ISO/IEC 27102:2019
Information security, cybersecurity and privacy protection - Guidelines for applying ISO/IEC 27001 and related standards in support of cyber insurance
| Standard number: | ISO/IEC 27102:2019 |
| Released: | 2019-08-13 |
| Edition: | 1 |
| ICS: | 35.030 |
| Pages (English): | 18 |
ISO/IEC 27102:2019
This document provides guidelines when considering purchasing cyber-insurance as a risk treatment option to manage the impact of a cyber-incident within the organization’s information security risk management framework, as well as leveraging the organization’s ISMS when sharing relevant data and information with an insurer.
This document gives guidelines for:
a) considering the purchase of cyber insurance as a risk treatment option to share cyber risks;
b) leveraging cyber insurance to assist in managing the impact of a cyber incident;
c) sharing of data and information between the insured and an insurer to support underwriting, monitoring and claims activities associated with a cyber insurance policy;
d) leveraging an ISMS when sharing relevant data and information with an insurer.
This document is applicable to organizations that intend to purchase cyber insurance, regardless of type, size or sector.