ISO/IEC TS 27022:2021

Information technology — Guidance on information security management system processes

Publication date:   Mar 11, 2021

General information

60.60 Standard published   Mar 11, 2021


ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection

Technical Specification

35.030   IT Security | 03.100.70   Management systems



Language in which you want to receive the document.


This document defines a process reference model (PRM) for the domain of information security management, which is meeting the criteria defined in ISO/IEC 33004 for process reference models (see Annex A). It is intended to guide users of ISO/IEC 27001 to:
— incorporate the process approach as described by ISO/IEC 27000:2018, 4.3, within the ISMS;
— be aligned to all the work done within other standards of the ISO/IEC 27000 family from the perspective of the operation of ISMS processes
— support users in the operation of an ISMS ? this document is complementing the requirements-oriented perspective of ISO/IEC 27003 with an operational, process-oriented point of view.

Life cycle


ISO/IEC TS 27022:2021
60.60 Standard published
Mar 11, 2021