ISO 27009:2016

The new ISO 27009:2016 standard defines the requirements for the use of ISO 27001:2013 in any specific sector (field, application area, or market sector).

ISO 27009 explains how to include requirements additional to those in ISO 27001, how to refine any of the ISO 27001 requirements, and how to include controls or control sets in addition to ISO 27001, Annex A.

ISO 27009 ensures that additional or refined requirements are not in conflict with the requirements in ISO 27001. It is applicable to those involved in producing sector-specific standards that relate to ISO 27001.

You can order the 9 page standard for about $58.00 at this web page at the ISO website.