ISO 27005
Information security risk management guidelines
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (11)
Communication
| Code | Title |
|---|---|
| 9.1 | Risk communication and consultation |
Context Establishment
ISO 27005: Risk Assessment
Identifying and analyzing risks (ISO 27005)
| Code | Title |
|---|---|
| ISO27005-06 | Risk identification methods |
| ISO27005-07 | Risk analysis and evaluation |
| ISO27005-08 | Risk criteria and thresholds |
| ISO27005-09 | Risk scenario development |
| ISO27005-10 | Risk interdependency analysis |
ISO 27005: Risk Framework & Governance
Establishing risk management framework (ISO 27005)
| Code | Title |
|---|---|
| ISO27005-01 | Risk management policy and scope |
| ISO27005-02 | Risk governance structure |
| ISO27005-03 | Risk culture and communication |
| ISO27005-04 | Stakeholder requirements for risk |
| ISO27005-05 | Risk management integration |
ISO 27005: Risk Monitoring & Review
Ongoing monitoring and review of risks (ISO 27005)
| Code | Title |
|---|---|
| ISO27005-16 | Risk monitoring procedures |
| ISO27005-17 | Risk reporting and communication |
| ISO27005-18 | Risk register maintenance |
| ISO27005-19 | Continuous improvement of risk processes |
| ISO27005-20 | Management review of risk program |
ISO 27005: Risk Treatment
Treating and managing identified risks (ISO 27005)
| Code | Title |
|---|---|
| ISO27005-11 | Risk treatment options and selection |
| ISO27005-12 | Risk treatment plan development |
| ISO27005-13 | Residual risk acceptance |
| ISO27005-14 | Risk transfer and insurance |
| ISO27005-15 | Control implementation and monitoring |
Monitoring
Risk Acceptance
Risk Analysis
| Code | Title |
|---|---|
| 7.7 | Likelihood estimation |
| 7.8 | Consequence estimation |
Risk Assessment
| Code | Title |
|---|---|
| 7.5 | Threat assessment |
Risk Treatment
| Code | Title |
|---|---|
| 8.3 | Statement of Applicability linkage |
| 8.5 | Control effectiveness review |
Your Compliance Coverage
If you comply with ISO 27005, you already cover:
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
35%
9 controls mapped
Compare →ISO/IEC 23894:2023
35%
9 controls mapped
Compare →AS9100D - Aerospace Quality Management System
31%
8 controls mapped
Compare →+ 244 more: ISO/IEC 27003:2017 (31%), NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security (27%)
See all 247 mapped frameworks ↓Maps to 247 other frameworks
Frequently Asked Questions
What is ISO 27005?
ISO 27005 is a compliance framework from International with 11 domains and 26 controls. Information security risk management guidelines It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does ISO 27005 have?
ISO 27005 has 26 controls organised across 11 domains. The largest domains are ISO 27005: Risk Assessment (5 controls), ISO 27005: Risk Framework & Governance (5 controls), ISO 27005: Risk Monitoring & Review (5 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does ISO 27005 map to?
ISO 27005 maps to 247 other compliance frameworks. The top mapping partners are NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements (35% coverage), ISO/IEC 23894:2023 (35% coverage), AS9100D - Aerospace Quality Management System (31% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with ISO 27005 compliance?
Start your ISO 27005 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about ISO 27005 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 26 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.
Get Started Free →Free forever — no credit card required