ISO27000 implementation - Where do you get the standardization material?

The official route for documentation is through ISO:IEC - and papers cost 134 Swiss Francs each.

Various bodies have guidance papers, for example ISACA provide a range of ISO27001 material on topics such as implementing ISMS, aligning Cobit, ITIL and ISO27001 - but you have to be an ISACA member (if you need to, ask me how :-)

Alternatively, you can engage consultants to go through your needs and gain an understanding of what you might need to do. As an example, I have helped many large organisations align their security function with ISO27001:2005 - not to gain accreditation, as that can often be expensive overkill, but to gain the advantages a governance and security framework based on ISO27001 gives you.

You can, however, get a lot of good information from some free sources:

  • http://www.itgovernance.co.uk/iso27001.aspx has a good ISMS guide and both the briefing paper and ISO27001 explained are worth a read.
  • http://informationsecuritymanagement.co.uk/iso-27001-guide.php?gclid=COu59YiXgLECFZA24Qod4HK_6w also provides a free guide to achieving certification

27000 itself is free, but the other standards in the family cost money, I'm afraid.

They can be purchased as a printed book or ebook directly from the ISO and the IEC themselves, at http://www.iso.org/iso/home/store.htm or from http://webstore.iec.ch/

It's also usually available from your local countries standards body. For Norway that is Standards Norway, who you can find at http://www.standard.no/


You may like to look through the following:

  • http://www.27000.org/iso-27001.htm
  • http://en.wikipedia.org/wiki/ISO/IEC_27001

To my knowledge, most ISO standard documents are not freely obtainable and have to be purchased from the ISO store (http://www.iso.org/iso/home/store.htm) or from the ISO member of one's own country, e.g. DIN in Germany. (For an eventual trick to save money, see my comment below.)

Tags:

Iso27000