<p>ISO/IEC 27004:2016 provides guidelines intended to assist organizations in evaluating the information security performance and the effectiveness of an information security management system in order to fulfil the requirements of ISO/IEC 27001:2013, 9.1. It establishes:</p>
<p>a) the monitoring and measurement of information security performance;</p>
<p>b) the monitoring and measurement of the effectiveness of an information security management system (ISMS) including its processes and controls;</p>
<p>c) the analysis and evaluation of the results of monitoring and measurement.</p>
<p>ISO/IEC 27004:2016 is applicable to all types and sizes of organizations.</p>
Registration number (WIID)
85920
Scope
<p>ISO/IEC 27004:2016 provides guidelines intended to assist organizations in evaluating the information security performance and the effectiveness of an information security management system in order to fulfil the requirements of ISO/IEC 27001:2013, 9.1. It establishes:</p>
<p>a) the monitoring and measurement of information security performance;</p>
<p>b) the monitoring and measurement of the effectiveness of an information security management system (ISMS) including its processes and controls;</p>
<p>c) the analysis and evaluation of the results of monitoring and measurement.</p>
<p>ISO/IEC 27004:2016 is applicable to all types and sizes of organizations.</p>
