For a deeper dive into related best practices, you may also want to explore for ISMS requirements, ISO/IEC 27002 for general security controls, and NIST SP 800-88 or IEEE 2883 for data sanitization guidelines.
ISO/IEC 27040 is a international standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It provides a set of guidelines for implementing information security controls to protect an organization's sensitive information. The standard is part of the ISO/IEC 27000 family of standards, which provides a framework for information security management. iso iec 27040 pdf
after reading this article:
ISO/IEC 27040 is an international standard published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It provides detailed, technical guidance on how to design, implement, operate, and review storage security. For a deeper dive into related best practices,
: The new edition introduces mandatory "shall" statements (labeled 'R') alongside traditional guidance (labeled 'G'), making it more suitable for formal audits. The standard is part of the ISO/IEC 27000