What is ISO/IEC 27001 about?

  ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. BS EN ISO/IEC 27001:2017 also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. Note: Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to ISO/IEC 27001.  

Who is ISO/IEC 27001 for?

  ISO/IEC 27001 on information security management systems is useful for:

• All organizations

 

Why should you use ISO/IEC 27001?

  The information security management system preserves the confidentiality, integrity, and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed. It is important that the information security management system is part of and integrated with the organization’s processes and overall management structure and that information security is considered in the design of processes, information systems, and controls. It is expected that an information security management system implementation will be scaled in accordance with the needs of the organization.   ISO/IEC 27001 provides requirements for establishing, implementing, maintaining, and continually improving an information security management system. The adoption of an information security management system is a strategic decision for an organization. The establishment and implementation of an organization’s information security management system are influenced by the organization’s needs and objectives, security requirements, the organizational processes used, and the size and structure of the organization. All of these influencing factors are expected to change over time.