ISO/IEC 27009, just updated, will enable businesses and organizations from all sectors to coherently address information security, cybersecurity and privacy protection.
Enabling all types of businesses and organizations to protect their information, as well as that of their clients and customers, the newly revised standard brings peace of mind through a consistent, internationally recognized approach.
ISO/IEC 27009 was developed by the group of experts in the technical committee on information security, cybersecurity and privacy protection, ISO/IEC JTC 1/SC 27 , which is jointly run with the IEC, the International Electrotechnical Commission.
Committee Chair Dr Andreas Wolf explains the necessity of the newly published standard:
“While ISO/IEC 27001 and ISO/IEC 27002 are widely accepted in organizations, including commercial enterprises, government agencies and not-for-profit organizations, there are needs for sector-specific versions of these standards. ISO/IEC 27009 allows users to create sector-specific standards that support a specific domain, application area or market.”
The ISO/IEC standard explains how to:
- Include requirements in addition to those in ISO/IEC 27001
- Refine or interpret any of the ISO/IEC 27001 requirements
- Include controls in addition to those of ISO/IEC 27001:2013, Annex A, and ISO/IEC 27002
- Modify any of the controls of ISO/IEC 27001:2013, Annex A, and ISO/IEC 27002
- Add guidance to, or modify the guidance of, ISO/IEC 27002
- ISO/IEC JTC 1/SC 27 is managed by ISO’s member for Germany, DIN.