Skip to main content
By on

ISO/IEC 27009, just updated, will enable businesses and organizations from all sectors to coherently address information security, cybersecurity and privacy protection.

Enabling all types of businesses and organizations to protect their information, as well as that of their clients and customers, the newly revised standard brings peace of mind through a consistent, internationally recognized approach.

ISO/IEC 27009 was developed by the group of experts in the technical committee on information security, cybersecurity and privacy protection, ISO/IEC JTC 1/SC 27 [1], which is jointly run with the IEC, the International Electrotechnical Commission.

Committee Chair Dr Andreas Wolf explains the necessity of the newly published standard:

“While ISO/IEC 27001 and ISO/IEC 27002 are widely accepted in organizations, including commercial enterprises, government agencies and not-for-profit organizations, there are needs for sector-specific versions of these standards. ISO/IEC 27009 allows users to create sector-specific standards that support a specific domain, application area or market.”

The ISO/IEC standard explains how to:

  • Include requirements in addition to those in ISO/IEC 27001
  • Refine or interpret any of the ISO/IEC 27001 requirements
  • Include controls in addition to those of ISO/IEC 27001:2013, Annex A, and ISO/IEC 27002
  • Modify any of the controls of ISO/IEC 27001:2013, Annex A, and ISO/IEC 27002
  • Add guidance to, or modify the guidance of, ISO/IEC 27002

ISO/IEC 27009 can be purchased from the ISO member in your country or through the ISO Store

  1. ISO/IEC JTC 1/SC 27 is managed by ISO’s member for Germany, DIN.

Related information

  • ISO/IEC 27001 — Information security management
    Providing security for any kind of digital information, the ISO/IEC 27000 family of standards is designed for any size of organization.
  • Who is JTC1?

    A joint technical committee of the International Electrotechnical Commission and ISO, it develops, maintains and promotes standards in the fields of information technology and Information and Communications Technology.
    You can find out more about JTC 1 on the committee’s own site. 

Contact

Barnaby Lewis
Barnaby Lewis

+41 22 749 0523

Standards

Committees


Press Contact


Journalist, blogger or editor?

Want to get the inside scoop on standards, or find out more about what we do? Get in touch with our team or check out our media kit

Keep up to date with ISO

Sign up to our newsletter for the latest news, views and product information