Normative Framework

Template and structure of the normative framework

Published under Risk Management

The section contains an analysis of the main normative texts identified in the course of this study. For ease of reference, it has been split into six subsections: the present general overview, which contains an explanation table describing the template used for the collected information for each normative text; and sections, each of which contains the main provisions in a given subject field.

  • Data protection / privacy issues
  • National security
  • Civil and penal law
  • Corporate governance and Operational Responsibility, (incl. continuity issues)
  • E-Business
  • RM/RA Standards

As stated above, these sections will always include both binding public sector initiatives (directives, regulations, national laws, etc.) and private sector norms (guidelines, codes of practice, etc.).

The vertical applicability according to application areas (e.g. Telecommunications, Financial Services, Health and Commerce Services) has not been considered. This was due to the fact the relevance of legal requirements to application areas may vary according to the security context of information being processed within the application. Thus, vertical aspects seemed not to be “stable” enough to be use as basis for the classification.

For the description of the normative texts, the following template is used (explanations of the particular fields are in the right column):

Title: The full official title of the normative text; where multiple languages of the title exist, the English one is provided.
Source reference: Reference to the source of the normative text. Hyperlinks are provided when available (in preference to paper sources), and official sources are used whenever possible.
Topic: General description of the subject of the normative text.
Scope: Description of the applicability of the normative text (which countries/enterprises/organisations are affected)
Direct / indirect relevance Indication of direct or indirect relevance of the text to RM/RA (i.e. whether or not RM/RA is the direct focus of the text), and why.
Legal force: Indication of the binding force: directive, directly binding, guideline, etc.
Affected sectors: Description of the sectors affected by the normative text.
Relevant provision(s): Direct and uncommented quote(s) from the relevant provision(s) of the normative text, when available (which may not be the case for closed standards or norms) and appropriate (which may not be the case for extensive documents which are relevant in their entirety to RM/RA). In cases where literal quotes would be unavailable or inappropriate, a summary of the norm’s main goals and provisions will be provided.
Relevance to RM/RA: Brief explanation of why the normative text should be considered relevant for RM/RA purposes.

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more