ISO/IEC 27011
Go home

ISO/IEC 27011:2008  Information technology — Security techniques — Information security management guidelines for telecommunications organizations based on ISO/IEC 27002

 

This ISMS implementation guide for the telecomms industry was developed by ITU-T and ISO/IEC JTC1/SC27 and published jointly as both ITU-T X.1051 and ISO/IEC 27011

 

ITU-T Recommendation X.1051 Information security management system – Requirements for telecommunications (ISMS-T) was originally published in English in July 2004, followed by Spanish, French and Russian translations in 2005.  It is based on the ISMS standards extant at that time i.e.:

  • ITU-T Recommendation X.800 (1991), Security architecture for Open Systems Interconnection for CCITT applications.
  • ITU-T Recommendation X.805 (2003), Security architecture for systems providing end-to-end communications.
  • ISO 9001:2000, Quality management systems – Requirements.
  • ISO 14001:1996, Environmental management systems – Specification with guidance for use.
  • ISO/IEC 17799:2000, Information technology – Code of practice for information security management (now known as ISO/IEC 27002).
  • ISO/IEC Guide 73:2002, Risk management – Vocabulary – Guidelines for use in standards.
  • BS 7799-2:2002, Information Security Management Systems – Specification with Guidance for use (now known as ISO/IEC 27001).

 

The summary states:

    “For telecommunications organizations, information and the supporting processes, telecommunications facilities, networks and lines are important business assets. In order for telecommunications organizations to appropriately manage these business assets and to correctly and successfully continue their business activities, information security management is extremely necessary. This Recommendation provides the requirements on information security management for telecommunications organizations.

    This Recommendation specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented information security management system (ISMS) within the context of the telecommunication's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual telecommunications or parts thereof.”

 

ITU-T proposed extending ISO/IEC 27011 with two new parts, namely:

  • Security management Guidelines for Small and Medium-sized telecommunications organizations [X.sgsm]: a guide to the implementation of information security management based on X.1051 (ISO/IEC 27011);
  • Asset Management Guidelines [X.amg]: a guide to good asset management practices for telecoms organizations.

Meanwhile, ISO/IEC JTC1/SC27 looks set to update the standard to reflect revisions in ISO/IEC 27001 and 27002.

Status of the standard

The standard was published in 2008.  It is available for CHF146 from the ISO/IEC webstore.

SC27 has confirmed that the standard will be revised in 2013-2014 (after ISO/IEC 27002 is revised and stable).

Copyright © 2013 IsecT Ltd.