Thursday, March 5, 2015

ISO 27001 Series of Standards

The ISO/IEC 27000 series consists of information security standards published by the International Standards Organization (ISO) and the International Electrotechnical Commission (IEC). The series is designed to provide best practices on information security management based on the risk assessment and to recommend controls within the context of an organization to enable it to implement an Information Security Management System (ISMS).
Since technology and business environments are continuously evolving , the older standards are revised and new standards are developed to address the evolving business landscape. 

At present there are 33 published standards are under the umbrella of 27001 family. However ISO/IEC 27001 is the only certifiable standard against which an organization's Information Security Management System (ISMS) can be audited and certified by an accreditation body. (ISO/IEC 27001:2005 and ISO/IEC 27002:2005 are not included here , considering they are now obsolete after release of new versions).

 All the other standards in the ISO 27000 family are codes of practice which provide non-mandatory best-practice guidelines published and released to support the ISMS based on ISO/IEC 27001. 

The other 27000 series standards are not mandatory and adopting those is at the sole discretion of the organization.

A list of published standards is available at ISO.
About 33 standards have been released and many more in development phase.

No comments: