ISO/IEC TR 27008:2011

Information technology - Security techniques - Guidelines for auditors on information security controls

ISO/IEC TR 27008:2011 provides guidance on reviewing the implementation and operation of controls, including technical compliance checking of information system controls, in compliance with an organization's established information security standards. ISO/IEC TR 27008:2011 is applicable to all types and sizes of organizations, including public and private companies, government entities, and not-for-profit organizations conducting information security reviews and technical compliance checks. It is not intended for management systems audits.

SDO:

IEC

Language:

English

ICS Codes:

35.030

Status:

Replaced

Publish date:

2011-10-05

Standard Number:

ISO/IEC TR 27008:2011