ISO 27001: Introduction
What is ISO 27001?
ISO 27001 is the only information security standard that is recognized across the globe. ISO/IEC 27001 deals with information security management and its purpose is to provide requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). The ISMS preserves the confidentiality, integrity, and availability of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed. ISO is an independent, non-governmental international organization with a membership of 161 national standards bodies. It brings together experts to share knowledge and develop voluntary, consensus-based, market relevant international standards that support innovation and provide solutions to global challenges.
Why is ISO 27001 important?
It’s the gold standard for information security management and can be used in any vertical. It’s not a one-size-fits-all approach, either. Its implementation is customized for each organization to treat their particular risks. It also provides a governance framework so that client can manage both their security and compliance risk. It also opens the door for business with organizations that recognize this standard, particularly international organizations and transnationals.
What is the Structure of the Standard?
We want to take you through each individual section and discuss how you can apply it to your organization.
- Introduction – Explain what ISO 27001 is designed to do
- Scope – Establish scope
- Normative References – The technical standard cannot be fully utilized with this section
- Terms and Definitions – The technical standard cannot be fully utilized with this section
- Context of Organization – Understanding the organization and its content
- Leadership – Top management expresses commitment to and authority over ISMS and policies
- Planning – Make sure you have the right process in place to address risk and opportunities
- Support – Resources, competences, awareness, and communication for ISMS
- Operation – Maintain documentation to show that plans have been carried out
- Performance Evaluation – Monitoring, analysis, internal audit, management review
- Improvement – Corrective action, continue cycle of improvement (plan, do, check, act)
Listen to the full webinar to see our roadmap to ISO 27001 compliance, to learn all our takeaways and gain some resources to determine if ISO Certification is right for your organization. Listening to the entire session will also teach you about Annex A, ISO as a whole, the history of ISO 27001, and the ISO 27000 family.