ISO/IEC 27009:2020
Information security, cybersecurity and privacy protection — Sector-specific application of ISO/IEC 27001 — Requirements
This document specifies the requirements for creating sector-specific standards that extend ISO/IEC 27001, and complement or amend ISO/IEC 27002 to support a specific sector (domain, application area or market).
This document explains how to:
— include requirements in addition to those in ISO/IEC 27001,
— refine or interpret any of the ISO/IEC 27001 requirements,
— include controls in addition to those of ISO/IEC 27001:2013, Annex A and ISO/IEC 27002,
— modify any of the controls of ISO/IEC 27001:2013, Annex A and ISO/IEC 27002,
— add guidance to or modify the guidance of ISO/IEC 27002.
This document specifies that additional or refined requirements do not invalidate the requirements in ISO/IEC 27001.
This document is applicable to those involved in producing sector-specific standards.
| Get this standard | Prices exclude GST | |
|---|---|---|
| PDF ( Single user document) |
$118.26 NZD
|
|
| HardCopy |
$152.17 NZD
|
|
| Networkable PDF |
Price varies
|
Foreword
1 Scope
2 Normative references
3 Terms and definitions
4 Overview of this document
4.1 General
4.2 Structure of this document
4.3 Expanding ISO/IEC 27001 requirements or ISO/IEC 27002 controls
5 Addition to, refinement or interpretation of ISO/IEC 27001 requirements
5.1 General
5.2 Addition of requirements to ISO/IEC 27001
5.3 Refinement of requirements in ISO/IEC 27001
5.4 Interpretation of requirements in ISO/IEC 27001
6 Additional or modified ISO/IEC 27002 guidance
6.1 General
6.2 Additional guidance
6.3 Modified guidance
Annex A (normative) Template for developing sector-specific standards related to ISO/IEC 27001 and optionally ISO/IEC 27002
Annex B (normative) Template for developing sector-specific standards related to ISO/IEC 27002
Annex C (informative) Explanation of the advantages and disadvantages of numbering approaches used within Annex B
Bibliography
Previous versions
Keep me up-to-date
Register to receive notifications when updates are made to this standard.
Related Information
Similar Standards
-
AS/NZS ISO/IEC 27001:2023
Information security, cybersecurity and privacy protection – Information security management systems – Requirements
-
AS/NZS ISO/IEC 27002:2022
Information security, cybersecurity and privacy protection — Information security controls
-
AS/NZS ISO/IEC 27551:2024
Information security, cybersecurity and privacy protection – Requirements for attribute-based unlinkable entity authentication
-
BS 10754-1:2018
Information technology. Systems trustworthiness, Governance and management specification
Foreword
1 Scope
2 Normative references
3 Terms and definitions
4 Overview of this document
4.1 General
4.2 Structure of this document
4.3 Expanding ISO/IEC 27001 requirements or ISO/IEC 27002 controls
5 Addition to, refinement or interpretation of ISO/IEC 27001 requirements
5.1 General
5.2 Addition of requirements to ISO/IEC 27001
5.3 Refinement of requirements in ISO/IEC 27001
5.4 Interpretation of requirements in ISO/IEC 27001
6 Additional or modified ISO/IEC 27002 guidance
6.1 General
6.2 Additional guidance
6.3 Modified guidance
Annex A (normative) Template for developing sector-specific standards related to ISO/IEC 27001 and optionally ISO/IEC 27002
Annex B (normative) Template for developing sector-specific standards related to ISO/IEC 27002
Annex C (informative) Explanation of the advantages and disadvantages of numbering approaches used within Annex B
Bibliography