BS ISO/IEC 27009:2016 Information technology. Security techniques. Sector-specific application of ISO/IEC 27001. Requirements

BS ISO/IEC 27009:2016

Information technology. Security techniques. Sector-specific application of ISO/IEC 27001. Requirements

Status : Current, Under review   Published : June 2016



What is this standard about?

It defines how to apply BS ISO/IEC 27001:2013 in a sector (field, application area or market area) that has common security requirements, but where those requirements are unique to that sector.  It explains how to include sector-specific requirements additional to those found in BS ISO/IEC 27001, how to refine BS ISO/IEC 27001 requirements, and how to include controls or control sets additional to those found in BS ISO/IEC 27002.

Who is this standard for?

It is intended for use by standards’ writers developing sector-specific information security management system (ISMS) standards. It may also interest organizations that want to certify an ISMS with sector-specific requirements, particularly where those requirements are complex or involve multiple sectors or fields of application.

Why should you use this standard? 

BS ISO/IEC 27009:2016 ensures that additional or refined sector-specific requirements are not in conflict with the requirements of BS ISO/IEC 27001. It mandates a standard structure and contents template for sector-specific ISMS standards.It provides guidance for developers of sector-specific ISMS standards. If its requirements are met, it will be possible for certification bodies using BS ISO/IEC 27006:2015 to certify ISMSs built using the sector-specific standards against BS ISO/IEC 27001.

Standard NumberBS ISO/IEC 27009:2016
TitleInformation technology. Security techniques. Sector-specific application of ISO/IEC 27001. Requirements
StatusCurrent, Under review
Publication Date30 June 2016
Normative References(Required to achieve compliance to this standard)ISO/IEC 27002:2013, ISO/IEC 27000:2016, ISO/IEC 27001:2013
Informative References(Provided for Information)ISO/IEC 27010:2015, ISO/IEC 27017:2015, ISO/IEC Directives, ISO/IEC 27011:2008, ISO/IEC 27018:2014
International RelationshipsISO/IEC 27009:2016
Draft Superseded By15/30285726 DC
DescriptorsRecords (documents), Technical documents, Computer networks, Maintenance, Computers, Data storage protection, Computer technology, Data processing, Information systems, Anti-burglar measures, Information exchange, Data security, Classification systems, Management, Documents
Title in FrenchTechnologies de l’information. Techniques de sécurité. Application de l’ISO/IEC 27001 à un secteur spécifique. Exigences
ISBN978 0 580 83471 4
File Size1.776 MB

 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents

Worldwide Standards
We can source any standard from anywhere in the world

Tracked Changes

Understand the changes made to a standard with our new Tracked Changes version


The faster, easier way to work with standards

Customers who bought this product also bought

  • BS EN ISO/IEC 27001:2017
    Information technology. Security techniques. Information security management systems. Requirements