What is ISO 27001?

ISO 27001, abbreviated for ISO/IEC 27001 standard, is part of the growing ISO/IEC 27000 series of standards. ISO 27001 is currently the international best practice standard for information security management systems (ISMS) which was published by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC) in October 2005. The basic objective of the standard is to help establish and maintain an effective information management system, using a continual improvement approach. ISO 27001 sets standards for a broad range of security areas such as:

• Security Policy
• Organization of Information Security
• Asset Management
• Human Resources Security
• Physical and Environmental Security
• Communications and Operations Management
• Access Control
• Information Systems acquisition, Development and Maintenance
• Information Security Incident Management
• Business Continuity Management
• Compliance