UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

ISO/IEC 27009

Information security, cybersecurity and privacy protection — Sectorspecific application of ISO/IEC 27001 — Requirements

active, Most Current
Buy Now
Organization: ISO
Publication Date: 1 April 2020
Status: active
Page Count: 24
ICS Code (IT Security): 35.030
scope:

This document specifies the requirements for creating sector-specific standards that extend ISO/IEC 27001, and complement or amend ISO/IEC 27002 to support a specific sector (domain, application area or market).

This document explains how to:

- include requirements in addition to those in ISO/IEC 27001,

- refine or interpret any of the ISO/IEC 27001 requirements,

- include controls in addition to those of ISO/IEC 27001:2013, Annex A and ISO/IEC 27002,

- modify any of the controls of ISO/IEC 27001:2013, Annex A and ISO/IEC 27002,

- add guidance to or modify the guidance of ISO/IEC 27002.

This document specifies that additional or refined requirements do not invalidate the requirements in ISO/IEC 27001.

This document is applicable to those involved in producing sector-specific standards.

Document History

ISO/IEC 27009
April 1, 2020
Information security, cybersecurity and privacy protection — Sectorspecific application of ISO/IEC 27001 — Requirements
This document specifies the requirements for creating sector-specific standards that extend ISO/IEC 27001, and complement or amend ISO/IEC 27002 to support a specific sector (domain, application area...
ISO/IEC 27009
June 15, 2016
Information technology - Security techniques - Sector-specific application of ISO/IEC 27001 - Requirements
This International Standard defines the requirements for the use of ISO/IEC 27001 in any specific sector (field, application area or market sector). It explains how to include requirements additional...

References

This document references:
ISO/IEC 27019 - Information technology — Security techniques — Information security controls for the energy utility industry
Published by ISO on October 1, 2017
This document provides guidance based on ISO/IEC 27002:2013 applied to process control systems used by the energy utility industry for controlling and monitoring the production or generation,...
This document references:
ISO/IEC 27018 - Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
Published by ISO on January 1, 2019
This document establishes commonly accepted control objectives, controls and guidelines for implementing measures to protect Personally Identifiable Information (PII) in line with the privacy...
This document references:
ISO/IEC 27017 - Information technology - Security techniques - Code of practice for information security controls based on ISO/IEC 27002 for cloud services
Published by ISO on December 15, 2015
This Recommendation | International Standard gives guidelines for information security controls applicable to the provision and use of cloud services by providing: – additional implementation...
This document references:
ISO/IEC 27011 - Information technology - Security techniques - Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations TECHNICAL CORRIGENDUM 1
Published by ISO on September 1, 2018
A description is not available for this item.
This document references:
ISO/IEC 27010 - Information technology - Security techniques - Information security management for inter-sector and inter-organizational communications
Published by ISO on November 15, 2015
This International Standard provides guidelines in addition to the guidance given in the ISO/IEC 27000 family of standards for implementing information security management within information sharing...
This document is referenced by:
BS EN ISO/IEC 27000 - Information technology - Security techniques - Information security management systems - Overview and vocabulary
Published by BSI on March 31, 2020
A description is not available for this item.
This document is referenced by:
BS ISO/IEC 29151 - Information technology — Security techniques — Code of practice for personally identifiable information protection
Published by BSI on September 30, 2017
A description is not available for this item.
This document is referenced by:
NEN-EN-ISO/IEC 27000 - Information technology - Security techniques - Information security management systems - Overview and vocabulary
Published by NEN on March 1, 2020
This document provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards. This document is...
This document is referenced by:
CEI UNI EN ISO/IEC 27000 - Information technology - Security techniques - Information security management systems - Overview and vocabulary
Published by CEI on June 1, 2020
This document provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards. This document is...
This document is referenced by:
BS EN 16495 - TC - Tracked Changes (Redline) - Air Traffic Management – Information security for organisations supporting civil aviation operations
Published by BSI on February 24, 2020
A description is not available for this item.
View Less
View All
Advertisement