You know you need an Information Security Management System (ISMS) — Your organization uses computers and networking is a fact of life. Once you’re on the grid, face it — You’ll vulnerable to data breaches. Don’t ignore the liability this brings! The ISO/IEC 27000 series was developed to help people just like you. Now the new 2nd Edition of ISO/IEC 27001 gives you specific recommendations for establishing an ISMS, monitoring its performance, and making continuous improvements over time.
Titled “Information technology – Security techniques – Information security management systems – Requirements,” the new revision updates the obsolete First Edition from 2005. If you’ve already used this document, the new edition gives you greater flexibility on how to meet its requirements. You’ll also get a streamlined approach to effective risk management. And in alignment with ISO and IEC goals, there is easier integration with the ISMS protocol and that of other management system schemes.
What’s in the standard? Of course you’ll find the usual introduction, scope paragraph, referenced documents and terms and definitions. Then the standard reviews the overall context of security in terms of the organization itself, it’s customer base (as well as other interested parties), and how the scope of the effort is determined.
A review of the following areas completes the technical content of the standard:
- Leadership
- Planning
- Support
- Operation
- Performance evaluation
- Improvement
Finally the 30-page document has an Annex A which covers the “Reference control objectives and controls.” Annex A’s table defines 14 areas considered to be control objectives, along with specific requirements and the controls that support those norms. This provides the structure that is reviewed in more detail in the ISO/IEC 27002 document that has just been updated as well. My companion blog on ISO/IEC 27002 2013 Edition today has more information on this.
You’ll use ISO/IEC 27001 to apply risk management to the preservation of confidentiality, integrity and information access that is essential to doing business in this wired world. And it is the foundation document for achieving ISO/IEC 27001 certification as well.
Get your copy of this new revision from Document Center Inc. at our webstore, www.document-center.com. Or contact us by phone (650-591-7600), fax (650-591-7617) or email (info@document-center.com). As an authorized dealer of the ISO and IEC standards, we can provide you this document in either paper format or as a pdf download. You’ll have the confidence that you’re using the latest information and we’ll keep you informed of any changes in the future as well.
Make us your Standards Experts!
