SNIA Developer Conference September 15-17, 2025 | Santa Clara, CA
Abstract
The ISO/IEC 27040 storage security standard was originally published in 2015 as a guidance standard that expanded upon the earlier SNIA storage security best practices and focused on existing and emerging storage technologies. During the intervening years, the threat landscape has morphed significantly, storage technologies and practices continue to change, and the regulatory obligations increase with each wave of attacks. In response, ISO initiated an early revision of ISO/IEC 27040, which included transitioning it from a guidance standard to one that includes both requirements and guidance as well as other changes to help ensure the standard remains relevant.
This session will highlight the anticipated changes for the second edition of ISO/IEC 27040, position it within the ISO 27000 series security standards, and provide a timeline for its availability. While the standard is written primarily for storage consumers, this session will also provide vendors with insights into what they can expect once the standard is published.