LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the six core standards in the ISO 27000 family and what does each one cover?

The ISO 27000 family includes 27000 (vocabulary), 27001 (requirements), 27002 (controls), 27003 (implementation), 27004 (measurement), and 27005 (risk management).

ISO 27000 family hub: 27000 vocabulary, 27001 requirements, 27002 controls, 27003 implementation, 27004 measurement, 27005 risk.

* The six core ISO 27000 standards — only 27001 (requirements) is certifiable. *

There are over 50 standards in the family, but these six are the most important:

Standard Title Purpose
ISO 27000 Overview and vocabulary Defines terms used across the standard family
ISO 27001 ISMS Requirements Defines mandatory requirements for an ISMS (certifiable!)
ISO 27002 Code of Practice Provides 114 security controls with implementation guidance
ISO 27003 Implementation Guidance Recommendations for implementing an ISMS
ISO 27004 Measurement How to measure ISMS effectiveness
ISO 27005 Risk Management Framework for information security risk management

Key distinction: ISO 27001 is normative (uses "shall" — hard requirements, certifiable), while 27002-27005 are informative (uses "should" — guidelines and recommendations, not certifiable on their own).

Go deeper:

From Quiz: ISM / Standards & Frameworks I (ISO, BSI) | Updated: Jul 14, 2026