ISO/IEC 27009:2016 Preview

Information technology -- Security techniques -- Sector-specific application of ISO/IEC 27001 -- Requirements

ISO/IEC 27009:2016 defines the requirements for the use of ISO/IEC 27001 in any specific sector (field, application area or market sector). It explains how to include requirements additional to those in ISO/IEC 27001, how to refine any of the ISO/IEC 27001 requirements, and how to include controls or control sets in addition to ISO/IEC 27001:2013, Annex A.

It ensures that additional or refined requirements are not in conflict with the requirements in ISO/IEC 27001.

It is applicable to those involved in producing sector-specific standards that relate to ISO/IEC 27001.


General information

  • Status :  Published
    Publication date : 2016-06
  • Edition : 1
    Number of pages : 9
  • :
    ISO/IEC JTC 1/SC 27
    Information security, cybersecurity and privacy protection
  • 03.100.70
    Management systems
    35.030
    IT Security

Buy this standard

Format Language
PDF + ePub
Paper
  • CHF58

Life cycle

A standard is reviewed every 5 years



Revisions / Corrigenda

You may be interested in:

By Clare Naden on
Taking information security management to another level with a new standard for specific market sectors
With cyber threats on the rise putting businesses and industries at risk, it is more important than ever that organizations protect their information and that of their customers. It is no surprise, then, that the ISO and IEC standard for information security, ISO/IEC 27001, has become so widely used....

Got a question?

Check out our FAQs

Customer care
+41 22 749 08 88

Opening hours:
Monday to Friday - 09:00-12:00, 14:00-17:00 (UTC+1)

Keep up to date with ISO

Sign up to our newsletter for the latest news, views and product information

Subscribe