ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes.
ISO 27001 Standards Includes:
Before embarking on an ISO 27001 certification attempt, all key stakeholders within an organization should become very familiar with how the standard is arranged and used. ISO 27001 is broken into 12 separate sections:
1. Introduction – describes what information security is and why an organization should manage risks.
2. Scope – covers-high-level requirements for an ISMS to apply to all types or organizations.
3.Normative References – explains the relationship between ISO 27000 and 27001 standards.
4.Terms and Definitions – covers the complex terminology that is used within the standard.
5.Context of the Organization – explains what stakeholders should be involved in the creation and maintenance of the ISMS.
6. Leadreship – describes how leaders within the organization should commit to ISMS policies and procedures.
7. Planning – covers an outline of how risk management should be planned across the organization.
8.Support – describes how to raise awareness about information security and assign responsibilities.
9. Operation – covers how risk should be managed and how documentation should be performed to meet audit standards.
10. Performance Evaluation – provides guidelines on how to monitor and measure the performance of the ISMS.
11. Improvement – explains how the ISMS should be continually updated and improved, especially following audits.
12. Reference Control Objectives and Controls – providing an annex detailing the individual elements of an audit.
Exsolution’s consultants are experts in assessing the pre-installed ISMS of an organisation and will be able to conceive, according to the resources that your company has, an effective ISMS that will give you the biggest chance for the successful completion of an ISO 27001 Audit.