ISO 27001 Clause 2 Normative references
Clause 2 of ISO 27001 contains a list of normative references, which are other standards or documents that are referenced within ISO 27001 and are considered necessary for its application. Normative references are those that are mandatory and must be followed to comply with the requirements of ISO 27001.
The normative references in ISO 27001 clause 2 are:
- ISO/IEC 27000: This standard provides an overview of information security management systems and includes the terminology and definitions used in ISO 27001.
- ISO/IEC 27002: This standard provides a code of practice for information security controls and covers a wide range of security controls that can be used to protect information.
- ISO/IEC 27003: This standard provides guidance on the implementation of an information security management system and covers the planning, design, and implementation of the ISMS.
- ISO/IEC 27004: This standard provides guidance on how to measure the effectiveness of an information security management system and includes guidelines for developing and using security metrics.
- ISO/IEC 27005: This standard provides guidance on information security risk management and covers the process of identifying, assessing, and treating risks to information security.
- ISO/IEC 27006: This standard provides requirements and guidance for organizations that want to certify their information security management systems to ISO 27001.
- ISO/IEC 27799: This standard provides guidelines for the implementation of information security management in healthcare organizations and is based on the requirements of ISO 27001.
- ISO/IEC 29100: This standard provides a privacy framework for protecting personal information and includes guidance on how to manage privacy risks.
By referencing these standards, ISO 27001 provides a framework for organizations to manage and protect their information assets in a systematic and effective manner. These normative references ensure that ISO 27001 aligns with other internationally recognized standards and best practices, enabling organizations to implement a comprehensive and robust information security management system.