ISO 27001 Information Security Management Systems (ISMS)
ISO 27001 is an international information security standard that aims to ensure the confidentiality, integrity and availability of the information of an organization as well as the systems and applications that treat it. This standard has been developed by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC).
The standard defines the environmental factors of the organization, both internal and external and the assets processes of the organization (policies, procedures, processes, etc.), and how an Information Security Management System is planned, implemented, verified and controlled, based on the performance of a risk analysis and the planning and implementation of the response to them for mitigation.
The standard is aligned with ISO 27002, which defines a series of good information security management practices for all those interested and responsible for an ISMS.
Who does it apply to?
ISO 27001 certification applies to any organisation that wishes or is required to formalise and improve business processes around information security, privacy and securing its information assets.