Category ISO Standards

Guidelines for information and communication technology readiness for business continuity ISO/IEC 27031:2011 provides guidelines for the information and communication technology (ICT) readiness for business continuity within the broader context of organizational business continuity management (BCM). It bridges the gap between…

Guidelines for improving cybersecurity posture and managing cyber risks ISO/IEC 27032:2023 provides guidelines for improving an organization’s cybersecurity posture by addressing foundational aspects of cybersecurity — including the cybersecurity ecosystem, threat intelligence, attack surface management, and coordination among stakeholders. It…

Network security — Part 1: Overview and concepts ISO/IEC 27033-1:2015 is the introductory part of the ISO/IEC 27033 series, providing an overview of network security concepts, architecture guidance, and management practices. It establishes the foundational terminology, principles, and framework used…

Cloud-specific security controls and shared responsibility model implementation 1. Cloud-Specific Information Security Controls ISO/IEC 27017:2015 provides a code of practice for information security controls applicable to the provision and use of cloud services. It extends the comprehensive control set of…

Privacy controls and data subject rights framework for public cloud PII processing 1. Protecting PII in Public Cloud Environments ISO/IEC 27018:2019 establishes a code of practice for the protection of personally identifiable information (PII) in public cloud environments. As the…

Code of practice for information security controls applied to energy utility industry ISO/IEC 27019:2017 provides interpretation and implementation guidance for information security controls applied to energy utility organizations — including electricity, gas, oil, and heat suppliers, as well as associated…

Telecommunications-specific security controls and implementation guidance for ISMS 1. Telecommunications Security Framework ISO/IEC 27011:2016 provides a specialized code of practice for information security controls within the telecommunications sector, tailored from the comprehensive control set of ISO/IEC 27002. The telecommunications industry…

Integrating information security management and IT service management for operational excellence 1. Why Integrate ISO/IEC 27001 and ISO/IEC 20000-1? ISO/IEC 27013:2015 provides guidance on the integrated implementation of ISO/IEC 27001 (information security management) and ISO/IEC 20000-1 (service management). These two…

Strategic Oversight, Governance Principles, and the Evaluate-Direct-Monitor Cycle for Information Security ISO/IEC 27014:2020 (with its 2022 revision/amendment) establishes the governance framework for information security. Unlike operational standards such as ISO/IEC 27001 or 27002, which focus on the management and implementation…

Strategic framework for board-level information security governance 1. Governance Framework for Information Security ISO/IEC 27014:2020 (reaffirmed 2022) establishes a governance framework for information security that bridges the gap between executive leadership and operational security management. Unlike operational security standards that…