In 2018:  Zygma completed 25 years of continuous independent operations;   Drafted and edited Kantara's NIST SP 800-63 rev.3 IAL2/AAL2 Service Assessment Criteria; Managed on behalf of a client the first SP 800-63 rev.3 service assessment - the service was the first to receive Kantara's "NIST 800-63 rev.3" Approval;   Performed three Kantara Service Assessments, each resulting in a Grant of Approval;   Transitioned to operating as an S-Corporation.      
   Home      Site map      About Us      Legal       Contact



ISO/IEC 27001

ISO 27001/05 Training

Kantara Support

Standards & Regulations




Curricula Vitae

ISMS standards

This page illustrates the point within the ISO organisation where the ISMS standards are developed and shows graphically the individual ISMS standards, their normative status, their stage of development and the inter-relationships between them.

The ISMS standards are developed jointly by the International Organization for Standardization (ISO) and the International Electron-technical Committee (IEC), hence the formal "ISO/IEC ..." identification of these publications. Click on the logo below to open ISO's English-language home page.

The structure of ISO looks like this (click on the figure to open the source ISO web page):

In the lower right part of this figure you'll see 'Technical committees' which, as far as we're concerned, is where the work gets done.

Follow this link to a further ISO web page, which will show you all of the current ISO Technical Committees (TC) and Joint Technical Committees (JTC - 'joint' is where the connection with IEC comes in).  Joint Technical Committees number 1 (JTC1) "Information Technology" is the committee which oversees development of the ISMS standards.

Within JTC1 there are a number of Sub-Committees assigned specific areas of responsibility (this link will take you to that ISO web page).  Sub-Committee number 27 (SC27) "IT Security techniques" has the responsibility for the ISMS standards, amongst other IT Security standards (this link will take you to that ISO web page).  A list of SC27's current projects can be found here.

Various bodies contribute to the development of these standards.  The US national body is the Inter-National Committee for Information Technology Standards (INCITS) Technical Committee for Cyber Security, CS1.

Click the PDF logo to download a figure which puts into context the whole set of ISMS standards.   

Two normative standards set actual REQUIREMENTS.  Implementers of ISMSs should conform to the requirements of ISO/IEC 27001(:2005); those wishing to become accredited as Certification Bodies need to fulfill the requirements of ISO/IEC 27006(:2007).  All other documents in the '2700x' series are 'informative' and are intended to support conformity to one or other of the normative publications, with the exception of '27000' which, when published, will be a bird's-eye view of the series.  An organisation seeking ISMS Certification must be conformant to ISO/IEC 27001:2005, not against any other of these standards.

In addition to these documents there are others being developed which provide sector-specific implementation guidance, e.g. in the aerospace, health and telecommunications sectors.

© 1993 - 2018   Zygma Incorporated     Telephone: +1 714 797 99 42      Email: Enquiries @    
All Zygma services are provided in accordance with its Ethics Policy.
Note - if you are submitting an enquiry or expect to receive email from us, please ensure that your spam filtering will accept mail from the domain ''