PD ISO/IEC TS 27022:2021

This standard PD ISO/IEC TS 27022:2021 Information technology. Guidance on information security management system processes is classified in these ICS categories:

• 03.100.70 Management systems
• 35.030 IT Security

This document defines a process reference model (PRM) for the domain of information security management, which is meeting the criteria defined in ISO/IEC 33004 for process reference models (see Annex A). It is intended to guide users of ISO/IEC 27001 to:

• incorporate the process approach as described by ISO/IEC 27000:2018, 4.3, within the ISMS;

• be aligned to all the work done within other standards of the ISO/IEC 27000 family from the perspective of the operation of ISMS processes

• support users in the operation of an ISMS – this document is complementing the requirementsoriented perspective of ISO/IEC 27003 with an operational, process-oriented point of view.