ISO 22396-2020 pdf free.security and resilienceommummeyresilience — Guidelines for information exchange betweenorganizations.
1.This document gives guidelines for information exchange. It includes principles, a framework anda process for information exchange. It identifies mechanisms for information exchange that allow aparticipating organization to learn from others’ experiences, mistakes and successes. It can be used toguide the maintenance of the information exchange arrangement in order to increase commitment andengagement. It provides measures that enhance the ability of participating organizations to cope withdisruption risk.
This document is applicable to private and public organizations that require guidance on establishingthe conditions to support information exchange.
This document does not apply to technical aspects but focuses on methodology issues.
NOTE Legislation can differ from jurisdiction to jurisdiction.It is the user’s responsibility to determine howapplicable legal requirements relate to this document.
2.The following documents are referred to in the text in such a way that some or all of their contentconstitutes requirements of this document. For dated references,only the edition cited applies. Forundated references, the latest edition of the referenced document(including any amendments) applies.
3.sensitive information:information that is protected from public disclosure only because it would have an adverse effect on anindividual, organization, national security or public safety [SOURCE: ISO 22300:2018,3.244, modified —”individual” has been added.]
4.The overall goal of any information exchange arrangement is to share information between trustedorganizations as part of informed decision-making to increase security and enhance resilience (seeAnnex B for examples). While each exchange arrangement will be unique, based on the specific needs and resources of these participating organizations,common principles should guide the exchangearrangement and guide the exchange’s evaluation and continuing improvement, from the outset.
4.2Guiding principles
In order for information exchange to be effective, participating organizations should apply the followingguiding principles.
a)Trust and willingness:Information exchange is based on trust and the willingness to exchange information, includingsensitive information.
b) Value creation:Information exchange creates and protects the values of participating organizations and is foundedon mutual benefit.
c)Information protection:Information exchange requires a mutual understanding of sensitive information as specified byeach participating organization.
d) Structured and systematic process:Organizations sharing information do so within the context of information policies, proceduresand practice, relevant legislation and privacy principles and it is carried out within a systematic,timely and structured framework.ISO 22396 pdf download.