The Business Standards Encyclopedia: ISO 27001




















ISO 27001


ISO 27001 began its life as a BSI standard: BS7799-2. This was a mature standard, first published in 2002, with recognized certification scheme in place, and was widely implemented internationally. The ISO 27001 document was basically an update of this standard, and first appeared in 2005.



ISO 27001 Contents


The full title of the standard is the rather long-winded: "Information technology. Security techniques. Information security management systems. Requirements". It is intended to cover all types of organization. Its contents are as follows:

Foreword
Introduction
Scope
Normative references
Definitions
Information security management system
Management responsibility
Internal ISMS audit
Management review
ISMS improvement
Annex A: Control objectives and controls
Annex B: OECD principles and this International Standard
Annex C: Correspondence between ISO 9001, ISO 14001 and ISO 27001
Bibliography



Related Standards


Whilst ISO 27001 is the standard against which third party certification is available, it is complimented by a range of other standards. The most notable is ISO 27002, formerly known as ISO 17799. This is a code of practice containing hundreds of selectable security controls.













 
Internet Sources
ISO
SNV
Swiss Association for Standardization.

ISO 27001 can be purchased online and downloaded from the SNV:
Standards Online Shop

Toolkit
TOOLKIT
The ISO 27000 Toolkit

The standard is included with various support documents in the:
ISO 27000 Toolkit







2007 (c) All rights reserved.    │   Home   │   Email  

Standards.BZ