iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

EN ISO/IEC 27001:2017

(Main)

Information technology - Security techniques - Information security management systems - Requirements (ISO/IEC 27001:2013 including Cor 1:2014 and Cor 2:2015)

Information technology - Security techniques - Information security management systems - Requirements (ISO/IEC 27001:2013 including Cor 1:2014 and Cor 2:2015)

This International Standard specifies the requirements for establishing, implementing, maintaining
and continually improving an information security management system within the context of the
organization. This International Standard also includes requirements for the assessment and treatment
of information security risks tailored to the needs of the organization. The requirements set out in this
International Standard are generic and are intended to be applicable to all organizations, regardless
of type, size or nature. Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable
when an organization claims conformity to this International Standard.

Informationstechnik - Sicherheitsverfahren - Informationssicherheitsmanagementsysteme - Anforderungen (ISO/IEC 27001:2013 + Cor. 1:2014 + Cor. 2:2015)

Technologies de l'information - Techniques de sécurité - Systèmes de management de la sécurité de l'information - Exigences (ISO/IEC 27001:2013 y compris Cor 1:2014 et Cor 2:2015)

Informacijska tehnologija - Varnostne tehnike - Sistemi upravljanja informacijske varnosti - Zahteve (ISO/IEC 27001:2013, vključno s popravkoma Cor 1:2014 in Cor 2:2015)

Ta mednarodni standard določa zahteve za vzpostavitev, izvajanje, vzdrževanje in nenehno izboljševanje sistema upravljanja informacijske varnosti v okviru organizacije. Zajema tudi zahteve za ocenjevanje in obravnavanje tveganj informacijske varnosti, ki so prilagojene potrebam organizacije. Zahteve, postavljene v tem mednarodnem standardu, so generične in so namenjene uporabi v vseh organizacijah ne glede na vrsto, velikost ali naravo. Izključevanje katere koli zahteve, določene v točkah 4 do 10, ni sprejemljivo, kadar organizacija zagotavlja skladnost s tem mednarodnim standardom.

General Information

Status
Withdrawn
Publication Date
21-Feb-2017
Withdrawal Date
13-Apr-2025
ICS
03.100.01 - Company organization and management in general
03.100.70 - Management systems
35.030 - IT Security
35.040 - Information coding
Technical Committee
CEN/CLC/TC 13 - Cybersecurity and Data Protection
Drafting Committee
CEN/CLC/TC 13 - Cybersecurity and Data Protection
Current Stage
9960 - Withdrawal effective - Withdrawal
Start Date
26-Jul-2023
Completion Date
14-Apr-2025
Ref Project
SIST EN ISO/IEC 27001:2017 - Information technology - Security techniques - Information security management systems - Requirements (ISO/IEC 27001:2013 including Cor 1:2014 and Cor 2:2015)

Relations

Replaced By
EN ISO/IEC 27001:2023 - Information security, cybersecurity and privacy protection - Information security management systems - Requirements (ISO/IEC 27001:2022)
Effective Date
18-Jan-2023

Buy Standard

EN ISO/IEC 27001:2017 (EN)EN ISO/IEC 27001:2017 (EN)
PreviousNext
Standard
EN ISO/IEC 27001:2017 (EN)
English language
35 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
EN ISO/IEC 27001:2017 (DE)EN ISO/IEC 27001:2017 (DE)
PreviousNext
Standard
EN ISO/IEC 27001:2017 (DE)
German language
31 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
EN ISO/IEC 27001:2017 (FR)EN ISO/IEC 27001:2017 (FR)
PreviousNext
Standard
EN ISO/IEC 27001:2017 (FR)
French language
35 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
EN ISO/IEC 27001:2017EN ISO/IEC 27001:2017
PreviousNext
Standard – translation
EN ISO/IEC 27001:2017
Slovenian language
31 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-julij-2017
,QIRUPDFLMVNDWHKQRORJLMD9DUQRVWQHWHKQLNH6LVWHPLXSUDYOMDQMDLQIRUPDFLMVNH
YDUQRVWL=DKWHYH ,62,(&YNOMXþQRVSRSUDYNRPD&RULQ&RU

Information technology - Security techniques - Information security management systems
- Requirements (ISO/IEC 27001:2013 including Cor 1:2014 and Cor 2:2015)
Informationstechnik - Sicherheitsverfahren - Informationssicherheits-
Managementsysteme - Anforderungen (ISO/IEC 27001:2013 einschließlich Cor 1:2014
und Cor 2:2015)
Technologies de l'information - Techniques de sécurité - Systèmes de management de
la sécurité de l'information - Exigences (ISO/IEC 27001:2013 y compris Cor 1:2014 et
Cor 2:2015)
Ta slovenski standard je istoveten z: EN ISO/IEC 27001:2017
ICS:
03.100.70 Sistemi vodenja Management systems
35.030 Informacijska varnost IT Security
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN ISO/IEC 27001
EUROPEAN STANDARD
NORME EUROPÉENNE
February 2017
EUROPÄISCHE NORM
ICS 03.100.70; 35.030
English Version
Information technology - Security techniques -
Information security management systems - Requirements
(ISO/IEC 27001:2013 including Cor 1:2014 and Cor
2:2015)
Technologies de l'information - Techniques de sécurité Informationstechnik - Sicherheitsverfahren -
- Systèmes de management de la sécurité de Informationssicherheits-Managementsysteme -
l'information - Exigences (ISO/IEC 27001:2013 y Anforderungen (ISO/IEC 27001:2013 einschließlich
compris Cor 1:2014 et Cor 2:2015) Cor 1:2014 und Cor 2:2015)
This European Standard was approved by CEN on 26 January 2017.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions
for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden,
Switzerland, Turkey and United Kingdom.

EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATIO N

EUROPÄISCHES KOMITEE FÜR NORMUN G

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2017 CEN and CENELEC All rights of exploitation in any form and by any means Ref. No. EN ISO/IEC 27001:2017 E
reserved worldwide for CEN and CENELEC national
Members.
Contents Page
European foreword . 3

European foreword
The text of ISO/IEC 27001:2013 including Cor 1:2014 and Cor 2:2015 has been prepared by Technical
Committee ISO/IEC JTC 1 “Information technology” of the International Organization for
Standardization (ISO) and the International Electrotechnical Commission (IEC) and has been taken over
as EN ISO/IEC 27001:2017.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by August 2017, and conflicting national standards shall
be withdrawn at the latest by August 2017.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent
rights.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
Endorsement notice
The text of ISO/IEC 27001:2013 including Cor 1:2014 and Cor 2:2015 has been approved by CEN as
INTERNATIONAL ISO/IEC
STANDARD 27001
Second edition
2013-10-01
Information technology — Security
techniques — Information security
management systems — Requirements
Technologies de l’information — Techniques de sécurité — Systèmes
de management de la sécurité de l’information — Exigences
Reference number
ISO/IEC 27001:2013(E)
©
ISO/IEC 2013
ISO/IEC 27001:2013(E)
© ISO/IEC 2013
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2013 – All rights reserved

ISO/IEC 27001:2013(E)
Contents Page
Foreword .iv
0 Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 1
4.1 Understanding the organization and its context . 1
4.2 Understanding the needs and expectations of interested parties . 1
4.3 Determining the scope of the information security management system . 1
4.4 Information security management system . 2
5 Leadership . 2
5.1 Leadership and commitment . 2
5.2 Policy . 2
5.3 Organizational roles, responsibilities and authorities. 3
6 Planning . 3
6.1 Actions to address risks and opportunities . 3
6.2 Information security objectives and planning to achieve them . 5
7 Support . 5
7.1 Resources . 5
7.2 Competence . 5
7.3 Awareness . 5
7.4 Communication . 6
7.5 Documented information . 6
8 Operation . 7
8.1 Operational planning and control . 7
8.2 Information security risk assessment. 7
8.3 Information security risk treatment . 7
9 Performance evaluation . 7
9.1 Monitoring, measurement, analysis and evaluation . 7
9.2 Internal audit . 8
9.3 Management review . 8
10 Improvement . 9
10.1 Nonconformity and corrective action . 9
10.2 Continual improvement . 9
Annex A (normative) Reference control objectives and controls .10
Bibliography .23
© ISO/IEC 2013 – All rights reserved iii

ISO/IEC 27001:2013(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international
organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the
work. In the field of information technology, ISO and IEC have established a joint technical committee,
ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting.
Publication as an International Standard requires approval by at least 75 % of the
...


SLOVENSKI STANDARD
01-julij-2017
Nadomešča:
SIST ISO/IEC 27001:2013
Informacijska tehnologija - Varnostne tehnike - Sistemi upravljanja informacijske
varnosti - Zahteve (ISO/IEC 27001:2013, vključno s popravkoma Cor 1:2014 in Cor
2:2015)
Information technology - Security techniques - Information security management
systems - Requirements (ISO/IEC 27001:2013 including Cor 1:2014 and Cor 2:2015)
Informationstechnik - Sicherheitsverfahren - Informationssicherheits-
Managementsysteme - Anforderungen (ISO/IEC 27001:2013 einschließlich Cor 1:2014
und Cor 2:2015)
Technologies de l'information - Techniques de sécurité - Systèmes de management de la
sécurité de l'information - Exigences (ISO/IEC 27001:2013 y compris Cor 1:2014 et Cor
2:2015)
Ta slovenski standard je istoveten z: EN ISO/IEC 27001:2017
ICS:
03.100.70 Sistemi vodenja Management systems
35.030 Informacijska varnost IT Security
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPÄISCHE NORM
EN ISO/IEC 27001
EUROPEAN STANDARD
NORME EUROPÉENNE Februar 2017
ICS 03.100.70; 35.030
Deutsche Fassung
Informationstechnik - Sicherheitsverfahren -
Informationssicherheitsmanagementsysteme -
Anforderungen (ISO/IEC 27001:2013 + Cor. 1:2014 + Cor.
2:2015)
Information technology - Security techniques - Technologies de l'information - Techniques de sécurité
Information security management systems - - Systèmes de management de la sécurité de
Requirements (ISO/IEC 27001:2013 including Cor l'information - Exigences (ISO/IEC 27001:2013 y
1:2014 and Cor 2:2015) compris Cor 1:2014 et Cor 2:2015)
Diese Europäische Norm wurde vom CEN am 26. Januar 2017 angenommen.

Die CEN und CENELEC-Mitglieder sind gehalten, die CEN/CENELEC-Geschäftsordnung zu erfüllen, in der die Bedingungen
festgelegt sind, unter denen dieser Europäischen Norm ohne jede Änderung der Status einer nationalen Norm zu geben ist. Auf
dem letzten Stand befindliche Listen dieser nationalen Normen mit ihren bibliographischen Angaben sind beim CEN-CENELEC-
Management-Zentrum oder bei jedem CEN und CENELEC-Mitglied auf Anfrage erhältlich.

Diese Europäische Norm besteht in drei offiziellen Fassungen (Deutsch, Englisch, Französisch). Eine Fassung in einer anderen
Sprache, die von einem CEN und CENELEC-Mitglied in eigener Verantwortung durch Übersetzung in seine Landessprache
gemacht und dem Management-Zentrum mitgeteilt worden ist, hat den gleichen Status wie die offiziellen Fassungen.

CEN- und CENELEC-Mitglieder sind die nationalen Normungsinstitute und elektrotechnischen Komitees von Belgien, Bulgarien,
Dänemark, Deutschland, der ehemaligen jugoslawischen Republik Mazedonien, Estland, Finnland, Frankreich, Griechenland,
Irland, Island, Italien, Kroatien, Lettland, Litauen, Luxemburg, Malta, den Niederlanden, Norwegen, Österreich, Polen, Portugal,
Rumänien, Schweden, der Schweiz, Serbien, der Slowakei, Slowenien, Spanien, der Tschechischen Republik, der Türkei, Ungarn,
dem Vereinigten Königreich und Zypern.

CEN-CENELEC Management Centre:
Avenue Marnix 17, B-1000 Brussels
© 2017 CEN/CENELEC Alle Rechte der Verwertung, gleich in welcher Form und in Ref. Nr. EN ISO/IEC 27001:2017 D
welchem Verfahren, sind weltweit den nationalen Mitgliedern
von CEN und den Mitgliedern von CENELEC vorbehalten.

Inhalt
Seite
Europäisches Vorwort . 3
Vorwort . 4
0 Einleitung . 5
1 Anwendungsbereich . 6
2 Normative Verweisungen . 6
3 Begriffe . 6
4 Kontext der Organisation . 6
4.1 Verstehen der Organisation und ihres Kontextes . 6
4.2 Verstehen der Erfordernisse und Erwartungen interessierter Parteien . 6
4.3 Festlegen des Anwendungsbereichs des Informationssicherheitsmanagementsystems . 7
4.4 Informationssicherheitsmanagementsystem . 7
5 Führung . 7
5.1 Führung und Verpflichtung. 7
5.2 Politik . 8
5.3 Rollen, Verantwortlichkeiten und Befugnisse in der Organisation . 8
6 Planung . 8
6.1 Maßnahmen zum Umgang mit Risiken und Chancen . 8
6.2 Informationssicherheitsziele und Planung zu deren Erreichung . 10
7 Unterstützung . 11
7.1 Ressourcen . 11
7.2 Kompetenz . 11
7.3 Bewusstsein . 11
7.4 Kommunikation . 12
7.5 Dokumentierte Information . 12
8 Betrieb . 13
8.1 Betriebliche Planung und Steuerung . 13
8.2 Informationssicherheitsrisikobeurteilung . 13
8.3 Informationssicherheitsrisikobehandlung. 14
9 Bewertung der Leistung . 14
9.1 Überwachung, Messung, Analyse und Bewertung . 14
9.2 Internes Audit . 14
9.3 Managementbewertung . 15
10 Verbesserung . 16
10.1 Nichtkonformität und Korrekturmaßnahmen . 16
10.2 Fortlaufende Verbesserung . 16
Anhang A (normativ) Referenzmaßnahmenziele und -maßnahmen . 17
Literaturhinweise . 31

Europäisches Vorwort
Der Text von ISO/IEC 27001:2013 + Cor. 1:2014 + Cor. 2:2015 wurde vom Technischen Komitee
ISO/IEC JTC 1 „Information technology“ der Internationalen Organisation für Normung (ISO) und der
Internationalen Elektrotechnischen Kommission (IEC) erarbeitet und als EN ISO/IEC 27001:2017
übernommen.
Diese Europäische Norm muss den Status einer nationalen Norm erhalten, entweder durch Veröffentlichung
eines identischen Textes oder durch Anerkennung bis August 2017, und etwaige entgegenstehende
nationale Normen müssen bis August 2017 zurückgezogen werden.
Es wird auf die Möglichkeit hingewiesen, dass einige Elemente dieses Dokuments Patentrechte berühren
können. CEN [und/oder CENELEC] sind nicht dafür verantwortlich, einige oder alle diesbezüglichen
Patentrechte zu identifizieren.
Entsprechend der CEN-CENELEC-Geschäftsordnung sind die nationalen Normungsinstitute der folgenden
Länder gehalten, diese Europäische Norm zu übernehmen: Belgien, Bulgarien, Dänemark, Deutschland, die
ehemalige jugoslawische Republik Mazedonien, Estland, Finnland, Frankreich, Griechenland, Irland, Island,
Italien, Kroatien, Lettland, Litauen, Luxemburg, Malta, Niederlande, Norwegen, Österreich, Polen, Portugal,
Rumänien, Schweden, Schweiz, Serbien, Slowakei, Slowenien, Spanien, Tschechische Republik, Türkei,
Ungarn, Vereinigtes Königreich und Zypern.
Anerkennungsnotiz
Der Text von ISO/IEC 27001:2013 + Cor. 1:2014 + Cor. 2:2015 wurde vom CEN als EN ISO/IEC 27001:2017
ohne irgendeine Abänderung genehmigt.
Vorwort
ISO (die Internationale Organisation für Normung) und IEC (die Internationale Elektrotechnische
Kommission) bilden das auf die weltweite Normung spezialisierte System. Nationale Normungs-
organisationen, die Mitglieder von ISO oder IEC sind, beteiligen sich an der Entwicklung von Internationalen
Normen in Technischen Komitees, die von der jeweiligen Organisation eingerichtet wurden, um spezifische
Gebiete technischer Aktivitäten zu behandeln. Auf Gebieten von beiderseitigem Interesse arbeiten die
Technischen Komitees von ISO und IEC zusammen. Internationale Organisationen, staatlich und nicht-
staatlich, in Liaison mit ISO und IEC, nehmen ebenfalls an der Arbeit teil. Auf dem Gebiet der Informations-
technologie haben ISO und IEC ein gemeinsames technisches Komitee (JTC, en: joint technical committee),
ISO/IEC JTC 1, eingerichtet.
Internationale Normen werden in Übereinstimmung mit den Regeln nach ISO/IEC Direktive, Teil 2
erarbeitet.
Die Hauptaufgabe von Technischen Komitees ist es Internationale Normen zu erarbeiten. Internationale
Norm-Entwürfe, die von Technischen Komitees verabschiedet wurden, werden den Mitgliedsorganisationen
zur Abstimmung zur Verfügung gestellt. Für die Veröffentlichung als Internationale Norm werden
mindestens 75 % Zustimmung der Mitgliedsorganisationen benötigt.
Es wird auf die Möglichkeit hingewiesen, dass einige Elemente dieses Dokuments Patentrechte berühren
können. ISO und IEC sind nicht dafür verantwortlich, einige oder alle diesbezüglichen Patentrechte zu
identifizieren.
ISO/IEC 27001 wurde vom Technischen Komitee ISO/IEC JTC 1 „Information technology“, Unterkomitee
SC 27 „IT Security techniques“, erarbeitet.
Diese zweite Ausgabe ersetzt die erste Ausgabe (ISO/IEC 27001:2005), welche technisch überarbeitet
wurde.
0 Einleitung
0.1 Allgemeines
Diese Internationale Norm wurde erarbeitet, um Anforderungen für die Einrichtung, Umsetzung,
Aufrechterhaltung und fortlaufende Verbesserung eines Informationssicherheitsmanagementsystems
(ISMS) festzulegen. Die Einführung eines Informationssicherheitsmanagementsystems stellt für eine
Organisation eine strategische Entscheidung dar. Erstellung und Umsetzung eines
Informationssicherheitsmanagementsystems innerhalb einer Organisation richten sich nach deren
Bedürfnissen und Zielen, den Sicherheitsanforderungen, den organisatorischen Abläufen sowie nach Größe
und Struktur der Organisation. Es ist davon auszugehen, dass sich alle diese Einflussgrößen im Laufe der Zeit
ändern.
Das Informationssicherheitsmanagementsystem wahrt die Vertraulichkeit, Integrität und Verfügbarkeit von
Information unter Anwendung eines Risikomanagementprozesses und verleiht interessierten Parteien das
Vertrauen in eine angemessene Steuerung von Risiken.
Es ist wichtig, dass das Informationssicherheitsmanagementsystem als Teil der Abläufe der Organisation in
deren übergreifende Steuerungsstruktur integriert ist und die Informationssicherheit bereits bei der
Konzeption von Prozessen, Informationssystemen und Maßnahmen berücksichtigt wird. Es wird erwartet,
dass die Umsetzung eines Informationssicherheitsmanagementsystems entsprechend den Bedürfnissen der
Organisation skaliert wird.
Diese Internationale Norm kann von internen und externen Parteien dazu eingesetzt werden, die Fähigkeit
einer Organisation zur Einhaltung ihrer eigenen Informationssicherheitsanforderungen zu beurteilen.
Die Reihenfolge, in der
...


SLOVENSKI STANDARD
01-julij-2017
Nadomešča:
SIST ISO/IEC 27001:2013
Informacijska tehnologija - Varnostne tehnike - Sistemi upravljanja informacijske
varnosti - Zahteve (ISO/IEC 27001:2013, vključno s popravkoma Cor 1:2014 in Cor
2:2015)
Information technology - Security techniques - Information security management
systems - Requirements (ISO/IEC 27001:2013 including Cor 1:2014 and Cor 2:2015)
Informationstechnik - Sicherheitsverfahren - Informationssicherheits-
Managementsysteme - Anforderungen (ISO/IEC 27001:2013 einschließlich Cor 1:2014
und Cor 2:2015)
Technologies de l'information - Techniques de sécurité - Systèmes de management de la
sécurité de l'information - Exigences (ISO/IEC 27001:2013 y compris Cor 1:2014 et Cor
2:2015)
Ta slovenski standard je istoveten z: EN ISO/IEC 27001:2017
ICS:
03.100.70 Sistemi vodenja Management systems
35.030 Informacijska varnost IT Security
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN ISO/IEC 27001
NORME EUROPÉENNE
EUROPÄISCHE NORM
Février 2017
EUROPEAN STANDARD
ICS 03.100.70; 35.030
Version Française
Technologies de l'information - Techniques de sécurité -
Systèmes de management de la sécurité de l'information -
Exigences (ISO/IEC 27001:2013 y compris Cor 1:2014 et
Cor 2:2015)
Informationstechnik - Sicherheitsverfahren - Information technology - Security techniques -
Informationssicherheits-Managementsysteme - Information security management systems -
Anforderungen (ISO/IEC 27001:2013 einschließlich Requirements (ISO/IEC 27001:2013 including Cor
Cor 1:2014 und Cor 2:2015) 1:2014 and Cor 2:2015)
La présente Norme européenne a été adoptée par le CEN le 26 janvier 2017.

Les membres du CEN et CENELEC sont tenus de se soumettre au Règlement Intérieur du CEN/CENELEC, qui définit les conditions
dans lesquelles doit être attribué, sans modification, le statut de norme nationale à la Norme européenne. Les listes mises à jour
et les références bibliographiques relatives à ces normes nationales peuvent être obtenues auprès du Centre de Gestion du CEN-
CENELEC ou auprès des membres du CEN et CENELEC.

La présente Norme européenne existe en trois versions officielles (allemand, anglais, français). Une version dans une autre
langue faite par traduction sous la responsabilité d'un membre du CEN et CENELEC dans sa langue nationale et notifiée au Centre
de Gestion du CEN-CENELEC, a le même statut que les versions officielles.

Les membres du CEN et du CENELEC sont les organismes nationaux de normalisation et les comités électrotechniques nationaux
des pays suivants: Allemagne, Ancienne République yougoslave de Macédoine, Autriche, Belgique, Bulgarie, Chypre, Croatie,
Danemark, Espagne, Estonie, Finlande, France, Grèce, Hongrie, Irlande, Islande, Italie, Lettonie, Lituanie, Luxembourg, Malte,
Norvège, Pays-Bas, Pologne, Portugal, République de Serbie, République Tchèque, Roumanie, Royaume-Uni, Slovaquie, Slovénie,
Suède, Suisse et Turquie.
COMITÉ EUROPÉEN DE NORMALISATIO N
E U R OP ÄI S C HES KOMITEE FÜR NORMUN G

EUROPEAN COMMITTEE FOR STANDARDIZATION

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Bruxelles
© 2017  CEN et CENELEC Tous droits d'exploitation sous quelque forme et de quelque Réf. n° EN ISO/IEC 27001:2017 F
manière que ce soit réservés dans le monde entier aux
membres nationaux du CEN et CENELEC.

Sommaire Page
Avant-propos européen . 3

Avant-propos européen
Le texte de l'ISO/IEC 27001:2013 y compris Cor 1:2014 et Cor 2:2015 a été élaboré par le Comité
Technique ISO/CEI JTC 1 “Technologies de l'information” de l'Organisation Internationale de
Normalisation (ISO) et la Commission Internationale Electrotechnique (CEI) et a été repris comme EN
ISO/IEC 27001:2017.
Cette Norme européenne devra recevoir le statut de norme nationale, soit par publication d'un texte
identique, soit par entérinement, au plus tard en août 2017, et toutes les normes nationales en
contradiction devront être retirées au plus tard en août 2017.
L'attention est appelée sur le fait que certains des éléments du présent document peuvent faire l'objet
de droits de propriété intellectuelle ou de droits analogues. Le CEN et/ou le CENELEC ne saurait
[sauraient] être tenu[s] pour responsable[s] de ne pas avoir identifié de tels droits de propriété et
averti de leur existence.
Selon le Règlement Intérieur du CEN-CENELEC les instituts de normalisation nationaux des pays
suivants sont tenus de mettre cette Norme européenne en application : Allemagne, Ancienne
République Yougoslave de Macédoine, Autriche, Belgique, Bulgarie, Chypre, Croatie, Danemark,
Espagne, Estonie, Finlande, France, Grèce, Hongrie, Irlande, Islande, Italie, Lettonie, Lituanie,
Luxembourg, Malte, Norvège, Pays-Bas, Pologne, Portugal, République de Serbie, République Tchèque,
Roumanie, Royaume-Uni, Slovaquie, Slovénie, Suède, Suisse et Turquie.
Notice d'entérinement
Le texte de ISO/IEC 27001:2013 y compris Cor 1:2014 et Cor 2:2015 a été approuvé par le CEN comme
NORME ISO/CEI
INTERNATIONALE 27001
Deuxième édition
2013-10-01
Technologies de l’information —
Techniques de sécurité — Systèmes
de management de la sécurité de
l’information — Exigences
Information technology — Security techniques — Information
security management systems — Requirements
Numéro de référence
ISO/CEI 27001:2013(F)
©
ISO/CEI 2013
ISO/CEI 27001:2013(F)
DOCUMENT PROTÉGÉ PAR COPYRIGHT
© ISO/CEI 2013
Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite ni utilisée
sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie, l’affichage sur
l’internet ou sur un Intranet, sans autorisation écrite préalable. Les demandes d’autorisation peuvent être adressées à l’ISO à
l’adresse ci-après ou au comité membre de l’ISO dans le pays du demandeur.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Version française parue en 2013
Publié en Suisse
ii © ISO/CEI 2013 – Tous droits réservés

ISO/CEI 27001:2013(F)
Sommaire Page
Avant-propos .iv
0 Introduction .v
1 Domaine d’application . 1
2 Références normatives . 1
3 Termes et définitions . 1
4 Contexte de l’organisation . 1
4.1 Compréhension de l’organisation et de son contexte. 1
4.2 Compréhension des besoins et des attentes des parties intéressées . 1
4.3 Détermination du domaine d’application du système de management de la sécurité
de l’information . 2
4.4 Système de management de la sécurité de l’information . 2
5 Leadership . 2
5.1 Leadership et engagement. 2
5.2 Politique . 2
5.3 Rôles, responsabilités et autorités au sein de l’organisation . 3
6 Planification . 3
6.1 Actions liées aux risques et opportunités . 3
6.2 Objectifs de sécurité de l’information et plans pour les atteindre . 5
7 Support . 5
7.1 Ressources . 5
7.2 Compétence . 6
7.3 Sensibilisation . 6
7.4 Communication . 6
7.5 Informations documentées . 6
8 Fonctionnement . 7
8.1 Planification et contrôle opérationnels . 7
8.2 Appréciation des risques de sécurité de l’information . 8
8.3 Traitement des risques de sécurité de l’information . 8
9 Évaluation des performances . 8
9.1 Surveillance, mesures, analyse et évaluation . 8
9.2 Audit interne . 8
9.3 Revue de direction . 9
10 Amélioration . 9
10.1 Non-conformité et actions correctives . 9
10.2 Amélioration continue .10
Annexe A (normative) Objectifs et mesures de référence .11
Bibliographie
...........................................................................................................................................................................................................................23
© ISO/CEI 2013 – Tous droits réservés iii

ISO/CEI 27001:2013(F)
Avant-propos
L’ISO (Organisation internationale de normalisation) et la CEI (Commission électrotechnique
internationale) forment le système spécialisé de la normalisation mondiale. Les organismes nationaux
membres de l’ISO ou de la CEI participent au développement de Normes internationales par l’intermédiaire
des comités techniques créés par l’organisation concernée afin de s’occuper des domaines particuliers
de l’activité technique. Les comités techniques de l’ISO et de la CEI collaborent dans des domaines
d’intérêt commun. D’autres organisations internationales, gouvernementales et non gouvernemen
...


SLOVENSKI SIST EN ISO/IEC 27001

STANDARD
julij 2017
Informacijska tehnologija – Varnostne tehnike – Sistemi upravljanja
informacijske varnosti – Zahteve (ISO/IEC 27001:2013, vključno s
popravkoma Cor 1:2014 in Cor 2:2015)

Information technology – Security techniques – Information security management
systems – Requirements (ISO/IEC 27001:2013 including Cor 1:2014 and Cor
2:2015)
Technologies de l'information – Techniques de sécurité – Systèmes de
management de la sécurité de l'information – Exigences (ISO/IEC 27001:2013 y
compris Cor 1:2014 et Cor 2:2015)

Informationstechnik – Sicherheitsverfahren – Informationssicherheits-
Managementsysteme – Anforderungen (ISO/IEC 27001:2013 einschließlich
Cor 1:2014 und Cor 2:2015)
Referenčna oznaka
ICS 03.100.70; 35.030 SIST EN ISO/IEC 27001:2017 (sl)

Nadaljevanje na straneh II in od 1 do 30

© 2018-10. Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

SIST EN ISO/IEC 27001 : 2017
NACIONALNI UVOD
Standard SIST EN ISO/IEC 27001 (sl, en), Informacijska tehnologija – Varnostne tehnike – Sistemi
upravljanja informacijske varnosti – Zahteve (ISO/IEC 27001:2013, vključno s popravkoma Cor 1:2014 in
Cor 2:2015), 2017, ima status slovenskega standarda in je enakovreden evropskemu standardu EN
ISO/IEC 27001, Information technology – Security techniques – Information security management
systems – Requirements (ISO/IEC 27001:2013 including Cor 1:2014 and Cor 2:2015), 2017.

NACIONALNI PREDGOVOR
Besedilo standarda EN ISO/IEC 27001:2017 je pripravil združeni tehnični odbor Mednarodne
organizacije za standardizacijo (ISO) in Mednarodne elektrotehniške komisije (IEC) ISO/IEC JTC 1
Informacijska tehnologija. Slovenski standard SIST EN ISO/IEC 27001:2017 je prevod angleškega
besedila evropskega standarda EN ISO/IEC 27001:2017. V primeru spora glede besedila slovenskega
prevoda v tem standardu je odločilen izvirni evropski standard v angleškem jeziku. Slovensko-angleško
izdajo standarda je pripravil SIST/TC ITC Informacijska tehnologija.

Odločitev za privzem tega standarda je dne 19. maja 2017 sprejel SIST/TC ITC Informacijska
tehnologija.
OSNOVA ZA IZDAJO STANDARDA
– privzem standarda EN ISO/IEC 27001:2017

PREDHODNA IZDAJA
– SIST ISO/IEC 27001:2013, Informacijska tehnologija – Varnostne tehnike – Sistemi upravljanja
informacijske varnosti - Zahteve

OPOMBE
– Povsod, kjer se v besedilu standarda uporablja izraz “mednarodni standard”, v v SIST EN ISO/IEC
27001:2017 to pomeni “slovenski standard”.
– Nacionalni uvod in nacionalni predgovor nista sestavni del standarda.
– Ta nacionalni dokument je istoveten EN ISO/IEC 27001:2017 in je objavljen z dovoljenjem

CEN
Avenue Marnix 17
1050 Bruselj
Belgija
This national document is identical with EN ISO/IEC 27001:2017 and is published with the
permission of
CEN
Avenue Marnix 17
1050 Bruxelles
Belgium
II
EVROPSKI STANDARD EN ISO/IEC 27001
EUROPEAN STANDARD
EUROPÄISCHE NORM
NORME EUROPÉENNE februar 2017

ICS: 03.100.70; 35.030
Slovenska izdaja
Informacijska tehnologija – Varnostne tehnike – Sistemi upravljanja
informacijske varnosti – Zahteve (ISO/IEC 27001:2013, vključno s popravkoma
Cor 1:2014 in Cor 2:2015)
Information technology – Security Technologies de l'information – Informationstechnik –
techniques – Information security Techniques de sécurité – Sicherheitsverfahren –
management systems – Systèmes de management de la Informationssicherheits-
Requirements (ISO/IEC 27001:2013 sécurité de l'information – Managementsysteme –
including Cor 1:2014 and Cor Exigences (ISO/IEC 27001:2013 y Anforderungen (ISO/IEC
2:2015) compris Cor 1:2014 et Cor 2:2015) 27001:2013 einschließlich
Cor 1:2014 und Cor 2:2015)
Ta evropski standard je CEN sprejel 26. januarja 2017.
Člani CEN in CENELEC morajo izpolnjevati notranje predpise CEN/CENELEC, s katerimi je
predpisano, da mora biti ta standard brez kakršnih koli sprememb sprejet ko nacionalni standard.
Seznami najnovejših izdaj teh nacionalnih standardov in njihovi bibliografski podatki so na zahtevo na
voljo pri Upravnem centru CEN-CENELEC ali pri kateremkoli članu CEN in CENELEC.
Ta evropski standard obstaja v treh uradnih izdajah (angleški, francoski, nemški). Izdaje v drugih
jezikih, ki jih člani CEN in CENELEC na lastno odgovornost prevedejo in izdajo ter prijavijo pri
Upravnem centru CEN-CENELEC, veljajo kot uradne izdaje.
Člani CEN in CENELEC so nacionalni organi za standarde Avstrije, Belgije, Bolgarije, Cipra, Češke
republike, Danske, Estonije, Finske, Francije, Grčije, Hrvaške, Irske, Islandije, Italije, Latvije, Litve,
Luksemburga, Madžarske, Malte, Nekdanje jugoslovanske republike Makedonije, Nemčije,
Nizozemske, Norveške, Poljske, Portugalske, Romunije, Slovaške, Slovenije, Srbije, Španije,
Švedske, Švice, Turčije, in Združenega kraljestva.

CEN-CENELEC
Evropski komite za standardizacijo
European Committee for Standardization
Europäisches Komitee für Normung
Comité Européen de Normalisation

Upravni center CEN-CENELEC: Avenue Marnix 17, B-1000 Bruselj

© 2017. Lastnice avtorskih pravic so vse države članice CEN in CENELEC. Ref. oznaka: EN ISO/IEC 27001:2017 E

SIST EN ISO/IEC 27001 : 2017
Vsebina Stran
Predgovor k evropskemu standardu .4
Predgovor k mednarodnemu standardu .5
0 Uvod .6
0.1 Splošno .6
0.2 Združljivost z drugimi standardi za sisteme upravljanja .6
1 Področje uporabe .7
2 Zveza s standardi .7
3 Izrazi in definicije .7
4 Okvir organizacije .7
4.1 Razumevanje organizacije in njenega okvira .7
4.2 Razumevanje potreb in pričakovanj zainteresiranih strank .7
4.3 Določitev obsega sistema upravljanja informacijske varnosti .7
4.4 Sistem upravljanja informacijske varnosti .8
5 Voditeljstvo .8
5.1 Voditeljstvo in zavezanost .8
5.2 Politika .8
5.3 Organizacijske vloge, odgovornosti in pooblastila .8
6 Načrtovanje .9
6.1 Ukrepi za obravnavanje tveganj in priložnosti .9
6.2 Cilji informacijske varnosti in načrtovanje njihovega doseganja .10
7 Podpora .11
7.1 Viri .11
7.2 Kompetentnost .11
7.3 Ozaveščenost .11
7.4 Sporočanje .11
7.5 Dokumentirane informacije .11
8 Delovanje .12
8.1 Načrtovanje in obvladovanje delovanja .12
8.2 Ocenjevanje tveganj informacijske varnosti .12
8.3 Obravnavanje tveganj informacijske varnosti .13
9 Vrednotenje delovanja .13
9.1 Spremljanje, merjenje, analiziranje in vrednotenje .13
9.2 Notranja presoja .13
9.3 Vodstveni pregled .14
10 Izboljševanje .14
10.1 Neskladnosti in popravni ukrepi .14
10.2 Nenehno izboljševanje .15
Dodatek A (normativni): Referenčni cilji kontrol in kontrole .16
Literatura .28
SIST EN ISO/IEC 27001 : 2017
Tehnični popravek 1:2014 .29
Tehnični popravek 2:2015 .30
SIST EN ISO/IEC 27001 : 2017
Predgovor k evropskemu standardu
Besedilo standarda ISO/IEC 27001:2013, vključno s popravkoma Cor 1:2014 in Cor 2:2015, je pripravil
združeni tehnični odbor Mednarodne organizacije za standardizacijo (ISO) in Mednarodne
elektrotehniške komisije (IEC) ISO/IEC JTC 1 Informacijska tehnologija in je bil sprejet kot EN ISO/IEC
27001:2017
Ta evropski standard mora z objavo istovetnega besedila ali z razglasitvijo dobiti status nacionalnega
standarda najpozneje do avgusta 2017, nacionalne standarde, ki so v nasprotju s tem standardom, pa je
treba umakniti najpozneje do avgusta 2017.
Opozoriti je treba na možnost, da je lahko nekaj elementov tega dokumenta predmet patentnih pravic.
CEN [in/ali CENELEC] ne prevzema odgovornosti za identifikacijo katerih koli ali vseh takih patentnih
pravic.
V skladu z notranjimi predpisi CEN/CENELEC morajo ta evropski standard obvezno uvesti nacionalne
organizacije za standardizacijo naslednjih držav: Avstrije, Belgije, Bolgarije, Cipra, Češke republike,
Danske, Estonije, Finske, Francije, Grčije, Hrvaške, Irske, Islandije, Italije, Latvije, Litve,
Luksemburga, Madžarske, Malte, Nekdanje jugoslovanske republike Makedonije, Nemčije,
Nizozemske, Norveške, Poljske, Portugalske, Romunije, Slovaške, Slovenije, Srbije, Španije,
Švedske, Švice, Turčije, in Združenega kraljestva.

Razglasitvena objava
Besedilo mednarodnega standarda ISO/IEC 27001:2013, vključno s popravkoma Cor 1:2014 in Cor
2:2015, je CEN odobril kot evropski standard EN ISO/IEC 27001:2017 brez kakršnekoli spremembe.

SIST EN ISO/IEC 27001 : 2017
Predgovor k mednarodnemu standardu

ISO (Mednarodna organizacija za standardizacijo) in IEC (Mednarodna elektrotehniška komisija)
tvorita specializiran sistem za svetovno standardizacijo. Nacionalni organi, ki so člani ISO ali IEC,
sodelujejo pri pripravi mednarodnih standardov prek tehničnih odborov, ki jih za obravnavanje
določenih strokovnih področij ustanovi ustrezna organizacija. Tehnični odbori ISO in IEC sodelujejo na
področjih skupnega interesa. Pri delu sodelujejo tudi druge mednarodne, vladne in nevladne
organizacije, povezane z ISO in IEC. Na področju informacijske tehnologije sta ISO in IEC vzpostavila
združeni tehnični odbor ISO/IEC JTC 1.

Mednarodni standardi so pripravljeni v skladu s pravili, podanimi v 2. delu Direktiv ISO/IEC.

Glavna naloga tehničnih odborov je priprava mednarodnih standardov. Osnutki mednarodnih standardov,
ki jih sprejmejo tehnični odbori, se pošljejo vsem članom v glasovanje. Za objavo mednarodnega
standarda je treba pridobiti soglasje najmanj 75 odstotkov članov, ki se udeležijo glasovanja.

Opozoriti je treba na možnost, da je lahko nekaj elementov tega mednarodnega standarda predmet
patentnih pravic. ISO in IEC ne prevzemata odgovornosti za prepoznavanje katerih koli ali vseh takih
patentnih pravic.
ISO/IEC 27001 je pripravil združeni tehnični odbor ISO/IEC JTC 1 Informacijska tehnologija, pododbor
SC 27 Varnostne tehnike IT.
Druga izdaja preklicuje in nadomešča prvo izdajo (ISO/IEC 27001:2005), ki je tehnično revidirana.

SIST EN ISO/IEC 27001 : 2017
0 Uvod
0.
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN 13126-9:2025(Main)
Building hardware - Hardware for windows and door height windows - Requirements and test methods - Part 9: Hardware for horizontal and vertical pivot windows
kSIST FprEN 13126-9:2024

This document specifies the requirements and test methods for durability and strength of hardware for vertical and horizontal pivot windows and door height windows (including pivot hinges and central locking systems).
If the hardware manufacturer would like to classify an integrated restrictor function, the pivot hinges can be tested in accordance with EN 13126-5.
This document does not apply to manoeuvring devices which are covered in EN 13126-2, EN 13126-3, and EN 13126-14.

  • Draft
    25 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 12046-2:2025(Main)
Operating forces - Test method - Part 2: Doors
kSIST FprEN 12046-2:2024

This document covers hinged/pivoted and sliding doorsets with engaging fasteners (e.g. latches, deadbolts) for pedestrian use. It defines the test methods to determine the forces to open/close doors and to engage/release and lock/unlock the building hardware using a key or handle. It is only applicable to the manual operation of doorsets.
These doorsets can include:
—   emergency or panic exit devices;
—   door closing devices.
NOTE   The use of some windows involves engaging fasteners (e.g. latches, deadbolts) and can be tested in accordance with this document. Throughout the text where “door leaf”/”door leaves” is written this can also be read as “casements”/”sashes”.

  • Draft
    14 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 18027:2025(Main)
Bio-based products - Life cycle assessment - Additional requirements and guidelines for comparing the life cycles of bio-based products with their fossil-based equivalents
kSIST FprEN 18027:2024

This document provides requirements and guidelines for comparing the life cycles of bio-based products with their fossil-based equivalents.
NOTE   The term "equivalents" generally refers to the "functional equivalence".
This document builds on existing LCA methodology and provides requirements and guidance on specific topics relevant for making well-balanced comparisons.

  • Draft
    55 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 16339:2025(Main)
Ambient air - Method for the determination of the concentration of nitrogen dioxide by diffusive sampling
SIST EN 16339:2025

This document specifies a method for the sampling of NO2 in ambient air using diffusive sampling followed by extraction and analysis by colourimetry or ion chromatography (IC). It can be used for the NO2 measurement in a concentration range of approximately 3 µg/m3 to 130 µg/m3 [12]. A sample is typically collected for a period of 1 to 4 weeks [14], with exposure periods depending on the design of the samplers and the concentration levels of NO2.
Several sorbents can be used for trapping NO2 in ambient air using a diffusive sampler [15]. This document specifies the application of triethanolamine as the reagent.
This document describes the application of a tube-type sampler (with either a cylindrical or a slightly conical tube), a badge-type sampler and a radial-type sampler.
The relative expanded uncertainty of NO2 measurements performed using these tube-type diffusive samplers can potentially be lower than 25 % for individual measurements. When aggregating results to form annual average values, the relative expanded uncertainty can be further reduced to levels below 15 % due to the reduction of random effects on uncertainty [9].
NOTE   NO2 passive samplers are also employed to measure NOx with the addition of an oxidant to convert ambient NO into NO2. A second NO2 sampler is also deployed without the oxidant and the concentration of NO is determined from the difference of the two samplers [16].

  • Draft
    57 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 16494:2025(Main)
Railway applications - Requirements for ERTMS Trackside Boards
SIST EN 16494:2025

This document is applicable to the heavy rail system.
This document defines the requirements for the provision, visibility, readability, maintenance and testing of a specific set of ERTMS trackside boards associated with the following DMI and ETCS track conditions:
—   ETCS stop marker
—   ETCS location marker
—   level transition, corresponding to transitions between ETCS levels
—   lower pantograph
—   pantograph lowered
—   raise pantograph
—   neutral section announcement
—   neutral section
—   end of neutral section
—   GSM-R network border marker
—   no traction system fitted announcement
—   no traction system fitted indication
—   traction system AC 25 kV 50 Hz announcement
—   traction system AC 25 kV 50 Hz indication
—   traction system AC 15 kV 16,7 Hz announcement
—   traction system AC 15 kV 16,7 Hz indication
—   traction system DC 3 kV announcement
—   traction system DC 3 kV indication
—   traction system DC 1,5 kV announcement
—   traction system DC 1,5 kV indication
—   traction system DC 600/750 V announcement
—   traction system DC 600/750 V indication
—   activate the audible warning device (horn) indication
—   safe stopping area announcement
—   safe stopping area indication for start
—   safe stopping area indication for end
—   inhibition of brake announcement/indication for start/indication for revocation
—   level crossing marker
NOTE 1 the brake MBs apply for any of the three brake types (eddy current, magnetic shoe, regenerative), whereas the exact type concerned would be known by the driver via existing Route knowledge.
The following ETCS track conditions are outside the scope of this Standard:
—   Safe stopping area semi-continuous indication for in-between
—   Non-stopping area announcement
—   Non-stopping area announcement
—   Non stopping area indication for start
—   Non stopping area indication for end
—   Non stopping area semi-continuous indication for in-between
—   Close air conditioning intake announcement
—   Close air conditioning intake indication
—   Open air conditioning intake announcement
—   Open air conditioning intake indication
This document includes the arrangement of the boards and their interface with existing systems (track, cab design including cab sight lines, visibility by the driver and train head lamps).
Mobile, backlit and temporary signs are not within the scope of this document.
The application of ERTMS trackside boards is not within the scope of this document.
Sighting requirements are not within the scope of this document. The sighting process needs to be implemented in accordance with national rules.

  • Draft
    30 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 16072:2025(Main)
Intelligent transport systems - ESafety - Pan-European eCall operating requirements
SIST EN 16072:2025

The objective of implementing the pan-European in-vehicle emergency call system (eCall) is to automate the notification of a traffic accident, wherever in Europe, with the same technical standards and the same quality of services objectives by using ‘Public Land Mobile Networks’(PLMN), which supports the European pre-assigned emergency destination address (see normative references) and to provide a means of manually triggering the notification of an incident.
This document specifies the general operating requirements and intrinsic procedures for in-vehicle emergency call (eCall) services in order to transfer an emergency message from a vehicle to a Public Safety Answering Point (PSAP) in the event of a crash or emergency, via an eCall communication session and to establish a voice channel between the in-vehicle equipment and the PSAP.
Private third party in-vehicle emergency supporting services can also provide a similar eCall function by other means. The provision of such services are defined in EN 16102, and are outside the scope of this document.
The communications protocols and methods for the transmission of the MSD are not specified in this document.
This document specifies the operating requirements for an eCall service. An important part of the eCall service is a Minimum Set of Data (MSD). The operating requirements for the MSD are determined in this document, but the form and data content of the MSD is not defined herein. A common European MSD is determined in EN 15722.
This document does not specify whether eCall is provided using embedded equipment or other means (for example in the case of aftermarket equipment).

  • Draft
    30 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 12259-15:2025(Main)
Fixed firefighting systems - Components for sprinkler and water spray systems - Part 15: Spray pattern sprinklers with a k-factor of at least K160, extended coverage sprinklers of at least K80 and control mode special application sprinklers
SIST EN 12259-15:2025

This document specifies requirements and test methods for spray pattern sprinklers with a k-factor of at least K160, extended coverage (EC) sprinklers of at least K80, extended coverage storage sprinklers of at least K200 and control mode special application (CMSA) sprinklers. This document only covers sprinkler types up to K360.
This document does not apply to concealed, conventional, flat spray, flush and recessed sprinklers.

  • Draft
    52 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 18056:2025(Main)
Conservation of Cultural Heritage - Waterlogged archaeological wood - Characterization of waterlogged archaeological wood to support decision-making processes for its preservation
kSIST FprEN 18056:2024

This document provides guidelines for the characterization of waterlogged archaeological wood to support decision-making processes for its preservation.
This document can be applied for the management of wood discovered in waterlogged environments, including terrestrial and aquatic (marine and freshwater) sites, as a basis for designing conservation strategies (e.g. reburial, in situ preservation, post-excavation storage). In the case of composite artefacts made of wood and other materials, this document is applicable only for the wooden components. Methods for conservation, site protection and monitoring for reburial as well as in situ preservation are beyond the scope of this document.

  • Draft
    15 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 17450-3:2025(Main)
Fixed firefighting systems - Components for water mist systems - Part 3: Requirements and test methods for check valves
SIST EN 17450-3:2025

This document specifies the requirements and describes the test methods for check valves for water mist firefighting systems.
Check valves allow the passage in the direction of flow and they prevent flow in the reverse direction.
This document is applicable to check valves installed in the pipework of water mist firefighting systems.

  • Draft
    9 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 13757-3:2025(Main)
Communication systems for meters - Part 3: Application protocols
SIST EN 13757-3:2025

This document specifies application services for communication systems for meters, sensors, and actuators, used to provide metering services.
This document specifies application protocols, especially the M-Bus application protocol.
This document is intended to be used with the lower layer specifications determined in the relevant parts of the EN 13757 series.

  • Standard
    120 pages
    English language
    sale 10% off
    e-Library read for
    1 day