The commerce security standards developed by the International Organization for Secure Commerce are known as the Secure Commerce Protocols™.  These protocols are not standards in terms of absolute measurements or accomplishments that indicate acheivement of security.  Rather, they are a collection of areas and concepts that must be addressed as part of any organization's Secure Business Process™.  These standards have been developed based on best practices from a wide range of industries, professions and regulatory bodies.  Revisions to the protocols are made on a regular basis to keep pace with developments in best practices and regulatory environments, and to reflect the experience and feedback of IOSC members.

The Secure Commerce Protocols™ are organizaed into 10 areas called 'domains'. The domains are a convenient way to organize the protocols into sections that roughly mirror how management responsibilities are distributed in many companies. While each organization may find sections of the protocols that do not apply to them, they provide a common and well established point from shich to start the secure commerce assessment process.

The IOSC uses The Secure Commerce Protocols™ as the heart of all IOSC programs and operations.  They are the basis of the IOSC education program, with most educational modules designed to focus on a specific domain in the protocols.  The domains also provide a structure for the audit and examination process used to assess the security status of facilities and organizations.  In the IOSC's professional certification program, the domains are used to determine and recognize the job areas on which a professional has experience and/or training.

The basic documents containing the current revision of The Secure Commerce Protocols™ are available in MS Word format and in PDF format.  We also maintain an archive of older versions of the protocols.  The protocols are available for download and use by the public provided the IOSC copyright notice is left intact. 

The IOSC has developed an interactive protocol browser which is available here. We also have put together additional guidance on implementing and auditing these protocols, available here.  As best practices related to protocol items or domains are reported or recognized through the facility certification process we add them to our Best Practice Library. 

The Secure Commerce Protocols™ often have some areas in common with the standards of other industry groups, professional organizations, or government programs.  The IOSC has mapped the protocols against several such standards, icluding the C-TPAT security criteria and the BASC audit criteria.  Our current standards maps are available here.