The Standards:

Introduction To ISO 27004 (ISO27004)

ISO 27004 is the official number of the emerging standard covering information security management measurement and metrics. Again, however, it is not expected to be published in the immediate term. However, its development is well underway, being at stage 3, working draft level.

It is intended to help an organization establish the effectiveness of its ISMS implementation, embracing benchmarking and performance targeting within the PDCA cycle.

ADDITIONAL INFORMATION

We will post information and updates in this section on the development of ISO 27004 as they emerge.

Buying Standards

For sources of these standards and related products, please visit our Standards Download Page

This will be updated with new sources on an ongoing basis.

About Standards

How are standards developed? Who develops them? Why have them?

Our Background Section attempts to answer these and other common questions.

Other Standards

The 27000 series has informal relationships with a number of other standards.

Our Other Standards Section identifies some of these and provides a brief definition of each.

ISO27004 and ISO 27004 Measurement and Metrics