Safe, secure and private, whatever your business

ISO/IEC 27009, just updated, will enable businesses and organizations from all sectors to coherently address information security, cybersecurity and privacy protection.

Few minutes to read
Published on

Enabling all types of businesses and organizations to protect their information, as well as that of their clients and customers, the newly revised standard brings peace of mind through a consistent, internationally recognized approach.

ISO/IEC 27009 was developed by the group of experts in the technical committee on information security, cybersecurity and privacy protection, ISO/IEC JTC 1/SC 27 [1], which is jointly run with the IEC, the International Electrotechnical Commission.

Committee Chair Dr Andreas Wolf explains the necessity of the newly published standard:

“While ISO/IEC 27001 and ISO/IEC 27002 are widely accepted in organizations, including commercial enterprises, government agencies and not-for-profit organizations, there are needs for sector-specific versions of these standards. ISO/IEC 27009 allows users to create sector-specific standards that support a specific domain, application area or market.”

The ISO/IEC standard explains how to:

  • Include requirements in addition to those in ISO/IEC 27001
  • Refine or interpret any of the ISO/IEC 27001 requirements
  • Include controls in addition to those of ISO/IEC 27001:2013, Annex A, and ISO/IEC 27002
  • Modify any of the controls of ISO/IEC 27001:2013, Annex A, and ISO/IEC 27002
  • Add guidance to, or modify the guidance of, ISO/IEC 27002

ISO/IEC 27009 can be purchased from the ISO member in your country or through the ISO Store

  1. ISO/IEC JTC 1/SC 27 is managed by ISO’s member for Germany, DIN.
Barnaby Lewis
Barnaby Lewis

Press contact

press@iso.org

Journalist, blogger or editor?

Want to get the inside scoop on standards, or find out more about what we do? Get in touch with our team or check out our media kit.