ISO/IEC 27004:2016 

Information technology - Security techniques - Information security management - Monitoring, measurement, analysis and evaluation


Do you need a multi-user copy?




ISO/IEC 27004:2016 provides guidelines intended to assist organizations in evaluating the information security performance and the effectiveness of an information security management system in order to fulfil the requirements of ISO/IEC 27001:2013, 9.1. It establishes:

a) the monitoring and measurement of information security performance;

b) the monitoring and measurement of the effectiveness of an information security management system (ISMS) including its processes and controls;

c) the analysis and evaluation of the results of monitoring and measurement.

ISO/IEC 27004:2016 is applicable to all types and sizes of organizations.

Look inside

Relevant for

cyber security

smart city

Additional information

Publication typeInternational Standard
Publication date2016-12-15
Available language(s)English
TC/SCISO/IEC JTC 1/SC 27 - Information security, cybersecurity and privacy protectionrss
ICS03.100.70 - Management systems
35.030 - IT Security
File size3264 KB

The following test report forms are related:

Share your publications

Learn how to share your publications with your colleagues, using networking options.

Payment information

Our prices are in Swiss francs (CHF). We accept all major credit cards (American Express, Mastercard and Visa), PayPal and bank transfers as form of payment.

Keep in touch

Keep up to date with new publication releases and announcements with our free IEC Just Published email newsletter.

Contact customer services

Please send your enquiry by email or call us on +41 22 919 02 11 between 09:00 – 17:00 CET Monday to Friday.