ISO/IEC 27007:2017 Preview

Information technology -- Security techniques -- Guidelines for information security management systems auditing

ISO/IEC 27007 provides guidance on managing an information security management system (ISMS) audit programme, on conducting audits, and on the competence of ISMS auditors, in addition to the guidance contained in ISO 19011:2011.

ISO/IEC 27007 is applicable to those needing to understand or conduct internal or external audits of an ISMS or to manage an ISMS audit programme.

General information ^

Status : Published

Publication date : 2017-10
Edition : 2

Number of pages : 41
Technical Committee
:
ISO/IEC JTC 1/SC 27

Information Security, cybersecurity and privacy protection
ICS :

03.100.70

Management systems

35.030

IT Security

Buy this standard

	Format	Language
std 1 158	PDF + ePub
std 2 158	Paper

CHF158

Life cycle

A standard is reviewed every 5 years

Revisions / Corrigenda

Previously
ISO/IEC 27007:2011
Now under review
ISO/IEC 27007:2017
Will be replaced by
ISO/IEC DIS 27007

You may be interested in:

By Barnaby Lewis on 17 October 2017

Information Security Management System auditors welcome ISO/IEC 27007 publication

To continue providing us with the products and services that we expect, businesses will handle increasingly large amounts of data. The security of this information is a major concern to consumers and companies alike fuelled by a number of high-profile cyberattacks.

Got a question?

Check out our FAQs

Customer care

+41 22 749 08 88

customerservice@iso.org

Opening hours:
Monday to Friday - 09:00-12:00, 14:00-17:00 (UTC+1)