ISO/IEC INTERNATIONAL STANDARD 27009 Second edition 2020-04 Information security, cybersecurity and privacy protection Sector- specific application of IS0/IEC 27001 - Requirements Sécurite de I'information, cybersécurite et protection des données personnelles -Application de I'IS0/IEC 27001 a un secteur spécifique Exigences Reference number IS0/IEC 27009:2020(E) @IS0/IEC 2020 ut license from IHS Not for Resale, 05/07/2020 17:58:13 MDT IS0/IEC27009:2020(E) COPYRIGHTPROTECTEDDOCUMENT IS0/IEC2020 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either IsO at the address below or Iso's member body in the country of the requester. ISO copyright office CP401·Ch.deBlandonnet8 CH-1214 Vernier, Geneva Phone:+4122 749 0111 Fax: +41 22 749 09 47 Email: [email protected] Website: www.iso.org Published in Switzerland @ IS0/IEC 2020 - All rights reserved Not for Resale,05//2020175813MD IS0/IEC 27009:2020(E) Contents Page Foreword ..iv 1 Scope 1 2 Normative references .1 3 Terms and definitions 4 Overview of this document. .2 4.1 General. .2 4.2 Structure of this document 3 4.3 ExpandingIS0/IEC27001requirementsorIS0/IEC27002controls 3 5 Addition to, refinement or interpretation of IS0/IEC 27001 requirements .3 5.1 General .3 5.2 Addition of reguirements to IS0/IEC 27001 4 5.3 Refinement of requirements in IS0/IEC 27001 .4 5.4 Interpretation of requirements in IS0/IEC 27001 .4 6 Additional or modified IS0/IEC 27002 guidance .4 6.1 General .4 6.2 Additional guidance. .5 6.3 Modified guidance. .5 Annex A (normative) Template for developing sector-specific standards related to IS0/IEC 27001 and optionally IS0/IEC 27002 6 Annex B (normative) Template for developing sector-specific standards related to IS0/IEC 27002 9 Annex C (informative) Explanation of the advantages and disadvantages of numbering approaches used within Annex B ..16 Bibliography ..18 iii cense from IHS Not for Resale, 05/07/2020 17:58:13 MDT