LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

Which ISO/IEC committee is responsible for the 27000-series information security standards?

ISO/IEC JTC 1/SC 27 — Information security, cybersecurity and privacy protection — a sub-committee of the Joint Technical Committee on Information Technology.

Reporting tree: ISO and IEC feed JTC 1 (Information Technology), which feeds SC 27 (information security, cybersecurity, privacy), which branches to working groups WG1 to WG5

* The SC 27 reporting tree: ISO and IEC jointly own JTC 1, whose SC 27 subcommittee and its working groups author the entire 27000 series. *

The reporting chain:

ISO + IEC
   │
JTC 1   (Information Technology)
   │
SC 27  (Information security, cybersecurity and privacy protection)
   │
WGs    (Working Groups for specific topics)

SC 27 was created in 1989, secretariat is DIN (Germany). It owns the entire ISO/IEC 27000-series, but its scope is broader:

  • Security requirements capture
  • Management of information / ICT security (ISMS standards)
  • Cryptographic mechanisms (key management, digital signatures)
  • Security support documentation
  • Identity management, biometrics, privacy
  • Conformance assessment
  • Security evaluation criteria

Tip: The German secretariat is the reason BSI engineers have outsized influence on the ISO 27k series — many ISO 27k authors are also BSI Grundschutz authors. This explains why the ISO 27k and BSI worlds are conceptually so close.

Go deeper:

From Quiz: ISF / ISMS & Security Standards (ISO 27k, NIST, BSI) | Updated: Jul 05, 2026