1. Home
  2. Moldova standards
  3. STM
  4. St ISO IEC 27040-2024

ISO IEC 27040-2024 PDF

St ISO IEC 27040-2024

Name in English:
St ISO IEC 27040-2024

Name in Russian:
Ст ISO IEC 27040-2024

Description in English:

Original standard ISO IEC 27040-2024 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO IEC 27040-2024 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso26007
Choose Document Language:
€25

Full title and description

Information technology — Security techniques — Storage security (ISO/IEC 27040:2024). This International Standard gives guidance and technical requirements for planning, design, documentation and implementation of data storage security across devices, media, storage networks and associated management activities.

Abstract

ISO/IEC 27040:2024 provides detailed technical requirements and practical guidance to help organisations achieve an appropriate level of risk mitigation for stored data and for data in transit across storage-related links. The standard covers protection of devices and media, lifecycle management (from acquisition through end-of-life and sanitization), storage network and service security, access control, monitoring, and references to related practices and standards that can be applied to storage security implementations. It is intended for owners, operators, acquirers and users of storage systems as well as managers and administrators responsible for information or storage security.

General information

  • Status: Published
  • Publication date: 26 January 2024 (ISO edition published January 2024)
  • Publisher: ISO/IEC (developed under ISO/IEC JTC 1/SC 27)
  • ICS / categories: 35.030 (IT security)
  • Edition / version: Edition 2 (2024)
  • Number of pages: 85

Scope

The standard applies to the security of information where it is stored (data at rest) and to the protection of information when transferred across communication links associated with storage. It addresses security of storage devices and media, administrative and operational management activities, storage applications and services, control and monitoring of user activities over the lifetime of storage assets and after disposal. ISO/IEC 27040:2024 also provides an overview of storage security concepts and references other international standards and technical reports relevant to storage security practice.

Key topics and requirements

  • Storage security concepts and terminology, including threats and risk considerations for storage environments.
  • Design and architecture guidance for secure storage deployments (on‑premises and cloud-based storage scenarios).
  • Requirements and controls for data confidentiality, integrity and availability — including encryption for data at rest and in transit.
  • Access control, authentication, authorization and separation of duties for storage management and use.
  • Device and media management: labeling, handling, inventory, transport and secure disposal/sanitization.
  • Operational controls: monitoring, logging, incident response and auditing of storage systems.
  • Supply chain and acquisition considerations for storage products and services.
  • Guidance on secure configuration, backups, redundancy, and recovery for storage systems.

Typical use and users

Organisations use ISO/IEC 27040:2024 to inform policies, design decisions and operational controls for storage security. Typical users include information security managers, storage architects, system and network administrators, procurement/acquisition staff evaluating storage products or services, auditors, and senior managers responsible for an organisation’s security programme.

Related standards

ISO/IEC 27040 sits within the ISO/IEC 27000 family of information security standards and is commonly used alongside ISO/IEC 27001 (information security management requirements), ISO/IEC 27002 (security controls guidance), and other sector- and technology-specific guidance such as ISO/IEC 27017 and ISO/IEC 27018 for cloud-related controls and data protection. The 2024 edition replaces the 2015 edition of ISO/IEC 27040.

Keywords

storage security, data at rest, data in transit, encryption, media sanitization, access control, storage lifecycle, storage networks, cloud storage security, backup and recovery, logging and monitoring

FAQ

Q: What is this standard?

A: ISO/IEC 27040:2024 is an international standard providing technical requirements and guidance for securing data storage systems, devices, media and related management activities.

Q: What does it cover?

A: It covers storage security concepts, threats, design and control measures for storage scenarios (on‑premises and cloud), including device/media handling, encryption, access control, monitoring, sanitization and procurement considerations.

Q: Who typically uses it?

A: Information security professionals, storage architects and administrators, procurement teams, compliance officers and senior managers who need to plan, acquire or operate secure storage solutions.

Q: Is it current or superseded?

A: ISO/IEC 27040:2024 is the current edition published in January 2024 and supersedes ISO/IEC 27040:2015.

Q: Is it part of a series?

A: Yes — it is part of the ISO/IEC 27000 series (information security management and controls) and is intended to be used alongside related family members such as ISO/IEC 27001 and ISO/IEC 27002.

Q: What are the key keywords?

A: Storage security, data at rest, data in transit, encryption, sanitization, access control, lifecycle management, storage networks, cloud storage.