I F C
ISO 27001 Information Security Management Systems
Information Security Management System is a management system for the protection of information assets and to give confidence to interested parties, especially customers. This standard adopts a process approach to create, implement, operate, monitor, review, maintain and develop the Information Security Management System. It can be applied to all organizations, large and small, from anywhere in the world.
ISO/IEC 27001 is the only auditable international standard that defines the requirements for an Information Security Management System. This standard is designed to ensure the selection of adequate and proportionate security controls , which is particularly necessary in areas where the protection of information is of paramount importance, such as the finance, health, public and Information Technology sectors. It is a management standard that can give customers the assurance that their information is protected.
For the ISO 27001 certificate, institutions and organizations must first establish and implement systems according to the ISO 27001 Information Security Management System standard. ISO 27001 Information Security Management System requires organizations to prepare risk management and risk processing plans, duties and responsibilities, business continuity plans, emergency incident management procedures and to keep records of them in practice.
Companies that establish systems according to the ISO 27001 Information Security Management System standard are required to have audits from internationally recognized organizations accredited for ISO 27001 Information Security Management System and to pass these audits successfully.