ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

The Standard for IT Security Assurance: ISO 155443

Updated on July 8, 2020
tamarawilhite profile image

Tamara Wilhite is a technical writer, an industrial engineer, a mother of two, and a published sci-fi and horror author.

What is Information Assurance?

Information assurance or IA is part of information security. In information assurance, data is protected from unauthorized changes and deletions. This is part of information security’s mission to prevent unauthorized parties from seeing or altering data.

A common access control limit is permitting general users to view files but restricting the ability to modify or delete records. Then companies can ensure that no one can accidentally or intentionally modify or eliminate records except the few who have the authority to authorize new versions of those records.

Information assurance teams or IAT review access control limits, privacy policies and information security policies to ensure that only authorized people can view information that is sensitive or private. For example, an information assurance expert could verify that only doctors and nurses can view a patient’s medical files while a guest accessing the system to view appointment schedules could not.

Another area of information assurance is protecting personally identifiable information or PII. While an employee’s Social Security Number is contained within a personnel file, only payroll and the benefits department should be able to see this, not the employee’s coworkers or supervisor.

Another example is the information assurance of data on intranets and shared online workspaces. An information assurance expert could design and test a system to ensure that only contractors working on a project can view the drawings on that particular project while contractors on other projects do not have access to drawings except what they are working on.

Laptop Fingerprint Scanner

Using fingerprint scanners like this to control access to computers ensures that only authorized individuals login and alter data, regardless of whether or not they have the right user name and password.
Using fingerprint scanners like this to control access to computers ensures that only authorized individuals login and alter data, regardless of whether or not they have the right user name and password. | Source

Sections of Standard ISO 15443

ISO 15443-1 gives the framework for IT security assurance. ISO 15443 part 1 also outlines the need for periodic assurance assessment audits.

ISO 15443-2 outlines the methods that can be used to ensure IT security assurance. Different methods apply to different stages of the product design lifecycle. During the development of products like software, a risk analysis is performed to identify the most likely risks and greatest risks and then try to eliminate them or mitigate them as the software is coded and tested.

ISO 15443-3 describes the analysis of information technology security assurance methods. Different assurance methods will be used for different environments and user needs.

Methods of Ensuring Information Assurance

One option for ensuring information assurance is the use of biometrics to control access to terminals with sensitive information. The user must confirm his or her identity with a thumb print or retina scan before being allowed to access the information. Another option is the use of badges with RFID chips. Only someone with a badge with a built in chip referencing his or her access level can enter work areas where sensitive data is processed.

Dual factor authentication can be set up, requiring the entry of a personal identification number and code from a code generating key fob in addition to a user name and password before someone can access a database and enter or alter information. Confidentiality of information can be as simple as the placement of screens on either side of a monitor; when the doctor or nurse accesses patient records, passerby cannot read private information over the medical professional’s shoulder.

This list is by no means all inclusive. Refer to ISO 15443 and related ISO standards for more further recommendations endorsed by the ISO on ensuring information assurance, IT security and data quality.

Related Industry Standards for IT

ISO 15408-3 defines assurance classes, families and components that targets of evaluation must meet. ISO 15816 gives ISO’s recommendations on access control. ISO 27002 describes the appropriate methods of ensuring Human Resources security.

ISO standard 19792 applies to the protection of biometric system data such as fingerprints and retina prints. This industry standard for IT applies to mundane technologies like Apple's thumbprint recognition system.

ISO 27006 sets the requirements for bodies that audit and certify information security management systems or ISMS. ISO 13335 outlines the models for information and communication technology or ICT and securing it.

ISO 15408 outlines a set of Common Criteria or CC used for evaluation the IT security of different devices. The Evaluation Assurance Levels or EAL of the common criteria used to measure the performance of a device includes measurement of the information security assurance the device provides.


This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

Show Details
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
ClickscoThis is a data management platform studying reader behavior (Privacy Policy)