top of page
All bloggings


Adversaries as 'interested parties'
ISO/IEC 27000:2016 clause 4.4 "Why an ISMS is important" explained the purpose of information security and an ISMS in about a page of 7 paragraphs. In ISO/IEC 27000:2026, that clause became 4.1.7 "Importance of an ISMS" and was condensed to half a page with 3 paragraphs. It's more than just a tightening-up of the wording, though, including this new text: "Interested parties can include not only the organization’s customers, suppliers, business partners, employees, shareholde
11 minutes ago3 min read


Slimline ISO/IEC 27000 published
The brand new 2026 sixth edition of ISO/IEC 27000 takes just 11 shiny pages to outline an Information Security Management System and succinctly summarise a fifth of the ~100 ISO/IEC 27xxx (ISO27k) standards. Gone are 65 of the previous edition's definition of terms, leaving just 12, of which all bar 5 are shortened versions of definitions drawn from other ISO27k standards. The most useful part is clause 4 "Concepts and principles", four pages explaining why information securi
Jul 51 min read


Updated ISO/IEC Directives
In three months (October 5th this year), an updated set of ISO/IEC directives will come into force. While most of the changes relate to the internal management structures of committees and projects, aligning ISO and IEC and simplifying the directives, the timescales for standards development are being tightened-up with implications for the way standards work is initiated, specified, planned and managed, and the nature of the standards produced. The following comments reflect
Jul 33 min read


AI security standard 27090
Earlier today I blogged about the tedium and risks of ISO's slow processes, both consequences of the effort needed to align all those involved in standardisation and produce worthwhile, generally-acceptable standards. Here's another topical example. ISO/IEC 27090 "Cybersecurity — Artificial Intelligence — Guidance for addressing security threats and compromises to artificial intelligence systems" is at FDIS stage and will hopefully emerge from the sausage machine "soon-as", m
Jun 62 min read
bottom of page
