ISO/IEC 27001

The ISO 27001 standard was published in October 2013, essentially replacing the old BS7799-2 standard. It is the specification for an ISMS, an Information Security Management System. BS7799 itself was a long standing standard, first published in the nineties as a code of practice. As this matured, a second part emerged to cover management systems. It is this against which certification is granted.

Information Security Management System (ISMS) provides overall model modifying risk assessment, plan and information security establishment, information security management and information security reassessment.

Proposal and implementation of ISMS in an organisation is conditioned by needs and objectives of organisation activities and resulting requirements for security, used processes, size and structure of an organisation. ISMS ensures appropriate security inspections, adequate information resources security and it provides appropriate safety to customers and to other interested parties.

Ihat are the benefits of modifying the new ISO/IEC 27001 to fit the new high level structure for management system standards

Aligning ISO/IEC 27001 to the new structure will help organizations wanting to implement more than one management system at a time. The similarity in structure between the standards will save organizations money and time as they can adopt integrated policies and procedures.

For example, an organization might want to integrate their information security system (ISO/IEC 27001) with other management systems such as the business continuity management (ISO/IEC 22301), IT service management (ISO/IEC 20000-1) or quality management (ISO 9001).

The organisation declares the assurance of information security management system requirements by certification according to ISO/IEC 27001. A certified organisation is qualified to use a certification mark for certified scopes.