ISO 27001:2005 – Information Security Management System (ISMS)

ISO/IEC 27001/BS 7799 ISMS – Significance

ISO 27001:2005 is an Information Security Management System (ISMS) standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO 27001:2005 standard was published in October 2005. ISO 27001:2005 is based on the BS 7799-2 framework and has added new security controls.

ISMS help organizations to implement Information Security Management System (ISMS) and help them in dealing with complex security requirements of today’s internet worlds.

ISO/IEC 27001 Certification means a value addition to the security measures taken to protect the assets of an organization and as well as of its customers. ISO/IEC 27001 means a formal management system that brings information security under explicit management control. Here Formal specification means that it has certain specific requirements and organization has to fulfill those requirements to have ISO/IEC 27001 Certification. Once an organization adopts ISO/IEC 27001, that organization can be audited formally and certified compliant with the standard.

Most organizations have different security controls implemented. In the absence of a formal standard these controls tend to be somewhat disorganized, disjointed and are more prone to errors and failures. These security controls generally are implemented as solution to specific issues or problems rather than a requirement of the organizational need and control.

ISO/IEC 27001 is a standard that provide a Formal Framework for Security Controls and their Requirements in an Organization.

Following chapters are available in the ISO/IEC 27001 2005 version:

  • Information Security Management System
  • Management responsibility
  • Internal ISMS audits
  • Management Review
  • ISMS improvement

ISO/IEC 27001 2005 version also contains 39 control objectives and 133 controls.

ISO/IEC 27001 is built with the PDCA (plan-do-check-act) Model and a modular approach so that it can be integrated naturally with other ISO standards, like ISO 9001, ISO 14001 and others.

ISO/IEC 27001 – Benefits

  • Internationally recognized standard in all sectors
  • Reduces Security Risks in an organization
  • Act as a proof of security management to Clients and Suppliers
  • Can act as a improvement tool to set up a continuity plan for your operations
  • Can be used in complying with national and international laws

Get ISO/IEC 27001/BS 7799 ISMS Certified

Organizations across the globe want to have ISO/IEC 27001 to examine their Security Controls Implementations for risks and their improvement needs. If you have requirement of ISO/IEC 27001 standard please feel free to contact DQS Certification India.

Please note: ISO/IEC 27001 Certification is provided by the AFNOR Groupe, France.