Tweet
The ISO/IEC 27001:2013 standard specifies the requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS) within the context of any given organization. This is part of the ISMS family of standards also known as ISO27k published by the International Organization for Standardization (ISO) and International Electro Technical Commission (IEC).
It is intended to be useful for various different uses such as
It is intended to be useful for various different uses such as
- In place within an organization to formulate security requirements and objectives.
- Identification and clarification of any existing information security management processes.
- In use within organizations as a way to ensure that security risks are cost effectively managed.
- In use by the management of an organization to determine the status of information security management activities.
- In place within an organization to ensure compliance with laws and regulations.
- Aid in implementation of business-enabling information security.
- Assist in defining new information security management processes.
- Used by organizations to provide relevant information about information security to customers.