ISO/IEC 27009:2020,Information security, cybersecurity and privacy protection — Sector-specific application of ISO/IEC 27001 — Requirements.
The document can be downloaded here for free,and size of the file is 7.15M.
BS ISO/IEC 27009:2020 specifies that additional or refined requirements do not invalidate the requirements in ISO/IEC 27001.
BS ISO/IEC 27009:2020 is applicable to those involved in producing sector-specific standards.
This second edition cancels and replaces the first edition (ISO/IEC 27009: 2016),which has been technically revised.
The main changes compared to the previous edition are as follows:
—the scope has been updated to more clearly reflect the content of this document;
—former annex a has been divided into annexes A and B;
—Annex C has been created;
Additional guidance
Addition of clauses, control objectives, controls, implementation guidance and other information to ISO/IEC 27002 is permitted.
Where applicable, clauses, control objectives, controls, implementation guidance and other information additional to ISO/EC 27002 shall follow the requirements and guidance set out in Annex B.
Before specifying additional clauses, control objectives or controls, entities producing sector-specific standards related to ISO/IEC 27001 should consider whether a more effective approach would be to modify existing ISO/IEC 27002 content, or achieve the desired result just through the addition of sector-specific control objectives (instead of adding clauses), controls (instead of control objectives),implementation guidance and other information (instead of controls) to the existing ISO/IEC 27002 content.
Modified guidance
Clauses, controls and their control objectives contained in ISO/IEC 27002 shall not be modified.
If there is a sector-specific need to include a control objective that contradicts a control objective contained in ISO/IEC 27002, a new sector-specific control objective shall be introduced. The new control objective shall have at least one sector-specific control. If there is a sector-specific need toinclude a control that contradicts a control contained in ISO/IEC 27002, a new sector-specific controlshall be introduced.
Modification of implementation guidance and other information from ISO/IEC 27002 is permitted.
Where applicable, modified clauses, control objectives, controls, implementation guidance and other information from ISO/EC 27002 shall follow the requirements and guidance set out in Annex B.
BS ISO/IEC 27009:2020 pdf download
PS:Thank you for your support!