What do we do?

ISO/IEC JTC 1/SC 27 develops standards, technical specifications and reports, best practices and related documents in the field of information security, cybersecurity and privacy protection.  SC 27 standards take account of the rapid advances in technology and the ever-changing digital world, and challenges of cyber risks.  Our standards are designed to meet the expectations and requirements for organizations of all sizes, and across all types of business sector.


Our standards development groups

SC 27 develops standards in the field of information security, cybersecurity and privacy protection, through its five working groups:
•    WG 1 – Information security management systems
•    WG 2 – Cryptography and Security Mechanisms
•    WG 3 – Security Evaluation, Testing and Specification
•    WG 4 – Security Controls and Services
•    WG 5 – Identity Management and Privacy Technologies
SC 27 is also involved in two joint working groups:
•    JWG 4: ISO/TC 307 with JTC 1/SC 27 - Security, privacy and identity for Blockchain and DLT
•    JWG 6: ISO/TC 22/SC 32 with JTC 1/SC 27 - Cybersecurity requirements and evaluation activities for connected vehicle devices
SC 27 membership includes approximately 81 countries. We also actively support Liaison Bodies, including relevant international organizations, conformity assessment groups and related ISO technical committees and sub-committees.


High-Profile Achievements

From the early 90s to the present-day SC 27 has been an innovator and trailblazer of many standardization developments.  SC 27 can boast the development of the most internationally used information security management standard of all time ISO/IEC 27001, as well the industry best practice set of information security controls ISO/IEC 27002 and the risk management standard ISO/IEC 27005.  From its beginning SC 27 saw the significant development of standards work which addresses independent security evaluations and assurance measures applied to IT products and systems, and this led to the publication of ISO/IEC 15048 and related standards.  There are many examples of the progressive and forward-thinking approach of SC 27 including the pioneering work in the field cryptographic methods and techniques.  It is responding to societal demands for the protection of personal data for example ISO/IEC 27701 and other privacy protection standards.  It addresses security relating to the use and application of technologies such as IoT, Big Data and Cloud Computing, and topics such as Internet security, application security, security in supplier relationships and trustworthiness.    


Related ISO/IEC pages

SC 27 in iso.org

Who develops ISO standards?

JTC1 Committee

IEC website

ISO and IEC procedural documentation

Want to get involved?

Standards are developed by the people who need them – that could mean you. Technical committees include experts from both standards and industry and these experts are put forward by ISO’s national members. If you want to help shape future standards in your field, contact your national member