ISO/IEC 27001 is an information security standard, part of the ISO/IEC 27000 family of standards, of which the last version was published in 2013, with a few minor updates since then.
An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process.
It can help small, medium and large businesses in any sector keep information assets secure.
ISO/IEC 27001 is an information security standard, which forms part of the ISO/IEC 27000 family of standards. According to the ISO, the ISO/IEC 27000 family of standards helps organisations keep information assets secure.
ISO/IEC 27001 is published by the International Organization for Standardization and the International Electrotechnical commission under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27. ISO/IEC 27001 specifies a management system that is intended to bring information security under management control and give specific requirements.
The ISO describes ISO/IEC 27001 as a standard that “specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization”. ISO/IEC 27001 is generic and can be applied to all organisations, no matter their size, type or nature.
This Self-Assessment gives opportunity to check your current Information Security management system and determine Gaps.
ISO 27001 makes use of a six-part planning process:
- Define a security policy.Define the scope of the ISMS.
- Conduct a risk assessment.
- Manage identified risks.
- Select control objectives and controls to be implemented.
- Prepare a statement of applicability.
Certification to ISO/IEC 27001 is possible but not obligatory. Organisations may choose to implement the standard in order to benefit from the best practice it contains while others gain certification to reassure customers and clients that the standards recommendations have been followed.
Ultimately, ISO/IEC 27001 provides the basis for the effective management of sensitive or confidential information, as well as the implementation of information security controls.
To learn more about registration on the portal, watch this YouTube introduction video