NBN ISO/IEC 27009:2020

Information security, cybersecurity and privacy protection — Sector-specific application of ISO/IEC 27001 — Requirements (ISO/IEC 27009:2020)

ACTIVE

About this standard

Languages
English
Type
NBN
Standards committee
AGORIA-ICT/J00127
Status
ACTIVE
Publication date
25 June 2020
Replaces
NBN ISO/IEC 27009:2016
ICS Code
35.030 (IT Security)
Withdrawn Date

About this training

Summary

This document specifies the requirements for creating sector-specific standards that extend ISO/ IEC 27001, and complement or amend ISO/ IEC 27002 to support a specific sector (domain, application area or market).

This document explains how to:

— include requirements in addition to those in ISO/ IEC 27001,

— refine or interpret any of the ISO/ IEC 27001 requirements,

— include controls in addition to those of ISO/ IEC 27001:2013, Annex A and ISO/ IEC 27002,

— modify any of the controls of ISO/ IEC 27001:2013, Annex A and ISO/ IEC 27002,

— add guidance to or modify the guidance of ISO/ IEC 27002.

This document specifies that additional or refined requirements do not invalidate the requirements in ISO/ IEC 27001.

This document is applicable to those involved in producing sector-specific standards.