ISO/IEC 27000:2009

Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary

ISO/IEC 27000:2009 provides an overview of information security management systems, which form the subject of the information security management system (ISMS) family of standards, and defines related terms. As a result of implementing ISO/IEC 27000:2009, all types of organization (e.g. commercial enterprises, government agencies and non-profit organizations) are expected to obtain:

  1. an overview of the ISMS family of standards;
  2. an introduction to information security management systems (ISMS);
  3. a brief description of the Plan-Do-Check-Act (PDCA) process; and
  4. an understanding of terms and definitions in use throughout the ISMS family of standards.

The objectives of ISO/IEC 27000:2009 are to provide terms and definitions, and an introduction to the ISMS family of standards that:

  1. define requirements for an ISMS and for those certifying such systems;
  2. provide direct support, detailed guidance and/or interpretation for the overall Plan-Do-Check-Act (PDCA) processes and requirements;
  3. address sector-specific guidelines for ISMS; and
  4. address conformity assessment for ISMS.

General information

Got a question?

Check out our FAQs

Customer care
+41 22 749 08 88

Opening hours:
Monday to Friday - 09:00-12:00, 14:00-17:00 (UTC+1)

You may be interested in:

By Lisa Rajchel on
25 years of ISO/IEC JTC 1 - We'™ve come a long way!
From old-school punch plates to the latest security measures, information and communication technology (ICT) has come a long way in 25 years.
By Kevin McKinley on
ISO standards for business - An essential link to integrated reporting
For decades, standards have helped to ensure the quality, safety, reliability, efficiency, and interchangeability of products and services.

Keep up to date with ISO

Sign up to our newsletter for the latest news, views and product information