Topic-specific policies
ISO/IEC TR 27029

Search this site

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >


ISO/IEC TR 27029 — Information security, cybersecurity and privacy protection — ISO/IEC 27002 relationship with ISO and IEC standards [DRAFT]





Numerous ISO and IEC standards reference and draw upon the information security controls catalogued in ISO/IEC 27002 (directly or via ISO/IEC 27001 Annex A), hence whenever ‘27002 is updated, those other standards need to be checked and if necessary updated.


Scope of the standard

The primary purpose of this standard is to identify which other standards are linked to ISO/IEC 27002, and hence where changes are likely to be needed whenever ‘27002 is updated.


Content of the standard

The main clause “ISO projects referencing ISO/IEC 27002” may have 3 subclauses:

  • ISO/IEC JTC 1/SC 27 projects referencing ‘27002.
  • Other ISO/IEC JTC 1 projects referencing ‘27002.
  • Other ISO projects referencing ‘27002.

Each subclause may have a table with columns for:

  • The number of a current standard that references ‘27002 e.g. ISO/IEC 27033-4:2014;
  • The title of the current standard e.g. Information technology - Security techniques - Network security - Part 4: Securing communications between networks using security gateways;
  • Which SC 27 Working Group is responsible for the standard e.g. WG4;
  • Whether the reference to ‘27002 is normative (Y) or not (N);
  • Comment - normally stating which version of ‘27002 is cited (e.g. 2005).


Status of the standard

The standard is to become a Technical Report, and is due to be published by the middle of 2024.

February update A Draft Technical Report is already available to SC 27.

Personal comments

I gather the original intention was to develop “a kind of roadmap for ISO/IEC 27002 and dependent standards.” ISO/IEC JTC 1/SC 27/WG 4’s informal version has apparently been very popular (within SC 27 I presume), but frankly I doubt the effort and costs required to formalise and publish this guidance as a Technical Report, rather than as an internal Standing  Document for SC 27 and other committees, or possibly an annex to ISO/IEC 27000, will prove worthwhile. I can barely justify maintaining this webpage!


< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2023 IsecT Ltd.