1. Home
  2. Moldova standards
  3. STM
  4. St ISO IEC TS 27022-2021

ISO IEC TS 27022-2021 PDF

St ISO IEC TS 27022-2021

Name in English:
St ISO IEC TS 27022-2021

Name in Russian:
Ст ISO IEC TS 27022-2021

Description in English:

Original standard ISO IEC TS 27022-2021 in PDF full version. Additional info + preview on request

Description in Russian:
Оригинальный стандарт ISO IEC TS 27022-2021 в PDF полная версия. Дополнительная инфо + превью по запросу
Document status:
Active
Format:
Electronic (PDF)
Delivery time (for English version):
1 business day
Delivery time (for Russian version):
365 business days
SKU:
stiso27778
Choose Document Language:
€25

Full title and description

ISO/IEC TS 27022:2021 — Information technology — Guidance on information security management system processes. A technical specification providing a process reference model (PRM) and operational guidance to support the implementation and operation of an ISO/IEC 27001-based Information Security Management System (ISMS).

Abstract

This technical specification defines a process reference model (PRM) for the domain of information security management that meets the criteria of ISO/IEC 33004. It is intended to help organizations incorporate the process approach described in ISO/IEC 27000:2018, align ISMS process operation with other ISO/IEC 27000-family work, and complement the requirements perspective in ISO/IEC 27003 with an operational, process-oriented viewpoint.

General information

  • Status: Published.
  • Publication date: March 2021 (publication recorded 11 March 2021).
  • Publisher: ISO/IEC (prepared by ISO/IEC JTC 1/SC 27 — Information security, cybersecurity and privacy protection).
  • ICS / categories: 35.030 (IT security); 03.100.70 (Management systems).
  • Edition / version: Edition 1.0, 2021 (Technical Specification).
  • Number of pages: 43 pages (official ISO edition: 43 pages).

Scope

The document defines a process reference model for information security management processes and is intended to guide users of ISO/IEC 27001 in: incorporating the process approach from ISO/IEC 27000:2018 (clause 4.3) into an ISMS; aligning operational ISMS processes with other standards in the ISO/IEC 27000 family; and complementing ISO/IEC 27003 by providing operational, process-oriented guidance for the operation of ISMS processes. Annex A maps the PRM to the criteria of ISO/IEC 33004.

Key topics and requirements

  • Definition and structure of a process reference model (PRM) for information security management.
  • Guidance for applying the process approach within an ISMS (linking to ISO/IEC 27000:2018 clause 4.3).
  • Alignment of operational ISMS processes with other ISO/IEC 27000-family standards and with ISO/IEC 33004 criteria.
  • Process descriptions, inputs/outputs, roles and responsibilities for typical ISMS processes (planning, operation, monitoring, improvement).
  • Recommendations to support operation and continual improvement of ISMS processes; relationship to requirement-oriented guidance (ISO/IEC 27003).

Typical use and users

Intended users are organizations implementing or operating an ISMS based on ISO/IEC 27001, ISMS process owners, security managers, auditors, consultants, and standards developers who need an operational process-oriented model to run and assess ISMS activities. It is used both for designing process architectures and for improving day-to-day ISMS operations.

Related standards

Closely related to and intended to be used with ISO/IEC 27001 (requirements for ISMS), ISO/IEC 27000 (vocabulary and fundamentals), ISO/IEC 27003 (implementation guidance), and ISO/IEC 33004 (requirements for process reference models). It also complements other ISO/IEC 27000-family standards such as ISO/IEC 27002 and ISO/IEC 27005 when mapping processes to controls and risk management activities.

Keywords

information security management, ISMS, process reference model, PRM, ISO/IEC 27000 family, ISMS processes, process approach, ISO/IEC 33004, guidance, cybersecurity.

FAQ

Q: What is this standard?

A: ISO/IEC TS 27022:2021 is a Technical Specification that provides a process reference model and operational guidance for information security management system processes to support ISO/IEC 27001 implementations.

Q: What does it cover?

A: It covers a PRM for ISMS processes, including process descriptions, inputs/outputs, roles, and how to apply the process approach within an ISMS; it aligns process operation with other ISO/IEC 27000-family standards and with ISO/IEC 33004 criteria.

Q: Who typically uses it?

A: Organizations operating or implementing an ISMS, security/process owners, consultants, implementers, and auditors who need operational process-level guidance beyond the requirements in ISO/IEC 27001.

Q: Is it current or superseded?

A: It was published in March 2021 (recorded 11 March 2021) as Edition 1.0 and is published and in force. ISO standards and technical specifications are generally reviewed every five years; users should check national or ISO catalogues for any later revisions or withdrawals.

Q: Is it part of a series?

A: Yes — it is part of the ISO/IEC 27000 family of information security management standards and is intended to be used alongside ISO/IEC 27001, ISO/IEC 27000 and ISO/IEC 27003; it also references ISO/IEC 33004 for PRM criteria.

Q: What are the key keywords?

A: ISMS, process reference model, information security management, PRM, process approach, ISO/IEC 27001, ISO/IEC 27000 family.