Enabling all types of businesses and organisations to protect their information, as well as that of their clients and customers, the newly revised standard brings peace of mind through a consistent, internationally recognised approach.
ISO/IEC 27009 was developed by the group of experts in the technical committee on information security, cyber security and privacy protection, ISO/IEC JTC 1/SC 27 [1], which is jointly run with the IEC, the International Electrotechnical Commission.
Committee Chair Dr Andreas Wolf explains the necessity of the newly published standard: “While ISO/IEC 27001 and ISO/IEC 27002 are widely accepted in organisations, including commercial enterprises, government agencies and not-for-profit organisations, there are needs for sector-specific versions of these standards. ISO/IEC 27009 allows users to create sector-specific standards that support a specific domain, application area or market.”
The ISO/IEC standard explains how to include requirements in addition to those in ISO/IEC 27001; refine or interpret any of the ISO/IEC 27001 requirements; include controls in addition to those of ISO/IEC 27001:2013, Annex A, and ISO/IEC 27002; modify any of the controls of ISO/IEC 27001:2013, Annex A, and ISO/IEC 27002 and add guidance to, or modify the guidance of, ISO/IEC 27002.