1. Home
  2. Moldova standards
  3. STM
  4. St ISO IEC 27009-2020

ISO IEC 27009-2020 PDF

St ISO IEC 27009-2020

Name in English:
St ISO IEC 27009-2020

Name in Russian:
Ст ISO IEC 27009-2020

Description in English:

Original standard ISO IEC 27009-2020 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO IEC 27009-2020 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso25968
Choose Document Language:
€25

Full title and description

ISO/IEC 27009:2020 — Information security, cybersecurity and privacy protection — Sector-specific application of ISO/IEC 27001 — Requirements. This standard specifies requirements and conventions for developing sector- or domain‑specific extensions, refinements or interpretations of ISO/IEC 27001 and for adding or modifying controls and guidance derived from ISO/IEC 27002 so that such sector standards remain consistent with ISO/IEC 27001.

Abstract

ISO/IEC 27009:2020 provides requirements for creating sector‑specific standards that extend ISO/IEC 27001 and complement or amend ISO/IEC 27002. It explains how to add requirements, refine or interpret ISO/IEC 27001 clauses, include or modify controls beyond Annex A of ISO/IEC 27001:2013 and adapt guidance from ISO/IEC 27002, while ensuring additional or refined requirements do not conflict with ISO/IEC 27001.

General information

  • Status: Withdrawn (per ISO lifecycle record).
  • Publication date: April 2020 (Edition 2).
  • Publisher: ISO/IEC (International Organization for Standardization and International Electrotechnical Commission), technical committee ISO/IEC JTC 1/SC 27.
  • ICS / categories: 35.030 (Information security, cybersecurity and privacy protection).
  • Edition / version: Edition 2 (2020).
  • Number of pages: 18 pages (Edition 2020).

Scope

The standard is intended for authors and technical bodies that develop sector‑specific standards related to ISO/IEC 27001. It defines how to specify requirements that extend or refine ISO/IEC 27001, how to include controls beyond those in ISO/IEC 27001:2013 Annex A and ISO/IEC 27002, and how to modify or add guidance to ISO/IEC 27002 for a particular sector or application area without contradicting ISO/IEC 27001.

Key topics and requirements

  • Rules and conventions for developing sector‑specific extensions to ISO/IEC 27001.
  • How to include additional requirements and how to refine or interpret ISO/IEC 27001 clauses.
  • Guidance on adding, modifying or specifying controls in addition to ISO/IEC 27001:2013 Annex A and ISO/IEC 27002.
  • Requirements that ensure sector‑specific additions do not invalidate or conflict with ISO/IEC 27001.
  • Alignment mechanisms to preserve consistency across the ISO/IEC 27000 family when creating domain standards.

Typical use and users

Primary users are national and international standards developers, technical committees and working groups producing sector‑specific information security and privacy standards. Secondary users include conformity assessment bodies, auditors, large organizations and industry consortia that reference sector variants of ISO/IEC 27001 when tailoring their information security management system (ISMS) requirements. The standard is also used by implementers who need clarity on how sector requirements should be framed so they remain compatible with ISO/IEC 27001.

Related standards

Part of the ISO/IEC 27000 family. Closely related documents include ISO/IEC 27001 (requirements for an ISMS) and ISO/IEC 27002 (security controls code of practice). Examples of sector‑specific standards developed within the family (and referenced as precedents) include ISO/IEC 27011 (telecommunications), ISO/IEC 27017 (cloud services) and ISO/IEC 27019 (energy sector). ISO/IEC 27009 provides the conventions used when producing such sector variants.

Keywords

information security; cybersecurity; privacy protection; ISMS; ISO/IEC 27001; sector‑specific standards; controls; ISO/IEC 27002; standardization; SC 27.

FAQ

Q: What is this standard?

A: ISO/IEC 27009:2020 is a conventions-and‑requirements standard for creating sector‑specific versions or extensions of ISO/IEC 27001 so that domain standards remain consistent with the core ISMS requirements.

Q: What does it cover?

A: It covers how to add requirements, refine or interpret ISO/IEC 27001 clauses, include or modify controls beyond Annex A and adapt guidance from ISO/IEC 27002 for particular sectors, while ensuring compatibility with ISO/IEC 27001.

Q: Who typically uses it?

A: Standards developers, technical committees and working groups creating sector‑specific information security standards; conformity assessment bodies; auditors; and organizations or industry consortia that adopt sector variants of ISO/IEC 27001.

Q: Is it current or superseded?

A: The 2020 edition (Edition 2) superseded the 2016 edition; ISO records show the 2020 edition as published in April 2020. ISO lifecycle data currently lists the document as withdrawn. For historical context, ISO/IEC 27009:2016 (Edition 1) was the original edition and was later revised by the 2020 edition.

Q: Is it part of a series?

A: Yes — it is part of the ISO/IEC 27000 family of information security and privacy protection standards and was developed under ISO/IEC JTC 1/SC 27. It provides the conventions used when producing sector‑specific standards such as ISO/IEC 27011, ISO/IEC 27017 and ISO/IEC 27019.

Q: What are the key keywords?

A: Information security, cybersecurity, privacy protection, ISMS, sector‑specific standards, controls, ISO/IEC 27001, ISO/IEC 27002, standardization, SC 27.