ISO/IEC 27000 family

ISO27001 and the requirement for an Information Security Management System (ISMS)

The International Organisation for Standardisation is an independent, non-governmental organisation with 164 national standards bodies.  Through its members it develops international standards for products, services and systems. The ISO2700 family helps organisations keep information assets secure.  ISO27001 is the most well-known of the family. This sets out the requirement for an Information Security Management System (ISMS).

About ISMS

An ISMS is a systematic approach to managing sensitive company information so that it remains secure.  Management must be able to demonstrate that they continuously identify, examine and manage security risks through the application of appropriate controls.  Company assets that must be considered includes people, processes and IT systems. The standard sets out 14 domains that are broken down in to 114 controls.  The domains are:

  1. Information security policies
  2. Organization of information security
  3. Human resource security
  4. Asset management
  5. Access control
  6. Cryptography 
  7. Physical and environmental security
  8. Operations security
  9. Communications security
  10. System acquisition, development and maintenance
  11. Supplier relationships
  12. Information security incident management
  13. Information security aspects of business continuity management
  14. Compliance; with internal requirements, such as policies, and with external requirements, such as laws

Talk with an Expert

Speak with a solutions expert or architect. Give us a call or leave a message. Our team is ready for your business.

Share this page: