Information Security Management -- Monitoring, Measurement, Analysis and Evaluation

Document Information

GSC Classification OFFICIAL
Access Policy Open
Reference bps21953-0000-00
Document Status Review Status
Primary Classification
Author Organisation International Standards Organisation
Sponsor OrganisationNot Known
Trustee NPTC Standards Working Group,

Copyright Notice Copyright (c) 2016 National Police Technology Council (NPTC) group and the persons identified as the document authors. All rights reserved.


Provides guidelines intended to assist organizations in evaluating the information security performance and the effectiveness of an information security management system in order to fulfil the requirements of ISO/IEC 27001-2013, 9.1. It establishes- a) the monitoring and measurement of information security performance; b) the monitoring and measurement of the effectiveness of an information security management system (ISMS) including its processes and controls; c) the analysis and evaluation of the results of monitoring and measurement. ISO/IEC 27004-2016 is applicable to all types and sizes of organizations.


The usage scenarios for bps21953-0000-00 have not been documented yet.

Normative References

bps21953-0000-00 link




Obsoleted By



We’d love you to discuss this item but please be aware that these discussions are publicly accessible.