You are here


Survey Answer:

Although international standards have not been implemented into Austrian law their importance cannot be denied.
Regarding IT security, the relevant guidelines are the International Organization for Standardization (ISO) and the Austrian standards (ÖNORM).
For example:
• ISO/IEC 27032:2012 Information technology – Security techniques – Guidelines for cybersecurity.
ISO/IEC 27032:2012 provides guidance for improving the state of Cybersecurity, drawing out the unique aspects of that activity and its dependencies on other security domains, in particular: information security, network security, internet security, and critical in-formation infrastructure protection (CIIP). It covers the baseline security practices for stakeholders on the internet, inter alia an overview of Cybersecurity, an explanation of the relationship between Cybersecurity and other types of security, a definition of stakeholders and a description of their roles in Cybersecurity, guidance for addressing common Cybersecurity issues, and a framework to enable stakeholders to collaborate on resolving Cybersecurity issues.
• ISO/IEC 27001/2013: Information technology – Security techniques – Information securi-ty management systems – Requirements.
Best practice for an information security management system (ISMS).
• ÖNORM: A 7700 Informationsverarbeitung – Sicherheitstechnische Anforderungen an Webapplikationen (Information processing – Safety requirements for web applica-tions), aims to cover all security area in web applications not covered by other standards like ISO.
Additionally, there is often a reference to the Austrian Information Security Manual ( or the German IT Baseline Protection Manual ( These Manuals contain standard security safeguards etc. and provide measures for companies to protect their IT systems and their data against cyberattacks. In Austria guidelines, checklists and more regarding IT security can also be found on the website of the Austrian chamber of commerce (

Provided By:
Stephan Winklbauer: aringer herbst winklbauer rechtsanwälte