Topic-specific policies
ISO/IEC 27011

Search this site

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >


ISO/IEC 27011:2016 / ITU-T X.1051 < Click to purchase via Amazon — Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for telecommunications organisations



“The scope of this Recommendation | ISO/IEC 27011:2016 is to define  guidelines supporting the implementation of information security  controls in telecommunications organisations. The adoption of this Recommendation | ISO/IEC 27011:2016 will allow  telecommunications organisations to meet baseline information security  management requirements of confidentiality, integrity, availability and  any other relevant security property.”
[Source: ISO/IEC 27011:2016/ITU-T X.1051]


This ISMS implementation guide for the telecomms industry was developed jointly by ITU-T and ISO/IEC JTC 1/SC 27, with the identical text being published as both ITU-T X.1051 and ISO/IEC 27011.


Scope and purpose

This standard:

    “Establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security controls in telecommunications organisations based on ISO/IEC 27002; [and]

    Provides an implementation baseline of information security controls within telecommunications organisations to ensure the confidentiality, integrity and availability of telecommunications facilities, services and information handled, processed or stored by the facilities and services.”


Content of the standard

In addition to minor variations/explanations of the core content of ISO/IEC 27002:2013, there is an ‘extended control set’ with additional advice for telecoms organisations on access controls, physical and environmental security, communications security and compliance. It includes further guidance on network security, covering “cyber attacks” and network congestion.


Status of the standard

The standard was first published in 2008.

It was revised to reflect the 2013 versions of ISO/IEC 27001 and 27002.  The second edition was published in 2016.

A corrigendum was published in 2018, correcting the title of clause 8.2.1.

The standard is now being revised and restructured to align with the new third edition of ISO/IEC 27002.  The revision project is already at Committee Draft stage with a new title “Information security, cybersecurity and privacy protection - Information security controls based on ISO/IEC 27002 for telecommunications organisations”.  SC 27 and ITU-T are of course collaborating on this.

The third edition is due to be published in March 2023.


Personal comments

Good to see productive collaboration between standards committees.


< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2022 IsecT Ltd.