Quiz Entry - updated: 2026.07.14
What are the six core standards in the ISO 27000 family and what does each one cover?
The ISO 27000 family includes 27000 (vocabulary), 27001 (requirements), 27002 (controls), 27003 (implementation), 27004 (measurement), and 27005 (risk management).
* The six core ISO 27000 standards — only 27001 (requirements) is certifiable. *
There are over 50 standards in the family, but these six are the most important:
| Standard | Title | Purpose |
|---|---|---|
| ISO 27000 | Overview and vocabulary | Defines terms used across the standard family |
| ISO 27001 | ISMS Requirements | Defines mandatory requirements for an ISMS (certifiable!) |
| ISO 27002 | Code of Practice | Provides 114 security controls with implementation guidance |
| ISO 27003 | Implementation Guidance | Recommendations for implementing an ISMS |
| ISO 27004 | Measurement | How to measure ISMS effectiveness |
| ISO 27005 | Risk Management | Framework for information security risk management |
Key distinction: ISO 27001 is normative (uses "shall" — hard requirements, certifiable), while 27002-27005 are informative (uses "should" — guidelines and recommendations, not certifiable on their own).
Go deeper:
ISO/IEC 27000-series (Wikipedia) — Überblick über die gesamte Normenfamilie (über 90 Standards) und wie die sechs Kern-Standards zusammenspielen.