ISO/IEC-27008 › Information technology - Security techniques - Guidelines for the assessment of information security controls
Show Complete Document History
The following bibliographic material is provided to assist you with your purchasing decision:
This document provides guidance on reviewing and assessing the implementation and operation of information security controls, including the technical assessment of information system controls, in compliance with an organization's established information security requirements including technical compliance against assessment criteria based on the information security requirements established by the organization.
This document offers guidance on how to review and assess information security controls being managed through an Information Security Management System specified by ISO/IEC 27001.
It is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations conducting information security reviews and technical compliance checks.
To find similar documents by classification:
03.100.70 (Management systems Standards included in this sub-group shall also be included in other groups and/or sub-groups according to their subject Including environmental management systems (EMS), road traffic management systems, energy management systems, health care management systems, etc.)
This document comes with our free Notification Service, good for the life of the document.
This document is available in either Paper or PDF format.
ISO/IEC TS 27008:2019
Jan. 1, 2019
ISO/IEC JTC 1/SC 27