Consultancy Services

Home / Consultants

ISO 27001:2013 - Information security management

ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization’s information risk management processes.

IX-Part Planning Process:

According to its documentation, ISO 27001 was developed to provide a model for establishing, maintaining and improving an information security management system. ISO 27001 uses a top down, risk-based approach and is technology-neutral.

The specification defines a six-part planning process:
  • Define a security policy.
  • Define the scope of the ISMS.
  • Conduct a risk assessment.
  • Manage identified risks.
  • Select control objectives and controls to be implemented.
  • Prepare a statement of applicability.

The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. The standard requires cooperation among all sections of an organization.