ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an
ISO 27001 is a standard for an information security management system (ISMS) which falls under the 27000 family series to manage the assets of any organization. An ISMS protects the confidentiality, integrity and availability (CIA) of information assets in an organization. The standard consists of a framework of policies and procedures that encompasses all controls involved in the information risk management procedure. It is a standard for enhancing the information security management system. ISO 27001 utilises a risk-based approach.
ISO 27001 encompasses the following stages :
- Defining your business objectives
- Gain Management Support
- Determine the scope of the ISMS.
- Set the ISMS policy
- Conduct a risk assessment.
- Build a Risk Treatment Plan and Manage the identified risks.
- Identify control objectives and the effectiveness of the controls to be implemented.
- Develop a statement of applicability.
Stages of ISO 27001
The stages of ISO27001 implementation incorporate the commitment of the entire organization towards continual improvement as well as implementing the corrective and preventive actions. The 27001 standard presents a checklist of controls that is to be implemented by the organization in accordance with its risks identified, to ensure the protection of the assets.