I
ISO 27001
An international standard for information security management systems (ISMS), providing requirements for establishing and maintaining security.
What is ISO 27001?
ISO/IEC 27001 is an international standard for managing information security. It provides a systematic approach to managing sensitive company information through an Information Security Management System (ISMS).
ISO 27001 Structure
Main Clauses (4-10): 4. Context of the organization 5. Leadership 6. Planning 7. Support 8. Operation 9. Performance evaluation 10. Improvement
Annex A Controls: 93 controls organized in 4 themes:
- Organizational (37 controls)
- People (8 controls)
- Physical (14 controls)
- Technological (34 controls)
Certification Process
- Gap analysis against requirements
- Implement ISMS and controls
- Internal audit
- Management review
- Stage 1 audit (documentation review)
- Stage 2 audit (implementation verification)
- Certification issued
- Surveillance audits (annual)
- Recertification (every 3 years)
Benefits of ISO 27001
- Demonstrates security commitment
- Meets customer and contract requirements
- Reduces security incidents
- Provides structured approach
- Facilitates compliance with other regulations
- Competitive advantage