ISO 27001


ISO 27001 - Information Security Standard


ISO 27001 standard was published in October 2005, essentially replacing the old BS7799-2 standard. It is the specification for an ISMS, an Information Security Management System.ISO 27001 is intended to be suitable for several different types of use, including the following:


  • use within organizations to formulate security requirements and objectives
  • use within organizations as a way to ensure that security risks are cost effectively managed
  • use within organizations to ensure compliance with laws and regulations
  • use within an organization as a process framework for the implementation and management of controls to ensure
  • that the specific security objectives of an organization are met
  • definition of new information security management processes
  • identification and clarification of existing information security management processes
  • use by the management of organizations to determine the status of information security management activities
  • use by the internal and external auditors of organizations to determine the degree of compliance with the policies
  • directives and standards adopted by an organization
  • use by organizations to provide relevant information about information security policies, directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons
  • implementation of business-enabling information security
  • use by organizations to provide relevant information about information security to customers.