About
-
Secretariat: DIN
Committee Manager: -
Chairperson (until end 2024):Mr Dr Andreas Wolf
-
ISO Technical Programme Manager [TPM]:ISO Editorial Manager [EM]:
- Creation date: 1989
Scope
The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as:
- Security requirements capture methodology;
- Management of information and ICT security; in particular information security management systems, security processes, and security controls and services;
- Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information;
- Security management support documentation including terminology, guidelines as well as procedures for the registration of security components;
- Security aspects of identity management, biometrics and privacy;
- Conformance assessment, accreditation and auditing requirements in the area of information security management systems;
- Security evaluation criteria and methodology.
Quick links
-
Work programme
Drafts and new work items -
Working area
Working documents (user account required) -
ISO Electronic applications
IT Tools that help support the standards development process -
Public material
Browse documents made available by this group
This committee contributes with 36 standards to the following Sustainable Development Goals:
3
Good Health and Well-being
4
Quality Education
5
Gender Equality
8
Decent Work and Economic Growth
9
Industry, Innovation and Infrastructure
10
Reduced Inequalities
11
Sustainable Cities and Communities
12
Responsible Consumption and Production
13
Climate Action
16
Peace, Justice and Strong Institutions
Joint working groups under the responsibility of another committee
| Reference | Title |
|---|---|
| ISO/TC 307/JWG 4 | Joint ISO/TC 307 - ISO/IEC JTC 1/SC 27 WG: Security, privacy and identity for Blockchain and DLT |
Liaison Committees to ISO/IEC JTC 1/SC 27
The committees below can access the documents of ISO/IEC JTC 1/SC 27:
| Reference | Title | ISO/IEC |
|---|---|---|
| IEC/SC 121A | Low-voltage switchgear and controlgear | IEC |
| IEC/SC 45A | Instrumentation, control and electrical power systems of nuclear facilities | IEC |
| IEC/TC 57 | Power systems management and associated information exchange | IEC |
| IEC/TC 65 | Industrial-process measurement, control and automation | IEC |
| ISO/CASCO | Committee on conformity assessment | ISO |
| ISO/IEC JTC 1 | Information technology | ISO/IEC |
| ISO/IEC JTC 1/SC 6 | Telecommunications and information exchange between systems | ISO/IEC |
| ISO/IEC JTC 1/SC 7 | Software and systems engineering | ISO/IEC |
| ISO/IEC JTC 1/SC 17 | Cards and security devices for personal identification | ISO/IEC |
| ISO/IEC JTC 1/SC 22 | Programming languages, their environments and system software interfaces | ISO/IEC |
| ISO/IEC JTC 1/SC 28 | Office equipment | ISO/IEC |
| ISO/IEC JTC 1/SC 29 | Coding of audio, picture, multimedia and hypermedia information | ISO/IEC |
| ISO/IEC JTC 1/SC 31 | Automatic identification and data capture techniques | ISO/IEC |
| ISO/IEC JTC 1/SC 32 | Data management and interchange | ISO/IEC |
| ISO/IEC JTC 1/SC 37 | Biometrics | ISO/IEC |
| ISO/IEC JTC 1/SC 38 | Cloud computing and distributed platforms | ISO/IEC |
| ISO/IEC JTC 1/SC 40 | IT service management and IT governance | ISO/IEC |
| ISO/IEC JTC 1/SC 41 | Internet of things and digital twin | ISO/IEC |
| ISO/IEC JTC 1/SC 42 | Artificial intelligence | ISO/IEC |
| ISO/TC 8 | Ships and marine technology | ISO |
| ISO/TC 22/SC 32 | Electrical and electronic components and general system aspects | ISO |
| ISO/TC 23/SC 19 | Agricultural electronics | ISO |
| ISO/TC 46/SC 11 | Archives/records management | ISO |
| ISO/TC 68/SC 2 | Financial Services, security | ISO |
| ISO/TC 68/SC 8 | Reference data for financial services | ISO |
| ISO/TC 176/SC 1 | Concepts and terminology | ISO |
| ISO/TC 176/SC 3 | Supporting technologies | ISO |
| ISO/TC 204 | Intelligent transport systems | ISO |
| ISO/TC 232 | Education and learning services | ISO |
| ISO/TC 251 | Asset management | ISO |
| ISO/TC 262 | Risk management | ISO |
| ISO/TC 272 | Forensic sciences | ISO |
| ISO/TC 292 | Security and resilience | ISO |
| ISO/TC 307 | Blockchain and distributed ledger technologies | ISO |
| ISO/TC 309 | Governance of organizations | ISO |
| ISO/PC 317 | Consumer protection: privacy by design for consumer goods and services | ISO |
| ISO/TC 321 | Transaction assurance in E-commerce | ISO |
| ISO/TC 332 | Security equipment for financial institutions and commercial organizations | ISO |
Liaison Committees from ISO/IEC JTC 1/SC 27
ISO/IEC JTC 1/SC 27 can access the documents of the committees below:
| Reference | Title | ISO/IEC |
|---|---|---|
| ISO/CASCO | Committee on conformity assessment | ISO |
| ISO/IEC JTC 1 | Information technology | ISO/IEC |
| ISO/IEC JTC 1/SC 6 | Telecommunications and information exchange between systems | ISO/IEC |
| ISO/IEC JTC 1/SC 7 | Software and systems engineering | ISO/IEC |
| ISO/IEC JTC 1/SC 17 | Cards and security devices for personal identification | ISO/IEC |
| ISO/IEC JTC 1/SC 22 | Programming languages, their environments and system software interfaces | ISO/IEC |
| ISO/IEC JTC 1/SC 25 | Interconnection of information technology equipment | ISO/IEC |
| ISO/IEC JTC 1/SC 28 | Office equipment | ISO/IEC |
| ISO/IEC JTC 1/SC 29 | Coding of audio, picture, multimedia and hypermedia information | ISO/IEC |
| ISO/IEC JTC 1/SC 31 | Automatic identification and data capture techniques | ISO/IEC |
| ISO/IEC JTC 1/SC 32 | Data management and interchange | ISO/IEC |
| ISO/IEC JTC 1/SC 36 | Information technology for learning, education and training | ISO/IEC |
| ISO/IEC JTC 1/SC 37 | Biometrics | ISO/IEC |
| ISO/IEC JTC 1/SC 38 | Cloud computing and distributed platforms | ISO/IEC |
| ISO/IEC JTC 1/SC 40 | IT service management and IT governance | ISO/IEC |
| ISO/IEC JTC 1/SC 42 | Artificial intelligence | ISO/IEC |
| ISO/TC 22/SC 31 | Data communication | ISO |
| ISO/TC 22/SC 32 | Electrical and electronic components and general system aspects | ISO |
| ISO/TC 23/SC 19 | Agricultural electronics | ISO |
| ISO/TC 46/SC 11 | Archives/records management | ISO |
| ISO/TC 68/SC 2 | Financial Services, security | ISO |
| ISO/TC 171 | Document management applications | ISO |
| ISO/TC 176/SC 3 | Supporting technologies | ISO |
| ISO/TC 199 | Safety of machinery | ISO |
| ISO/TC 204 | Intelligent transport systems | ISO |
| ISO/TC 215 | Health informatics | ISO |
| ISO/TC 251 | Asset management | ISO |
| ISO/TC 262 | Risk management | ISO |
| ISO/TC 268 | Sustainable cities and communities | ISO |
| ISO/TC 292 | Security and resilience | ISO |
| ISO/TC 307 | Blockchain and distributed ledger technologies | ISO |
| ISO/TC 309 | Governance of organizations | ISO |
| ISO/PC 317 | Consumer protection: privacy by design for consumer goods and services | ISO |
| ISO/TC 321 | Transaction assurance in E-commerce | ISO |
Organizations in liaison (Category A and B)
| Acronym | Title | Category |
|---|---|---|
| (ISC)2 | International Information Systems Security Certification Consortium, Inc. | A |
| CalConnect | The Calendaring and Scheduling Consortium | A |
| CCETT | Common Study Center of Telediffusion and Telecommunication | A |
| Cloud security alliance | Cloud security alliance | A |
| Ecma International | Ecma International | A |
| ENISA | European Network and Information Security Agency | A |
| EPC | Conseil Européen des Paiements AISBL | A |
| ETSI | European Telecommunications Standards Institute | A |
| EUSPA | European Union Agency for the Space Programme | A |
| Global Platform - Global Platform Inc. | Global Platform Inc. | A |
| IEEE | Institute of Electrical and Electronics Engineers, Inc | A |
| IIOC | Independant International Organization for Certification | A |
| IQNet | IQNet Association - The International Certification Network | A |
| ISA - Automation | The International Society of Automation | A |
| ISACA | Information Systems Audit and Control Association | A |
| ISSEA | International Systems Security Engineering Association | A |
| ITU | International Telecommunication Union | A |
| Mastercard | Mastercard International | A |
| SBS - Small Business Standards | Small Business Standards | A |
| TIA | Telecommunications Industry Association | A |
| UNHCR | United Nations High Commissioner for Refugees | A |
Organizations in liaison (Category C)
C liaisons participate at the level of a Working Group
| Acronym | Title | Category |
|---|---|---|
| (ISC)2 | International Information Systems Security Certification Consortium, Inc. | C |
| ABC4Trust | ABC4Trust - Attribute-based Credentials for Trust | C |
| CCDB | Common Criteria Development Board | C |
| CCUF | Common Criteria Users Forum | C |
| CMUF | Cryptographic Module Users Forum | C |
| CREDENTIAL | seCuRE clouD idENTIty wALlet | C |
| CSCC | Cloud Standards Customer Council | C |
| Cyber Security | The Cyber Security Naming & Information Structure Groups | C |
| CyberSec4Europe | Cyber Security Network of Competence Centres for Europe | C |
| DTSP | Digital Trust & Safety Partnership | C |
| EDPB | European Data Protection Board | C |
| ETSI | European Telecommunications Standards Institute | C |
| FENTEC | Functional ENcryption TEChnologies - H2020 EU project | C |
| FIDO Alliance | The FIDO (Fast IDentity Online) Alliance | C |
| FIRST | Forum of Incident Response and Security Teams | C |
| GPA | Global Privacy Assembly | C |
| IAPP | International Association of Privacy Professionals | C |
| IFAA | Internet Finance Authentication Alliance | C |
| INFINITECH | INFINITECH | C |
| INLAC | Latinoamerican Institute for Quality Assurance | C |
| ISCI | International Smart card Certification Initiatives | C |
| ISF | Information Security Forum | C |
| JAVA CARD FORUM | The Java Card Forum | C |
| Kantara Initiative | Kantara Initiative | C |
| LOCARD | EC H2020 project entitled “Lawful evidence collecting and continuity platform development” | C |
| OASIS-PMRM | OASIS Privacy Management Reference Model | C |
| OECD | Organisation for Economic Co-operation and Development, OECD | C |
| OIDF | The OpenID Foundation | C |
| Opengroup, United Kingdom | Opengroup | C |
| PQCRYPTO | Post-quantum cryptography for long-term security | C |
| PRIPARE | PReparing Industry to Privacy-by-design by supporting its Application in REsearch | C |
| PRISMACLOUD | Privacy and Security Maintaining Services in the Cloud | C |
| SAFECode | Software Assurance Forum for Excellence in Code | C |
| SAFEcrypto | Secure Architectures of Future Emerging Cryptography | C |
| TCG | Trusted Computing Group | C |
| TREsPASS | Technology-supported Risk Estimation by Predictive Assessment of Socio technical Security | C |
| WITDOM | empoWering prIvacy and securiTy in non-trusteD envirOnMents | C |
ISO/IEC JTC 1/SC 27 - Secretariat
DIN [Germany]
DIN Deutsches Institut für Normung e.V.
Am DIN-Platz, Burggrafenstraße 6
D-10787 Berlin
Germany
D-10787 Berlin
Germany
Tel: +49 30 2601-0
Fax: +49 30 26 01 12 31
Web: http://www.din.de
ISO/IEC JTC 1/SC 27 in the news
Distrust pushes us into self-limiting stigmas, but International Standards can help us be confidently vulnerable and resilient.
In an increasingly digital age, and one marked by misinformation and fake news, the big challenge is establishing trust in technology itself.
Cyber-attacks are costly, disruptive and a growing threat to business, governments and society alike. Here’s how to protect your assets.
Cyber-attacks are costly, disruptive and a growing threat to business, governments and society alike. Happily, an arsenal of standards helps stay ahead of the game.
Why education is our best weapon against cybercrime.