The International Standards Organisation has just updated the ISO/IEC 27009 standard, which will enable businesses and organisations from all sectors to coherently address information security, cyber security and privacy protection.
Enabling all types of businesses and organisations to protect their information, as well as that of their clients and customers, the newly revised standard brings peace of mind through a consistent, internationally recognised approach.
ISO/IEC 27009 was developed by the group of experts in the technical committee on information security, cyber security and privacy protection, ISO/IEC JTC 1/SC 27 [1], which is jointly run with the International Electrotechnical Commission.
Committee Chair Dr Andreas Wolf explains the necessity of the newly published standard: “While ISO/IEC 27001 and ISO/IEC 27002 are widely accepted in organisations, including commercial enterprises, government agencies and not-for-profit organisations, there are needs for sector-specific versions of these standards. ISO/IEC 27009 allows users to create sector-specific standards that support a specific domain, application area or market.”
The ISO/IEC standard explains how to include requirements in addition to those in ISO/IEC 27001; refine or interpret any of the ISO/IEC 27001 requirements; include controls in addition to those of ISO/IEC 27001:2013, Annex A, and ISO/IEC 27002; modify any of the controls of ISO/IEC 27001:2013, Annex A, and ISO/IEC 27002 and add guidance to, or modify the guidance of, ISO/IEC 27002.