ISO/IEC 27001 is an internationally recognized standard for managing information security. Published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), it specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). The aim of this standard is to help organizations make the information assets they hold more secure.
ISO/IEC 27001 is an international standard for information security management systems (ISMS), published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It specifies a management system that is intended to bring information security under explicit management control. Being a formal specification means that it mandates specific requirements, and organizations that adopt ISO/IEC 27001 can be formally audited and certified compliant with the standard.
ISO/IEC 27001 requires organizations to assess the risk to their information assets and implement appropriate security measures to address these risks. This process is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties, especially customers. The standard adopts a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an organization’s ISMS.
This standard is part of the broader ISO/IEC 27000 family of standards, which are all dedicated to information security management, and is the cornerstone standard of the group that defines the requirements for an ISMS.