Security

Voting has commenced on the D raft I nternational S tandard ISO/IEC 27091 on AI privacy, with national standards bodies invited to vote and comment by Feb 25th 2026. I have updated the standard's page on this website , based on a brief skim-reading of the DIS, so far. I will update that page if I find the time to study the standard properly and reconsider my opinions. In summary, although I have concerns about the scope, focus and coverage of the standard, it does offer us

The D raft I nternational S tandard version of this forthcoming security and privacy standard on 'big data' has been released for national bodies to vote and comment before March 2026. Supplementing ISO's 'official' page about this standard , I have outlined the structure of the standard on its detailed info page on this website. If the DIS is approved by the voting members of ISO/IEC JTC 1/SC 27 without significant comments or objections, it may be published later in 2026

Patiently chiselling another work of art for ISO This month I am slaving away, diligently reviewing a C ommittee D raft of the next release of ISO/IEC 27003 , updating the 2017 second edition. ISO/IEC 27003:2017 provided 'explanation and guidance' on ISO/IEC 27001:2013. In practice, that meant mostly elaborating quite formally on the mandatory requirements from the main body of '27001. According to the editorial team, the standard revision project was supposed to take place

ISO/IEC JTC 1/SC 27/WG 1 has two interesting new projects on the cards ... ISMS implementation First comes a proposal to develop ISMS implementation guidance, essentially rejuvenating the original ISO/IEC 27003 . When the standard's 2010 first edition was revised in 2017, the committee decided to reduce the implementation guidance, instead focusing on explaining the I nformation S ecurity M anagement S ystem requirements in ISO/IEC 27001 . At the time (and subsequently, t