What is ISO 27003?
The international standard ISO/IEC 27003 is part of the ISO 27000 series of standards. It was published in 2010 by Joint Technical Committee JTC1 established by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its official title is "Information technology — Security techniques — Information security management system implementation guidance".
ISO 27003 serves to help organisations develop a plan for the introduction of an ISO 27001-compliant Information Security Management System (ISMS). This comprises preparatory work, project management as well as ISMS design recommendations. ISMS operation is not included in the scope. Since ISO 27003 is to be used in conjunction with ISO 27001, certification is not possible.
ISO 27003: Topics and Content
ISO 27003 covers the following topics:
- Management support
- Definition of the ISMS scope, boundaries, and policy
- Analysis of security requirements
- Risk assessment and treatment
- ISMS design
ISO 27003 in Your Organisation
ISO 27003 serves as a practical guide for the development of an ISO 27001-compliant ISMS. Please refer to our overview to find out which other standards from the ISO 27000 series are relevant for you. Our project procedure describes how plan42 supports you during implementation. Do you have any further questions? Please feel free to contact us.