ISO/IEC 27003, part of a growing family of ISO/IEC ISMS standards, the 'ISO/IEC 27000 series', is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its title is Information Technology - Security techniques - Information security management system implementation guidance.
The purpose of ISO/IEC 27003 is to provide help and guidance in implementing an ISMS (Information Security Management System).
Outline of the Standard
The standard contains the following sections:
- 1. Introduction
- 2. Scope
- 3. Terms & Definitions
- 4. Structure of this Standard
- 5. Obtaining Management Approval for Initiating the Project to Implement an ISMS
- 6. Defining ISMS Scope and ISMS Policy
- 7. Conducting Organization Analysis
- 8. Conducting Risk Assessment and Risk Treatment Planning
- 9. Designing the ISMS
The standard was published in January 2010.