ISO/IEC 27001:2005

ISO/IEC 27001:2005 was developed to provide a specification for an ISMS (Information security management system) and the foundation for third-party audits and certifications. It helps companies identify, manage and minimize threats to information. The standard works in tandem with ISO/IEC 17799:2005. Eventually, BS ISO/IEC 27001 will become part of the new ISO/IEC 27000 series. ISO/IEC 27002 and ISO/IEC 27004 will come out in the next few years.

The standard exists so that organisations can launch and maintain effective information management systems, following the concept of continual improvement. It also follows the principles developed by the OECD (Organisation for Economic Cooperation and Development) for security of information and network systems.

ISO/IEC 27001:2005 is broken into the following sections:

  • Introduction
  • Scope
  • Normative References
  • Terms and Definitions
  • Information Security Management System
  • Management Responsibility
  • Management review of the ISMS
  • ISMS improvement.

The standard makes the following suggestions for implementation:

  1. Define and create an information security policy
  2. Determine the scope of the information security management system
  3. Conduct a security risk assessment
  4. Manage the risk you identify
  5. Select controls that need to be implemented and applied
  6. Create an SoA (a "statement of applicability").

ISO/IEC 27001:2005 is synchronized with other management system standards such as ISO 9001 and ISO 14001 and uses the same Plan-Do-Check-Act (PDCA) model found in other standards. ISO/IEC 27001 assures your stakeholders that you adequately address information security within your organisation and that you can deal with information security threats.

ISO/IEC 27001:2005 helps organisations with the following:

  • management direction and support for information security
  • management of information security within the organisation
  • identification of assets and how to protect them
  • reduction of risk due to human error, theft, fraud or misuse of facilities
  • prevention of unauthorised access, damage or interference
  • management of information processing facilities
  • access control
  • securing information systems
  • counteracting the effects of major failures
  • ensuring compliance to laws, regulations and contracts

 

 

OHSAS Services Limited
1A Humberstone Road
Plaistow
London
E13 9NL

Tel: 020 8586 9668
Fax: 020 8586 9668
Mobile: 079 4378 7927
Email: info@ohsas.org.uk


Copyright © 2008 by OHSAS Services Limited. All rights reserved.



 

 

OHSAS Services Limited

Micro TV
Gadgets powered by Google

  
   
  Site Map