What is this standard about?
This is a sector-specific supplement to BS ISO/IEC 27001:2013 and BS ISO/IEC 27002:2013 for use by information sharing communities. The guidelines contained within this international standard are in addition to, and complement, the generic guidance given within other members of the ISO/IEC 27000 family of standards.
Who is this standard for?
It will be essential to any organization offering or using information sharing services covered by an Information Security Management System (ISMS). It may also be useful to large organizations with geographically distributed functions that share information between functions or locations.
Why should you use this standard?
It contains advice on interpreting the requirements of BS ISO/IEC 27001:2013 when sharing information between organizations. It also contains additional security controls and guidance relating to information sharing beyond that found in BS ISO/IEC 27002:2013 .If applicable, certification bodies operating in accordance with BS ISO/IEC 27006:2015 may reference BS ISO/IEC 27010:2015 when awarding certification.
What’s changed since the last update?
This version replaces the 2012 standard. It was revised to be compatible with BS EN ISO/IEC 27001 and BS EN ISO/IEC 27002.