SRPS ISO/IEC 27102:2022

Information security, cybersecurity and privacy protection — Guidelines for applying ISO/IEC 27001 and related standards in support of cyber insurance

Publication date: Aug 31, 2022

General information

Current stage: 90.92 Effective date: Oct 9, 2025

Originator: ISS

Owner: I224

Type: International Standard

ICS: 35.030

Languages: English

Buying

Status: Published

PDF

Paper

PDF and Paper

Online reading for 5 days

Online reading for 30 days

Language

Language in which you want to receive the document.

Scope

This document provides guidelines when considering purchasing cyber-insurance as a risk treatment option to manage the impact of a cyber-incident within the organization’s information security risk management framework, as well as leveraging the organization’s ISMS when sharing relevant data and information with an insurer.
This document gives guidelines for:
a) considering the purchase of cyber insurance as a risk treatment option to share cyber risks;
b) leveraging cyber insurance to assist in managing the impact of a cyber incident;
c) sharing of data and information between the insured and an insurer to support underwriting, monitoring and claims activities associated with a cyber insurance policy;
d) leveraging an ISMS when sharing relevant data and information with an insurer.
This document is applicable to organizations that intend to purchase cyber insurance, regardless of type, size or sector.

Life cycle

NOW

PUBLISHED
SRPS ISO/IEC 27102:2022
90.92 Standard to be revised
Oct 9, 2025

SRPS ISO/IEC 27102:2022

Information security, cybersecurity and privacy protection — Guidelines for applying ISO/IEC 27001 and related standards in support of cyber insurance

General information

Buying

Scope

Life cycle

NOW

Related project

Adopted from ISO/IEC 27102:2019