Abstract 

ISO/IEC 27000:2009 provides an overview of information security management systems, which form the subject of the information security management system (ISMS) family of standards, and defines related terms. As a result of implementing ISO/IEC 27000:2009, all types of organization (e.g. commercial enterprises, government agencies and non-profit organizations) are expected to obtain:

  1. an overview of the ISMS family of standards;
  2. an introduction to information security management systems (ISMS);
  3. a brief description of the Plan-Do-Check-Act (PDCA) process; and
  4. an understanding of terms and definitions in use throughout the ISMS family of standards.

The objectives of ISO/IEC 27000:2009 are to provide terms and definitions, and an introduction to the ISMS family of standards that:

  1. define requirements for an ISMS and for those certifying such systems;
  2. provide direct support, detailed guidance and/or interpretation for the overall Plan-Do-Check-Act (PDCA) processes and requirements;
  3. address sector-specific guidelines for ISMS; and
  4. address conformity assessment for ISMS.


General information

  • Status :  Withdrawn
    Publication date : 2009-05
  • Edition : 1
    Number of pages : 19
  • Technical Committee
    :
    ISO/IEC JTC 1/SC 27
    Information security, cybersecurity and privacy protection
  • ICS :
    35.030
    IT Security
    01.040.35
    Information technology (Vocabularies)
    03.100.70
    Management systems

Life cycle

A standard is reviewed every 5 years



Revisions / Corrigenda

Got a question?

Check out our FAQs

Customer care
+41 22 749 08 88

Opening hours:
Monday to Friday - 09:00-12:00, 14:00-17:00 (UTC+1)

Keep up to date with ISO

Sign up to our newsletter for the latest news, views and product information.

  2. Store
  3. Standards catalogue
  4. ICS
  5. 35
  6. 35.030
  7. ISO/IEC 27000:2009