Here is a more or less exhaustive list of all ISO standards mentioned in the CCAK Guide. For the exam, memorising the ones that are mentioned on the slides is recommended.

If anything, remember the following principles:

• the 27000 series is exclusively about information security, and you will find very little on that outside the 27000 series,
• there is a lot of information technology (not security) in the 17000 and 19000 series, but there is other material as well,
• some standards in the 17000 series are not even specific to IT.

ISO/IEC 17021-1:2015 Conformity assessment—Requirements for bodies providing audit and certification of management systems—Part 1: Requirements

ISO/IEC 17065 Conformity assessment—Requirements for bodies certifying products, processes and services

ISO/IEC 17788:2014 Information technology – Cloud computing – Overview and vocabulary

ISO/IEC 17789:2014 Information technology – Cloud computing – Reference architecture

ISO/IEC 19011:2018 Guidelines for auditing management systems

ISO/IEC 19086-1:2016 Information technology – Cloud computing – Service level agreement (SLA) framework – Part 1: Overview and concepts

ISO/IEC 19086-2:2018 Cloud computing – Service level agreement (SLA) framework – Part 2: Metric model

ISO/IEC 19086-3:2017 Information technology – Cloud computing – Service level agreement (SLA) framework – Part 3: Core conformance requirements

ISO/IEC 19086-4:2019 Cloud computing – Service level agreement (SLA) framework – Part 4: Components of security and of protection of PII

ISO/IEC 19099:2014 Information technology – Virtualization Management Specification

ISO/IEC 19600:2014(en) Compliance management systems – Guidelines

ISO/IEC 21878:2018(en) Information technology – Security techniques – Security guidelines for design and implementation of virtualized servers

ISO/IEC 22301:2019 Security and resilience – Business continuity management systems – Requirements

ISO/IEC 27000:2014 Information technology — Security techniques — Information security management systems — Overview and vocabulary

ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems – Requirements

ISO/IEC 27002:2013 Information security, cybersecurity and privacy protection — Information security controls

ISO/IEC 27005:2018 Information technology – Security techniques – Information security risk management

ISO/IEC 27006:2015 Information technology—Security techniques—Requirements for bodies providing audit and certification of information security management systems

ISO/IEC 27007 Information security, cybersecurity and privacy protection — Guidelines for information security management systems auditing

ISO/IEC 27014:2013 Information Technology – Security techniques – Governance of information security

ISO/IEC 27017:2015 Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud services

ISO/IEC 27018:2014 Information technology – Security techniques – Code of practice for protection of Personally Identifiable Information (PII) in public clouds acting as PII processors

ISO/IEC 27034 Information technology — Security techniques — Application security

ISO/IEC 27035-1:2016 Information technology – Security techniques – Information security incident management – Part 1: Principles of incident management

ISO/IEC 27701:2019 Security techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management –Requirements and guidelines,

ISO/IEC 29100:2024(en) Information technology — Security techniques — Privacy framework

ISO/IEC 31000:2018(en) Risk management –Guidelines

ISO/IEC 38500:2015 Information Technology – Governance of IT for the organization