An Introduction to ISO 27001, ISO 27002....ISO 27008

The ISO 27000 series of standards have been specifically reserved by ISO for information security matters. This of course, aligns with a number of other topics, including ISO 9000 (quality management) and ISO 14000 (environmental management).

As with the above topics, the 27000 series will be populated with a range of individual standards and documents. A number of these are already well known, and indeed, have been published. Others are scheduled for publication, with final numbering and publication details yet to be determined.

The following matrix reflects the current known position for the major operational standards in the series:

ISO 27001
This is the specification for an information security management system (an ISMS) which replaced the old BS7799-2 standard
ISO 27002
This is the 27000 series standard number of what was originally the ISO 17799 standard (which itself was formerly known as BS7799-1)..
ISO 27003
This will be the official number of a new standard intended to offer guidance for the implementation of an ISMS (IS Management System) . 
ISO 27004
This standard covers information security system management measurement and metrics, including suggested ISO27002 aligned controls..
ISO 27005
This is the methodology independent ISO standard for information security risk management..
ISO 27006
This standard provides guidelines for the accreditation of organizations offering ISMS certification.

The position of course is currently fairly fluid, but we will update this site as new information emerges. Please see our news page for the latest position.


This portal will continue to develop as the ISO 27000 series matures. We will shortly be introducing: an FAQ, a Forum and a resource directory (see 'Recent Updates' above for the latest additions).

ISO 27000 Series, Including ISO 27001