EN ISO/IEC 27001:2023

Information security, cybersecurity and privacy protection - Information security management systems - Requirements (ISO/IEC 27001:2022) EN ISO/IEC 27001:2023

General information

60.60 Standard published   Jul 26, 2023

CEN/CENELEC

CEN/CLC/JTC 13 Cybersecurity and Data Protection

European Norm

03.100.70   Management systems | 35.030   IT Security

Scope

This document specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. This document also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this document are generic and are intended to be applicable to all organizations, regardless of type, size or nature. Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to this document.

Life cycle

PREVIOUSLY

WITHDRAWN
EN ISO/IEC 27001:2017

NOW

PUBLISHED
EN ISO/IEC 27001:2023
60.60 Standard published
Jul 26, 2023

CORRIGENDA / AMENDMENTS

PUBLISHED
EN ISO/IEC 27001:2023/A1:2024

Relations

Adopted from ISO/IEC 27001:2022 IDENTICAL