About

Scope

The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as:

  • Security requirements capture methodology;
  • Management of information and ICT security; in particular information security management systems, security processes, and security controls and services;
  • Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information;
  • Security management support documentation including terminology, guidelines as well as procedures for the registration of security components;
  • Security aspects of identity management, biometrics and privacy;
  • Conformance assessment, accreditation and auditing requirements in the area of information security management systems;
  • Security evaluation criteria and methodology.
SC 27 engages in active liaison and collaboration with appropriate bodies to ensure the proper development and application of SC 27 standards and technical reports in relevant areas

Quick links

Sustainable Development Goals

This committee contributes with 30 standards to the following Sustainable Development Goals:

3
Good Health and Well-being
5
Gender Equality
8
Decent Work and Economic Growth
9
Industry, Innovation and Infrastructure
10
Reduced Inequalities
11
Sustainable Cities and Communities
12
Responsible Consumption and Production
13
Climate Action
16
Peace, Justice and Strong Institutions
229
published ISO standards *

under the direct responsibility of ISO/IEC JTC 1/SC 27

61
ISO standards under development *

under the direct responsibility of ISO/IEC JTC 1/SC 27

54
Participating members
33
Observing members

* number includes updates

Reference Title Type
ISO/IEC JTC 1/SC 27/AG 2   Trustworthiness Working group
ISO/IEC JTC 1/SC 27/AG 3   Concepts and Terminology Working group
ISO/IEC JTC 1/SC 27/AG 5   Strategy Working group
ISO/IEC JTC 1/SC 27/AG 6   Operations Working group
ISO/IEC JTC 1/SC 27/AG 7   Communication and Outreach (AG-CO) Working group
ISO/IEC JTC 1/SC 27/AG 8   Advisory Group on Conformity Assessment Working group
ISO/IEC JTC 1/SC 27/AHG 1   Resolution Drafting Working group
ISO/IEC JTC 1/SC 27/AHG 2   Security and privacy in IoT and Digital Twin Working group
ISO/IEC JTC 1/SC 27/AHG 3   Security and privacy in AI and Big Data (BD) Working group
ISO/IEC JTC 1/SC 27/CAG   Chair’s Advisory Group Working group
ISO/IEC JTC 1/SC 27/JWG 6   Joint ISO/IEC JTC1/SC 27 - ISO/TC 22/SC 32 WG : Cybersecurity requirements and evaluation activities for connected vehicle devices Working group
ISO/IEC JTC 1/SC 27/WG 1   Information security management systems Working group
ISO/IEC JTC 1/SC 27/WG 2   Cryptography and security mechanisms Working group
ISO/IEC JTC 1/SC 27/WG 3   Security evaluation, testing and specification Working group
ISO/IEC JTC 1/SC 27/WG 4   Security controls and services Working group
ISO/IEC JTC 1/SC 27/WG 5   Identity management and privacy technologies Working group

 

Joint working groups under the responsibility of another committee
Reference Title
ISO/TC 307/JWG 4 Joint ISO/TC 307 - ISO/IEC JTC 1/SC 27 WG: Security, privacy and identity for Blockchain and DLT
Liaison Committees to ISO/IEC JTC 1/SC 27

The committees below can access the documents of ISO/IEC JTC 1/SC 27:

Reference Title ISO/IEC
IEC/SC 121A Low-voltage switchgear and controlgear IEC
IEC/SC 45A Instrumentation, control and electrical power systems of nuclear facilities IEC
IEC/TC 57 Power systems management and associated information exchange IEC
IEC/TC 65 Industrial-process measurement, control and automation IEC
ISO/CASCO Committee on conformity assessment ISO
ISO/IEC JTC 1 Information technology ISO/IEC
ISO/IEC JTC 1/SC 6 Telecommunications and information exchange between systems ISO/IEC
ISO/IEC JTC 1/SC 7 Software and systems engineering ISO/IEC
ISO/IEC JTC 1/SC 17 Cards and security devices for personal identification ISO/IEC
ISO/IEC JTC 1/SC 22 Programming languages, their environments and system software interfaces ISO/IEC
ISO/IEC JTC 1/SC 28 Office equipment ISO/IEC
ISO/IEC JTC 1/SC 29 Coding of audio, picture, multimedia and hypermedia information ISO/IEC
ISO/IEC JTC 1/SC 31 Automatic identification and data capture techniques ISO/IEC
ISO/IEC JTC 1/SC 32 Data management and interchange ISO/IEC
ISO/IEC JTC 1/SC 37 Biometrics ISO/IEC
ISO/IEC JTC 1/SC 38 Cloud computing and distributed platforms ISO/IEC
ISO/IEC JTC 1/SC 40 IT service management and IT governance ISO/IEC
ISO/IEC JTC 1/SC 41 Internet of things and digital twin ISO/IEC
ISO/IEC JTC 1/SC 42 Artificial intelligence ISO/IEC
ISO/TC 8 Ships and marine technology ISO
ISO/TC 22/SC 32 Electrical and electronic components and general system aspects ISO
ISO/TC 46/SC 11 Archives/records management ISO
ISO/TC 68/SC 2 Financial Services, security ISO
ISO/TC 68/SC 8 Reference data for financial services ISO
ISO/TC 176/SC 1 Concepts and terminology ISO
ISO/TC 176/SC 3 Supporting technologies ISO
ISO/TC 204 Intelligent transport systems ISO
ISO/TC 232 Education and learning services ISO
ISO/TC 251 Asset management ISO
ISO/TC 262 Risk management ISO
ISO/TC 272 Forensic sciences ISO
ISO/TC 292 Security and resilience ISO
ISO/TC 307 Blockchain and distributed ledger technologies ISO
ISO/TC 309 Governance of organizations ISO
ISO/PC 317 Consumer protection: privacy by design for consumer goods and services ISO
ISO/TC 321 Transaction assurance in E-commerce ISO
ISO/TC 332 Security equipment for financial institutions and commercial organizations ISO

 

Liaison Committees from ISO/IEC JTC 1/SC 27

ISO/IEC JTC 1/SC 27 can access the documents of the committees below:

Reference Title ISO/IEC
ISO/CASCO Committee on conformity assessment ISO
ISO/IEC JTC 1 Information technology ISO/IEC
ISO/IEC JTC 1/SC 6 Telecommunications and information exchange between systems ISO/IEC
ISO/IEC JTC 1/SC 7 Software and systems engineering ISO/IEC
ISO/IEC JTC 1/SC 17 Cards and security devices for personal identification ISO/IEC
ISO/IEC JTC 1/SC 22 Programming languages, their environments and system software interfaces ISO/IEC
ISO/IEC JTC 1/SC 25 Interconnection of information technology equipment ISO/IEC
ISO/IEC JTC 1/SC 28 Office equipment ISO/IEC
ISO/IEC JTC 1/SC 29 Coding of audio, picture, multimedia and hypermedia information ISO/IEC
ISO/IEC JTC 1/SC 31 Automatic identification and data capture techniques ISO/IEC
ISO/IEC JTC 1/SC 32 Data management and interchange ISO/IEC
ISO/IEC JTC 1/SC 36 Information technology for learning, education and training ISO/IEC
ISO/IEC JTC 1/SC 37 Biometrics ISO/IEC
ISO/IEC JTC 1/SC 38 Cloud computing and distributed platforms ISO/IEC
ISO/IEC JTC 1/SC 40 IT service management and IT governance ISO/IEC
ISO/IEC JTC 1/SC 42 Artificial intelligence ISO/IEC
ISO/TC 22/SC 31 Data communication ISO
ISO/TC 22/SC 32 Electrical and electronic components and general system aspects ISO
ISO/TC 46/SC 11 Archives/records management ISO
ISO/TC 68/SC 2 Financial Services, security ISO
ISO/TC 171 Document management applications ISO
ISO/TC 176/SC 3 Supporting technologies ISO
ISO/TC 199 Safety of machinery ISO
ISO/TC 204 Intelligent transport systems ISO
ISO/TC 215 Health informatics ISO
ISO/TC 251 Asset management ISO
ISO/TC 262 Risk management ISO
ISO/TC 292 Security and resilience ISO
ISO/TC 307 Blockchain and distributed ledger technologies ISO
ISO/TC 309 Governance of organizations ISO
ISO/PC 317 Consumer protection: privacy by design for consumer goods and services ISO
ISO/TC 321 Transaction assurance in E-commerce ISO

 

Organizations in liaison (Category A and B)
Acronym Title Category
(ISC)2 International Information Systems Security Certification Consortium, Inc. A
CalConnect The Calendaring and Scheduling Consortium A
CCETT Common Study Center of Telediffusion and Telecommunication A
Cloud security alliance Cloud security alliance A
Ecma International Ecma International A
ENISA European Network and Information Security Agency A
EPC Conseil Européen des Paiements AISBL A
ETSI European Telecommunications Standards Institute A
EUSPA European Union Agency for the Space Programme A
Global Platform - Global Platform Inc. Global Platform Inc. A
IEEE Institute of Electrical and Electronics Engineers, Inc A
IIOC Independant International Organization for Certification A
IQNet IQNet Association - The International Certification Network A
ISA - Automation The International Society of Automation A
ISACA Information Systems Audit and Control Association A
ISSEA International Systems Security Engineering Association A
ITU International Telecommunication Union A
Mastercard Mastercard International A
SBS - Small Business Standards Small Business Standards A
TIA Telecommunications Industry Association A
UNHCR United Nations High Commissioner for Refugees A

Organizations in liaison (Category C)

C liaisons participate at the level of a Working Group

Acronym Title Category
(ISC)2 International Information Systems Security Certification Consortium, Inc. C
ABC4Trust ABC4Trust - Attribute-based Credentials for Trust C
CCDB Common Criteria Development Board C
CCUF Common Criteria Users Forum C
CMUF Cryptographic Module Users Forum C
CREDENTIAL seCuRE clouD idENTIty wALlet C
CSCC Cloud Standards Customer Council C
Cyber Security The Cyber Security Naming & Information Structure Groups C
CyberSec4Europe Cyber Security Network of Competence Centres for Europe C
EDPB European Data Protection Board C
ETSI European Telecommunications Standards Institute C
EuroCloud EuroCloud C
FENTEC Functional ENcryption TEChnologies - H2020 EU project C
FIDO Alliance The FIDO (Fast IDentity Online) Alliance C
FIRST Forum of Incident Response and Security Teams C
GPA Global Privacy Assembly C
IFAA Internet Finance Authentication Alliance C
INFINITECH INFINITECH C
INLAC Latinoamerican Institute for Quality Assurance C
ISCI International Smart card Certification Initiatives C
ISF Information Security Forum C
JAVA CARD FORUM The Java Card Forum C
Kantara Initiative Kantara Initiative C
LOCARD EC H2020 project entitled “Lawful evidence collecting and continuity platform development” C
OASIS-PMRM OASIS Privacy Management Reference Model C
OECD Organisation for Economic Co-operation and Development, OECD C
OIDF The OpenID Foundation C
Opengroup, United Kingdom Opengroup C
PQCRYPTO Post-quantum cryptography for long-term security C
PRIPARE PReparing Industry to Privacy-by-design by supporting its Application in REsearch C
PRISMACLOUD Privacy and Security Maintaining Services in the Cloud C
SAFECode Software Assurance Forum for Excellence in Code C
SAFEcrypto Secure Architectures of Future Emerging Cryptography C
TCG Trusted Computing Group C
TREsPASS Technology-supported Risk Estimation by Predictive Assessment of Socio technical Security C
WITDOM empoWering prIvacy and securiTy in non-trusteD envirOnMents C
Date Month Location TC/SC Note
17-25 April 2023 Redmond (United States) ISO/IEC JTC 1/SC 27  
  October 2023 ISO/IEC JTC 1/SC 27 **
  April 2024 ISO/IEC JTC 1/SC 27 **
  October 2024 ISO/IEC JTC 1/SC 27 **

* Information definite but meeting not yet formally convened
** Provisional

ISO/IEC JTC 1/SC 27 - Secretariat

DIN [Germany]

DIN Deutsches Institut für Normung e.V.
Am DIN-Platz, Burggrafenstraße 6
D-10787 Berlin
Germany

Tel: +49 30 2601-0
Fax: +49 30 26 01 12 31
Web:

  2. Taking part
  3. Who develops standards
  4. Technical Committees
  5. ISO/IEC JTC 1
  6. SC 27