Topic-specific policies
ISO/IEC 27011

Search this site

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >


ISO/IEC 27011:2016 / ITU-T X.1051 < Click to purchase via Amazon — Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for telecommunications organisations (second edition)



“The scope of this Recommendation | ISO/IEC 27011:2016 is to define  guidelines supporting the implementation of information security  controls in telecommunications organisations. The adoption of this Recommendation | ISO/IEC 27011:2016 will allow  telecommunications organisations to meet baseline information security  management requirements of confidentiality, integrity, availability and  any other relevant security property.”
[Source: ISO/IEC 27011:2016/ITU-T X.1051]


This ISMS implementation guide for the telecomms industry was developed jointly by ITU-T and ISO/IEC JTC 1/SC 27, with the identical text being published as both ITU-T X.1051 and ISO/IEC 27011.


Scope and purpose

This standard:

    “Establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security controls in telecommunications organisations based on ISO/IEC 27002; [and]

    Provides an implementation baseline of information security controls within telecommunications organisations to ensure the confidentiality, integrity and availability of telecommunications facilities, services and information handled, processed or stored by the facilities and services.”


Content of the standard

In addition to minor variations or explanations of the core content of ISO/IEC 27002:2013, there is an ‘extended control set’ with additional advice for telecoms organisations on access controls, physical and environmental security, communications security and compliance. It includes further guidance on network security, covering ‘cyber attacks’ and network congestion.


Status of the standard

The first edition was published in 2008.

It was revised to reflect the 2013 versions of ISO/IEC 27001 and 27002. The second edition was published in 2016.

A corrigendum to the second edition was published in 2018, correcting the title of clause 8.2.1.

The standard is now being revised and restructured to align with the 2022 version of ISO/IEC 27002.  The title will become “Information security, cybersecurity and privacy protection - Information security controls based on ISO/IEC 27002 for telecommunications organisations”. SC 27 and ITU-T are of course collaborating on this.

October update Having been completed and approved by SC 27 in March 2024, the third edition’s Final Draft International Standard is now undergoing ITU-T’s lengthy formal review and approval processes. It looks unlikely to surface before middle of 2024 (!).


Personal comments

It is good to see productive collaboration between the standards bodies, despite the challenge of batting the standard back and forth between their formal processes like a tennis ball.


< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2023 IsecT LtdContact us re Intellectual Property Rights