ISO/IEC 27001: Information Security Requirements

Just to let you know, we are no longer updating this section.
This is retained as a resource but nothing new has been added since late 2009. No further additions will be made by the DCC.

Date added 11 August 2009
Last edited 4 November 2009

Full Title

ISO/IEC 27001: Information Technology - Security Techniques - Information Security Management Systems - Requirements

Description

ISO/IEC 27001 sets out the requirements for establishing, managing, documenting and continuously improving an Information Security Management System (ISMS) using a risk management approach. Implementers are mandated to identify, analyse and evaluate risks and reduce these to an acceptable level. Contingencies for treating these risks are selected from over 130 controls defined by the standard. These cover a range of areas where information security could be compromised, and focus on the preparation of adequate policies and procedures, and documentation of processes. The standard mandates that a compliant ISMS will: demonstrate management commitment through provision of resource, competent staff and training; undergo internal audit and management reviews; and undertake to continually improve effectiveness.

Standards Developing Organisations

ISO
IEC

Rights

No information

Lifecycle Actions

Access, Use and Reuse
Store

Standard Framework

Digital Archive Standards

Standard Type

Security Standards

Current Version

Further Information

Alternative Current Versions

None.

Previous Version

Referenced Standards

ISO/IEC 27002:2005, Information Technology - Security Techniques - Code of Practice for Information Security Management