UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

NEN-ISO/IEC 27009

Information security, cybersecurity and privacy protection - Sector-specific application of ISO/IEC 27001 - Requirements

active, Most Current
Organization: NEN
Publication Date: 1 April 2020
Status: active
Page Count: 28
ICS Code (Management systems): 03.100.70
ICS Code (IT Security): 35.030
scope:

This document specifies the requirements for creating sector-specific standards that extend ISO/IEC 27001, and complement or amend ISO/IEC 27002 to support a specific sector (domain, application area or market).

This document explains how to:

- include requirements in addition to those in ISO/IEC 27001,

- refine or interpret any of the ISO/IEC 27001 requirements,

- include controls in addition to those of ISO/IEC 27001:2013, Annex A and ISO/IEC 27002,

- modify any of the controls of ISO/IEC 27001:2013, Annex A and ISO/IEC 27002,

- add guidance to or modify the guidance of ISO/IEC 27002.

This document specifies that additional or refined requirements do not invalidate the requirements in ISO/IEC 27001.

This document is applicable to those involved in producing sector-specific standards.

Document History

NEN-ISO/IEC 27009
April 1, 2020
Information security, cybersecurity and privacy protection - Sector-specific application of ISO/IEC 27001 - Requirements
This document specifies the requirements for creating sector-specific standards that extend ISO/IEC 27001, and complement or amend ISO/IEC 27002 to support a specific sector (domain, application area...
NEN-ISO/IEC 27009
June 1, 2016
Information technology - Security techniques - Sector-specific application of ISO/IEC 27001 - Requirements
NEN-ISO/IEC 27009 defines the requirements for the use of ISO/IEC 27001 in any specific sector (field, application area or market sector). It explains how to include requirements additional to those...

References

This document references:
ISO/IEC 27000 - Information technology - Security techniques - Information security management systems - Overview and vocabulary
Published by ISO on February 1, 2018
This document provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards. This document is...
This document references:
ISO/IEC 27010 - Information technology - Security techniques - Information security management for inter-sector and inter-organizational communications
Published by ISO on November 15, 2015
This International Standard provides guidelines in addition to the guidance given in the ISO/IEC 27000 family of standards for implementing information security management within information sharing...
This document references:
ISO/IEC 27011 - Information technology - Security techniques - Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations TECHNICAL CORRIGENDUM 1
Published by ISO on September 1, 2018
A description is not available for this item.
This document references:
ISO/IEC 27017 - Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services
Published by ISO on December 15, 2015
This Recommendation | International Standard gives guidelines for information security controls applicable to the provision and use of cloud services by providing: – additional implementation...
This document references:
ISO/IEC 27018 - Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
Published by ISO on January 1, 2019
This document establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy...
This document references:
ISO/IEC 27019 - Information technology — Security techniques — Information security controls for the energy utility industry
Published by ISO on October 1, 2017
This document provides guidance based on ISO/IEC 27002:2013 applied to process control systems used by the energy utility industry for controlling and monitoring the production or generation,...
This document references:
ISO/IEC 27001 - Information technology - Security techniques - Information security management systems - Requirements
Published by ISO on October 1, 2013
This International Standard specifies the requirements for establishing, implementing, maintain and continually improving an information security management system within the context of the...
This document references:
ISO/IEC 27002 - Information technology - Security techniques - Code of practice for information security controls TECHNICAL CORRIGENDUM 2
Published by ISO on November 15, 2015
A description is not available for this item.
View Less
View All
Advertisement