Quality Associates, a partner of your SUCCESS.

Contact us by Line ID: isoconsult

Achievement & Sustainability

t: +66(0)889050555

ISO/IEC 27001-Information technology - Security techniques - Information security management systems - Requirements

ISO/IEC 27001 - Overview

ISO/IEC 27001 is a standards for cybersecurity management. It is widelty used and relied upon in the financial industry and other industries for structuring their internal processes. It is also widely used for assessing the cybersecurity capabilities of vendors.ISO/IEC 27001 standard has been prepared to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). The design and implementation of an organization’s ISMS is influenced by their needs, objectives and security requirements. ISO/IEC 27001 is derived from BS 7799 Part 2, first published as such by the British Standards Institute in 1999. BS 7799 Part 2 was revised in 2002, explicitly incorporating the Deming-style Plan-Do-Check-Act cycle. BS 7799 part 2 was adopted as ISO/IEC 27001 in 2005 with various changes to reflect its new custodians. ISO/IEC 27001:2005 was extensively revised in 2013, bringing it into line with the other ISO management systems standards and dropping explicit reference to PDCA. 

ISO/IEC 27001-Benefits

There are numerous benefits of implementing ISO/IEC 27001. These include: 

  • Improved national and global reputation
  • Protected information from getting into unauthorised hands
  • Ensured information is accurate and can only be modified by authorised users
  • Assessed the risks and mitigated the impact of a breach
  • Increased reliability and security of systems and information

ISO/IEC 27001- standard

Keys requirement of ISO/IEC 27001 includes;

  • 0 Introduction - the standard describes a process for systematically managing information risks.
  • 1 Scope - it specifies generic ISMS requirements suitable for organizations of any type, size or nature.
  • 2 Normative references - only ISO/IEC 27000 is considered absolutely essential to users of ’27001: the remaining ISO27k standards are optional.
  • 3 Terms and definitions - see ISO/IEC 27000.
  • 4 Context of the organization - understanding the organizational context, the needs and expectations of ‘interested parties’ and defining the scope of the ISMS. Section 4.4 states very plainly that “The organization shall establish, implement, maintain and continually improve” the ISMS.
  • 5 Leadership - top management must demonstrate leadership and commitment to the ISMS, mandate policy, and assign information security roles, responsibilities and authorities.
  • 6 Planning - outlines the process to identify, analyze and plan to treat information risks, and clarify the objectives of information security.
  • 7 Support - adequate, competent resources must be assigned, awareness raised, documentation prepared and controlled.
  • 8 Operation - a bit more detail about assessing and treating information risks, managing changes, and documenting things (partly so that they can be audited by the certification auditors).
  • 9 Performance evaluation - monitor, measure, analyze and evaluate/audit/review the information security controls, processes and management system, systematically improving things where necessary.
  • 10 Improvement - address the findings of audits and reviews (e.g. nonconformities and corrective actions), make continual refinements to the ISMS.

    News & Update

    ISO 31000:2018 (Risk management) published on 2018-02.It provides a common approach to managing any type of risk and is not industry or sector specific, and, can be used throughout the life of the organization and can be applied to any activity, including decision-making at all levels.

    Aerospace QMS-AS9100/9110/9120 handbook Quality Associates provide a handbook for customers who book our in-house training on AS9100/AS9110/AS9120 course. This handbook is designed for our customers only.

    ISO/TS 22163:2017 Railway applications - Quality management system - Business management system requirements for rail organizations: ISO 9001:2015 and particular requirements for application in the rail sector.