Search Results

Back Up Next ISO/IEC 27050-4 ISO/IEC 27050-4:2021 — Information technology — Electronic discovery — Part 4: Technical readiness (first edition) Up Abstract ISO/IEC 27050 part 4 “provides guidance on the ways an organization can plan and prepare for, and implement, electronic discovery from the perspective of both technology and processes. [Part 4] provides guidance on proactive measures that can help enable effective and appropriate electronic discovery and processes. [Part 4] is relevant to both non-technical and technical personnel involved in some or all of the electronic discovery activities.” [Source: ISO/IEC 27050-4:2021 ] Introduction In 35 pages, part 4 describes "technical readiness" (defined as "having the knowledge, skills, processes and technologies needed to address a particular issue or challenge") in the context of eDiscovery and eForensics. It covers the selection, preparation and use of tools supporting each step of the electronic discovery process, including the retention/storage, production and eventual destruction of E lectronically S tored I nformation. Scope Guidance on preparing the technology (i.e. the forensic tools and systems supporting the collection, storage, collation, searching, analysis and production of ESI, plus the related processes) and the associated processes required for eDiscovery. Note: 'technical' and 'technological' are, technically, different words with different meanings. Structure Main clauses: 6: Technical readiness 7: Readiness for electronic discovery 8: Additional considerations 9: Electronic discovery cross-cutting aspects Annex A: ESI storage questionnaire Status The current first edition was published in 2021 . Commentary As usual for ISO standards, part 4 offers generic advice and does not specify or recommend specific commercial or free/open-source tools. Up Up Up This page last updated: 12 February 2026

Back Up Next ISO/IEC 27050-2 ISO/IEC 27050-2:2018 — Information technology — Security techniques — Electronic discovery — Part 2: Guidance for governance and management of electronic discovery (first edition) Up Abstract ISO/IEC 27050 part 2 “provides guidance for technical and non-technical personnel at senior management levels within an organisation, including those with responsibility for compliance with statuary and regulatory requirements, and industry standards. [Part 2] describes how such personnel can identify and take ownership of risks related to electronic discovery, set policy and achieve compliance with corresponding external and internal requirements. It also suggests how to produce such policies in a form which can inform process control. Furthermore, it provides guidance on how to implement and control electronic discovery in accordance with the policies.” [ Source: ISO/IEC 27050-2:2018 ] Introduction Part 2 guides management on identifying and treating the information risks related to eDiscovery e.g. by setting and implementing eDiscovery-related policies and complying with relevant (mostly legal) obligations and expectations. It also offers guidance on good governance for forensics work i.e. the overarching framework or structure within which digital forensic activities take place and are managed through a controlled, repeatable and trustworthy suite of activities. Scope Governance and management of eDiscovery. Structure Main clauses: 5: Electronic discovery background 6: Governance of electronic discovery 7: Management of electronic discovery 8: Risks and environmental factors 9: Compliance and review Status The current first edition of part 2 was published in 2018 . Commentary Part 2 suggests a few possible metrics, although organisations are well advised to determine their own based on their objectives relating to eDiscovery, eForensics, incident management, information risks and so forth. Of all the things going on in this area, which parts and aspects are important for the business and why? What kinds of information would help management manage them? What questions are likely to need answering? Those are good clues to the metrics that would actually help, as opposed to metrics suggested by others - including ISO. Thankfully, part 2 outlines information risks that various information security controls are intended to mitigate. However, the list of risks is incomplete, for example it fails to mention that damage, theft, loss or some other incident affecting ESI can compromise its value and admissibility in court, potentially decimating an otherwise valid case. It's a starting point though, something worth elaborating on. Hint: metrics relating to key risks and key controls are likely to be of value to management. Up Up Up This page last updated: 12 February 2026

Back Up Next ISO/IEC 27050-3 ISO/IEC 27050-3:2020 — Information technology — Security techniques — Electronic discovery — Part 3: Code of practice for electronic discovery (second edition) Up Abstract ISO/IEC 27050 part 3 “provides requirements and recommendations on activities in electronic discovery, including, but not limited to, identification, preservation, collection, processing, review, analysis and production of electronically stored information (ESI). In addition, this document specifies relevant measures that span the lifecycle of the ESI from its initial creation through to final disposition. [Part 3] is relevant to both non-technical and technical personnel involved in some or all of the electronic discovery activities. It is important to note that the user is expected to be aware of any applicable jurisdictional requirements.” [Source: ISO/IEC 27050-3:2020 ] Introduction Part 3 identifies requirements and offers guidance on the seven main steps of eDiscovery noted in part 1 i.e . ESI: Identification - what information from/at a crime scene might be relevant and useful? Preservation - starting the chain of evidence. Collection - removing physical media etc, Processing - forensic bit-copies. Review - searching evidence for relevant info. Analysis - picking out the most weighty bits for court. Production - preparing the evidence+analysis to present in court. Scope The structured processes involving Electronically Stored Information. Structure Main clauses: 5: Electronic discovery background 6: Electronic discovery requirements and guidance Status The first edition was published in 2017 . The current second edition was published in 2020 . Commentary Part 3 is, essentially, a basic, generic how-to-do-it guide laying out the key elements that will no doubt form the basis of many digital forensics manuals. While full-time forensics specialists have their own well-practiced procedures, training, forms, tools etc., corporate information security pro's who only get involved occasionally in this area may benefit from preparing the basics to get the process started properly, even if the decision is made to call in eForensics specialists. If things get fouled up at the beginning, they are unlikely to be recoverable later on, compromising potentially valid cases. Up Up Up This page last updated: 12 February 2026

Back Up Next ISO/IEC 27050-1 ISO/IEC 27050-1:2019 — Information technology — Security techniques — Electronic discovery — Part 1: Overview and concepts (second edition) Up Abstract “Electronic discovery is the process of discovering pertinent Electronically Stored Information (ESI) or data by one or more parties involved in an investigation or litigation, or similar proceeding. [ISO/IEC 27050-1] provides an overview of electronic discovery ...” [Source: ISO/IEC 27050-1:2019 ] Introduction The fundamental purpose of the ISO27k digital forensics standards is to promote good practice methods and processes for forensic capture and investigation of digital evidence. While individual investigators, organisations and jurisdictions may well retain certain methods, processes and controls in compliance with local laws, regulations and established practices, it is hoped that standardization will (eventually) lead to the adoption of similar if not identical approaches internationally, making it easier to compare, combine and contrast the results of such investigations even when performed by different people or organisations and potentially across different jurisdictions. Scope Part 1 gives an overview of eDiscovery, defines the terms, concepts, processes etc . (e.g. E lectronically S tored I nformation), and introduces this multi-part standard. Structure Main clauses: 5: Overall structure and overview of the ISO/IEC 27050 series 6: Overview of electronic discovery 7: E lectronically S tored I nformation (ESI) 8: Electronic discovery process 9: Additional considerations Status The first edition was published in 2016 . The current second edition was published in 2019 . Commentary This multi-part standard concerns the discovery phase, specifically the discovery of E lectronically S tored I nformation, a legal term-of-art meaning (in essence) forensic evidence in the form of digital data. Electronic discovery (eDiscovery) involves the following main steps: Identification: ESI that is potentially relevant to a case is identified, along with its locations, custodians, sizes/volumes etc. This can be more complex than it may appear, for instance involving information assets belonging not just to the individual suspects but also their employers, friends and other organisations such as phone companies and the suppliers of services such as email and Internet access (ISPs), even social media. Operational/online data, backups and archives may all contain relevant data. Often, this phase is time-critical since potential evidence (especially ephemeral operational data) may be spoiled or destroyed before it has been captured and preserved; Preservation: the identified, potentially relevant ESI is placed under a legal hold, starting the formalized forensic process designed to ensure, beyond doubt, that they are protected through the remaining steps against threats such as loss/theft, accidental damage, deliberate interference/manipulation and replacement/substitution, any of which might spoil, discredit and devalue the data, perhaps resulting in the ESI being ruled inadmissible or simply becoming unusable. The legal hold is essentially a formal obligation on the custodian not to interfere with or delete the ESI. Note: this may have implications on live systems since their continued operation may spoil the ESI; Collection: the ESI is collected from the original custodian, typically by physically removing the original digital storage media (hard drives, memory sticks and cards, CDs, DVDs, whatever) and perhaps associated physical evidence (such as devices, media storage cases, envelopes etc . that might have fingerprints or DNA evidence linking a suspect to the crime) into safe custody. In the case of Internet, cloud or other dispersed and ephemeral data including RAM on a running system, it may be impracticable or impossible to secure the data by capturing physical media, hence the data rather than the media may need to be captured directly in a forensically sound manner. Note: the original evidence may later be produced in court hence all subsequent forensic analysis must be performed in such a way that there is no credible possibility that it might have been spoiled e.g. by analysing bit-copies made with suitable forensic tools and methods rather than the original evidence itself. Note also that physically removing systems and media into the custody of a third party could itself be classed as an information security incident with clear implications on the confidentiality, integrity and availability of the information, particularly since, at this stage, the case is not proven: in other words, liabilities may be accumulating; Processing: forensic bit-copies are stored in a form that allows them to be searched or analysed for information that is relevant to the case, using suitable forensic tools and platforms. Sifting out the few vital bits of data from a much larger volume typically collected is the crux of this step; Review: forensic bit-copies are searched or analysed for information that is relevant to the case; Analysis: the information is further analysed and assessed as to its relevance, suitability, weight, meaning, implications etc. Useful information is gleaned from the selected data; Production: relevant information from the analysis, plus the original storage media etc. , is formally presented to the court as evidence. This inevitably involves demonstrating and explaining the meaning of the evidence in terms that make sense to the court. Hopefully, something along the lines of “I state, under oath, that we complied fully with ISO/IEC 27050” will, in future, side-step a raft of challenges concerning the eDiscovery processes! Up Up Up This page last updated: 12 February 2026

Back Up Next ISO/IEC 27046 ISO/IEC 27046 — Information technology — Big data security and privacy — Implementation guidelines [DRAFT] Up Abstract ISO/IEC 27046 "aims to analyze key challenges and risks of big data security and privacy, and propose guidelines for implementation of big data security and privacy in aspects of big data resources, and organizing, distributing, computing and destroying big data.” [Source: ISO/IEC JTC 1/SC 27 Committee Doc 11, May 2025] Introduction This standard was intended to help organisations implement the processes described in ISO/IEC 27045 in order to ensure the security and privacy of big data. Scope The standard may “address the key challenges and risks of big data security and privacy”, providing guidance on how to: [Identify and] grade [evaluate?] big data security and privacy risks; Deploy [implement, use and manage] and maintain security and privacy controls [and other risk treatments?]; Validate and verify big data security and privacy arrangements [to gain assurance]. The audiences include: “software and hardware providers to securely construct a big data framework”; “application operators [service providers??] to securely maintain a big data framework”; “data providers and consumers to securely realize big data functions [??]; “industry to improve robustness and efficiency at the ecosystem level [??] to improve compatibility and inter-operation, to diversify choices of security products and to reduce redundant cost on security”. [from the 4th Working Draft ]. ISO/IEC 20547-4 “Information technology - Big data reference architecture - Part 4: Security and privacy” is cited as a normative (essential) reference. Structure The standard may guide big data security and privacy planners, managers, implementers, operators and auditors, through a lifecycle sequence of big data: Collection - data are amassed from internal/corporate and external systems; Transmission - data pass between networks; Storage - stored in massive database systems, perhaps in the cloud; Processing - manipulating and analysing big data to gain useful insight; Exchange - information passes between organisations; and Destruction - securely and permanently destroying big data. The applicable information security and privacy controls vary across the lifecycle, and are described succinctly in the standard through a set of action-oriented statements (e.g . in the big data transmission stage, one control is to “check the integrity of the transmitted data”, with no further guidance about why that may be important nor how to do it). In effect, the standard is a generic checklist of suggested/potential controls to consider, adapt and adopt. Status The standard development project commenced in 2019 and reached C ommittee D raft stage before being halted due to the rebooting of the ISO/IEC 27045 project in 2023, returning to the P reliminary W ork I tem stage. It is unlikely to surface before ISO/IEC 27045 is published in 2027 - so maybe 2028? Commentary The definition of ‘big data’ in the draft standard did not (in my personal, rather jaundiced and cynical opinion) reflect its widespread use in the IT industry at present, mostly because of the vagueness of ‘extensive’ which is essentially synonymous with, and adds little clarity to, plain ‘big’. I find Wikipedia more helpful e.g. : “Current usage of the term big data tends to refer to the use of predictive analytics, user behavior analytics, or certain other advanced data analytics methods that extract value from data, and seldom to a particular size of data set. "There is little doubt that the quantities of data now available are indeed large, but that's not the most relevant characteristic of this new data ecosystem." Analysis of data sets can find new correlations to "spot business trends, prevent diseases, combat crime and so on." Scientists, business executives, practitioners of medicine, advertising and governments alike regularly meet difficulties with large data-sets in areas including Internet searches, fintech, urban informatics, and business informatics. Scientists encounter limitations in e-Science work, including meteorology, genomics, connectomics, complex physics simulations, biology and environmental research.” For me, one of the defining characteristics of big data is that typical (mostly relational) database management systems struggle or are unable to cope with the complexity and dynamics/volatility of truly massive data sets. Beyond the limits of their scalability, conventional architectures experience constraints and failures, no matter how much raw CPU power is thrown at the problems. That implies the need for fundamentally different approaches and I rather suspect entails novel information risks and hence security/privacy controls. However, it remains to be seen what this standard will actually address in practice: this is cutting-edge stuff. I’m not sure how this standard will differ from and add value to the existing standard ISO/IEC 20547-4:2020 . The draft standard is not explicitly risk-driven: as shown above with a big data transmission control example, it simply recommends a bunch of security and privacy controls without clarifying the “key challenges and [information] risks” they are intended to mitigate - hence users of the standard may not appreciate their relative importance and relevance to the business, or to relevant compliance obligations and conformity requirements. Up Up Up This page last updated: 12 February 2026

Back Up Next ISO/IEC 27045 ISO/IEC 27045 — Information technology — Big data security and privacy — Guidelines for managing big data risks [DRAFT] Up Abstract ISO/IEC 27045 "provides guidance on how to navigate the threats that can arise during the big data life cycle from the various big data characteristics that are unique to big data: volume, velocity, variety, variability, volatility, veracity and value, including when using big data for the design and implementation of AI systems. [ISO/IEC 27045] can help organizations build or enhance their big data security and privacy capabilities, including when using big data in the development and use of AI systems.” [Source: ISO/IEC JTC 1/SC 27 Committee Doc 11 May 2025] Introduction ‘Big data’ systems present numerous information security, privacy and technological challenges due to complexity plus the sheer quantity and volatility of the data. Scope The standard is intended to help organisations build or enhance their information security and privacy capabilities relating to big data systems, perhaps as part of AI systems design and implementation. Structure Main clauses: 4: Overview - a brief summary. 5: Big data - explores the information risk and security implications of big data in addition to the 'traditional' concerns for conventional IT systems. Describes the seven v's. 6: Security and privacy threats and controls to big data - stepping through the seven 'v ' characteristics of big data (v olume, v elocity, v ariety, v ariability, v olatility, v eracity and v alue), identifying pertinent threats and controls. 7: Big data risk management process - builds on the guidance in ISO/IEC 27005 . Annex A: maps the organisational and technological controls from clause 6 against the threats relating to the seven v's. Annex B: use cases. Status This standard was initially proposed in 2017. Having run off-the-rails in 2021, the drafting project re-started in 2024. It is currently at D raft I nternational S tandard stage, with national body votes due by February 24th 2026. Publication looks likely in 2026. Commentary The definition of ‘big data’ quoted from ISO/IEC 20456:2019 does not (in my personal, rather jaundiced/cynical opinion) reflect its widespread use in the IT industry at present. “Extensive datasets primarily in the characteristics of volume, variety, velocity, and/or variability that require a scalable architecture for efficient storage, manipulation, and analysis ”. I prefer Wikipedia ’s description: “Current usage of the term big data tends to refer to the use of predictive analytics, user behavior analytics, or certain other advanced data analytics methods that extract value from data, and seldom to a particular size of data set. "There is little doubt that the quantities of data now available are indeed large, but that's not the most relevant characteristic of this new data ecosystem." Analysis of data sets can find new correlations to "spot business trends, prevent diseases, combat crime and so on." Scientists, business executives, practitioners of medicine, advertising and governments alike regularly meet difficulties with large data-sets in areas including Internet searches, fintech, urban informatics, and business informatics. Scientists encounter limitations in e-Science work, including meteorology, genomics, connectomics, complex physics simulations, biology and environmental research.” It seems to me a defining characteristic is that big data is (are!) so big that conventional database management systems are unable to cope with the complexity and dynamics/volatility, struggling to maintain integrity given so many coincident changes. Beyond the limits of their scalability, conventional architectures start to experience constraints and failures (including security control and privacy issues), no matter how much raw CPU power, network bandwidth and storage capacity is thrown at the challenge. That implies the need for fundamentally different approaches with novel information risks most likely requiring novel controls. It remains to be seen what this standard will actually recommend: this is cutting-edge stuff. Hopefully this standard will refer to others for the low-level and relatively conventional data security and privacy controls that apply to small and medium data, focusing instead on the high-level and novel aspects and processes that are unique to big data e.g. : Strategic management of big data sets, big data systems etc. , including governance arrangements to monitor and control the management and operational activities as a whole (e.g. overall programme as well as individual project management) and the business/strategy aspects and requirements (e.g. enormous financial investment in huge systems implies enormous expected returns); Architecture and design of big data systems - specifically the data security and privacy aspects including information risk assessment, compliance, ethics, data aggregation, inference, interconnectivity (both within and without the organisation), access controls, metadata management and security, resilience etc. ; Operation and use of big data systems e.g . how to classify and segregate data and functions, how to determine/define and assign access rights/permissions, what privacy and security roles and responsibilities might be appropriate; Maintenance and support of big data systems, including their security and privacy aspects; Capacity and performance management including the dynamics and challenges arising; Incident management, change management and so on (adapting conventional processes for the big data environment). Potentially, the standard could get into advanced/novel data/system security controls and privacy approaches involving artificial intelligence, instrumentation, anomaly and fraud detection, automated responses etc. ... but it looks as if the standard’s initial release will be more modest. Up Up Up This page last updated: 12 February 2026

Back Up Next ISO/IEC 27043 ISO/IEC 27043:2015 — Information technology — Security techniques — Incident investigation principles and processes (first edition) Up Abstract “ISO/IEC 27043:2015 provides guidelines based on idealized models for common incident investigation processes across various incident investigation scenarios involving digital evidence. ...” [Source: ISO/IEC 27043:2015] Introduction The fundamental purpose of the digital forensics standards ISO/IEC 27037 , ISO/IEC 27041 , ISO/IEC 27042 , ISO/IEC 27043 and ISO/IEC 27050 is to promote good practice methods and processes for forensic capture and investigation of digital evidence. While individual investigators, organisations and jurisdictions may well retain certain methods, processes and controls, it is hoped that standardisation will (eventually) lead to the adoption of similar if not identical approaches internationally, making it easier to compare, combine and contrast the results of such investigations even when performed by different people or organisations, even across multiple jurisdictions. Scope The standard concerns the principles behind, and the forensic processes involved in, investigating digital incidents. Structure Main clauses: 5: Digital investigations 6: Digital investigation processes 7: Readiness processes 8: Initialization processes 9: Acquisitive processes 10: Investigative processes 11: Concurrent processes 12: Digital investigation process model schema Annex A: Digital investigation processes: motivation for harmonization Status The current first edition was published in 2015 and confirmed unchanged in 2020. It was up for periodic review again in 2025 ... and looks likely to be confirmed as-is. Commentary I am puzzled why SC 27 publishes and maintains several distinct forensics standards covering different aspects of forensics, when they are in reality complementary parts of the same process: ISO/IEC 27037 concerns the initial capturing of digital evidence. ISO/IEC 27041 offers guidance on the assurance aspects of digital forensics e.g. ensuring that the appropriate methods and tools are used properly. ISO/IEC 27042 covers what happens after digital evidence has been collected i.e. its analysis and interpretation. This standard covers the broader incident investigation activities, within which forensics usually occur. ISO/IEC 27050 (in 4 parts) concerns electronic discovery ... which is pretty much what the other standards cover. British Standard BS 10008 “Evidential weight and legal admissibility of electronically stored information (ESI), Specification.” may also be of interest. A multi-part standard would make more sense to me, with a “part 1” overview explaining how the jigsaw pieces fit together. Up Up Up This page last updated: 12 February 2026

Back Up Next ISO/IEC 27042 ISO/IEC 27042:2015 — Information technology — Security techniques — Guidelines for the analysis and interpretation of digital evidence (first edition) Up Abstract “ISO/IEC 27042:2015 provides guidance on the analysis and interpretation of digital evidence in a manner which addresses issues of continuity, validity, reproducibility, and repeatability. ...” [Source: ISO/IEC 27042:2015] Introduction The fundamental purpose of the ISO27k digital forensics standards is to promote good practice methods and processes for forensic capture and investigation of digital evidence. While individual investigators, organisations and jurisdictions may well retain certain methods, processes and controls, it is hoped that standardisation will (eventually) lead to the adoption of similar if not identical approaches internationally, making it easier to compare, combine and contrast the results of such investigations even when performed by different people or organisations and potentially across different jurisdictions. Scope As the title suggests, this standard offers guidance on the process of analysing and interpreting digital evidence, which is of course just a part of the forensics process. It lays out a generic framework encapsulating good practices in this area. Aside from the standard evidential controls (maintaining the chain of custody, scrupulous documentation etc .), the standard emphasizes the integrity of the analytical and interpretational processes such that different investigators working on the same digital evidence ought to come up with essentially the same results - or at least any differences should be traceable to choices they made along the way. Given the volume, variety and complexity of digital evidence these days, that’s quite a challenge, hence the drive for standardization, good practices, common terminology and sound, rational approaches. The standard touches on issues such as the selection and use of forensic tools, plus proficiency and competency of the investigators. Structure Main clauses: 5: Investigation 6: Analysis 7: Analytical models 8: Interpretation 9: Reporting 10: Competence 11: Proficiency Annex A: Examples of Competence and Proficiency Specifications Status The current first edition was published in 2015 and confirmed unchanged in 2021. Commentary I am puzzled why SC 27 publishes and maintains several distinct forensics standards covering different aspects of forensics, when they are in reality complementary parts of the same process: ISO/IEC 27037 concerns the initial capturing of digital evidence. ISO/IEC 27041 offers guidance on the assurance aspects of digital forensics e.g. ensuring that the appropriate methods and tools are used properly. This standard covers what happens after digital evidence has been collected i.e. its analysis and interpretation. ISO/IEC 27043 covers the broader incident investigation activities, within which forensics usually occur. ISO/IEC 27050 (in 4 parts) concerns electronic discovery ... which is pretty much what the other standards cover. British Standard BS 10008 “Evidential weight and legal admissibility of electronically stored information (ESI), Specification.” may also be of interest. I understand the decision not to integrate this content into ISO/IEC 27037 but a multi-part standard would make more sense to me personally, with an overview part explaining how the jigsaw pieces fit together. The editors rejected such a proposal, claiming that it was considered and rejected when the forensics standards development projects were launched. So, sorry valued customers, it seems you will have to buy and correlate multiple standards to accumulate the complete forensics suite in ISO27k. Up Up Up This page last updated: 12 February 2026

Back Up Next ISO/IEC 27041 ISO/IEC 27041:2015 — Information technology — Security techniques — Guidance on assuring suitability and adequacy of incident investigative method (first edition) Up Abstract “ISO/IEC 27041:2015 provides guidance on mechanisms for ensuring that methods and processes used in the investigation of information security incidents are "fit for purpose". ...” [Source: ISO/IEC 27041:2015] Introduction The fundamental purpose of the ISO27k digital forensics standards is to promote good practice methods and processes for forensic capture and investigation of digital evidence. While individual investigators, organisations and jurisdictions may well retain certain methods, processes and controls, it is hoped that standardization will (eventually) lead to the adoption of similar if not identical approaches internationally, making it easier to compare, combine and contrast the results of such investigations even when performed by different people or organisations and potentially across different jurisdictions. Scope The primary focus of this standard is on assurance for the forensics processes and tools used in the investigation of digital evidence. Credibility, trustworthiness and integrity are fundamental requirements for all forensics methods: this standard promotes the assurance aspects of investigating digital evidence. The standard offers guidance on assuring the suitability and adequacy of the forensic methods used to investigate digital evidence, describing methods through which all stages of the investigation process can be shown to be appropriate (proper and suitable in themselves, and correctly performed). Structure Main clauses: 5: Method development and assurance 6: Assurance Models 7: Production of evidence for assurance Annex A: Examples Status The current first edition was published in 2015 and confirmed unchanged in 2021. Commentary I am puzzled why SC 27 publishes and maintains several distinct forensics standards covering different aspects of forensics, when they are in reality complementary parts of the same process. ISO/IEC 27037 concerns the initial capturing of digital evidence. This standard offers guidance on the assurance aspects of digital forensics e.g. ensuring that the appropriate methods and tools are used properly. ISO/IEC 27042 covers what happens after digital evidence has been collected i.e. its analysis and interpretation. ISO/IEC 27043 covers the broader incident investigation activities, within which forensics usually occur. ISO/IEC 27050 (in 4 parts) concerns electronic discovery ... which is pretty much what the other standards cover. British Standard BS 10008 “Evidential weight and legal admissibility of electronically stored information (ESI), Specification.” may also be of interest. A multi-part standard would make more sense to me, with an overview explaining how the jigsaw pieces fit together. Up Up Up This page last updated: 12 February 2026

Back Up Next ISO/IEC 27040 ISO/IEC 27040:2024 — Information technology — Security techniques — Storage security (second edition) Up Abstract ISO/IEC 27040:2024 "provides detailed technical requirements and guidance on how organizations can achieve an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, design, documentation, and implementation of data storage security. Storage security applies to the protection of data both while stored in information and communications technology (ICT) systems and while in transit across the communication links associated with storage. Storage security includes the security of devices and media, management activities related to the devices and media, applications and services, and controlling or monitoring user activities during the lifetime of devices and media, and after end of use or end of life. Storage security is relevant to anyone involved in owning, operating, or using data storage devices, media, and networks. This includes senior managers, acquirers of storage products and services, and other non-technical managers or users, in addition to managers and administrators who have specific responsibilities for information or storage security, storage operation, or who are responsible for an organization’s overall security programme and security policy development. It is also relevant to anyone involved in the planning, design, and implementation of the architectural aspects of storage network security. [ISO/IEC 27040:2024] provides an overview of storage security concepts and related definitions. It includes requirements and guidance on the threats, design, and control aspects associated with typical storage scenarios and storage technology areas. In addition, it provides references to other international standards and technical reports that address existing practices and techniques that can be applied to storage security.” [Source: ISO/IEC 27040:2024] Introduction Information deserves to be adequately protected while in storage, as well as when created, communicated, processed, used and disposed of. The standard guides the purchasers and users of data storage technologies to determine and treat the associated information risks. Scope The standard concerns the security of data storage devices and media, security of management activities related to the devices and media, applications/services, and end-users, in addition to security of the information being transferred across the communication links associated with storage. The standard describes information risks associated with data storage, and controls to mitigate the risks. It aims to: Draw attention to common risks associated with the confidentiality, integrity and availability of information on various data storage technologies; Encourage organisations to improve their protection of stored information using suitable information security controls; and Improve assurance, for example by facilitating reviews or audits of the information security controls protecting stored data. The information security issues associated with backup/disaster recovery locations and cloud storage are covered, as well as those associated with primary/local storage on a variety of data storage technologies, media and subsystems (e.g. DAS, SAN, NAS, CAS, FC and OSD). Media sanitisation (destruction of data stored on various computer storage media) is also covered. The standard is unusually detailed. It mentions a number of specific storage technologies which is also unusual for the ISO27k standards that are mostly generic and hence timeless. Structure Main clauses: 6: Overview and concepts 7: Organizational controls for storage 8: People controls for storage 9: Physical controls for storage 10: Technological controls for storage Annex A: Storage security controls summary Status The first edition was published in 2015 . The current second edition was published in 2024 . Commentary Resilience aspects of digital storage are covered in the standard - an important information security concept that (in my considered opinion) deserves much more emphasis throughout ISO27k . After all, information security involves protecting/ensuring the availability of important and valuable information, information technologies and information services, right? Up Up Up This page last updated: 12 February 2026