BS ISO/IEC 27011 Information technology. Security techniques. Information security management guidelines for telecommunications organizations based on ISO/IEC 27002
Maintenance will be taking place on Saturday 13 February between 8:00 and 16:00 GMT and you may experience difficulties in purchasing documents via BSI Shop. If so, please come back and try later. Browsing and search functionality will not be affected. We apologise for any inconvenience caused.

Find Similar Items

This product falls into the following categories.

You may find similar items within these categories by selecting from the choices below:

Result Types


Industry Sector


ICS Category

BS ISO/IEC 27011:2008

Information technology. Security techniques. Information security management guidelines for telecommunications organizations based on ISO/IEC 27002

Status : Current, Work in hand   Published : May 2009



BS ISO/IEC 27011:2008 Information technology. Security techniques. Information security management guidelines for telecommunications organizations based on ISO/IEC 27002

BS ISO/IEC 27011 is the international standard that provides guidelines to support the implementation of information security management (ISM) in telecommunications organizations.

The standard is for telecommunications organizations and will enable them to meet baseline ISM requirements of confidentiality, integrity, availability and any other relevant security property of telecommunications.

BS ISO/IEC 27011 establishes guidelines and general principles for initiating, implementing, maintaining, and improving ISM in telecommunications organizations based on BS ISO/IEC 27002 Code of practice for information security management.

BS ISO/IEC 27011 now includes a Telecommunications Extended Control Set which provides new controls and implementation guidance for a telecommunications organization. This has been included in two new Annexes.

It provides an implementation baseline of ISM within telecommunications organizations to ensure the confidentiality, integrity and availability of telecommunications facilities and services.

Why should I implement BS ISO/IEC 27011?
Telecommunications organizations that implement BS ISO/IEC 27011 both within and between jurisdictions, will:

  • Be able to assure the confidentiality, integrity and availability of the global telecommunications facilities and services
  • Have adopted secure collaborative processes and controls ensuring the lowering of risks in the delivery of telecommunications services
  • Be able to redeploy resources to more productive activities
  • Have adopted a consistent holistic approach to information security
  • Be able to improve personal awareness and increase public trust.

What are the objectives of BS ISO/IEC 27011?

BS ISO/IEC 27011 provides practical guidance specially suited for telecommunications organizations on:

  • Commonly-accepted goals of information security management specifically suited for telecommunications organizations
  • Information security management practices to assist in the building of confidence for telecommunications activities.

Who should use BS ISO/IEC 27011?

BS ISO/IEC 27011 is for telecommunications organizations; anyone responsible for information security; together with security vendors, auditors, telecommunications terminal vendors and application content providers,

It provides them with a common set of general security control objectives based on ISO/IEC 27002, telecommunications sector specific controls, and information security management guidelines allowing for the selection and implementation of such controls.

Contents of BS ISO/IEC 27011 include:

  • Normative references
  • Definitions
  • Overview
  • Structure of this guideline
  • Information security management systems in Telecommunications business
  • Security Policy
  • Organization of information security
  • Internal organization
  • External parties
  • Asset management
  • Responsibility for assets
  • Information classification
  • Human resources security
  • Prior to employment
  • During employment
  • Termination or change of employment
  • Physical and environmental security
  • Secure areas
  • Equipment security
  • Communications and operations management
  • Operational procedures and responsibilities
  • Third party service delivery management
  • System planning and acceptance
  • Protection against malicious and mobile code
  • Back-up
  • Network security management
  • Media handling
  • Exchange of information
  • Electric Commerce Service
  • Monitoring
  • Access control
  • Business requirement for access control
  • User access management
  • User responsibilities
  • Network access control
  • Operating system access control
  • Application and information access control
  • Mobile computing and teleworking
  • Information systems acquisition, development and maintenance
  • Security requirements of information systems
  • Correct processing in applications
  • Cryptographic controls
  • Security of system files
  • Security in development and support processes
  • Technical Vulnerability Management
  • Information security incident management
  • Reporting information security events and weaknesses
  • Management of information security incidents and improvements
  • Business continuity management
  • Information security aspects of business continuity management
  • Compliance
  • Telecommunications Extended Control Set
  • Additional Implementation Guidance
  • Bibliography

Read the Introduction for more information

Standard NumberBS ISO/IEC 27011:2008
TitleInformation technology. Security techniques. Information security management guidelines for telecommunications organizations based on ISO/IEC 27002
StatusCurrent, Work in hand
Publication Date31 May 2009
Cross ReferencesISO/IEC 27001:2005, ISO/IEC 27002:2005, ITU-T Recommendation X.805 (2003), ISO/IEC 18028-1:2006, ISO/IEC 18028-2:2006, ISO/IEC 18028-3:2005, ISO/IEC 18028-4:2005, ISO/IEC 18028-5:2006, ISO/IEC 18043:2006, ISO/IEC TR 18044:2004, ISO/IEC 27005:2008
International RelationshipsISO/IEC 27011:2008,ITU-T Rec. X.1051:2008
Draft Superseded By07/30166242 DC
DescriptorsData security, Data storage protection, Data processing, Computers, Management, Telecommunication, Communication networks, Computer networks, Communication equipment, Computer hardware, Computer software, Data transmission, Information exchange, Access
Title in FrenchTechnologies de l'information. Techniques de sécurité. Lignes directrices pour le management de la sécurité de l'information pour les organismes de télécommunications sur la base de l'ISO/CEI 27002
ISBN978 0 580 59010 8
File Size1.128 MB

 Your basket
Your basket is empty

Worldwide Standards

We can source any standard from anywhere in the world


The faster easier way to work with standards

BSI Essentials: 9001

Includes both ISO 9001:2015 and its supporting standard, ISO 9000:2015 with commentary by experts to help you quickly understand the changes

ISO 14001

ISO 14001 - the world's most popular environmental management system (EMS) standard, has been revised 

Customers who bought this product also bought

  • BS ISO/IEC 27003:2010
    Information technology. Security techniques. Information security management system implementation guidance
  • BS ISO/IEC 27004:2009
    Information technology. Security techniques. Information security management. Measurement
  • BS ISO/IEC 27005:2011
    Information technology. Security techniques. Information security risk management
  • BS ISO/IEC 27007:2011
    Information technology. Security techniques. Guidelines for information security management systems auditing