About
-
Secretariat: DIN
Committee Manager: -
Chairperson (until end 2024):Mr Dr Andreas Wolf
-
ISO Technical Programme Manager [TPM]:ISO Editorial Manager [EM]:
- Creation date: 1989
Scope
The development of standards for the protection of information and ICT. This includes generic methods, techniques and guidelines to address both security and privacy aspects, such as:
- Security requirements capture methodology;
- Management of information and ICT security; in particular information security management systems, security processes, and security controls and services;
- Cryptographic and other security mechanisms, including but not limited to mechanisms for protecting the accountability, availability, integrity and confidentiality of information;
- Security management support documentation including terminology, guidelines as well as procedures for the registration of security components;
- Security aspects of identity management, biometrics and privacy;
- Conformance assessment, accreditation and auditing requirements in the area of information security management systems;
- Security evaluation criteria and methodology.
Quick links
-
Work programme
Drafts and new work items -
Working area
Working documents (user account required) -
ISO Electronic applications
IT Tools that help support the standards development process
This committee contributes with 30 standards to the following Sustainable Development Goals:
Joint working groups under the responsibility of another committee
| Reference | Title |
|---|---|
| ISO/TC 307/JWG 4 | Joint ISO/TC 307 - ISO/IEC JTC 1/SC 27 WG: Security, privacy and identity for Blockchain and DLT |
Liaison Committees to ISO/IEC JTC 1/SC 27
The committees below can access the documents of ISO/IEC JTC 1/SC 27:
| Reference | Title | ISO/IEC |
|---|---|---|
| IEC/SC 121A | Low-voltage switchgear and controlgear | IEC |
| IEC/SC 45A | Instrumentation, control and electrical power systems of nuclear facilities | IEC |
| IEC/TC 57 | Power systems management and associated information exchange | IEC |
| IEC/TC 65 | Industrial-process measurement, control and automation | IEC |
| ISO/CASCO | Committee on conformity assessment | ISO |
| ISO/IEC JTC 1 | Information technology | ISO/IEC |
| ISO/IEC JTC 1/SC 6 | Telecommunications and information exchange between systems | ISO/IEC |
| ISO/IEC JTC 1/SC 7 | Software and systems engineering | ISO/IEC |
| ISO/IEC JTC 1/SC 17 | Cards and security devices for personal identification | ISO/IEC |
| ISO/IEC JTC 1/SC 22 | Programming languages, their environments and system software interfaces | ISO/IEC |
| ISO/IEC JTC 1/SC 28 | Office equipment | ISO/IEC |
| ISO/IEC JTC 1/SC 29 | Coding of audio, picture, multimedia and hypermedia information | ISO/IEC |
| ISO/IEC JTC 1/SC 31 | Automatic identification and data capture techniques | ISO/IEC |
| ISO/IEC JTC 1/SC 32 | Data management and interchange | ISO/IEC |
| ISO/IEC JTC 1/SC 37 | Biometrics | ISO/IEC |
| ISO/IEC JTC 1/SC 38 | Cloud computing and distributed platforms | ISO/IEC |
| ISO/IEC JTC 1/SC 40 | IT service management and IT governance | ISO/IEC |
| ISO/IEC JTC 1/SC 41 | Internet of things and digital twin | ISO/IEC |
| ISO/IEC JTC 1/SC 42 | Artificial intelligence | ISO/IEC |
| ISO/TC 8 | Ships and marine technology | ISO |
| ISO/TC 22/SC 32 | Electrical and electronic components and general system aspects | ISO |
| ISO/TC 46/SC 11 | Archives/records management | ISO |
| ISO/TC 68/SC 2 | Financial Services, security | ISO |
| ISO/TC 176/SC 1 | Concepts and terminology | ISO |
| ISO/TC 176/SC 3 | Supporting technologies | ISO |
| ISO/TC 204 | Intelligent transport systems | ISO |
| ISO/TC 232 | Education and learning services | ISO |
| ISO/TC 251 | Asset management | ISO |
| ISO/TC 262 | Risk management | ISO |
| ISO/TC 272 | Forensic sciences | ISO |
| ISO/TC 292 | Security and resilience | ISO |
| ISO/TC 307 | Blockchain and distributed ledger technologies | ISO |
| ISO/TC 309 | Governance of organizations | ISO |
| ISO/PC 317 | Consumer protection: privacy by design for consumer goods and services | ISO |
| ISO/TC 321 | Transaction assurance in E-commerce | ISO |
| ISO/TC 332 | Security equipment for financial institutions and commercial organizations | ISO |
Liaison Committees from ISO/IEC JTC 1/SC 27
ISO/IEC JTC 1/SC 27 can access the documents of the committees below:
| Reference | Title | ISO/IEC |
|---|---|---|
| ISO/CASCO | Committee on conformity assessment | ISO |
| ISO/IEC JTC 1 | Information technology | ISO/IEC |
| ISO/IEC JTC 1/SC 6 | Telecommunications and information exchange between systems | ISO/IEC |
| ISO/IEC JTC 1/SC 7 | Software and systems engineering | ISO/IEC |
| ISO/IEC JTC 1/SC 17 | Cards and security devices for personal identification | ISO/IEC |
| ISO/IEC JTC 1/SC 22 | Programming languages, their environments and system software interfaces | ISO/IEC |
| ISO/IEC JTC 1/SC 25 | Interconnection of information technology equipment | ISO/IEC |
| ISO/IEC JTC 1/SC 28 | Office equipment | ISO/IEC |
| ISO/IEC JTC 1/SC 29 | Coding of audio, picture, multimedia and hypermedia information | ISO/IEC |
| ISO/IEC JTC 1/SC 31 | Automatic identification and data capture techniques | ISO/IEC |
| ISO/IEC JTC 1/SC 32 | Data management and interchange | ISO/IEC |
| ISO/IEC JTC 1/SC 36 | Information technology for learning, education and training | ISO/IEC |
| ISO/IEC JTC 1/SC 37 | Biometrics | ISO/IEC |
| ISO/IEC JTC 1/SC 38 | Cloud computing and distributed platforms | ISO/IEC |
| ISO/IEC JTC 1/SC 40 | IT service management and IT governance | ISO/IEC |
| ISO/IEC JTC 1/SC 42 | Artificial intelligence | ISO/IEC |
| ISO/TC 22/SC 31 | Data communication | ISO |
| ISO/TC 22/SC 32 | Electrical and electronic components and general system aspects | ISO |
| ISO/TC 46/SC 11 | Archives/records management | ISO |
| ISO/TC 68/SC 2 | Financial Services, security | ISO |
| ISO/TC 171 | Document management applications | ISO |
| ISO/TC 176/SC 3 | Supporting technologies | ISO |
| ISO/TC 199 | Safety of machinery | ISO |
| ISO/TC 204 | Intelligent transport systems | ISO |
| ISO/TC 215 | Health informatics | ISO |
| ISO/TC 251 | Asset management | ISO |
| ISO/TC 262 | Risk management | ISO |
| ISO/TC 292 | Security and resilience | ISO |
| ISO/TC 307 | Blockchain and distributed ledger technologies | ISO |
| ISO/TC 309 | Governance of organizations | ISO |
| ISO/PC 317 | Consumer protection: privacy by design for consumer goods and services | ISO |
| ISO/TC 321 | Transaction assurance in E-commerce | ISO |
Organizations in liaison (Category A and B)
| Acronym | Title | Category |
|---|---|---|
| (ISC)2 | International Information Systems Security Certification Consortium, Inc. | A |
| CalConnect | The Calendaring and Scheduling Consortium | A |
| CCETT | Common Study Center of Telediffusion and Telecommunication | A |
| Cloud security alliance | Cloud security alliance | A |
| Ecma International | Ecma International | A |
| ENISA | European Network and Information Security Agency | A |
| EPC | Conseil Européen des Paiements AISBL | A |
| ETSI | European Telecommunications Standards Institute | A |
| EUSPA | European Union Agency for the Space Programme | A |
| Global Platform - Global Platform Inc. | Global Platform Inc. | A |
| IEEE | Institute of Electrical and Electronics Engineers, Inc | A |
| IIOC | Independant International Organization for Certification | A |
| IQNet | IQNet Association - The International Certification Network | A |
| ISA - Automation | The International Society of Automation | A |
| ISACA | Information Systems Audit and Control Association | A |
| ISSEA | International Systems Security Engineering Association | A |
| ITU | International Telecommunication Union | A |
| Mastercard | Mastercard International | A |
| SBS - Small Business Standards | Small Business Standards | A |
| UNHCR | United Nations High Commissioner for Refugees | A |
Organizations in liaison (Category C)
C liaisons participate at the level of a Working Group
| Acronym | Title | Category |
|---|---|---|
| (ISC)2 | International Information Systems Security Certification Consortium, Inc. | C |
| ABC4Trust | ABC4Trust - Attribute-based Credentials for Trust | C |
| CCDB | Common Criteria Development Board | C |
| CCUF | Common Criteria Users Forum | C |
| CMUF | Cryptographic Module Users Forum | C |
| CREDENTIAL | seCuRE clouD idENTIty wALlet | C |
| CSCC | Cloud Standards Customer Council | C |
| Cyber Security | The Cyber Security Naming & Information Structure Groups | C |
| CyberSec4Europe | Cyber Security Network of Competence Centres for Europe | C |
| EDPB | European Data Protection Board | C |
| ETSI | European Telecommunications Standards Institute | C |
| EuroCloud | EuroCloud | C |
| FENTEC | Functional ENcryption TEChnologies - H2020 EU project | C |
| FIDO Alliance | The FIDO (Fast IDentity Online) Alliance | C |
| FIRST | Forum of Incident Response and Security Teams | C |
| GPA | Global Privacy Assembly | C |
| IAPP | International Association of Privacy Professionals | C |
| IFAA | Internet Finance Authentication Alliance | C |
| INFINITECH | INFINITECH | C |
| INLAC | Latinoamerican Institute for Quality Assurance | C |
| ISCI | International Smart card Certification Initiatives | C |
| ISF | Information Security Forum | C |
| JAVA CARD FORUM | The Java Card Forum | C |
| Kantara Initiative | Kantara Initiative | C |
| LOCARD | EC H2020 project entitled “Lawful evidence collecting and continuity platform development” | C |
| OASIS-PMRM | OASIS Privacy Management Reference Model | C |
| OECD | Organisation for Economic Co-operation and Development, OECD | C |
| OIDF | The OpenID Foundation | C |
| Opengroup, United Kingdom | Opengroup | C |
| PQCRYPTO | Post-quantum cryptography for long-term security | C |
| PRIPARE | PReparing Industry to Privacy-by-design by supporting its Application in REsearch | C |
| PRISMACLOUD | Privacy and Security Maintaining Services in the Cloud | C |
| SAFECode | Software Assurance Forum for Excellence in Code | C |
| SAFEcrypto | Secure Architectures of Future Emerging Cryptography | C |
| TCG | Trusted Computing Group | C |
| TREsPASS | Technology-supported Risk Estimation by Predictive Assessment of Socio technical Security | C |
| WITDOM | empoWering prIvacy and securiTy in non-trusteD envirOnMents | C |
| Date | Month | Location | TC/SC | Note |
|---|---|---|---|---|
| 12-13 | October 2022 | Virtual | ISO/IEC JTC 1/SC 27 | |
| 17-25 | April 2023 | Redmond (United States) | ISO/IEC JTC 1/SC 27 | * |
| October 2023 | ISO/IEC JTC 1/SC 27 | ** | ||
| April 2024 | ISO/IEC JTC 1/SC 27 | ** | ||
| October 2024 | ISO/IEC JTC 1/SC 27 | ** |
* Information definite but meeting not yet formally convened
** Provisional
ISO/IEC JTC 1/SC 27 - Secretariat
DIN [Germany]
DIN Deutsches Institut für Normung e.V.
Am DIN-Platz, Burggrafenstraße 6
D-10787 Berlin
Germany
D-10787 Berlin
Germany
Tel: +49 30 2601-0
Fax: +49 30 26 01 12 31
Web: http://www.din.de
ISO/IEC JTC 1/SC 27 in the news
Cyber-attacks are costly, disruptive and a growing threat to business, governments and society alike. Happily, an arsenal of standards helps stay ahead of the game.
Why education is our best weapon against cybercrime.
New guidance just published.
New guidance on cybersecurity frameworks just published.
A new series of International Standards has just been published.