ISO 27001:2013 (Information Security Management System)
What is ISO 27001?
ISO/IEC 27001:2013 encompasses all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2013 defines the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It designates requirements for the effectuation of security controls tailor-made to the demands of individual organizations or parts thereof.
ISO/IEC 27001:2013 is contrived to ascertain the selection of adequate and symmetric security controls that protect information assets and give confidence to interested parties.
ISO/IEC 27001:2013 is intended to be suitable for several different types of use, including the following:
*www.iso.org
ISO/IEC 27001:2013 encompasses all types of organizations (e.g. commercial enterprises, government agencies, not-for profit organizations). ISO/IEC 27001:2013 defines the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It designates requirements for the effectuation of security controls tailor-made to the demands of individual organizations or parts thereof.
ISO/IEC 27001:2013 is contrived to ascertain the selection of adequate and symmetric security controls that protect information assets and give confidence to interested parties.
ISO/IEC 27001:2013 is intended to be suitable for several different types of use, including the following:
- use within organizations to formulate security requirements and objectives;
- use within organizations as a way to ensure that security risks are cost effectively managed;
- use within organizations to ensure compliance with laws and regulations;
- use within an organization as a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met;
- definition of new information security management processes;
- identification and clarification of existing information security management processes;
- use by the management of organizations to determine the status of information security management activities;
- use by the internal and external auditors of organizations to determine the degree of compliance with the policies, directives and standards adopted by an organization;
- use by organizations to provide relevant information about information security policies, directives, standards and procedures to trading partners and other organizations with whom they interact for operational or commercial reasons;
- implementation of business-enabling information security;
- use by organizations to provide relevant information about information security to customers.
*www.iso.org