ISO/IEC 27003

ISO/IEC 27003, part of a growing family of ISO/IEC ISMS standards, the 'ISO/IEC 27000 series', is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its title is Information Technology - Security techniques - Information security management system implementation guidance.

The purpose of ISO/IEC 27003 is to provide help and guidance in implementing an ISMS (Information Security Management System).

Outline of the Standard

The standard contains the following sections:

  • 1. Introduction
  • 2. Scope
  • 3. Terms & Definitions
  • 4. Structure of this Standard
  • 5. Obtaining Management Approval for Initiating the Project to Implement an ISMS
  • 6. Defining ISMS Scope and ISMS Policy
  • 7. Conducting Organization Analysis
  • 8. Conducting Risk Assessment and Risk Treatment Planning
  • 9. Designing the ISMS

The standard was published in January 2010.

See also

External links

  • ISO Website