• Content Type

GB30397027

Information technology. Guidance on information security management system processes

Last updated: 7 Jan 2025

Development Stage

Pre-draft

Draft

Published

31 Mar 2021

Scope

This document defines a process reference model (PRM) for the domain of information security management, which is meeting the criteria defined in ISO/IEC 33004 for process reference models (see Annex A). It is intended to guide users of ISO/IEC 27001 to:

— incorporate the process approach as described by ISO/IEC 27000:2018, 4.3, within the ISMS;

— be aligned to all the work done within other standards of the ISO/IEC 27000 family from the perspective of the operation of ISMS processes

— support users in the operation of an ISMS ? this document is complementing the requirements-oriented perspective of ISO/IEC 27003 with an operational, process-oriented point of view. © ISO/IEC 2022 All rights reserved

External Links

More information
BSI webpage
[site_reviews_summary assigned_posts=”post_id” hide=”bars,if_empty” text=”{rating} out of {max} stars ({num} reviews)”]

Let the community know

Categorisation

Domain: Horizontal
Scope: Cybersecurity, AI-enabling - Information management, IT governance
Topic: Data protection, Risk management, Security and resilience
Type: Process, management and governance

Key Information

Organisation: ISO International Organization for Standardization ; IEC International Electrotechnical Commission, BSI
Committee: ISO/IEC JTC 1/SC 27
Relevant UK committee: IST/33/1
Share on XShare on LinkedIn

Discussion

[check_original_title]