The ISO 27001 Log

Welcome To The ISO 27001 Journal

ISO 27001 was published late in 2005, basically as an update to BSI standard BS 7799-2. It's full title is: "Information Technology - Security Techniques - Information Security Management Systems - Requirements". As this suggests, it is a specification for an ISMS.

The ISO 27001 standard is intended to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving and ISM system. The standard adopts a process approach to achieve this end. This encourages its users to emphasize the importance of: understanding the organization's security requirements (and the need to embed policy); implementation of controls to address security risks in the context of business risk; monitoring and reviewing of the effectiveness of the ISMS; and metric driven continual improvement. It embraces the PDCA model (also known as the Deming Cycle or Shewhart cycle).

It is against ISO 27001 that formal third party certification is available. There is also a specific route for those previously certified against BS7799-2. The standard itself is designed to cover all types of organizations, and aligns with ISO 9001 ans ISO 14001.



About Us

  • This is section of the W3 Journal is intended to define the various frameworks associated with IT Governance. It will be updated periodically, as information becomes available as as new articles are complated. Contributions are welcome, via the contact page linked to above.

Powered by W3 Journal