Enabling all types of businesses and organizations to protect their information, as well as that of their clients and customers, the newly revised standard brings peace of mind through a consistent, internationally recognized approach.
ISO/IEC 27009 was developed by the group of experts in the technical committee on information security, cybersecurity and privacy protection, ISO/IEC JTC 1/SC 27 , which is jointly run with the IEC, the International Electrotechnical Commission.
Committee Chair Dr Andreas Wolf explains the necessity of the newly published standard:
“While ISO/IEC 27001 and ISO/IEC 27002 are widely accepted in organizations, including commercial enterprises, government agencies and not-for-profit organizations, there are needs for sector-specific versions of these standards. ISO/IEC 27009 allows users to create sector-specific standards that support a specific domain, application area or market.”
The ISO/IEC standard explains how to:
- Include requirements in addition to those in ISO/IEC 27001
- Refine or interpret any of the ISO/IEC 27001 requirements
- Include controls in addition to those of ISO/IEC 27001:2013, Annex A, and ISO/IEC 27002
- Modify any of the controls of ISO/IEC 27001:2013, Annex A, and ISO/IEC 27002
- Add guidance to, or modify the guidance of, ISO/IEC 27002
- ISO/IEC JTC 1/SC 27 is managed by ISO’s member for Germany, DIN.