What is the ISO series of standards?
All ISO standards consist of a series of standards that apply to a specific management system category. The ISO 27000 series of standards specifically address information security management systems (ISMS).
It is typically the first standard in each ISO series that contain the management system requirements. Thus, it is typically only the 1st standard in each series that is “certifiable” such as;
- ISO 27001 = Information Security Management Systems (ISMS)
- ISO 9001 = Quality Management Systems (QMS)
- ISO 22301 = Business Continuity Management Systems (BCMS)
*All of the other standards in each ISO series are typically reference / guidance to support one or more of the management system requirements. Some commonly used ISO 27000 reference standards include:
- ISO 27002 = reference / guidance for information security controls (code of practice)
- ISO 27004 = reference / guidance for information security measurement
- ISO 27005 = reference / guidance for risk assessment
*there are many more reference / guidance standards available in the 27000 series