The international standard ISO/IEC 27011:2016 sets out guidelines supporting the implementation of information security controls in telecommunications organisations.
It sets out general security control objectives based on ISO/IEC 27002 as well as controls specific to the telecommunications sector, and provides guidelines on selecting and implementing them
Pay by purchase order | Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account. Apply online today or call our service centre team on 00 800 48 484 484.
Information security management is especially complex for telecommunications organisations.
It must potentially cover network infrastructure, services applications and other facilities; a range of technologies (e.g. wired, wireless and broadband); third parties; and a number of operational scales, service areas and service types.
As well as implementing the controls listed in Annex A of ISO 27001, telecommunications organisations may therefore need to implement extra controls to adequately manage the risks they face.
Adopting ISO 27011 will allow telecommunications organisations to meet the baseline information security management requirements for confidentiality, integrity and availability, as well as any other relevant security property.