-UTC’s Nadya Bartol sees an important standard on Information Technology Supply Chain Issues Move From Concept to Published Work-

The International Organization for Standardization (ISO) recently published ISO/IEC 27306-1 and ISO/IEC 27036-3, that provide guidance on addressing Information and Communication Technology Supplier Relationships and Supply Chain Security.  The guidance is for the organizations that acquire Information and Communication Technology (ICT) products and services and for the suppliers of such products and services.  These products and services can range from IT and communications networks to specific devices and industrial control systems (ICS).

The standards provide a framework for the ICT industry to communicate expectations among ICT product and services acquirers and suppliers in a common language. Critical Infrastructure utilities and their suppliers can use this standard to guide ICT security concerns in vendor management, development of Service Level Agreements, and generally acquiring or supplying ICT products and services. The standard covers the entire ICT lifecycle, from development to maintenance and disposal of ICT.

Nadya Bartol was one of the people within the US standards community who championed the case for this standard within ISO.  She served as Rapporteur for the Study Period that built international consensus that confirmed the need for the standards.  She was then nominated and approved as the Project Editor for the entire ISO/IEC 27036 suite of standards and the Editor for ISO/IEC 27036-3.  ISO/IEC 27036-3 (https://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=59688) was published in November 2013, ISO/IEC 27306-1 (https://standards.iso.org/ittf/PubliclyAvailableStandards/index.html) was published in April 2014 with two more standards addressing the broader issue of information security concerns in supplier relationships following close behind.

“It is incredibly rewarding to see a concept that you introduce into the international environment gain appreciation by multiple countries, grow in importance, get support from those countries, get input and comment from those countries, and become reality.  Developing an ISO standard involves receiving contributions and inputs from a myriad of people that come from different cultures and speak different languages.  Achieving consensus and arriving at a good useful product is simultaneously challenging and rewarding,” said Bartol.

“UTC is privileged to have our Senior Security Strategist, Nadya Bartol serve as the Project editor for this standard for the ISO.  Nadya’s global expertise and reputation is integral to our organizations mission to support Critical Infrastructure organizations in their efforts to provide safe, reliable and efficient resources. Security is fundamental to this effort and Nadya’s contributions to this important work will greatly benefit our members and the industry as a whole,” said UTC’s president and CEO Connie Durcsak.

– See more at: https://www.utc.org/press-release/utcs-nadya-bartol-sees-important-standard-information-technology-supply-chain-issues#sthash.IeZEkaQ8.dpuf

Archives