Information Security Management System
ISO 27001
ISO 27001 international standard was published in October 2005 to replace BS7799-2 standard. It is a technical standard for Information Security Management System (ISMS).
Organisations which have adopted ISO/IEC 27001 must be formally audited to demonstrate conformance with the standard. The objective of the standard is to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving information security under explicit management control. The design and implementation of security controls are subjected to the organisation’s needs, objectives and security requirements.
ISO/IEC 27001 requires that the management to:
- Systematically examine the organisation’s information security risks, taking account of the threats, vulnerabilities and impacts;
- Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and
- Adopt an overarching management process to ensure that information security controls continue to meet the organisation’s information security needs on an ongoing basis via internal audits.
For more information, email us at enquiry@gicg.co.uk and state your query.