ISO/IEC 27004:2009

Information technology -- Security techniques -- Information security management -- Measurement

ISO/IEC 27004:2009 provides guidance on the development and use of measures and measurement in order to assess the effectiveness of an implemented information security management system (ISMS) and controls or groups of controls, as specified in ISO/IEC 27001.

ISO/IEC 27004:2009 is applicable to all types and sizes of organization.


General information

  • Current status : Withdrawn
    Publication date : 2009-12
  • Edition : 1
    Number of pages :
  • :
    ISO/IEC JTC 1/SC 27
    IT Security techniques
  • 03.100.70
    Management systems
    35.030
    IT Security

Got a question?

Check out our FAQs


Customer care
+41 22 749 08 88

Opening hours:
Monday to Friday - 09:00-12:00, 14:00-17:00 (UTC+1)

Life cycle

A standard is reviewed every 5 years



Revisions / Corrigenda

You may be interested in:

By Katie Bird on
Are you prepared for information security breaches? New ISO/IEC 27001 can help
The revised version of the popular information security management system standard ISO/IEC 27001 is now available. The standard helps companies secure their information assets – vital in today's world where the number and sophistication of cyber-attacks is on the rise.
By Edward Humphreys on
Operation cyber-security - Solutions for business-as-usual
Stories are many and varied about the cyber-threats faced by businesses, governments and citizens. These are not merely rumours ; they are real and their impact is significant.

Keep up to date with ISO

Sign up to our newsletter for the latest news, views and product information