ISO /IEC 27001
ISO/IEC 27001 is essential for all types of organisations such as commercial enterprises, government agencies, NGOs. It specifies the requirements for:
- establishing
- implementing
- operating
- monitoring
- reviewing
- maintaining
- improving
a documented Information Security Management System within the context of the organisation's overall business risks. It specifies requirements for the implementation of security controls tailored to the needs of individual organisations.
ISO/IEC 27001 is considered to guarantee the selection of adequate and objective security controls that protect information property and give confidence to interested parties.
ISO/IEC 27001 is intended to be appropriate for numerous different types of use
- use inside organisations to create security requirements and aims
- use inside organisations as a way to guarantee that security risks are cost effectively managed
- use inside organisations to ensure compliance with laws and regulations
- use inside an organisation as a process structure for the implementation and administration of controls to ensure that the specific security objectives of the organisation are met
- designation of new information security management processes
- classification and explanation of existing information security management processes
- use by the management of organisations to determine the status of information security management activities
- use by the internal and external auditors to determine the extent of compliance with the policies and standards adopted by the organisation
- use by any organisations to offer relevant information about information protection policies, standards and procedures to business partners and other organisations with whom they interact
- implementation of business- facilitating information protection
- use by organisations to provide relevant information about information security to customers.