ISO/IEC 27009, just updated, will enable businesses and organizations from all sectors to coherently address information security, cybersecurity and privacy protection.
The ISO/IEC standard explains how to:
- Include requirements in addition to those in ISO/IEC 27001
- Refine or interpret any of the ISO/IEC 27001 requirements
- Include controls in addition to those of ISO/IEC 27001:2013, Annex A, and ISO/IEC 27002
- Modify any of the controls of ISO/IEC 27001:2013, Annex A, and ISO/IEC 27002
- Add guidance to, or modify the guidance of, ISO/IEC 27002
ISO/IEC 27009 can be purchased from the ISO Store.