This group includes ISO/IEC (former standard), . NBR ISO/ IEC – Information technology – Security techniques – Code of practice for . Download scientific diagram| C ´ odigo do Controle da NBR ISO/IEC from publication: Sistema de Monitoramento/Gerência de Recursos e de. 23 Apr ISO/IEC comprises ISO/IEC and ISO/IEC / Cor Its technical content is identical to that of ISO/IEC.
|Published (Last):||11 November 2007|
|PDF File Size:||19.5 Mb|
|ePub File Size:||8.64 Mb|
|Price:||Free* [*Free Regsitration Required]|
The documents may be contained in various media: Some laboratories opt to maintain their documents on paper, while others only use the electronic media, and yet others maintain “a iiec form, wherein both paper and the electronic media are used.
The identification of the issuer can be made through the definition of the access control. Information security is defined within the standard in the context of the C-I-A triad:. How are the necessities of systematized information identified in order to support the daily operations and the taking of decisions on all levels and in all areas of the organization?
We have verified that the treatment to be given to the control of electronic documentation, saved in their due proportions, is not very different from the treatment adopted for those documents kept in a physical format.
The access to documents maintained in the electronic media – internal or external – can be made through a reference link, bond. It is difficult to make safety kso of paper files, while it is easier to implement a backup procedure for electronic files. Retrieved 25 May This systematic orientation is extremely useful, as it reduces the possibility of using obsolete documents. In fulfilling item iit is possible to attend to marker a. The quick localization of documents helps make the services offered by a nhr become more efficient.
It would be advisable for the laboratory to have a systematic orientation for the attribution of passwords in such a way so as to avoid problems which may occur due to employees forgetting or leaving the organization, for example. During the assessments, it was observed that among the difficulties of the laboratories, is the understanding of the requirements of the Standard, as well as of some of its concepts, in particular, the definition of document, and what the importance of its control for the maintenance of a “traditional “or computerized quality system is.
Among the resources offered by such software are: At the moment, the great majority of laboratories make use, to a greater or lesser degree, of computerized media in order to store their documents. Although they may seem simple, we believe that the knowledge of such concepts is fundamental to the initiation of our discussion.
If nbbr laboratory keeps a printed copy of a document, or a copy isso one of its computers, it would be advisable for them to present the systematic orientation that guarantees that the latest valid edition of the document is being used, in such a way so as to avoid the revision being kept within its system from being different to that being kept at the original source of such document.
This technology tries to overcome the purposes of traditional signatures, and it is obviously not the copying and pasting of a scanned signature onto an electronic document, but rather a system of codes to identify and authenticate the authors, that is dealt with by software.
How are the main information systems defined, developed, implanted and updated, aiming at meeting the identified necessities?
zuthinksanhard – Abnt Nbr Iso Iec Pdf Download
See items c and i. It was revised again in It would be advisable for the master list to contain, at the very least, the following information: Unsourced material may be challenged and removed. The information security controls are generally regarded as best practice means of achieving those objectives.
Among the nr of computerized control is the possibility of increasing the productivity and competitiveness of the laboratory.
In order to meet the characteristic of confidentiality, it is advisable for the laboratory to define the initial date on which the passwords become valid. It would be advisable for the laboratory to define, specifically, which documents the people are authorized to access. This work will not broach the treatment given to the records requirement 4. This 1779 needs additional citations for verification.
During the internal and external assessments and audits, the size of the laboratory and the degree to which it is computerized must be taken into account: Definition of responsibilities for elaboration, approval and revision; Systematic orientation for the issuance and revision of documents; Systematic orientation for access, protection and backup. Services on Demand Journal.
For our purposes, passwords offer the necessary level of security, which is many times greater than that which is offered by paper. The importance of document control The importance of document control, both for those documents which are generated internally and for those which are obtained from external origins, resides in the need to identify the personnel authorized to review and approve of such documents, in the identification of the status of their revision and in the identification for distribution to those who have access to such documents.
How is the integrity, the updating and the confidentiality of the information that is stored and made available assured?
A definition accepted by the authors deems “an electronic document as being that which is memorized in a digital format, and which is not perceptible to the human eye without the intervention of a computer”. It would be advisable for the laboratory to establish backup procedures that assure the protection and hbr safe storage of information, demonstrating which measures are adopted to prevent losses and, whenever possible, the backup documents should be stored outside the laboratory’s installations.
Use British English Oxford spelling from January Articles needing additional references from January All articles needing additional references.
In this case, there are two types of access control: The Standard presents the following ie examples of documents: List of International Electrotechnical Commission standards. It is understood that the documents may be kept in the electronic media in a partial manner, however, when they are presented to clients, for example during audits etc.
The importance of document control, both for isc documents which are ifc internally and for those which are obtained from external origins, resides in the need to identify the personnel authorized nnr review and approve of such documents, in the identification of the status of their revision and in the identification for distribution to those who have access to such documents.
According to Coutinho et al. The use of an individual password can be an adequate mechanism.
ISO/IEC – Wikipedia
It is necessary to point out that the aim of the electronic signature is not to make the document illegible, as the content itself is not encrypted, but rather to increase the state of security of the signed document, in such a way so as to guarantee its confidentiality, integrity and availability.
However, a critical point in this in case is the control of versions. A password to access the network environment; A password for the sharing of resources.