LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Beyond ISO 27001, what other ISO management-system standards exist, and what do they cover?

9000 = Quality, 14001 = Environment, 20000 = IT-Service, 27001 = Information security, 31000 = Risk, and 27005 = IS-specific risk (a hybrid).

ISO Norm Management system for…
9000 Qualität (Quality)
14001 Umwelt (Environment)
20000 IT-Service
27001 Informationssicherheit (IS)
31000 Risiko (general risk)
27005 IS-specific risk (lives under 27k umbrella but uses 31000-style framework)

There are endless management systems with overlapping topics. The "ISMS world" specifically includes BSI 200-1, ISIS12, and VDS 10000 — but they're not the only show in town.

Why this matters: A mature enterprise often runs several management systems in parallel (e.g., 9001 + 14001 + 27001), and the overhead of running them as silos is huge. ISO published the Annex SL / High-Level Structure so all modern MS standards share clauses 4–10, letting you merge them into a single integrated management system.

Tip: ISO 27005 is the special one — it's not a full management system standard, it's a risk management methodology tuned specifically to information security. Think of it as "ISO 31000 dialect for the ISMS world."

Go deeper:

From Quiz: ISF / ISMS & Security Standards (ISO 27k, NIST, BSI) | Updated: Jul 14, 2026