Iso-iec logo

Global | All Industries

ISO/IEC 27110

The International Organization for Standardization (ISO) is an independent, non-governmental international organization with an international membership of 163 national standards bodies. The ISO/IEC 27000 family of standards helps organizations keep their information assets secure.

ISO/IEC 27110, “Information technology, cybersecurity and privacy protection — Cybersecurity framework development guidelines,” specifies that all  cybersecurity frameworks should have the following concepts: Identify, Protect, Detect, Respond, Recover. It also outlines the distinction between Information Security and Cybersecurity. These guidelines align with the NIST Cybersecurity  Framework (CSF).

    • Identify: The Identify concept addresses people, policies, processes and technology when defining the scope of activities.
    • Protect: The Protect concept can contain many categories and activities related to the safeguarding of assets against intentional or unintentional misuse. 
    • Detect: The Detect concept can include traditional asset monitoring and attack detection.
    • Respond: The Respond concept can include the traditional incident response concepts as well as policies, procedures and plans. 
    • Recover: The activities in the Recover concept define the restoration and communication related activities after a cybersecurity event.

    Google's security risk management capabilities are audited as part of ISO/IEC 27001/27002 (Information Security Management), ISO/IEC 27017 (Cloud Security),  FedRAMP, and NIST 800-53, which align with the conceptual framework and recommended guidance specified in ISO/IEC 27110 (Identify, Protect, Detect, Respond, Recover).

    ISO/IEC 27001

    Learn more

    ISO/IEC 27017

    Learn more


    Learn more

    NIST 800-53

    Learn more