The Business Standards Encyclopedia: ISO 27001

ISO 27001

ISO 27001 began its life as a BSI standard: BS7799-2. This was a mature standard, first published in 2002, with recognized certification scheme in place, and was widely implemented internationally. The ISO 27001 document was basically an update of this standard, and first appeared in 2005.

ISO 27001 Contents

The full title of the standard is the rather long-winded: "Information technology. Security techniques. Information security management systems. Requirements". It is intended to cover all types of organization. Its contents are as follows:

Normative references
Information security management system
Management responsibility
Internal ISMS audit
Management review
ISMS improvement
Annex A: Control objectives and controls
Annex B: OECD principles and this International Standard
Annex C: Correspondence between ISO 9001, ISO 14001 and ISO 27001

Related Standards

Whilst ISO 27001 is the standard against which third party certification is available, it is complimented by a range of other standards. The most notable is ISO 27002, formerly known as ISO 17799. This is a code of practice containing hundreds of selectable security controls.

Internet Sources
Swiss Association for Standardization.

ISO 27001 can be purchased online and downloaded from the SNV:
Standards Online Shop

The ISO 27000 Toolkit

The standard is included with various support documents in the:
ISO 27000 Toolkit

2007 (c) All rights reserved.    │   Home   │   Email