INTERNATIONAL ISO/IEC STANDARD 27009 Second edition 2020-04 Information security,cybersecurity andprivacyprotectionSector- specific application of IS0/IEC 27001 -Requirements Securite de I'information,cybersecurite et protection des donnees personnelles-ApplicationdeI'iS0/IEC27001aunsecteur specifique-Exigences Reference number IEC IS0/IEC27009:2020(E) Copyright Interr ational Organization for Standardizatior ISO/IEC2020 d by IHS Markit unde cense with IEC Not for Resale, 05/07/2020 17:58:13 MDT IS0/IEC27009:2020(E) COPYRIGHTPROTECTEDDOCUMENT IS0/IEC2020 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may on the internet or an intranet, without prior written permission. Permission can be requested from either IsO at the address below or Iso's member body in the country of the requester. ISO copyright office CP 401 · Ch. de Blandonnet 8 CH-1214 Vernier, Geneva Phone: +41 22 749 01 11 Fax: +41 22 749 09 47 Email:[email protected] Website: Published in Switzerland @ ISO/IEC 2020 All rights reserved Nt or Resale,050720201758:13MDT IS0/IEC27009:2020(E) Contents Page Foreword .iv 1 Scope 2 Normativereferences .1 3 Terms and definitions . 4 Overviewofthisdocument .2 4.1 General. .2 4.2 Structureofthisdocument .3 4.3 ExpandingIS0/IEC27001requirementsorIS0/IEC27002controls 3 5 Additionto,refinementorinterpretationofIso/lEc27001requirements 3 5.1 General .3 5.2 AdditionofrequirementstoIS0/IEC27001 4 5.3 RefinementofrequirementsinIS0/IEc27001 4 5.4 InterpretationofrequirementsinIS0/IEC27001 4 6 AdditionalormodifiedIS0/IEC27002guidance .4 6.1 General .4 6.2 Additional guidance 5 6.3 Modified guidance. 5 AnnexA(normative)Templatefordeveloping sector-specificstandardsrelatedto IS0/IEC27001andoptionallyIS0/IEC27002 6 AnnexB (normative)Templatefordevelopingsector-specificstandardsrelatedto IS0/IEC27002 9 Annex C (informative) Explanation of the advantages and disadvantages of numbering approachesusedwithinAnnexB .16 Bibliography .18 ili er license with IEC e from IHS e, 05/07/2020 17:58:13 MD IS0/IEC27009:2020(E) Foreword ISo (theInternational OrganizationforStandardization)andIEC (the International Electrotechnical Commission)formthe specialized system forworldwide standardization.National bodies thatare members of ISO or IEC participate in the development of International Standards through technical committees established bythe respective organization to deal with particular fields of technical activity.Iso and IEC technicalcommittees collaborate infields ofmutual interest.Other international organizations,governmentalandnon-governmental, in liaison withiso and IEC,alsotakepart inthe work.In thefield of information technology,ISO and IEC have established a joint technical committee, ISO/IECJTC 1. The procedures used to develop this document and those intended for its further maintenance are described in the ISo/IEC Directives, Part 1. In particular the different approval criteria needed for the differenttypes of Iso documents should benoted.This document was drafted in accordance with the editorial rulesoftheISo/IECDirectives,Part2 ( Attention is drawntothepossibilitythat someof the elements of this documentmaybethe subject of patent rights.ISO and IEC shall not beheld responsible foridentifying any or all suchpatent rights. Details of any patent rights identified during the development of the document will be in the Introductionand/oron theIsolistofpatentdeclarations received ( Anytradename used in this document is information given for the convenience of users and does not constituteanendorsement. For an explanation on thevoluntary nature of standards, themeaning of Iso specific terms and expressions related to conformity assessment, as well as information about Iso's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see iso/

