ISO 27001

From IDESG Wiki
Jump to navigation Jump to search

Title: ISO/IEC 27001:2013 Information technology -- Security Techniques -- Information security management systems -- Requirements (ISO 27001)


Category: Security


Date: 2013-09-25


Creator: International Organization for Standardization (ISO)


URL: www.iso.org


Description: ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature. The ISO 27000 family of standards helps organizations keep information assets secure. Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties. ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).


Privacy: If ISO 27001 is used to implement the ISMS, the ISMS would satisfy the requirements for protection of information, including confidentiality measures.


Security: A commonly used standard used for online systems. If ISO 27001 is used to implement the ISMS, the ISMS would satisfy the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.


Interoperability: Due to widespread adoption of ISO 27000 series standards, ISO 27001 appears in many regulations in many industries.


Terms: