ISO/IEC 27001

International Organization for Standardization / International Electrotechnical Commission 27001

• Establishes requirements for an organization´s Information Security Management System (ISMS)
• Determines documentation requirements and management responsibility
• Requires internal audits and managerial review of the ISMS
• Demands ISMS improvement
• Provides controls and control objectives derived from best practices in ISO/IEC 27002

The International Organization for Standardization / International Electrotechnical Commission (ISO/IEC) 27001 is titled, Information technology- Security techniques: Information security management systems- Requirements. This international standard provides both internal and external parties with a standard by which to assess the conformance of an organization to the standard. ISO/IEC 27001 is intended for use in conjunction with ISO/IEC 27002, which lists and recommends a range of security controls and control objectives. ISO/IEC 27001 is used to certify compliance through a two stage auditing process which includes the review of documentation, such as the Security Policy, Risk Treatment Plan, and the Statement of Applicability, and the testing of controls set out in the documentation.