Safe, secure and private, whatever your business

ISO/IEC 27009, just updated, will enable businesses and organizations from all sectors to coherently address information security, cybersecurity and privacy protection.

Varios minutos de lectura
Publicado el
Compartir en , ,

Enabling all types of businesses and organizations to protect their information, as well as that of their clients and customers, the newly revised standard brings peace of mind through a consistent, internationally recognized approach.

ISO/IEC 27009 was developed by the group of experts in the technical committee on information security, cybersecurity and privacy protection, ISO/IEC JTC 1/SC 27 [1], which is jointly run with the IEC, the International Electrotechnical Commission.

Committee Chair Dr Andreas Wolf explains the necessity of the newly published standard:

“While ISO/IEC 27001 and ISO/IEC 27002 are widely accepted in organizations, including commercial enterprises, government agencies and not-for-profit organizations, there are needs for sector-specific versions of these standards. ISO/IEC 27009 allows users to create sector-specific standards that support a specific domain, application area or market.”

The ISO/IEC standard explains how to:

  • Include requirements in addition to those in ISO/IEC 27001
  • Refine or interpret any of the ISO/IEC 27001 requirements
  • Include controls in addition to those of ISO/IEC 27001:2013, Annex A, and ISO/IEC 27002
  • Modify any of the controls of ISO/IEC 27001:2013, Annex A, and ISO/IEC 27002
  • Add guidance to, or modify the guidance of, ISO/IEC 27002

ISO/IEC 27009 can be purchased from the ISO member in your country or through the ISO Store

  1. ISO/IEC JTC 1/SC 27 is managed by ISO’s member for Germany, DIN.
Barnaby Lewis
Barnaby Lewis

Contacto de prensa

press@iso.org

¿Periodista, bloguero o editor?

¿Desea obtener la primicia sobre las normas o saber más sobre lo que hacemos? Póngase en contacto con nuestro equipo o consulte nuestro kit de prensa.