Topic-specific policies
ISO/IEC TR 27024


Search this site
 

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >

 

ISO/IEC TR 27024 — Technical report — ISO/IEC 27001 family of standards references list — Use of ISO/IEC 27001 family of standards in Governmental / Regulatory requirements [DRAFT]

 

Abstract

[TBA]
 
 

Introduction

This Technical Report intends to help organisations determine which ISO27k standards are recommended or required of them for national compliance reasons (without being construed as legal advice), and to facilitate or encourage global harmonisation of the laws, regulations etc. in the field of information security management.

 

Scope of the standard

The draft standard:

  • Identifies a number of national laws, regulations and guidelines that depend and build upon the ISO27k standards;
  • Explicitly concerns information security, privacy/data protection, and digitalization and electronic archiving;
  • Does not (explicitly) concern other areas such as governance, contracts, product quality/fitness for purpose, cryptography, digital signatures, defence, official secrets, classified information, health and safety, financial data integrity, medical records, misinformation, and more.
     

Content of the standard

The central chapter of the present draft contains just 18 clauses, each listing a selection of relevant laws and regs from a different country or region (such as the EU).

 

Status of the standard

A Technical Report has been derived from ISO/IEC Joint Technical Committee 1/Sub Committee 27’s Standing Document 7 - an internal committee reference document.

Since SD7 is a mature document, the standard is already at Draft Technical Report stage and is due to be published in Q3 2023.

 

Personal comments

Taking a wide perspective, there are loads of laws and regs that have some relevance to the confidentiality, integrity or availability of information.

This project faces a similar conundrum to ISO/IEC 27002. It would be good if the standard was truly comprehensive and could be relied upon as such, but ultimately that is infeasible. There is a risk that naive users may rely on the standard as definitive without seeking competent legal advice or researching which laws and regs are in fact applicable - hopefully not you though, having read this cautionary note!

 

< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2022 IsecT Ltd.