A plenary concluded the main business of the ISO/IEC JTC1/SC27 WG1 meeting in Hamilton, NZ. This was a formal session to vote on and record decisions and progress made during the week, including deadlines for the next tranche of work.
The next SC27 meeting will be in Berlin at the end of October 2017, then Wuhan in China in April 2018.
- A minor revision will update ISO/IEC 27000:2016 to reflect the recent publication of 27002, 27004 and 27011.
- Governmental/regulatory use of 27001 will become Standing Document 7 and will be maintained for internal committee use.
- 27002 revision project will generate two versions of the standard demonstrating alternative structures for commenting at the next stage.
- 27005 will produce a revised design specification for the revision work, plus a corrigendum for the current standard.
- 27007 will produce revised text for FDIS, requesting a project extension to complete this.
- 27008 will produce revised text for a DTS.
- 27009 will be revised early rather than issuing a corrigendum, and the accompanying 'use cases' will become a SD.
- 27014 SP on information security governance will generate a NWIP to revise the standard, with an outline document.
- 27019 will produce revised text for FDIS.
- 27021 on ISMS professionals' competencies will also go to FDIS (despite four disapprovals, indicating concerns with this standard).
- 27102 on cybersecurity insurance will produce a first working draft next.
- Cybersecurity frameworks and cybersecurity resilience work will be combined initially into an SD which will then become a PDTR.
- Risk Handling Library will produce a Standing Document.
- Terminology Working Group will hold a Webex meeting to discuss definitions, and is developing conceptual maps.
- Several liaison statements will be produced to inform and align WG1's work with various other committees and bodies.