International Association of Asian and European Industries LLC

• Home
• About IEI
  • What We Do
  • Corporate Policy
  • Who We Are
  • How We Work
  • Our Name
  • Organizational Chart
  • IEI & Consumer
  • Privacy Policy
• Services
  • Standards
    • ISO 9001:2008
    • ISO 14001:2004
    • OHSAS 18001:2007
    • ISO 10002:2004
    • ISO 22000:2005
    • HACCP
    • ISO/TS 16949:2009
    • ISO/IEC 27001:2005
    • ISO/TS 29001:2010
    • ISO/IEC 17020:2012
    • ISO 50001:2011
    • ISO 11161:2007 (IMS)
    • ISO 20022:2013
      • ISO 20022-1:2013
      • ISO 20022-2:2013
      • ISO 20022-3:2013
      • ISO 20022-4:2013
      • ISO 20022-5:2013
      • ISO 20022-6:2013
      • ISO 20022-7:2013
      • ISO 20022-8:2013
    • ISO/IEC 17025:2005
    • ISO 15189:2012
    • ISO 10668:2010
    • ISO/IEC 16513:2005
    • CE
    • FDA
    • ISO 13485:2003
  • Industrial Consultation
  • Monitoring
    • Profile
    • Vision
    • Values
    • Expertise
      • Industries
      • Themes
  • Financing
    • Domain
  • Academic
    • Honorary Degrees
    • Charges
    • Procedure
  • Certification Process
• Accreditation
  • Details
    • What is Accreditation
    • Benefits
      • Accreditation & Global Trade
      • Direct Benefits
      • Value of the Mark
  • Application
    • Introduction
    • The Route to Accreditation
    • Accreditation Standards
  • Full List of Accredited Bodies
• Membership
  • Terms & Conditions
  • Payment & Fees
  • Cancellation Policy
  • Member Benefits
  • Membership Forum
    • Real Person Membership
    • Organizational Membership
    • Thematic Membership
    • Governmental Membership
• Media
  • Videos
  • News
• Contact Us
  • Contact Details
  • Complaint
    • Making a Complaint
    • Actions to Complete
    • Sending the Complaint
    • Processing the Complaint
  • FAQ
    • Sales Information
    • General Information on IEI
    • International Standards
    • Conformity Assessment & Certification
  • Feedback
  • Specific Enquiries

ISO/IEC 27001:2005

• Standards >
• ISO/IEC 27001:2005

ISO/IEC 27001:2005

ISO/IEC 27001:2005

Information technology -- Security techniques -- Information security management systems -- Requirements

 

ISO/IEC 27001, part of the growing ISO/IEC 27000 family of standards, is an information security management system (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its full name is ISO/IEC 27001:2005 – Information technology – Security techniques – Information security management systems – Requirements.

 

ISO/IEC 27001 formally specifies a management system that is intended to bring information security under explicit management control. Being a formal specification means that it mandates specific requirements. Organizations that claim to have adopted ISO/IEC 27001 can therefore be formally audited and certified compliant with the standard (more below).

 

How the Standard works

Most organizations have a number of information security controls. However, without an information security management system (ISMS), controls tend to be somewhat disorganized and disjointed, having been implemented often as point solutions to specific situations or simply as a matter of convention. Security controls in operation typically address certain aspects of IT or data security specifically; leaving non-IT information assets (such as paperwork and proprietary knowledge) less protected on the whole. Moreover, business continuity planning and physical security may be managed quite independently of IT or information security while Human Resources practices may make little reference to the need to define and assign information security roles and responsibilities throughout the organization.

 

ISO/IEC 27001 requires that management:

. Systematically examine the organization's information security risks, taking account of the threats, vulnerabilities, and impacts;

. Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable; and

. Adopt an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.

 

The key benefits of ISO/IEC 27001 are:

. It can act as the extension of the current quality system to include security

. It provides an opportunity to identify and manage risks to key information and systems assets

. Provides confidence and assurance to trading partners and clients; acts as a marketing tool

. Allows an independent review and assurance to you on information security practices

 

A company may want to adopt ISO 27001 for the following reasons:

. It is suitable for protecting critical and sensitive information

. It provides a holistic, risked-based approach to secure information and compliance

. Demonstrates credibility, trust, satisfaction and confidence with stakeholders, partners, citizens and customers

. Demonstrates security status according to internationally accepted criteria

. Creates a market differentiation due to prestige, image and external goodwill

. If a company is certified once, it is accepted globally.

International Association of Asian and European Industries LLC
Copyright iso-certificate.us 2002, all rights reserved.