ISO/IEC 27001

ISO 27001 is a specification for the management of Information Security. It is applicable to all sectors of industry and commerce and not confined to information held on computers. It addresses the security of information in whatever form it is held. The information may be printed or written on paper, stored electronically, transmitted by post or email, shown on films, or spoken in conversation. Whatever form the information takes, or means by which it is shared or stored, ISO 27001 helps an organization ensure it is always appropriately protected.

Download Form    ISO/IEC 27001:2013

ISO/IEC 27001 is the formal set of specifications against which organizations may seek independent certification of their Information Security Management System (ISMS). ISO/IEC 27001 specifies requirements for the establishment, implementation, monitoring and review, maintenance and improvement of a management system - an overall management and control framework - for managing an organization's information security risks. It does not mandate specific information security controls but stops at the level of the management system. Organizations can use ISO 27001 for Interoperability systems or to diverse parties are more likely to fit together if they follow a common guideline. Management can be assured of quality of a system, business unit, or other entity. International standard is often used by management to demonstrate due diligence. Organizations can use ISO 27001 certification as bench marking measure for company's status within their peer community. It can help you in increasing greater security awareness within an organization.