BS ISO/IEC 27003:2017
Information technology. Security techniques. Information security management systems. Guidance
| Standard number: | BS ISO/IEC 27003:2017 |
| Pages: | 54 |
| Released: | 2017-04-21 |
| ISBN: | 978 0 580 83508 7 |
| Status: | Standard |
This is a supporting guidance document for the information security management system (ISMS) requirements standard BS EN ISO/IEC 27001.
Who is this standard for?
Anyone planning to build, operate, audit or certify an ISMS based on BS EN ISO/IEC 27001.
Why should you use this standard?
This document provides essential and comprehensive guidance on the requirements for an information security management system (ISMS) as specified in BS EN ISO/IEC 27001 and provides recommendations (‘should’), possibilities (‘can’) and permissions (‘may’) in relation to them.
It also complements the other two supporting guidance standards BS ISO/IEC 27004 (monitoring, measurement, analysis and evaluation) and BS ISO/IEC 27005 (information security risk management).
What’s changed since the last update?
- The standard has been fully revised to align with the latest edition of BS EN ISO/ IEC 27001 . It adopts ISO’s new high level structure and common core management system terms and definitions.
- The previous edition had a project approach with a sequence of activities. This edition instead provides guidance on the requirements, regardless of the order in which they are implemented.
This standard BS ISO/IEC 27003:2017 Information technology. Security techniques. Information security management systems. Guidance is classified in these ICS categories:
- 03.100.70 Management systems
- 35.030 IT Security
Information security, cybersecurity and privacy protection - Information security management systems - Requirements (ISO/IEC 27001:2022)
Information security, cybersecurity and privacy protection - Information security controls (ISO/IEC 27002:2022)