Standard: ISO/IEC 27001: 2005
Subject: Information Security Management System (ISMS)
Author: International standards Organisation (ISO)
ISMS – ISO 27001 is an accredited standard for management compliance. The standard applies to any organisation of any size, nature of business can adopt the requirements and seek a formal certification.
Trends in adaptation
ISO 27001 has seen widespread adaptation since 2005. Almost all industry sectors has used ISO 27001 to demonstrate compliance especially those that seek a formal certification.
The standard is divided into management system controls and annexure controls – also known as detail controls.
Management System Controls (Clause 4 to 8)Clause 1 - Scope
Clause 2 – Normative references
Clause 3 – Terms and definitions
Clause 4 - Information Security Management System
Clause 5 – Management responsibility
Clause 6 – Internal ISMS Audits
Clause 7 – Management review of the ISMS
Clause 8 – ISMS Improvement
Annexure Controls (11 domains 39 control objectives and 133 controls)
Key business benefits
Organizations seeking to demonstrate compliance to information security would use the standard to demonstrate their commitment to the security processes mentioned.
Information is anything which has business value. Information security is protection of confidentiality, integrity and availability (CIA). ISO 27001 provides a framework based on organizations’ asset and risk appetite the degree of control implementation requirement. Not all the 133 controls apply to all organizations however the degree of implementation varies between organizations.