About

Scope

The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as:

  • Security requirements capture methodology;
  • Management of information and ICT security; in particular information security management systems, security processes, and security controls and services;
  • Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information;
  • Security management support documentation including terminology, guidelines as well as procedures for the registration of security components;
  • Security aspects of identity management, biometrics and privacy;
  • Conformance assessment, accreditation and auditing requirements in the area of information security management systems;
  • Security evaluation criteria and methodology.
SC 27 engages in active liaison and collaboration with appropriate bodies to ensure the proper development and application of SC 27 standards and technical reports in relevant areas

Quick links

166

published ISO standards *

under the direct responsibility of ISO/IEC JTC 1/SC 27

69

ISO standards under development *

under the direct responsibility of ISO/IEC JTC 1/SC 27

56

Participating members

19

Observing members

* number includes updates

Reference Title Type
ISO/IEC JTC 1/SC 27/AG 1 Management Advisory Group Working group
ISO/IEC JTC 1/SC 27/SWG-T Transversal Items Working group
ISO/IEC JTC 1/SC 27/WG 1 Information security management systems Working group
ISO/IEC JTC 1/SC 27/WG 2 Cryptography and security mechanisms Working group
ISO/IEC JTC 1/SC 27/WG 3 Security evaluation, testing and specification Working group
ISO/IEC JTC 1/SC 27/WG 4 Security controls and services Working group
ISO/IEC JTC 1/SC 27/WG 5 Identity management and privacy technologies Working group
Liaison Committees to ISO/IEC JTC 1/SC 27

The committees below can access the documents of ISO/IEC JTC 1/SC 27 :

Reference Title ISO/IEC
IEC/SC 45A Instrumentation, control and electrical power systems of nuclear facilities IEC
IEC/TC 57 Power systems management and associated information exchange IEC
IEC/TC 65 Industrial-process measurement, control and automation IEC
ISO/CASCO Committee on conformity assessment ISO
ISO/IEC JTC 1 Information technology ISO/IEC
ISO/IEC JTC 1/SC 6 Telecommunications and information exchange between systems ISO/IEC
ISO/IEC JTC 1/SC 7 Software and systems engineering ISO/IEC
ISO/IEC JTC 1/SC 17 Cards and security devices for personal identification ISO/IEC
ISO/IEC JTC 1/SC 22 Programming languages, their environments and system software interfaces ISO/IEC
ISO/IEC JTC 1/SC 29 Coding of audio, picture, multimedia and hypermedia information ISO/IEC
ISO/IEC JTC 1/SC 31 Automatic identification and data capture techniques ISO/IEC
ISO/IEC JTC 1/SC 36 Information technology for learning, education and training ISO/IEC
ISO/IEC JTC 1/SC 37 Biometrics ISO/IEC
ISO/IEC JTC 1/SC 38 Cloud Computing and Distributed Platforms ISO/IEC
ISO/IEC JTC 1/SC 40 IT Service Management and IT Governance ISO/IEC
ISO/PC 302 Guidelines for auditing management systems ISO
ISO/TC 8 Ships and marine technology ISO
ISO/TC 22/SC 32 Electrical and electronic components and general system aspects ISO
ISO/TC 46/SC 11 Archives/records management ISO
ISO/TC 68/SC 2 Financial Services, security ISO
ISO/TC 68/SC 7 Core banking ISO
ISO/TC 171 Document management applications ISO
ISO/TC 176/SC 3 Supporting technologies ISO
ISO/TC 204 Intelligent transport systems ISO
ISO/TC 215 Health informatics ISO
ISO/TC 251 Asset management ISO
ISO/TC 272 Forensic sciences ISO
ISO/TC 292 Security and resilience ISO
ISO/TC 307 Blockchain and distributed ledger technologies ISO
Liaison Committees from ISO/IEC JTC 1/SC 27

ISO/IEC JTC 1/SC 27 can access the documents of the committees below :

Reference Title ISO/IEC
ISO/CASCO Committee on conformity assessment ISO
ISO/IEC JTC 1 Information technology ISO/IEC
ISO/IEC JTC 1/SC 6 Telecommunications and information exchange between systems ISO/IEC
ISO/IEC JTC 1/SC 7 Software and systems engineering ISO/IEC
ISO/IEC JTC 1/SC 17 Cards and security devices for personal identification ISO/IEC
ISO/IEC JTC 1/SC 22 Programming languages, their environments and system software interfaces ISO/IEC
ISO/IEC JTC 1/SC 25 Interconnection of information technology equipment ISO/IEC
ISO/IEC JTC 1/SC 29 Coding of audio, picture, multimedia and hypermedia information ISO/IEC
ISO/IEC JTC 1/SC 31 Automatic identification and data capture techniques ISO/IEC
ISO/IEC JTC 1/SC 36 Information technology for learning, education and training ISO/IEC
ISO/IEC JTC 1/SC 37 Biometrics ISO/IEC
ISO/IEC JTC 1/SC 38 Cloud Computing and Distributed Platforms ISO/IEC
ISO/IEC JTC 1/SC 40 IT Service Management and IT Governance ISO/IEC
ISO/PC 302 Guidelines for auditing management systems ISO
ISO/TC 22/SC 32 Electrical and electronic components and general system aspects ISO
ISO/TC 46/SC 11 Archives/records management ISO
ISO/TC 68/SC 2 Financial Services, security ISO
ISO/TC 68/SC 7 Core banking ISO
ISO/TC 171 Document management applications ISO
ISO/TC 176/SC 3 Supporting technologies ISO
ISO/TC 204 Intelligent transport systems ISO
ISO/TC 215 Health informatics ISO
ISO/TC 251 Asset management ISO
ISO/TC 262 Risk management ISO
ISO/TC 292 Security and resilience ISO
Organizations in liaison (Category A and B)
Acronym Title Category
(ISC)2 International Information Systems Security Certification Consortium, Inc. A
CCETT Common Study Center of Telediffusion and Telecommunication A
Cloud security alliance Cloud security alliance A
ECBS European Committee for Banking Standards A
Ecma International Ecma International A
ENISA European Network and Information Security Agency A
EPC Conseil Européen des Paiements AISBL A
ETSI European Telecommunications Standards Institute A
Global Platform - Global Platform Inc. Global Platform Inc. A
IEEE Institute of Electrical and Electronics Engineers, Inc A
ISACA Information Systems Audit and Control Association A
ISSEA International Systems Security Engineering Association A
ITU International Telecommunication Union A
MasterCard MasterCard International A
SBS - Small Business Standards Small Business Standards A

Organizations in liaison (Category C and D)

C & D liaisons participate at the level of a Working Group

Acronym Title Category
(ISC)2 International Information Systems Security Certification Consortium, Inc. C
ABC4Trust ABC4Trust - Attribute-based Credentials for Trust C
Article 29 Data Protection Working Party Article 29 Data Protection Working Party C
CCDB Common Criteria Development Board C
CREDENTIAL seCuRE clouD idENTIty wALlet C
CSCC Cloud Standards Customer Council C
Cyber Security The Cyber Security Naming & Information Structure Groups C
ETSI European Telecommunications Standards Institute C
EUDCA European Data Centre Association C
EuroCloud EuroCloud C
FIRST Forum of Incident Response and Security Teams C
INLAC Latinoamerican Institute for Quality Assurance C
Interpol Interpol C
ISA - Automation The International Society of Automation C
ISCI International Smart card Certification Intiatives C
ISF Information Security Forum C
Kantara Initiative Kantara Initiative C
OASIS-PMRM OASIS Privacy Management Reference Model C
OECD Organisation for Economic Co-operation and Development, OECD C
OIDF The OpenID Foundation C
Opengroup, United Kingdom Opengroup C
PICOS Privacy and Identity Management for Community Services C
PQCRYPTO Post-quantum cryptography for long-term security C
PRIPARE PReparing Industry to Privacy-by-design by supporting its Application in REsearch C
PRISMACLOUD Privacy and Security Maintaining Services in the Cloud C
SAFEcrypto Secure Architectures of Future Emerging Cryptography C
TAS3 Interdisciplinary Centre for Law and ICT (ICRI), C
TCG Trusted Computing Group C
TMForum TeleManagement Forum C
TREsPASS Technology-supported Risk Estimation by Predictive Assessment of Socio technical Security C
WITDOM empoWering prIvacy and securiTy in non-trusteD envirOnMents C
Date Month Location TC/SC Note
23-24 April 2018 Wuhan (China) ISO/IEC JTC 1/SC 27 *

* Information definite but meeting not yet formally convened
** Provisional

ISO/IEC JTC 1/SC 27 - Secretariat

DIN Germany
DIN Deutsches Institut für Normung e.V.
Am DIN-Platz
Burggrafenstrasse 6
D-10787 Berlin
Germany

Tel: +49 30 26 01-0
Fax: +49 30 26 01 12 31

Secretariat direct:
Mrs Krystyna Passia
Tel: +49 30 2601-2652
Fax: +49 30 2601-42652