Topic-specific policies
ISO/IEC TR 27029

Search this site

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >


ISO/IEC TR 27029 — Information security, cybersecurity and privacy protection — ISO/IEC 27002 relationship with ISO and IEC standards [DRAFT]





Numerous ISO and IEC standards reference and draw upon the information security controls catalogued in ISO/IEC 27002 (either directly or via ISO/IEC 27001 Annex A), hence whenever ‘27002 is updated, those other standards need to be checked and if necessary updated.


Scope of the standard

The primary purpose of this standard was to identify which other standards are linked to ISO/IEC 27002, and hence where changes are likely to be needed whenever ‘27002 is updated.


Content of the standard

The main clause “ISO projects referencing ISO/IEC 27002” had 3 subclauses:

  • ISO/IEC JTC 1/SC 27 projects referencing ‘27002.
  • Other ISO/IEC JTC 1 projects referencing ‘27002.
  • Other ISO projects referencing ‘27002.

Each subclause had a table with columns for:

  • The number of a current standard that references ‘27002 e.g. ISO/IEC 27033-4:2014;
  • The title of the current standard e.g. Information technology - Security techniques - Network security - Part 4: Securing communications between networks using security gateways;
  • Which SC 27 Working Group is responsible for the standard e.g. WG4;
  • Whether the reference to ‘27002 is normative (Y) or not (N);
  • Comment - normally stating which version of ‘27002 is cited (e.g. 2005).


Status of the standard

This was destined to become a Technical Report but will now become an internal SC 27 Standing Document instead.


Personal comments

Common sense prevails!  This has value and utility primarily for the members of SC 27, not so much for the global standards user community. As ISO/IEC 27002 and related standards change, it can be maintained more easily, quickly and cheaply as an SD.

A comprehensive, proactively-maintained cross-reference matrix showing relationships (references) between any of the ISO27k standards, and perhaps others, would be even more useful ... hmmmm, now there’s an idea.


< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2024 IsecT Ltd. Contact us re Intellectual Property Rights