Trinidad & Tobago Bureau of Standards posts draft Voluntary National Standards for Information Security Management Systems for comments


The Trinidad and Tobago Bureau of Standards (TTBS) is inviting comments on the proposed draft Voluntary National Standards for Information Security Management Systems.

These draft Voluntary National Standards comprise three documents, all based on the International Standards Organisation /
International Electrotechnical Commission (ISO/IEC) 27000 series of standards which were reviewed by the TTBS’ National Technical Committee for Information and Communication Technology (ICT) and now posted for public comment.

The Trinidad and Tobago Computer Society (TTCS ; http://newhost.ttcs.tt) is a member of the National Technical Committee for ICT which was formed in late 2018.

Here are the three documents for comments, along with links to view the document and a comment form to submit comments to the TTBS on the document. The closing date for comments is June 17 2019.

PCTTS/ISO/IEC 27001:20XX

PCTTS/ISO/IEC 27001:20XX specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in this document are generic and are intended to be applicable to all organizations, regardless of type, size or nature. Based on ISO/IEC 27001:2013

PCTTS/ISO/IEC 27002:20XX

PCTTS/ISO/IEC 27002:20XX gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization’s information security risk environment(s). It is designed to be used by organizations that intend to:

  1. select controls within the process of implementing an Information Security Management System based on PCTTS/ISO/IEC 27001:20XX;
  2. implement commonly accepted information security controls;
  3. develop their own information security management guidelines.

Based on ISO/IEC 27002:2013

PCTTS/ISO/IEC 27003:20XX

PCTTS/ISO/IEC 27003:20XX provides explanation and guidance on PCTTS/ISO/IEC 27001:20XX. Based on ISO/IEC 27003:2017