ISO/IEC 27001, part of the growing ISO/IEC 27000 series of standards, is an information security management system (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electro-technical Commission (IEC). Its full name is ISO/IEC 27001:2005 – Information technology – Security techniques – Information security management systems – Requirements, but thankfully, it is more commonly known as “ISO 27001”.
This certification is intended to be used in conjunction with ISO/IEC 27002, the industry’s list of best practices for Information Security Management, which lists security control objectives and recommends a range of specific security controls. Organizations that implement an ISMS in accordance with the best practice advice in ISO/IEC 27002 are likely to simultaneously meet the requirements of ISO/IEC 27001, but certification is entirely optional.
There are eleven (11) main themes relating to ISO 27002. They are:
1. Security policy
2. Organization of information security
3. Asset management
4. Human resources security
5. Physical and environmental security
6. Communications and operations management
7. Access control
8. Information systems acquisition, development and maintenance
9. Information security incident management
10. Business continuity management
Our team of consultants, composed of lead auditors and lead implementors, can assist you every step of the way to ensure that your journey is a success and that your company receives the certification.
To have a look t what the ISO 27001 certificate looks like, click here.
If you are looking to certify your business, start off on the right foot and call Virtual Guardian and ask for a free evaluation today!
For further information, feel free to contact us.