ISO 27001
ISO 27001 is an Information Security Management System standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).ISO 27001 formally specifies a management system that is intended to bring information security under explicit management control.
ISO 27001 requires that management:
- Systematically verifies organization's IT risks, taking account of the threats, vulnerabilities and impacts
- Designs and implements a coherent and comprehensive suite of information security controls and/or other forms of risk management
- Adopts an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an permanent basis
Usually the ISO 27001 is used together with ISO 27002.
