: Published (Technical Specification); reviewed and confirmed in 2024 — remains current.
  • Publication date: July 2016 (corrected version September 2016).
  • Publisher: ISO/IEC (Joint publication under ISO/IEC JTC 1/SC 7).
  • ICS / categories: 35.080 (Software / Information technology).
  • Edition / version: Edition 1 (2016).
  • Number of pages: 183 pages (publisher listing).

Scope

Provides a process assessment model for information security management that can be used by assessors and organizations to perform capability assessments in line with the ISO/IEC 33000 process assessment framework. The PAM offers concrete assessment indicators and examples to interpret process purposes, expected outcomes and process-attribute achievement for information security management processes, enabling consistent, repeatable capability evaluations and comparisons where scopes are similar.

Key topics and requirements

  • Definition of a Process Assessment Model (PAM) specific to information security management that meets ISO/IEC 33004 requirements.
  • Assessment indicators for interpreting process purposes and outcomes (linked to ISO/IEC TS 33052).
  • Guidance, by example, on definition, selection and use of assessment indicators and objective evidence collection.
  • Alignment with the process measurement framework and process-attribute concepts used in the ISO/IEC 33020 family.
  • Support for assessments that inform capability determination and process improvement for information security (interfaces with ISO/IEC 27001 implementation).

Typical use and users

Used by process assessors, information security managers, internal and external auditors, certification bodies (when applicable), and organizations implementing or improving an Information Security Management System (ISMS). Typical uses include capability determination, benchmarking, selecting process improvements, and providing objective evidence for management and stakeholders.

Related standards

Part of the ISO/IEC 33000 family of process assessment standards; closely related to ISO/IEC 33004 (requirements for PRMs/PAMs/maturity models), ISO/IEC 33002 (requirements for performing process assessment), ISO/IEC 33020 (process measurement framework / process attributes), and ISO/IEC TS 33052 (process reference model for information security management). It is intended to align with and support ISO/IEC 27001 implementation.

Keywords

Process Assessment Model (PAM), information security management, ISMS, process capability, assessment indicators, ISO/IEC 33000, ISO/IEC 27001, process attributes, process assessment, capability determination.

FAQ

Q: What is this standard?

A: ISO/IEC TS 33072:2016 is a Technical Specification that defines a process assessment model for information security management to be used for assessing process capability within the ISO/IEC 33000 assessment framework.

Q: What does it cover?

A: It provides a PAM with assessment indicators and examples to interpret process purposes, outcomes and process-attribute achievement for information security management processes, and gives guidance on defining, selecting and using indicators for objective evidence collection and capability rating.

Q: Who typically uses it?

A: Process assessors, information security professionals, internal/external auditors, and organizations running or improving an ISMS — anyone needing a conformant PAM to perform capability assessments for information security processes.

Q: Is it current or superseded?

A: The Technical Specification was published in July 2016 (corrected September 2016) and was reviewed and confirmed in 2024, so this edition remains current.

Q: Is it part of a series?

A: Yes — it is part of the ISO/IEC 33000 family (process assessment standards) and is intended to be used with related documents such as ISO/IEC 33004, ISO/IEC 33002, ISO/IEC 33020 and ISO/IEC TS 33052.

Q: What are the key keywords?

A: Process Assessment Model (PAM), information security, ISMS, process capability, assessment indicators, ISO/IEC 33000.