Skip to main content

ISO 27004

Measuring ISMS Effectiveness

What is ISO 27004?

The international standard ISO/IEC 27004 is part of the ISO 27000 series of standards. In 2009 it was published by Joint Technical Committee JTC1 established by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its official title is "Information technology — Security techniques — Information security management — Measurement".

ISO 27001 requires an Information Security Management System (ISMS) and its controls to be reviewed regularly for their effectiveness so that the necessary level of security is ensured. By complying with ISO 27004 you meet these requirements: ISO 27004 helps organisations develop measurement systems to assess the effectiveness of an ISMS as well as individual controls as defined in ISO 27001. Since ISO 27004 is to be used in conjunction with ISO 27001, certification is not possible.

ISO 27004: Topics and Content

ISO 27004 covers the following topics:
  • Measurement objectives, processes, success factors, and model
  • Management responsibility
  • Measurement development
  • Measurement operation
  • Kontrollen des ISMS-Prozesses
  • Analysis and reporting
  • Measurement evaluation and improvement

ISO 27004 in Your Organisation

ISO 27004 is a guide for the regular assessment of an ISO 27001-compliant ISMS. Please refer to our overview to find out which other standards from the ISO 27000 series are relevant for you. Our project procedure describes how plan42 supports you during implementation. Do you have any further questions? Please feel free to contact us.