4.3. ISO

The International Organization for Standardization (ISO) is an independent, non-governmental international organisation with a  membership of 165 national standards bodies. The ISO develops IT security standards, the most widely known being the ISO/IEC 27001 which provides requirements for an information security management system (ISMS).

Other standards include the ISO/IEC 27032:2012 providing guidelines for cybersecurity and ISO/IEC 27005 on information security risk management standard, designed to assist the satisfactory implementation of information security based on a risk management approach with the understanding of concepts, models, processes, and terminologies in ISO/IEC 27001 and ISO/IEC 27002.

Other relevant standards include ISO 27005: 2018 Information Technology – SecurityTechniques – Information security risk management and ISO 31000: 2018 Risk management – Guidelines.

The ISO/AWI 22336 Security and resilience — Organisational resilience — Resilience policy formulation and strategy implementation is under development, and will provide guidance to organisations on how to formulate corporate policy and implement a strategy to enhance organisational resilience. It  will also assist organisations in articulating the organisations’ vision and purpose, set strategic objectives, and define its actions to achieve an enhanced state of organisational resilience.

The ISO/IEC JTC 1/SC 27 – information security, cybersecurity, and privacy protection – has developed standards for the protection of information and the ICT including generic methods, techniques, and guidelines to address both security and privacy aspects, such as management of information and the ICT security, conformance assessment, accreditation, and auditing requirements.

4.3.1. How to engage in standards development at the ISO

The SDOs have processes and procedures for standards development from proposal, drafting, approval, and publication. The IEEE SA provides individual and corporate membership.  Development of an African Standard, or a series of related standards, can be initiated through New Work Items in existing Technical Committees, and declared by the African Organisation for Standardisation (ARSO) Council. The ARSO harmonises African Standards and conformity assessment procedures, in order to reduce technical barriers to trade, and to enhance intra-African and international trade, industrialisation, and integration in Africa. 

To this end, ARSO together with the IEEE SA has developed the  African Standardization Strategy and Roadmap for the Fourth Industrial Revolution to promote harmonisation of standards to enhance competitiveness of the African Continental Free Trade Area (AfCFTA).