All bloggings

Voting has commenced on the D raft I nternational S tandard ISO/IEC 27091 on AI privacy, with national standards bodies invited to vote and comment by Feb 25th 2026. I have updated the standard's page on this website , based on a brief skim-reading of the DIS, so far. I will update that page if I find the time to study the standard properly and reconsider my opinions. In summary, although I have concerns about the scope, focus and coverage of the standard, it does offer us

The D raft I nternational S tandard version of this forthcoming security and privacy standard on 'big data' has been released for national bodies to vote and comment before March 2026. Supplementing ISO's 'official' page about this standard , I have outlined the structure of the standard on its detailed info page on this website. If the DIS is approved by the voting members of ISO/IEC JTC 1/SC 27 without significant comments or objections, it may be published later in 2026

Patiently chiselling another work of art for ISO This month I am slaving away, diligently reviewing a C ommittee D raft of the next release of ISO/IEC 27003 , updating the 2017 second edition. ISO/IEC 27003:2017 provided 'explanation and guidance' on ISO/IEC 27001:2013. In practice, that meant mostly elaborating quite formally on the mandatory requirements from the main body of '27001. According to the editorial team, the standard revision project was supposed to take place

ISO/IEC TS 27028 moved a step closer to publication by passing a vote at DIS stage. When released in the middle of 2026, the standard will have a new title not now mentioning ISO/IEC 27002: Guideline on using information security control attributes and a succinct scope: This document provides guidance on the use of information security control attributes. The guidance set out given in this document is generic and is intended to be applicable to all organizations, regardless

ISO/IEC JTC 1/SC 27/WG 1 has two interesting new projects on the cards ... ISMS implementation First comes a proposal to develop ISMS implementation guidance, essentially rejuvenating the original ISO/IEC 27003 . When the standard's 2010 first edition was revised in 2017, the committee decided to reduce the implementation guidance, instead focusing on explaining the I nformation S ecurity M anagement S ystem requirements in ISO/IEC 27001 . At the time (and subsequently, t

When drafting technical standards, there are natural tensions concerning the audience, purpose and language used. On the one hand, 'technical' implies complexities and precision in the content, with details relating to science and engineering. This generally means writing for a competent and knowledgeable professional audience, providing specific details to guide and enable them to get to grips with the subject matter. A technical standard on, say, nuts and bolts would typi

From Nvidia's triumphant press release yesterday : “Blackwell sales are off the charts, and cloud GPUs are sold out,” said Jensen Huang, founder and CEO of NVIDIA. “Compute demand keeps accelerating and compounding across training and inference — each growing exponentially. We’ve entered the virtuous cycle of AI. The AI ecosystem is scaling fast — with more new foundation model makers, more AI startups, across more industries, and in more countries. AI is going everywhere, do

'Me' putting the plug in the sink I've been circling the plughole this morning, trying to figure out why 3 of the ISO27k standards detailed pages had different URL structures to the other 97. Specifically, the URLs for the pages on ISO/IEC 27000, 27001 and 27002 contained something like 'title- here'. Wix offers a function to define the 'URL slugs' for the pages constructed dynamically from the CMS content, using one or more fields from the CMS to generate the last part of t

That's Google Gemini's AI representation of 'me' supergluing a broken hyperlink back together. Having copied-and-pasted content from the old website into Wix, I discovered that Wix faithfully replicates any hyperlinks in the original, but doesn't routinely underline them ... which makes them essentially invisible unless/until we mouse over them on the live website, or unless our browsers automatically underline all hyperlinks for us. Mine doesn't. Furthermore, many of the

An initial draft of this standard has been released to SC27 as the first W orking D raft, so I took the opportunity to update the info page. '27566 concerns age verification - techniques to determine the age of a website or app user, for example to prevent minors accessing adult materials. Part 2 will form a bridge linking the foundational concepts in part 1 with the analytical approaches in part 3.  It will advise on how to ascertain the age verification objectives, parame

Given the astounding volume of financial investment driving innovation at breakneck speed, A rtificial I ntelligence is an impressive and yet still relatively rudimentary techology. In particular, today's gen erative AI services are capable of spouting content that reads quite well, giving the superficial appearance of intelligence and value. However, all is not as it seems. Barely beneath the surface lies the sloppy depths, the robots making stuff up to plug numerous gaps in

Made a few more tiny updates to the website this morning, mostly in the FAQ - rearranging some of the questions and answers, fiddling with the wording here and there, replicating the previous-up-next buttons from the top to the bottom of each FAQ section, tweaking generally. The rate of changes to this website is gradually decreasing as I tackle various snags and niggles that catch my beady eye (just the one - the beady one!), although that still leaves a few issues reported

I've added a basic Wix search function to the website, so visitors can hunt for information on the site using keywords or search phrases. Click the magnifying glass at the top of the screen to start searching, and type in the term you seek e.g. The "Top suggestions" are, I guess, what the Wix search function believes are the strongest, most relevant search results - probably the very pages you are looking for. The "Other Pages" are weaker matches. Click any of the results t

The automated DNS changes linking ISO2700security.com to the new-look Wix website were completed sooner than expected at last night, when I had knocked-off for the day to watch the 6 o'clock news on NZ TV. Straight away I spotted page layout issues on my smartphone and laptop that were not present on my usual desktop PC in the office ... but I was able to make a few tweaks right there on the couch without having to go back to work, thanks to online access to the web based s

Well, OK, the new-look website isn't perfect (yet) but it's plenty good enough to release to a desperately waiting world ... so this evening I have hit the big switch to initiate the DNS change-over. Thanks to the wonders of Wix, the DNS transfr is almost entirely automated, apart from my authorisation go-ahead to GoDaddy anyway. Nice to see someone has thought seriously about web security. Apparently the transfer will take "up to 48 hours" ... so over the next couple of day

Before the sun came up this morning, fueled by strong coffee and prompted by yet another lame social media thread about this, I've written a new FAQ concerning disclosure of the S tatement o f A pplicability. On LinkeDin, there's the usual confusing muddle of concerns and conflicting advice when someone asked whether a company can share its SoA, adding that (according to someone on Reddit last night [allegedly]) the [certification?] auditor said they "cannot share the SoA bec

The pilot feedback from friends and AI robots is proving useful: corrections and improvement suggestions are on the go and will continue indefinitely, hopefully tailing off in volume as the website gradually settles down. Already, it's proving a little quicker and easier to update the site on Wix than it was in NoF. I appreciate the new-look site design is minimalist, generic, a bit rough-n-ready, quite raw in places. So far, I've been focused on migrating the information c

The migrated website is nearly ready to release, so it's time to invite comments, criticisms and improvement suggestions from some trusted colleagues - donors, friends, gurus. I will email them a link to the pilot site, today. Depending on the feedback, I can hopefully complete the final tweaks and release the website to the waiting world next week, with some launch publicity. Meanwhile, I will continue indefinitely looking for and tackling inconsistencies, awkwardness, error

OK, it's 'done', for now anyway. So far, I have replicated the FAQ structure from the NoF version of the website with sections about the standards, implementation, documentaiton, risk management, assurance and maturity. I took the opportunity to meddle with the FAQ wording here and there, reduce duplication and simplify the content a little - plenty more to do on that score, later. Meanwhile, I plan to add a page or rolling banner or something to acknowledge our generous d

I'm about half way through migrating the extensive ISO27k FAQ into Wix CMS, and seriously reconsidering whether it's worth the effort. There's a lot of content here - useful, relevant, pragmatic content I hope but is the FAQ format appropriate? I'm not sure. Anyway, thanks to the CMS, I can dice, slice and present it differently in future if I choose, particularly if visitor feedback indicates the need. Meawhile, I updated the info page for ISO/IEC 27565 today, based on