Contact with special interest groups
Maintain ties with security groups to stay updated on threats and best practices.
Plain language
This control is about keeping in touch with groups and organisations that specialise in information security. Doing so helps you stay informed about the latest threats and how to protect against them. If you don't keep these connections, you risk missing out on critical updates that could protect your organisation from security breaches.
Framework
ISO/IEC 27001:2022
Control effect
Preventative
ISO 27001 domain
Organisational controls
Classifications
N/A
Official last update
24 Oct 2022
Control Stack last updated
19 Mar 2026
Maturity levels
N/A
Official control statement
The organization shall establish and maintain contact with special interest groups or other specialist security forums and professional associations.
Why it matters
Lack of engagement with security groups can lead to missed threat intelligence, increasing the risk of undetected vulnerabilities and slower incident responses.
Operational notes
Join relevant security forums and ISACs; assign owners to monitor alerts, share summaries internally, and track actions from shared threat intel.
Implementation tips
- The IT manager should join security groups and forums that focus on industry-specific threats and best practices. This can be done by identifying reputable organisations online or through industry contacts and ensuring ongoing participation in discussions and updates.
- The board should allocate resources for attending relevant security conferences and webinars. This not only promotes continuous learning but also provides networking opportunities to connect with security professionals.
- The compliance officer should ensure regular communication with these groups, sharing relevant information and receiving updates on threats. This involves subscribing to newsletters, participating in forums, and attending events where leading experts discuss current security trends.
- The HR department should include involvement in special interest groups as part of the ongoing security training programs for relevant staff. This can be integrated into professional development goals to encourage engagement with larger security communities.
- The overall security strategy team should periodically review memberships and participation in these groups to assess the value and relevance of continued association. This ensures the organisation stays aligned with the most applicable and advantageous resources.
Audit / evidence tips
-
Aska list of memberships or subscriptions to security groups and forums
Goodactive and ongoing engagement with at least several well-recognised security groups
-
Askto see evidence of participation in security conferences or webinars over the past year
-
Askrecords of internal discussions or reports that include information shared from these groups
-
Askdocumentation or communication that details alerts or advisories received from these groups
-
Askto see professional development plans for staff that involve interaction with these groups
Cross-framework mappings
How Annex A 5.6 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ASD ISM
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (1) expand_less | ||
| ISM-2000 | Annex A 5.6 requires the organisation to establish and maintain ongoing contact with special interest groups and specialist security foru... | |
| handshake Supports (3) expand_less | ||
| ISM-0039 | ISM-0039 requires a cyber security strategy that is developed and maintained to remain effective over time | |
| ISM-0720 | Annex A 5.6 requires the organisation to establish and maintain ongoing contact with special interest groups or other specialist security... | |
| ISM-1617 | ISM-1617 calls for the CISO to maintain the cyber security program’s currency in addressing threats and needs | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.