About

Scope

The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as:

  • Security requirements capture methodology;
  • Management of information and ICT security; in particular information security management systems, security processes, and security controls and services;
  • Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information;
  • Security management support documentation including terminology, guidelines as well as procedures for the registration of security components;
  • Security aspects of identity management, biometrics and privacy;
  • Conformance assessment, accreditation and auditing requirements in the area of information security management systems;
  • Security evaluation criteria and methodology.
SC 27 engages in active liaison and collaboration with appropriate bodies to ensure the proper development and application of SC 27 standards and technical reports in relevant areas

JTC 1/SC 27 Website
Visit the Technical Committee's own website for more information.

Quick links

242

Published ISO standards *

64

ISO standards under development *

55
Participating members
35
Observing members

* number includes updates

Reference Title Type
ISO/IEC JTC 1/SC 27/AG 2   Trustworthiness Working group
ISO/IEC JTC 1/SC 27/AG 5   Strategy Working group
ISO/IEC JTC 1/SC 27/AG 6   Operations Working group
ISO/IEC JTC 1/SC 27/AG 7   Communication and Outreach (AG-CO) Working group
ISO/IEC JTC 1/SC 27/AG 8   Advisory Group on Conformity Assessment Working group
ISO/IEC JTC 1/SC 27/AHG 1   Resolution Drafting Working group
ISO/IEC JTC 1/SC 27/AHG 2   Security and privacy in IoT and Digital Twin Working group
ISO/IEC JTC 1/SC 27/AHG 3   Security and privacy in AI and Big Data (BD) Working group
ISO/IEC JTC 1/SC 27/CAG   Chair’s Advisory Group Working group
ISO/IEC JTC 1/SC 27/JWG 6   Joint ISO/IEC JTC1/SC 27 - ISO/TC 22/SC 32 WG : Cybersecurity requirements and evaluation activities for connected vehicle devices Working group
ISO/IEC JTC 1/SC 27/WG 1   Information security management systems Working group
ISO/IEC JTC 1/SC 27/WG 2   Cryptography and security mechanisms Working group
ISO/IEC JTC 1/SC 27/WG 3   Security evaluation, testing and specification Working group
ISO/IEC JTC 1/SC 27/WG 4   Security controls and services Working group
ISO/IEC JTC 1/SC 27/WG 5   Identity management and privacy technologies Working group

 

Joint working groups under the responsibility of another committee
Reference Title
ISO/TC 307/JWG 4 Joint ISO/TC 307 - ISO/IEC JTC 1/SC 27 WG: Security, privacy and identity for Blockchain and DLT
Liaison Committees to ISO/IEC JTC 1/SC 27

The committees below can access the documents of ISO/IEC JTC 1/SC 27:

Reference Title ISO/IEC
IEC/SC 121A Low-voltage switchgear and controlgear IEC
IEC/SC 45A Instrumentation, control and electrical power systems of nuclear facilities IEC
IEC/TC 57 Power systems management and associated information exchange IEC
IEC/TC 65 Industrial-process measurement, control and automation IEC
ISO/CASCO Committee on conformity assessment ISO
ISO/IEC JTC 1 Information technology ISO/IEC
ISO/IEC JTC 1/SC 6 Telecommunications and information exchange between systems ISO/IEC
ISO/IEC JTC 1/SC 7 Software and systems engineering ISO/IEC
ISO/IEC JTC 1/SC 17 Cards and security devices for personal identification ISO/IEC
ISO/IEC JTC 1/SC 22 Programming languages, their environments and system software interfaces ISO/IEC
ISO/IEC JTC 1/SC 28 Office equipment ISO/IEC
ISO/IEC JTC 1/SC 29 Coding of audio, picture, multimedia and hypermedia information ISO/IEC
ISO/IEC JTC 1/SC 31 Automatic identification and data capture techniques ISO/IEC
ISO/IEC JTC 1/SC 32 Data management and interchange ISO/IEC
ISO/IEC JTC 1/SC 37 Biometrics ISO/IEC
ISO/IEC JTC 1/SC 38 Cloud computing and distributed platforms ISO/IEC
ISO/IEC JTC 1/SC 40 IT service management and IT governance ISO/IEC
ISO/IEC JTC 1/SC 41 Internet of things and digital twin ISO/IEC
ISO/IEC JTC 1/SC 42 Artificial intelligence ISO/IEC
ISO/TC 8 Ships and marine technology ISO
ISO/TC 22/SC 32 Electrical and electronic components and general system aspects ISO
ISO/TC 23/SC 19 Agricultural electronics ISO
ISO/TC 46/SC 11 Archives/records management ISO
ISO/TC 68/SC 2 Financial Services, security ISO
ISO/TC 68/SC 8 Reference data for financial services ISO
ISO/TC 176/SC 1 Concepts and terminology ISO
ISO/TC 176/SC 3 Supporting technologies ISO
ISO/TC 204 Intelligent transport systems ISO
ISO/TC 215 Health informatics ISO
ISO/TC 232 Education and learning services ISO
ISO/TC 251 Asset management ISO
ISO/TC 262 Risk management ISO
ISO/TC 272 Forensic sciences ISO
ISO/TC 292 Security and resilience ISO
ISO/TC 307 Blockchain and distributed ledger technologies ISO
ISO/TC 309 Governance of organizations ISO
ISO/PC 317 Consumer protection: privacy by design for consumer goods and services ISO
ISO/TC 321 Transaction assurance in E-commerce ISO
ISO/TC 332 Security equipment for financial institutions and commercial organizations ISO

 

Liaison Committees from ISO/IEC JTC 1/SC 27

ISO/IEC JTC 1/SC 27 can access the documents of the committees below:

Reference Title ISO/IEC
ISO/CASCO Committee on conformity assessment ISO
ISO/IEC JTC 1 Information technology ISO/IEC
ISO/IEC JTC 1/SC 6 Telecommunications and information exchange between systems ISO/IEC
ISO/IEC JTC 1/SC 7 Software and systems engineering ISO/IEC
ISO/IEC JTC 1/SC 17 Cards and security devices for personal identification ISO/IEC
ISO/IEC JTC 1/SC 22 Programming languages, their environments and system software interfaces ISO/IEC
ISO/IEC JTC 1/SC 25 Interconnection of information technology equipment ISO/IEC
ISO/IEC JTC 1/SC 28 Office equipment ISO/IEC
ISO/IEC JTC 1/SC 29 Coding of audio, picture, multimedia and hypermedia information ISO/IEC
ISO/IEC JTC 1/SC 31 Automatic identification and data capture techniques ISO/IEC
ISO/IEC JTC 1/SC 32 Data management and interchange ISO/IEC
ISO/IEC JTC 1/SC 36 Information technology for learning, education and training ISO/IEC
ISO/IEC JTC 1/SC 37 Biometrics ISO/IEC
ISO/IEC JTC 1/SC 38 Cloud computing and distributed platforms ISO/IEC
ISO/IEC JTC 1/SC 40 IT service management and IT governance ISO/IEC
ISO/IEC JTC 1/SC 42 Artificial intelligence ISO/IEC
ISO/TC 22/SC 31 Data communication ISO
ISO/TC 22/SC 32 Electrical and electronic components and general system aspects ISO
ISO/TC 23/SC 19 Agricultural electronics ISO
ISO/TC 46/SC 11 Archives/records management ISO
ISO/TC 68/SC 2 Financial Services, security ISO
ISO/TC 171 Document management applications ISO
ISO/TC 176/SC 3 Supporting technologies ISO
ISO/TC 199 Safety of machinery ISO
ISO/TC 204 Intelligent transport systems ISO
ISO/TC 215 Health informatics ISO
ISO/TC 251 Asset management ISO
ISO/TC 262 Risk management ISO
ISO/TC 268 Sustainable cities and communities ISO
ISO/TC 292 Security and resilience ISO
ISO/TC 307 Blockchain and distributed ledger technologies ISO
ISO/TC 309 Governance of organizations ISO
ISO/PC 317 Consumer protection: privacy by design for consumer goods and services ISO
ISO/TC 321 Transaction assurance in E-commerce ISO

 

Organizations in liaison (Category A and B)
Acronym Title Category
(ISC)2 International Information Systems Security Certification Consortium, Inc. A
CalConnect The Calendaring and Scheduling Consortium A
CCETT Common Study Center of Telediffusion and Telecommunication A
Cloud security alliance Cloud security alliance A
CSA Connectivity Standards Alliance A
DMTF Distributed Management Task Force A
EC - European Commission European Commission A
Ecma International Ecma International A
ENISA European Network and Information Security Agency A
EPC Conseil Européen des Paiements AISBL A
ETSI European Telecommunications Standards Institute A
EUSPA European Union Agency for the Space Programme A
Global Platform - Global Platform Inc. Global Platform Inc. A
IEEE Institute of Electrical and Electronics Engineers, Inc A
IIOA Independent International Organisation for Assurance A
IQNet IQNet Association - The International Certification Network A
ISA - Automation The International Society of Automation A
ISACA Information Systems Audit and Control Association A
ISSEA International Systems Security Engineering Association A
ITU International Telecommunication Union A
Mastercard Mastercard International A
SBS - Small Business Standards Small Business Standards A
TEADAL Trustworthy, Energy-Aware federated DAta Lakes along the computing continuum A
TIA Telecommunications Industry Association A
UNHCR United Nations High Commissioner for Refugees A
WEF World Economic Forum A

Organizations in liaison (Category C)

C liaisons participate at the level of a Working Group

Acronym Title Category
(ISC)2 International Information Systems Security Certification Consortium, Inc. C
ABC4Trust ABC4Trust - Attribute-based Credentials for Trust C
CCDB Common Criteria Development Board C
CCUF Common Criteria Users Forum C
CMUF Cryptographic Module Users Forum C
Connectivity Standards Alliance Connectivity Standards Alliance C
CREDENTIAL seCuRE clouD idENTIty wALlet C
CSCC Cloud Standards Customer Council C
Cyber Security The Cyber Security Naming & Information Structure Groups C
CyberSec4Europe Cyber Security Network of Competence Centres for Europe C
DTSP Digital Trust & Safety Partnership C
EDPB European Data Protection Board C
ETSI European Telecommunications Standards Institute C
FENTEC Functional ENcryption TEChnologies - H2020 EU project C
FIDO Alliance The FIDO (Fast IDentity Online) Alliance C
FIRST Forum of Incident Response and Security Teams C
GPA Global Privacy Assembly C
IAPP International Association of Privacy Professionals C
IIFAA International Internet Finance Authentication Alliance C
INFINITECH INFINITECH C
INLAC Latinoamerican Institute for Quality Assurance C
ISCI International Smart card Certification Initiatives C
ISF Information Security Forum C
JAVA CARD FORUM The Java Card Forum C
Kantara Initiative Kantara Initiative C
LOCARD EC H2020 project entitled “Lawful evidence collecting and continuity platform development” C
OASIS Organization for the Advancement of Structured Information Standards (OASIS) C
OASIS-PMRM OASIS Privacy Management Reference Model C
OECD Organisation for Economic Co-operation and Development, OECD C
OIDF The OpenID Foundation C
Opengroup, United Kingdom Opengroup C
PQCRYPTO Post-quantum cryptography for long-term security C
PRIPARE PReparing Industry to Privacy-by-design by supporting its Application in REsearch C
PRISMACLOUD Privacy and Security Maintaining Services in the Cloud C
SAFECode Software Assurance Forum for Excellence in Code C
SAFEcrypto Secure Architectures of Future Emerging Cryptography C
TCG Trusted Computing Group C
TREsPASS Technology-supported Risk Estimation by Predictive Assessment of Socio technical Security C
WITDOM empoWering prIvacy and securiTy in non-trusteD envirOnMents C
Date Month Location TC/SC Note
8-9 October 2024 Virtual () ISO/IEC JTC 1/SC 27  
  April 2025 () ISO/IEC JTC 1/SC 27 **
  October 2025 () ISO/IEC JTC 1/SC 27 **

* Information definite but meeting not yet formally convened
** Provisional

ISO/IEC JTC 1/SC 27 - Secretariat

DIN [Germany]

DIN Deutsches Institut für Normung e.V.
Am DIN-Platz, Burggrafenstraße 6
D-10787 Berlin
Germany

Tel: +49 30 2601-0
Fax: +49 30 26 01 12 31