ग ल ड ई 17/ वम 2017 व व : ल ड ई 17 ( ल क ण) व ल : ( ) ल ड ई 17( 12158) ड / ड / ड 27003:2017 म व ज अ व व व ( ग)

व ट च ल व व : ल ड ई 17 प ल प क ण ज ग क ल ड ई 17/ -26 20 वम 2017 व ल : ( ) 1) च प ण ल क व ट वव व व ड ई, 17 2) इल क व व च प द व वव ट ल ड ई प स 3) अन र वच व ल व म वलव प ल अवल : ल ड ई 17( 12158) ड / ड / ड 27003:2017 च प द व क क च क प प ण वल ग र ग ( ल क ण) इ अवल अ म व, ह क क प वर अ ल व व क ट ड, ज म व ज अ व व व 28-01-2018 क ड म व प प म व म प व अ वन उ क वल अ ल अ व, क म व प व क च वव व व द व व इ वश गव ड वल च वव व व र ग वव व व अवल ग अ वन क ज न व, व, लग : उ क ( ग) प (इल क व व ड ) ड ल: hlitd@bis.org.in, litd17@bis.org.in वल क : 01123237093

DRAFT IN WIDE CIRCULATION Technical Committee: LITD 17 Document Dispatch Advice Ref Date LITD17/T- 26 20-11-2017 ADDRESSED TO: 1. All Members of Information Systems Security and Biometric Sectional Committee, LITD 17 2. All Principal Members of Electronics and Information Technology Division Council (LITDC) 3. All others interested Dear Madam/Sir(s), Please find enclosed the following draft Indian Standard: LITD ) 17 (12158) IS/ISO/IEC 27003:2017 INFORMATION TECHNOLOGY- SECURITY TECHNIQUES INFORMATION SECURITY MANAGEMENT SYSTEMS GUIDANCE (First Revision) Kindly examine this draft standard and forward your views stating any difficulties, which you are likely to experience in your business or profession, if this is finally adopted as National Standard. Last Date for comments: 28-01-2018 Comments if any, may please be made in the format indicated and mailed to the undersigned. In case no comments are received or comments received are of editorial nature. You will kindly permit us to presume your approval for the above document as finalized. However, in case of comments of technical in nature are received then it may be finalized either in consultation with the Chairman, Sectional Committee or referred to the Sectional committee for further necessary action if so desired by the Chairman, Sectional Committee. Thanking you, Encl: As above Yours faithfully, (Reena Garg) Head (Electronics & IT) E-mail: litd17@bis.org.in hlitd@bis.org.in Telefax: 011-23237093

BUREAU OF INDIAN STANDARDS DRAFT FOR COMMENTS ONLY Draft Indian Standard Doc. No. : LITD 17 (12158) IS/ISO/IEC 27003:2017 INFORMATION TECHNOLOGY SECURITY TECHNIQUES INFORMATION SECURITY MANAGEMENT SYSTEMS GUIDANCE (First Revision) ICS 03.100.70; 35.030 Last date for receipt of comments is: 28 January 2018 Information Systems Security and Biometrics Sectional Committee, LITD 17 NATIONAL FOREWORD (Formal clauses to be added later) This Draft Indian Standard which is identical with IS/ISO/IEC 27003: 2017 Information technology Security techniques Information security management systems - Guidance issued by International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) will be adopted by the Bureau of Indian Standards on the recommendations of the Information Systems Security and Biometrics Sectional Committee, and approval of the Electronics and Information Technology Division Council. This standard was originally published in 2012 and was identical with ISO/IEC 27003:2010 and is now being revised to align with latest ISO/IEC standard ISO/IEC 27003:2017 The text of ISO/IEC Standard may be approved as suitable for publication as an Indian Standard without deviations. Certain conventions are, however, not identical to those used in Indian Standards. Attention is particularly drawn to the following: a) Wherever the words International Standard appear referring to this standard, they should be read as Indian Standard. b) Comma (,) has been used as a decimal marker while in Indian Standards, the current practice is to use a point (.) as the decimal marker. In this adopted standard, reference appears to certain International Standards for which Indian Standard also exist. For undated references, the latest edition of the referenced document applies, including any corrigenda and amendment.the corresponding Indian Standard which

is to be substituted in its respective place is listed below along with its degree of equivalence for the edition indicated: International Standard Corresponding Indian Standard Degree of Equivalence ISO/IEC 27000:2016 Information technology Security techniques Information security management systems Overview and vocabulary IS/ISO/IEC 27000:2016 Information technology Security techniques Information security management systems Overview and vocabulary (Under Print) Identical with ISO/IEC 27000:2016 ISO/IEC 27001:2013 Information technology Security techniques Information security management systems Requirements IS/ISO/IEC 27001:2013 Information technology Security techniques Information security management systems Requirements Identical with ISO/IEC 27001:2013 For the purpose of deciding whether a particular requirement of this standard is complied with, the final value, observed or calculated, expressing the result of a test or analysis, shall be rounded off in accordance with IS 2 : 1960 Rules for rounding off numerical values (revised). The number of significant places retained in the rounded off value should be the same as that of the specified value in this standard. Scope of ISO/IEC 27003:2017 is as follows: This document provides explanation and guidance on ISO/IEC 27001:2013. Note: The Technical content of this document has not been enclosed as these are identical with the corresponding IEC Standard. For details please refer ISO/IEC 27003:2017 or kindly contact. Head Electronics & IT Department Bureau of Indian Standards 9, B.S. Zafar Marg, New Delhi-110002 Email: hlitd@bis.gov.in litd12@bis.gov.in

Telefax: 011-23237093