ISO/IEC 27001 - Overview
ISO/IEC 27001 is a standards for cybersecurity management. It is widelty used and relied upon in the financial industry and other industries for structuring their internal processes. It is also widely used for assessing the cybersecurity capabilities of vendors.ISO/IEC 27001 standard has been prepared to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). The design and implementation of an organization’s ISMS is influenced by their needs, objectives and security requirements. ISO/IEC 27001 is derived from BS 7799 Part 2, first published as such by the British Standards Institute in 1999. BS 7799 Part 2 was revised in 2002, explicitly incorporating the Deming-style Plan-Do-Check-Act cycle. BS 7799 part 2 was adopted as ISO/IEC 27001 in 2005 with various changes to reflect its new custodians. ISO/IEC 27001:2005 was extensively revised in 2013, bringing it into line with the other ISO management systems standards and dropping explicit reference to PDCA.