ISO/IEC 27001 is an information security standard, which forms part of the ISO/IEC 27000 family of standards. According to the ISO, the ISO/IEC 27000 family of standards helps organisations keep information assets secure.
ISO/IEC 27001 is published by the International Organization for Standardization and the International Electrotechnical commission under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27. ISO/IEC 27001 specifies a management system that is intended to bring information security under management control and give specific requirements.
The ISO describes ISO/IEC 27001 as a standard that “specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization”. ISO/IEC 27001 is generic and can be applied to all organisations, no matter their size, type or nature.
With experienced auditors in more than 65 countries and across all business sectors, DQS South Africa is your one-stop-shop for business solutions. Our holistic approach integrates assessments, audits, certifications, inspections and evaluation in order to guide organizations toward sustainable success. Let’s make it happen!
ISO 27001 makes use of a six-part planning process:
- Define a security policy.
- Define the scope of the ISMS.
- Conduct a risk assessment.
- Manage identified risks.
- Select control objectives and controls to be implemented.
- Prepare a statement of applicability.
Certification to ISO/IEC 27001
Certification to ISO/IEC 27001 is possible but not obligatory. Organisations may choose to implement the standard in order to benefit from the best practice it contains while others gain certification to reassure customers and clients that the standards recommendations have been followed.
The ISO 27000 family also includes the following standards:
- 27003 – implementation guidance.
- 27004 – an information security management measurement standard
- 27005 – an information security risk management standard.
- 27006 – a guide to the certification or registration process for accredited ISMS certification or registration bodies.
- 27007 – ISMS auditing guideline.
Ultimately, ISO/IEC 27001 provides the basis for the effective management of sensitive or confidential information, as well as the implementation of information security controls.
DQS is committed to sharing up to date, relevant news. For more information about training, standards or the certification process, please contact DQS. DQS South Africa is your local business solutions partner, offering solutions that work for your sector. We form part of an international network dedicated to ensuring compliance and business conformity. For any questions about our services or to contact us, please visit dqs.co.za.