ISO Standard 13569
ISO Standard 13569 - Financial services -- Information security guidelines
Published under Risk Management
Title: | ISO/TR 13569:2005 - Financial services -- Information security guidelines |
Source reference: | http://www.iso.org/(Note: this is a reference to the ISO page where the standard can be acquired. However, the standard is not free of charge, and its provisions are not publicly available. For this reason, specific provisions cannot be quoted). |
Topic: | Standard containing guidelines for the implementation and assessment of information security policies in financial services institutions. |
Direct / indirect relevance | Direct. The text focuses on information security obligations in financial RM/RA practices, which includes aspects of information/network security. |
Scope: | Not publicly available ISO standard, which can be voluntarily implemented. |
Legal force: | Nonbinding ISO standard. |
Affected sectors: | Specifically written for financial institutions. |
Relevant provision(s): | The standard is not free of charge, and its provisions are not publicly available. For this reason, specific provisions cannot be quoted. The standard is described by ISO as follows: “ISO TR 13569:2005 provides guidelines on the development of an information security programme for institutions in the financial services industry. It includes discussion of the policies, organization and the structural, legal and regulatory components of such a programme. Considerations for the selection and implementation of security controls, and the elements required to manage information security risk within a modern financial services institution are discussed. Recommendations are given that are based on consideration of the institutions' business environment, practices and procedures. Included in this guidance is a discussion of legal and regulatory compliance issues, which should be considered in the design and implementation of the programme.” (Source: http://www.iso.org/) |
Relevance to RM/RA: | The standard is a commonly referenced guideline, and serves as a resource for the implementation of information security management programmes in institutions of the financial sector, and as a yardstick for auditing such programmes. (See also http://csrc.nist.gov/publications/secpubs/otherpubs/reviso-faq.pdf) |
Browse the Topics