The ISO/IEC 27000 family

In today’s information-heavy business world, information security is more important than ever before. So what can the ever-expanding information security management systems (ISMS) family offer organizations?

• ISO/IEC 27001 is the most important standard in the ISMS family. It adopts a risk-based approach and one which encourages continual process improvement

• the next key member, ISO/IEC 27002 (previously BS 7799 part one and ISO/IEC 17799), is a code of practice for information security management

Other members of the ISMS family include:

• ISO/IEC 27003 provides ISMS implementation guidance in support of ISO/IEC 27001
• ISO/IEC 27004 provides advice on what, when and how to take information security measurements
• ISO/IEC 27005 provides advice and guidance on ISMS risk management methods and techniques in support of the ISO/IEC 27001 risk processes
• ISO/IEC 27006 provides accreditation requirements for the certification of ISMS implementations based on ISO/IEC 27001 requirements. This standard specifies ISMS specific certification requirements and is used together with ISO/IEC 17021-1, the generic accreditation standard

In addition ISO/IEC JTC1/SC27 is developing a number of sector specific supporting documents for the ISO/IEC 27000 family including:

• ISO/IEC 27011 telecoms requirements
• ISO/IEC 27012 automotive requirements
• ISO/IEC 27013 world lottery association requirements
• ISO/IEC 27014 transportation information systems requirements

SC27 is the committee responsible for all the ISMS standards and professor Edward Humphreys manages the ISMS suite.