eiscaa Accreditation for Information Security Management Systems

ISO/IEC 27000:2012 describes the overview and the vocabulary of information security management systems, which form the subject of the ISMS family of standards, and .defines related terms and definitions

ISO/IEC 27001 provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system (ISMS). The design and implementation of an ISMS is influenced by the organization's needs and objectives, security requirements, processes, size, and structure.

ISO/IEC 27010:2012 provides guidelines in addition to guidance given in the ISO/IEC 27000 family of standards for implementing information security management within information sharing communities.

ISO/IEC 27010:2012 provides controls and guidance specifically relating to initiating, implementing, maintaining, and improving information security in inter-organizational and inter-sector communications.

ISO/IEC 27010:2012 is applicable to all forms of exchange and sharing of sensitive information, both public and private, nationally and internationally, within the same industry or market sector or between sectors. In particular, it may be applicable to information exchanges and sharing relating to the provision, maintenance and protection of an organization's or nation state's critical infrastructure.


Friedrich-Ebert-Anlage 36, Frankfurt, Hessen, 60325, Germany