Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for telecommunications organisations
Information security management is especially complex for telecommunications organisations.
It must potentially cover network infrastructure, services applications and other facilities; a range of technologies (e.g. wired, wireless and broadband); third parties; and a number of operational scales, service areas and service types.
As well as implementing the controls listed in Annex A of ISO 27001, telecommunications organisations may therefore need to implement extra controls to adequately manage the risks they face.
The international standard ISO/IEC 27011:2016 sets out guidelines supporting the implementation of information security controls in telecommunications organisations.
It sets out general security control objectives based on ISO 27002 as well as controls specific to the telecommunications sector, and provides guidelines on selecting and implementing them.
Adopting ISO 27011 will allow telecommunications organisations to meet the baseline information security management requirements for confidentiality, integrity and availability, as well as any other relevant security property.