The business and ICT sector is a relatively new and growing area for standards. These standards help businesses of any size or type to set up systems to manage risk, improve safety, and reduce accidents. They cover many areas including risk management, quality management, corporate governance of IT, IT service management, auditing of management systems, and cloud computing.
- Risk management principles and guidelines – AS/NZS ISO 31000:2009 includes a management framework that businesses can use to implement these principles into their management systems.
- Quality management systems – AS/NZS ISO 9001:2008 covers the requirements for a business to set up quality management system that demonstrates they can consistently meet customer, statutory, and regulatory requirements.
- Corporate governance of information technology – AS/NZS ISO/IEC 38500:2010 provides guiding principles on the best use of IT within organisations. AS/NZS 8016:2013 Governance of IT enabled projects helps governance leaders to guide major IT projects.
- IT service management – AS/NZS ISO/IEC 20000-3:2014 Information technology – Service management – Part 3: Guidance on scope definition and applicability of ISO/IEC 20000-1 provides guidance on IT service management requirements.
- Guidelines for auditing management systems – AS/NZS ISO 19011:2014 includes the principles of auditing, managing an audit program, and conducting management system audits.
- Cloud computing standards – ISO recently published three cloud computing standards: ISO/IEC 17788:2014 and ISO/IEC 17789:2014 lay down the basic terminology and architectural framework, and ISO/IEC 27018:2014 deals with the protection of personal data for the cloud.