FR | NL | EN
   About us     Contact     Glossary index     Sitemap   

   Home > ISO 27000 - Information Security Standards

ISO 27000 - Information Security Standards     Print


ISO/IEC 27000:2008, ;published by International Organization for Standardization (ISO), comprises information security standards, also known as the 'ISMS Family of Standards' or 'ISO27k' for short. The series provides best practice recommendations on information security management, risks and controls within the context of an overall Information Security Management System (ISMS).


The series is deliberately broad in scope, covering more than just privacy, confidentiality and IT or technical security issues. It is applicable to organisations of all shapes and sizes. All organisations are encouraged to assess their information security risks, then implement appropriate information security controls according to their needs, using the guidance and suggestions where relevant.

Following standards have been published:

  • ISO/IEC 27001, published in 2005 : standard for the establishment, implementation, control and improvement of the Information Security Management System (based on British Standard BS 7799 Part 2)
  • ISO/IEC 27002, published in 2007: code of practice providing good practice advice on ISMS (previously known as ISO 17799 itself based on British Standard BS 7799 Part 1).
  • ISO/IEC 27003, not yet published: a new standard intended to offer guidance for the implementation of an ISMS.
  • ISO/IEC 27004, not yet published: a new standard covering information security system management measurement and metrics.
  • ISO/IEC 27005, published in 2008: designed to assist the satisfactory implementation of information security based on a risk management approach.
  • ISO/IEC 27006, published in 2007: a guide to the certification/registration process.

The 2013 Standard

The 2013 standard remains focused on information security and an organisation’s approach to design, plan, implement, and monitor a management system to effectively manage information security risk. The foundation for designing and planning the management system has shifted to better align with the practical matters of today’s organisational environment.

The new ISO 27001 will be easier to integrate with other management standards like ISO 9001, ISO 22301, ISO 20000 and others, but it also allows more freedom for companies (especially smaller ones) to scale the ISMS to their real needs and thereby avoid unnecessary overhead.

Source: International Organization for Standardization (ISO)

QAP © 2010 | advice[at] | audit[at]
   Audit     Advisory     Training     Change     Disclaimer     Copyright