ISO 9000:2000 the new modified standards are focused more on results and quality management principles. It has a very strong emphasis on the managerial commitment.  These standards involved in implementation of such measures which improve and consistently preserve the quality of the process and the finished products. Proper documentation and inspection by authorities.

ISO 9000 Part 3: Guidelines for the application of ISO 9001 to the development, supply and maintenance of software covers software engineering, guiding the application of ISO 9000, the quality assurance standards, to the systems development process

 ISO/PAS 28000:ISO/28000 is the series of standards which underpins the operational requirements now being implemented by most supply chain operators as they strive to enhance security and deal with threats from both terrorists and criminals.ISO/28000 specification  helps companies demonstrate to their supply chain partners and stakeholders that they have top management commitment and sound operations arrangements in place for identifying threats and managing risks. More companies are now expected to comply with codes and regulations like C-TPAT, the World Customs Organization’s Framework of Standards and the EC’s Regulation for Enhancing Supply Chain Security. However, they will only achieve the necessary operational objectives if companies have in place a sound management systems framework, like ISO/PAS 28000, to ensure requirements are implemented and verified. All businesses that are reliant on the supply chain for business continuity will benefit by adopting the sound management principles in ISO 28000.

ISO/IEC 17799:2005 Information technology - Security techniques - Code of practice for information security management:

Information is an asset that, like other important business assets, is essential to an organization’s business and consequently needs to be suitably protected. This is especially important in the increasingly interconnected business environment. As a result of this increasing interconnectivity, information is now exposed to a growing number and a wider variety of threats and vulnerabilities (see also OECD Guidelines for the Security of Information Systems and Networks). Information can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by post or by using electronic means, shown on films, or spoken in conversation. Whatever form the information takes, or means by which it is shared or stored, it should always be appropriately protected.Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities.Information security is achieved by implementing a suitable set of controls, including policies, processes, procedures, organizational structures and software and hardware functions. These controls need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure that the specific security and business objectives of the organization are met. This should be done in conjunction with other business management processes. An improved version of the joint ISO/IEC standard that has become the burgeoning e-commerce community’s international benchmark for information security management has just been published. The revised ISO/IEC 17799, Information technology – Security techniques – Code of practice for information security management, integrates the latest developments in the field to maintain it as the international standard code of practice. The modern interconnected e-commerce environment, with Information now exposed to a growing number and a wider variety of threats and vulnerabilities, is the main beneficiary of the standard. Ted Humphreys, Convener of the ISO/IEC working group that developed ISO/IEC 17799:2005, said: “The revised version of this standard provides organizations with many state-of-the-art additions and improvements in information security best practice. “For example, better management of security arrangements with external businesses, outsourcing and service providers, enhanced indicant handling capability, dealing with problems of patch management, mobile devices, wireless technologies and harmful mobile code via the Internet, improvements in best practice managing human resources and several other new features.”ISO/IEC 17799:2005 is a code of practice for information security management. It is not a certification standard and was neither designed, nor is it suitable for this purpose. It will be followed in the last quarter of the year (publication currently expected in November 2005) by the specification standard ISO/IEC 27001, Information security management system (ISMS) requirements, which can be used for certification. The new version addresses the security of information in its widest sense, providing best business practice, guidelines and general principles for implementing, maintaining and managing information security in any organization, producing and using information in any form. Any organization has assets, essential to its continuity. Arguably, information in its various forms is the most important asset, be it printed, stored electronically, posted or e-mailed, shown on film or spoken. For most businesses, information security may be essential to maintain competitive edge, cash flow, profitability, legal compliance and commercial image. But many businesses and most non-business organizations may hold information as their only asset. An absence of information security may threaten their integrity and, therefore, very existence. ISO/IEC 17799:2005 recognizes that the level of security that can be  achieved purely through technical means is limited. The required level of security – established through assessing the levels of risk and associated costs through breaches of security, against the costs of implementing security, should always be driven by appropriate management controls and procedures. Information security management requires, as a minimum, participation by all employees in the organization. It may also require participation from shareholders, suppliers, third parties and customers. ISO/IEC 17799:2005 identifies the controls that form the starting point for information security. It covers the critical success factors, the organization of information security, asset management, human resources, physical and environmental security, communications and operations management, information systems acquisition, development and maintenance, incident management, business continuity management and compliance. It is destined to become an essential tool for organizations of every type and size, whether public or private. Ted Humphreys commented: “Users of this standard can also demonstrate to business partners, customers and suppliers that they are fit enough and secure enough to do business with, providing the chance for them to turn their investment in information security into business-enabling opportunities. “In summary, this revised ISO/IEC 17799 is the most important of standard for managing information security that has been developed – it establishes a truly international common language for information security for all organizations around the world to engage with each other to do business.” ISO/IEC 17799:2005, Information technology – Security techniques – Code of practice for information security management, costs 200 Swiss francs and is available from ISO national member institutes and from ISO Central Secretariat It was developed by ISO/IEC Joint Technical Committee JTC 1, Information technology, Subcommittee SC 27, Security techniques, Working Group WG 1, Requirements, security services and guidelinesInternational Standard ISO/IEC 17799 was prepared by the British Standards Institution (as BS 7799) and was adopted, under a special “fast-track procedure”, by Joint Technical Committee ISO/IEC JTC 1, Information technology, in parallel with its approval by national bodies of ISO and IEC.It Provides common approaches to manage risk and is applicable to every system and not always practical in smaller organizations. ISO/IEC 17799:2005 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization.