ISO 27001:2013 Consultants
ISO 27001:2013 Information Security Management System (ISMS)
An ISMS (Information Security Management System) provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving the protection of information assets to achieve business objectives based upon a risk assessment and the organization risk acceptance levels designed to effectively treat and manage risks.
The ISO 27001 standard was published in October 2005, essentially replacing the old BS7799-2 standard. It is the specification for an ISMS, an Information Security Management System.It was a long standing standard, first published in the nineties as a code of practice. As this matured, a second part emerged to cover management systems. It is this against which certification is granted. Today in excess of a thousand certificates are in place, across the world.
The objective of the standard itself is to provide requirements for establishing, implementing, maintaining and continuously improving an Information Security Management System (ISMS). Regarding its adoption, this should be a strategic decision. Further, The design and implementation of an organization information security management system is influenced by the organization needs and objectives, security requirements, the organizational processes used and the size and structure of the organization.
The 2005 version of the standard heavily employed the PDCA, Plan-Do-Check-Act model to structure the processes.
ISO 27001:2013 Consultants by State