ISO IEC 27010-2015 PDF

Full title and description

ISO/IEC 27010:2015 — Information technology — Security techniques — Information security management for inter‑sector and inter‑organizational communications. This International Standard provides guidance, complementary to the ISO/IEC 27000 family, for implementing information security management within information‑sharing communities and for secure exchange of sensitive information across organizations and sectors.

Abstract

ISO/IEC 27010:2015 gives controls and guidance for initiating, implementing, maintaining and improving information security in inter‑organizational and inter‑sector communications. It covers governance, roles and responsibilities for originators/sources/recipients, trust and interoperability considerations, and the use of established messaging and technical methods to protect shared information. The standard is applicable to national and international exchanges, including information relating to critical infrastructure.

General information

• Status: Published (International Standard, confirmed).
• Publication date: 10 November 2015 (Edition 2, 2015‑11).
• Publisher: ISO and IEC (ISO/IEC JTC 1, SC 27 — Information security, cybersecurity and privacy protection).
• ICS / categories: 03.100.70 (Management systems); 35.030 (IT security); (often cross‑referenced with 35.040 information coding).
• Edition / version: Edition 2.0 (2015).
• Number of pages: 32 pages (standard PDF length as published).

Scope

This standard provides guidelines specifically for information security management when exchanging or sharing information between organizations and across sectors. It applies to all forms of exchange (public and private; national and international), and is particularly relevant where shared information supports the provision, maintenance or protection of critical infrastructure. The intent is to support creation of trust between participants and to enable growth of structured information‑sharing communities.

Key topics and requirements

• Governance and management for information‑sharing communities (roles, responsibilities, policies and agreements).
• Definitions and handling of roles such as originator, source and recipient; clear attribution and provenance of shared information.
• Classification, labeling and handling rules for sensitive/shared information.
• Establishment of sharing agreements, legal/regulatory compliance and privacy considerations.
• Trust, interoperability and assurance measures to enable secure cross‑organizational exchange.
• Use of messaging and technical methods (secure transport, authentication, access control) to protect information in transit and at rest.
• Requirements for initiating, maintaining and improving information‑sharing practices, including incident reporting and coordinated response mechanisms.
• Considerations specific to critical infrastructure and cross‑sector dependencies.

Typical use and users

Primary users include CSIRTs/CERTs, Information Sharing and Analysis Centers (ISACs), critical infrastructure operators (energy, transport, telecoms), financial institutions, public authorities, healthcare organizations, and vendors/operators of threat‑sharing or secure messaging platforms. Security managers and compliance teams use the standard to design or adapt information‑sharing policies, agreements and technical controls that operate across organizational boundaries.

Related standards

ISO/IEC 27010 is part of the ISO/IEC 27000 family and is intended to be used alongside core standards such as ISO/IEC 27001 (ISMS requirements), ISO/IEC 27002 (controls guidance), ISO/IEC 27005 (risk management) and other sector‑specific guidance (for example ISO/IEC 27011 for telecommunications). ISO/IEC 27010:2015 replaces the earlier ISO/IEC 27010:2012 edition.

Keywords

information sharing, inter‑sector communication, inter‑organizational communication, information security management, ISMS, trust, provenance, originator, recipient, sharing agreements, critical infrastructure, CSIRT, ISAC.

FAQ

Q: What is this standard?

A: ISO/IEC 27010:2015 is an international guideline standard that addresses information security management specifically for exchange and sharing of information between organizations and across sectors.

Q: What does it cover?

A: It covers governance and operational guidance for information‑sharing communities, roles and responsibilities (originator/source/recipient), classification and handling of shared data, sharing agreements, legal and privacy considerations, interoperability and technical methods for secure messaging and information exchange.

Q: Who typically uses it?

A: CSIRTs, ISACs, critical infrastructure operators, public sector agencies, financial and healthcare organizations, and vendors/operators of information‑sharing platforms. Security and compliance teams use it to design cross‑organizational sharing practices.

Q: Is it current or superseded?

A: The version published in November 2015 is Edition 2 and is the current published edition (it replaced the 2012 edition). The 2015 edition is recorded as an International Standard and is subject to ISO's regular review cycle. Users should check with their national standards body or ISO/IEC for any later amendments or confirmations.

Q: Is it part of a series?

A: Yes — ISO/IEC 27010 is part of the ISO/IEC 27000 family (information security management standards) and is intended to be used in conjunction with standards such as ISO/IEC 27001 and ISO/IEC 27002.

Q: What are the key keywords?

A: Information sharing, inter‑sector communications, inter‑organizational communications, information security management, trust, provenance, sharing agreements, CSIRT, ISAC.