scope:

This International Standard provides:

a) an overview of the ISMS family of standards;

b) an introduction to information security management systems (ISMS);

c) a brief description of the Plan-Do-Check-Act (PDCA) process; and

d) terms and definitions for use in the ISMS family of standards.

This International Standard is applicable to all types of organization (e.g. commercial enterprises, government agencies, non-profit organizations).

Purpose of this International Standard

This International Standard provides an overview of information security management systems, which form the subject of the ISMS family of standards, and defines related terms.

NOTE Annex A provides clarification on how verbal forms are used to express requirements and/or guidance in the ISMS family of standards. The ISMS family of standards includes standards that:

a) define requirements for an ISMS and for those certifying such systems;

b) provide direct support, detailed guidance and/or interpretation for the overall Plan-Do-Check-Act (PDCA) processes and requirements;

c) address sector-specific guidelines for ISMS; and

d) address conformity assessment for ISMS.

The terms and definitions provided in this International Standard:

- cover commonly used terms and definitions in the ISMS family of standards;

- will not cover all terms and definitions applied within the ISMS family of standards; and

- do not limit the ISMS family of standards in defining terms for own use.

Standards addressing only the implementation of controls, as opposed to addressing all controls, from ISO/IEC 27002 are excluded from the ISMS family of standards.

To reflect the changing status of the ISMS family of standards, this International Standard is expected to be continually updated on a more frequent basis than would normally be the case for other ISO/IEC standards.