Standards

Download Free IT Security Awareness and Training Program Plan Templates. This templates consist of explanation and sample of Background of the Awareness and Training Program such as: OMB A-130, Appendix III, Federal Information Security Management Act (FISMA) or Specific department and/or agency policy (and other relevant information or rationale that may drive an awareness and training program and plan). This template also give complete

Reduction of Hazardous Substances (RoHS), an EU directive that is part of a global push toward more environmentally sound manufacturing practices and policies, restricts the use of six substances in new electrical and electronic equipment placed on the market after July 1, 2006. By making it illegal for companies to manufacture products with more than 0.1 percent of lead, mercury, cadmium, hexavalent chromium, polybrominated biphenyls (PBB), and polybrominated diphenyl ether (PBDE), RoHS aims to reduce pollution and prevent human health problems. China, Japan, and all EU countries are bound by RoHS.

Evidence of compliance with RoHS needs to be provided only if an enforcement authority asks for it. Failure of an organization to comply with RoHS can result in serious penalties (including heavy fines and jail time), not to mention a black eye for your reputation. When requested, you must provide documentation of compliance to the governing bodies through materials declarations or analysis. Some medical devices and military equipment that contain lead are exempt from RoHS regulation.

Conformance to the PCI data security standard represented by PCI has become a "cost of doing business." In order to participate in the card payment-processing industry, conformance is not negotiable. The only enforcement necessary to ensure adoption of the standard is exclusion from participation in the industry. Visa, MasterCard, and other card issuers have "decertified" service providers for nonconformance with the standard. The most notable of these events have occurred after disclosure of security breaches resulting in loss of cardholder private data.

From a data security standpoint, the PCI standard represents commonly accepted data security standards and practices. There is nothing extraordinary in the standard. It is a set of standard best practices already well accepted in the IT security field. While the PCI standard represents basic security practices, the imposition of the PCI standard on the card payment-processing industry has had a dramatic impact on the technical infrastructure of the industry.

PCI has changed the focus of every software developer of card payment-processing software in any form to shift from adding feature functionality and reducing cost to restructuring their software to accommodate the standard. The impact has been felt across the spectrum of commercial software and system providers to individual retailers who develop and maintain their own systems. Similar to the general impact of SOX, the PCI standard has added vocabulary regarding standards, controls, and audits to an entire industry from smallest to largest and across the spectrum of industries.

ISO 9000 standards are published by the ISO. The ISO 9000 series consist of the following quality standards:
- ISO 9000
- ISO 9001
- ISO 9002
- ISO 9003
- ISO 9004

ISO 9000 is an overview for selecting the appropriate standard. ISO 9001 covers the 20 elements of an effective quality management system (QMS), which include design, production, servicing, and installation:
1. Management responsibility
2. Quality system
3. Contract review
4. Design control
5. Document and data control
6. Purchasing
7. Control of customer-supplied product
8. Product identification and traceability
9. Process control
10. Inspection and testing
11. Control of inspection measuring and test equipment
12. Inspection and test status
13. Control of a nonconforming product
14. Corrective and preventive action
15. Handling, storage, packaging, preservation, and delivery
16. Control of quality records
17. Internal quality audits
18. Training
19. Servicing
20. Statistical techniques

Conformance tests capture the technical description of a specification and measure whether a product faithfully implements the specification. The testing provides developers, users, and purchasers, with increased levels of confidence in product quality and increases the probability of successful interoperability.

These Test Suites are available free of charge. However, there is no support. Before downloading and using, please read the Software Acknowledgement and Redistribution statement. Any use of the Test Suites constitutes acceptance.

Conformance Test Suites are available for:
XML Technologies(XML, DOM, Schema, XQuery, XSLT, XSL-FO)
ebXML
VRML
X3D (VRML97 Profile)
CGM
COBOL85
Fortran78