Abstract 

ISO/IEC 27004:2009 provides guidance on the development and use of measures and measurement in order to assess the effectiveness of an implemented information security management system (ISMS) and controls or groups of controls, as specified in ISO/IEC 27001.

ISO/IEC 27004:2009 is applicable to all types and sizes of organization.


General information

  • Status :  Withdrawn
    Publication date : 2009-12
  • Edition : 1
    Number of pages : 55
  • :
    ISO/IEC JTC 1/SC 27
    Information security, cybersecurity and privacy protection
  • 35.030
    IT Security
    03.100.70
    Management systems

Life cycle

A standard is reviewed every 5 years



Revisions / Corrigenda

Got a question?

Check out our FAQs

Customer care
+41 22 749 08 88

Opening hours:
Monday to Friday - 09:00-12:00, 14:00-17:00 (UTC+1)

Keep up to date with ISO

Sign up to our newsletter for the latest news, views and product information