ISO/IEC 27003

'ISO/IEC 27003' is an information security standard being currently developped by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its current title is ''Information Technology - Security techniques. Information security management system implementation guidance''.
The purpose of ISO/IEC 27003 is to provide help and guidance in implementing an ISMS (Information Security Management System). Publication is not expected until late 2008 or early 2009.

Contents

Outline of the Standard

The ISO/IEC 27000 series

External links

Outline of the Standard

The proposed standard originally contained the following sections:

★ 1. Introduction

★ 2. Scope

★ 3. Terms & Definitions

★ 4. CSFs (Critical success factors)

★ 5. Guidance on process approach

★ 6. Guidance on using PDCA

★ 7. Guidance on Plan Process

★ 8. Guidance on Do Process

★ 9. Guidance on Check Process

★ 10. Guidance on Act Process

★ 11. Inter-Organization Co-operation

The ISO/IEC 27000 series

ISO/IEC 27003 is part of a growing family of ISO/IEC ISMS standards, the 'ISO/IEC 27000 series'. The others (most of which are in preparation) include:

★ ISO/IEC 27000 - a standard vocabulary for the ISMS standards (in preparation)

★ ISO/IEC 27001 - the certification standard against which organizations' ISMS may be certified (published in 2005)

★ ISO/IEC 27002 - the code of practice for information security management

★ ISO/IEC 27004 - a standard for information security measurement and metrics (in preparation)

★ ISO/IEC 27005 - a standard for risk management, potentially related to the current British Standard BS 7799 part 3

★ ISO/IEC 27006 - a guide to the certification/registration process

★ ISO/IEC 27007 - a guideline for auditing information security management systems (in preparation)

★ ISO/IEC 27799 - guidance on implementing ISO/IEC 27002 in the healthcare industry

External links

★ ISO Website