You are here
ISO/IEC 27001: Information Security Requirements
Date added 11 August 2009
Last edited 4 November 2009
Full Title
ISO/IEC 27001: Information Technology - Security Techniques - Information Security Management Systems - Requirements
Description
ISO/IEC 27001 sets out the requirements for establishing, managing, documenting and continuously improving an Information Security Management System (ISMS) using a risk management approach. Implementers are mandated to identify, analyse and evaluate risks and reduce these to an acceptable level. Contingencies for treating these risks are selected from over 130 controls defined by the standard. These cover a range of areas where information security could be compromised, and focus on the preparation of adequate policies and procedures, and documentation of processes. The standard mandates that a compliant ISMS will: demonstrate management commitment through provision of resource, competent staff and training; undergo internal audit and management reviews; and undertake to continually improve effectiveness.
Standards Developing Organisations
Rights
No information
Lifecycle Actions
- Access, Use and Reuse
- Store
Standard Framework
- Digital Archive Standards
Standard Type
- Security Standards
Current Version
- 2005 - ISO/IEC 27001: Information Technology - Security Techniques - Information Security Management Systems - Requirements [external]
- Full text available for purchase from ISO.
Further Information
- Wikipedia entry for ISO/IEC 27001 [external]
Alternative Current Versions
None.
Previous Version
- 2002 - BS 7799-2: Information Security Management. Specification with Guidance for Use
- Superseded and withdrawn
Referenced Standards
- ISO/IEC 27002:2005, Information Technology - Security Techniques - Code of Practice for Information Security Management