ISO 27000 or ISO27000

The ISO27000 Standards


ISO 27000 is the generic name assigned for standards related to information security issues and topics. Over time it is proposed that a range of standards will be published to cover subjects in this genre.

The first of these was ISO 27001, which is the specification for an ISMS. In the first half of 2007, ISO 27002 was published. This was not a replacement for ISO 17799:2005, but simply a rename. Also in the first half of 2007, ISO 27006 was published. This stated the 'Requirements for Bodies Providing Audit and Certification of an Information Security Management System'

However, others are expected to follow over the next few years.

The current expectations for other 27k standards are as follows:
ISO 27003 will offer ISMS implementation guidelines
ISO 27004 will cover information security metrics and measurements
ISO 27005 is expected to cover ISMS risk management

The timescales for these developments are very much fluid, but certainly, work is well underway on a number of them.

WHY ISO27000?

Why the ISO 27000 series? We have absolutely no idea, with our reseach drawing a blank. If you can answer this question, please let us know!


There will indeed be a standard named ISO 27000. As is usual when ISO release a series of standards, the first defines terminology and vocabulary for that series.



W3J.Com is a specialist portal and archive for business and technical journals, documents, standards, templates and other information. It is one of the oldest still existing technical portals on the internet, and continues to evolve.

ISO27000 Papers?
Have you written any interesting articles or papers on the ISO 27000 series of standards? If so, why not submit them for consideration? We will shortly be introducing a new section for such publications and are now seeking submissions.