Thursday, March 5, 2015

ISO 27001 :2013 Introduction

ISO 27001:2013 is an international standard published by the International Standardization Organization (ISO) and the International Electrotechnical Commission (IEC). ISO 27001:2013 describes how to manage information security in any organization/company/institution or the like. The latest revision of this standard was published on 25th Sep, 2013, is titled as ISO/IEC 27001:2013. 

ISO 27001 can be implemented in any kind of organization/company/institution, profit or non-profit, private or state-owned, small or large. It was written by the world’s best experts in the field of information security and provides methodology for the implementation of information security management in an organization and has been updated to address the requirements of the changed business scenarios.

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. 

This ISO standard is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties

No comments: