What is ISO/IEC 27001?
ISO/IEC 27001 is an international standard on information security management systems (ISMS), providing requirements for organizations of any size and kind to manage the security of its assets, such as proprietary data, third party information, financial information, intellectual property, and employee information. ISO 27001 standard provides a framework for policies and procedures that include all legal, physical, and technical controls involved in an organization’s information risk management processes. This standard specifies the requirements for designing, implementing, maintaining and continually improving an information security management system within the context of the organization.
ISO 27001 standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements are generic and are intended to be applicable and scalable to all organizations, regardless of type, size or nature.
Who should comply with the ISO/IEC 27001?
As a highly sought-after ISMS standard, many companies realize the benefits of being ISO 27001 certified. With this globally recognized information security management standard certification, your organization will show that you value the data and information that you generate, handle, process, and store. Companies that are in sensitive and critical sectors as well as those in competitive environments and seeking opportunities in regulated industries should consider full compliance. By being certified or compliant with ISO 27001, your organization will
What are the Components of ISO/IEC 27001?
ISO 27001:2013 has 14 domains of controls, as provided below, and 114 control requirements under these domains. However, not all of these controls are mandatory in order to be ISO 27001 certified by the accredited registrar. Organizations can choose for themselves which controls they find applicable and implement only those that are applicable:
Don’t try to manage it all alone! Linqs has extensive experience in ISO compliance and operations.
We can assist you with training, developing your policy and procedures, and help establishing your information security management system compliant with the ISO 27001.