ISO/IEC 27001:2005
driving worldwide
business excellence

Worldwide Locations

request infoconsulting quotetraining registrationsearch

|home|about us|consulting solutions|training & workshops|software|resource center

> Standards & Methods

 ISO/IEC 27001:2005

ISO/IEC 27001:2005

ISO/IEC 27001:2005 was developed to provide a specification for an ISMS (Information security management system) and the foundation for third-party audits and certifications. It helps companies identify, manage and minimize threats to information. The standard works in tandem with ISO/IEC 17799:2005. Eventually, BS ISO/IEC 27001 will become part of the new ISO/IEC 27000 series. ISO/IEC 27002 and ISO/IEC 27004 will come out in the next few years.

The standard exists so that organizations can launch and maintain effective information management systems, following the concept of continual improvement. It also follows the principles developed by the OECD (Organization for Economic Cooperation and Development) for security of information and network systems.

ISO/IEC 27001:2005 is broken into the following sections:

  • Introduction
  • Scope
  • Normative References
  • Terms and Definitions
  • Information Security Management System
  • Management Responsibility
  • Management review of the ISMS
  • ISMS improvement.

The standard makes the following suggestions for implementation:

  1. Define and create an information security policy
  2. Determine the scope of the information security management system
  3. Conduct a security risk assessment
  4. Manage the risk you identify
  5. Select controls that need to be implemented and applied
  6. Create an SoA (a "statement of applicability").

ISO/IEC 27001:2005 is synchronized with other management system standards such as ISO 9001 and ISO 14001 and uses the same Plan-Do-Check-Act (PDCA) model found in other standards. ISO/IEC 27001 assures your stakeholders that you adequately address information security within your organization and that you can deal with information security threats.

ISO/IEC 27001:2005 helps organizations with the following:

  • management direction and support for information security
  • management of information security within the organization
  • identification of assets and how to protect them
  • reduction of risk due to human error, theft, fraud or misuse of facilities
  • prevention of unauthorized access, damage or interference
  • management of information processing facilities
  • access control
  • securing information systems
  • counteracting the effects of major failures
  • ensuring compliance to laws, regulations and contracts

About IT and Software Quality Systems
Standards ensure quality. Quality is obviously important in information technology, whether it be in hardware, software, or networks. Standardized interfaces, for instance, can allow diverse devices and applications to function together. Standards are also vital to computer security and information privacy. When standards exist, all benefit from advances in electronic and mobile commerce. more...

IT and Software Customers

  • CPI, Inc.
  • EASi International
  • National TechTeam
  • Syntel
  • Compuware
    more...

Sitemap | Privacy Policy | Terms of Use

© 2008 Omnex Inc, USA. All rights reserved
Questions or comments regarding this website: webmaster@omnex.com
Powered By Omnex Communications

This site is designed for Netscape 6x, Internet Explorer 5x, and Mozilla 1x