1. Home
  2. Moldova standards
  3. STM
  4. St ISO IEC 27011-2024

ISO IEC 27011-2024 PDF

St ISO IEC 27011-2024

Name in English:
St ISO IEC 27011-2024

Name in Russian:
Ст ISO IEC 27011-2024

Description in English:

Original standard ISO IEC 27011-2024 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO IEC 27011-2024 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso25970
Choose Document Language:
€25

Full title and description

ISO/IEC 27011:2024 — Information security, cybersecurity and privacy protection — Information security controls based on ISO/IEC 27002 for telecommunications organizations. This international standard provides guidance and recommended information security controls tailored for telecommunications service providers and related organizations to protect confidentiality, integrity and availability of information assets in telecom environments.

Abstract

This document gives guidelines to support the implementation of information security controls in telecommunications organizations. It interprets and adapts the control objectives and controls from ISO/IEC 27002 for the telecommunications sector and suggests additional controls where telecom-specific considerations apply. The adoption of this guidance helps telecom organizations meet baseline information security management requirements.

General information

  • Status: Published.
  • Publication date: March 2024 (published as ISO/IEC 27011:2024).
  • Publisher: International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC), developed under ISO/IEC JTC 1/SC 27.
  • ICS / categories: 35.030 (Information security).
  • Edition / version: 3 (third edition, 2024).
  • Number of pages: 28 (ISO published edition listing).

Key publication metadata above is taken from the ISO listing for ISO/IEC 27011:2024.

Scope

ISO/IEC 27011:2024 provides guidance on the selection and implementation of information security controls based on ISO/IEC 27002, adapted for telecommunications organizations (including network operators, service providers and other entities that operate telecom infrastructure and services). It addresses telecom-specific risks, assets (for example signaling systems, subscriber data, metadata and network management systems), and outlines how an information security management system (ISMS) can be applied in the telecom context.

Key topics and requirements

  • Alignment and interpretation of ISO/IEC 27002 controls for telecom environments, including clarifications where telecom operation changes control applicability.
  • Telecommunications-specific supplementary controls and extended control suggestions for areas such as privacy of communications, metadata protection, network management and interconnection security.
  • Guidance on establishing an ISMS in telecom organizations, risk assessment considerations specific to telecom assets and services, and recommended control selection and implementation approaches.
  • Organizational, physical, personnel and technical controls tailored to high-availability and large-scale distributed telecom infrastructures.

Typical use and users

Primary users are telecommunications operators, internet service providers, mobile network operators, managed service providers, infrastructure vendors and telecom security practitioners. It is used by information security managers, risk officers, compliance teams and architects to adapt generic ISO/IEC 27002 controls to telecom-specific operations and regulatory contexts. The standard is also referenced by auditors and consultants when assessing or designing telecom ISMS controls.

Related standards

ISO/IEC 27011 is part of the ISO/IEC 27000 family. Closely related documents include ISO/IEC 27002 (controls catalogue and guidance, updated 2022), ISO/IEC 27001 (requirements for an ISMS), and other sector- or technology-specific guidance in the 27000 series. Telecommunications organizations commonly use ISO/IEC 27011 together with ISO/IEC 27002:2022 to select and justify controls.

Keywords

telecommunications, information security, cybersecurity, privacy protection, ISO/IEC 27002, ISMS, controls, metadata protection, network security, telecom operator security

FAQ

Q: What is this standard?

A: ISO/IEC 27011:2024 is an international guidance standard that adapts ISO/IEC 27002 controls for telecommunications organizations, providing recommended security controls and sector-specific guidance.

Q: What does it cover?

A: It covers how to interpret and implement information security controls from ISO/IEC 27002 in telecom environments, addresses telecom-specific assets and risks (for example signaling, subscriber data and metadata), and suggests supplementary controls where needed.

Q: Who typically uses it?

A: Telecom operators, service providers, vendors, security managers, compliance officers, auditors and consultants use this standard to design, implement and assess information security controls in telecom settings.

Q: Is it current or superseded?

A: The 2024 edition (third edition) is the current published edition, released in March 2024; it supersedes the 2016 edition (and the 2018 corrigendum).

Q: Is it part of a series?

A: Yes — ISO/IEC 27011 is part of the ISO/IEC 27000 family of standards (information security management), intended to be used together with ISO/IEC 27001 and ISO/IEC 27002, and other 27000-series documents for sector- or technology-specific guidance.

Q: What are the key keywords?

A: Telecommunications, information security, cybersecurity, privacy protection, ISMS, controls, ISO/IEC 27002.