The Institute for Standardization of Bosnia and Herzegovina, through its Technical Committee BAS/TC 1, Information Technology, adopted the fourth edition of the BAS ISO/IEC 27001:2023, Information security, cybersecurity and privacy protection - Information security management systems - Requirements, which is translation of the English version of the international standard ISO/IEC 27001:2022, Information security, cybersecurity and privacy protection — Information security management systems — Requirements.

BAS ISO/IEC 27001:2023 specifies the requirements for the establishing, implementing, maintaining and continually improving an information security management system in the context of the organization. This document also includes requirements for the assessment and treatment of information security risks according to the needs of the organization. The requirements set out in this document are generic and are intended to be applicable to all organizations, regardless of their type, size or nature.

The original texts of the standard were prepared by the Technical Committee ISO/IEC JTC 1/SC 27, Information security, cybersecurity and privacy protection, whose secretariat is held by the German Institute for Standardization (DIN).