Skip to main content

ISO 27011

The Standard for Telecommunications Organisations

What is ISO 27011?

The international standard ISO/IEC 27011 is part of the ISO 27000 series of standards. In 2008 it was published by Joint Technical Committee JTC1 established by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its official title is "Information technology — Security techniques — Information security management guidelines for telecommunications organizations based on ISO/IEC 27002".
ISO 27011 is to be regarded as an industry-specify ISO 27001 supplement, covering specific security requirements for telecommunications providers. Accordingly, organisations can only be certified against ISO 27001. The implementation guide for both standards is ISO 27002. With ISO 27011, providers have gained the opportunity to establish a required minimum of information security in order to ensure the confidentiality, availability, and integrity of the data processed.

Telecommunication-Specific Threats and Vulnerabilities

Every day, telecommunication companies process large amounts of data from a variety of users. This includes highly sensitive information such as authentication or business data requiring high levels of security.

Another aspect to consider is the high risk this industry is exposed to: the likelihood of security incidents such as hacker attacks is significantly larger than in other sectors, and often consequences are more serious: the strong interconnection of systems often causes incidents to affect large parts of the network. Resulting downtimes do not only involve financial losses, but may also damage a provider's reputation.

ISO 27011: Topics and Content

Taking these telecommunication-specific threats and vulnerabilities into account, ISO 27011 covers the following topics:
  • General guidelines on information security
  • Organisational structures
  • Responsibility for and classification of information assets
  • Human resources security
  • Physical and environmental security
  • Network and operational security
  • Access control
  • System development and maintenance
  • Security incidents handling
  • Business continuity
  • Compliance with internal and legal requirements

ISO 27011 in Your Organisation

Are you interested in implementing ISO 27011 in your organisation? Please refer to our overview to find out which other standards from the ISO 27000 series are relevant for you. Our project procedure describes how plan42 supports you during implementation. Do you have any further questions? Please feel free to contact us.