ISO/IEC 27001 covers many types of organizations (e.g., business enterprises, government bodies, not-for-profit organizations). ISO/IEC 27001 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. The standard specifies requirements for the implementation of security controls customized to the needs of individual organizations.
ISO/IEC 27001 is designed to ensure the selection of security controls that protect information and give confidence to individuals or groups with a vested interest.
ISO/IEC 27001 is intended to be used as follows:
- to formulate security requirements and objectives of the organization
- to implement business-enabling information security
- to determine the status of information security management activities
- to identify and clarify existing information security management processes
- to define new information security management processes
- to ensure that the specific security objectives of an organization are met
- to ensure compliance with laws and regulations
- to ensure that security risks are cost effectively managed
- to determine the degree of compliance with the policies, directives and standards adopted by the organization
- to provide relevant information about information security policies, directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons
- to provide relevant information about information security to customers
What is ISO/IEC 27001?
ISO/IEC 27001 is the certification process for the Code of Practice on Information Security Management.
Who does ISO/IEC 27001 apply to?
All organizations, in public or private sectors are increasingly required to prove that they take information security seriously.
Why bother with ISO/IEC 27001?
ISO/IEC 27001 is considered the 'de facto' standard (i.e., standard by default) and will soon become a contractual or service level agreement requirement.
The ISO/IEC 27001 standard is available at the following link through Amazon:
Important Note to Users of this Site: Although this site is intended to be a useful information resource for those seeking to implement and maintain effective information security management systems, the www.isoiec27001.com Web Site is not affiliated with and does not act on behalf of the International Organization for Standardization (ISO), which is the organization that develops and issues international standards, including the ISO/IEC 27001 standard. The URL of the official web site for ISO is located at www.iso.org.