ISO/IEC JTC 1/SC 27 "Information security, cybersecurity and privacy protection"

Scope & Structure

Scope of SC 27

The scope of SC 27 comprises the development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as:

  • Security requirements capture methodology;
  • Management of information and ICT security; in particular information security management systems (ISMS), security processes, security controls and services;
  • Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information;
  • Security management support documentation including terminology, guidelines as well as procedures for the registration of security components;
  • Security aspects of identity management, biometrics and privacy;
  • Conformance assessment, accreditation and auditing requirements in the area of information security;
  • Security evaluation criteria and methodology.

SC 27 engages in active liaison and collaboration with appropriate bodies to ensure the proper development and application of SC 27 standards and technical reports in relevant areas.

Information on Membership, Liaisons and Meetings can be found here.

Structure of SC 27

Working Groups under SC 27:

  • WG 1 “Information security management systems”
  • WG 2 “Cryptography and security mechanisms”
  • WG 3 “Security evaluation, testing and specification”
  • WG 4 “Security controls and services”
  • WG 5 “Identity management and privacy technologies”

Advisory Groups under SC 27:

  • AG 1 “Management Advisory Group”
  • AG 2 “Trustworthiness”
  • AG 3 “Concepts and Terminology”
  • AG 4 “Data security”
  • AG 5 “Strategy”
  • AG 6 “Operations”
  • AG 7 “Communication and Outreach (AG-CO)”

Joint Working Groups under the responsibility of another Committee:

  • ISO/TC 307/JWG 4 “Joint ISO/TC 307 - ISO/IEC JTC 1/SC 27 WG: Blockchain and distributed ledger technologies and IT Security techniques”