Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
278 views3 pages

Iso Iec TS 27022-2021

ISO/IEC TS 27022:2021 provides guidance on information security management system processes. It outlines the structure, core, and support processes essential for effective information security governance and management. The document includes normative references, terms and definitions, and an overview of management processes.

Uploaded by

Alan Nelson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
278 views3 pages

Iso Iec TS 27022-2021

ISO/IEC TS 27022:2021 provides guidance on information security management system processes. It outlines the structure, core, and support processes essential for effective information security governance and management. The document includes normative references, terms and definitions, and an overview of management processes.

Uploaded by

Alan Nelson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

TECHNICAL ISO/IEC TS

SPECIFICATION 27022

First edition
2021-03

Information technology — Guidance


on information security management
system processes

Reference number
ISO/IEC TS 27022:2021(E)

© ISO/IEC 2021
ISO/IEC TS 27022:2021(E)


COPYRIGHT PROTECTED DOCUMENT


© ISO/IEC 2021
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: [email protected]
Website: www.iso.org
Published in Switzerland

ii  © ISO/IEC 2021 – All rights reserved


ISO/IEC TS 27022:2021(E)


Contents Page

Foreword......................................................................................................................................................................................................................................... iv
Introduction...................................................................................................................................................................................................................................v
1 Scope.................................................................................................................................................................................................................................. 1
2 Normative references....................................................................................................................................................................................... 1
3 Terms and definitions...................................................................................................................................................................................... 1
4 Structure and usage of this document............................................................................................................................................ 2
5 Overview........................................................................................................................................................................................................................ 3
6 Management processes.................................................................................................................................................................................. 6
6.1 General............................................................................................................................................................................................................ 6
6.2 Information security governance/management interface process............................................................ 7
7 Core processes......................................................................................................................................................................................................... 9
7.1 General............................................................................................................................................................................................................ 9
7.2 Security policy management process................................................................................................................................... 9
7.3 Requirements management process.................................................................................................................................. 10
7.4 Information security risk assessment process.......................................................................................................... 13
7.5 Information security risk treatment process............................................................................................................. 14
7.6 Security implementation management process...................................................................................................... 17
7.7 Process to control outsourced services........................................................................................................................... 19
7.8 Process to assure necessary awareness and competence............................................................................... 21
7.9 Information security incident management process........................................................................................... 22
7.10 Information security change management process.............................................................................................. 25
7.11 Internal audit process..................................................................................................................................................................... 27
7.12 Performance evaluation process........................................................................................................................................... 29
7.13 Information security improvement process................................................................................................................ 31
8 Support processes.............................................................................................................................................................................................33
8.1 General......................................................................................................................................................................................................... 33
8.2 Records control process................................................................................................................................................................ 33
8.3 Resource management process.............................................................................................................................................. 35
8.4 Communication process............................................................................................................................................................... 37
8.5 Information security customer relationship management process....................................................... 39
Annex A (informative) Statement of conformity to ISO/IEC 33004....................................................................................41
Bibliography.............................................................................................................................................................................................................................. 43

© ISO/IEC 2021 – All rights reserved  iii

You might also like