ISO/IEC 27001 Certification
ISO/IEC 27001 is an international standard that provides the basis for effective management of confidential and sensitive information, and for the application of information security controls.
It enables organizations to demonstrate excellence and prove best practice in Information Security management. Conformance with the standard requires commitment to continually improve control of confidential and sensitive information, providing reassurance to sponsors, shareholders and customers alike.
Re-released in 2013, ISO/IEC 27001 builds upon established foundations as the most widely recognized international standard specifically aimed at information security management. The adoption of an Information Security Management System (ISMS) is a strategic decision driving the coordination of operational security controls across all of the organization’s electronic and physical information resources.
The standard can be integrated with other management system framework standards, such as the quality standard ISO 9001 and ISO/IEC 20000 for IT service management.
ISO/IEC 27001 provides a model to establish, implement, maintain and continually improve a risk-managed ISMS. The design and implementation of the management system is tailored to the organization’s objectives, information assets, operational processes and governing legal and regulatory security requirements.
ISO/IEC 27001 is the formal specification and defines the requirements for an ISMS. It includes:
- ISMS planning, support and operational requirements
- Leadership responsibilities
- Performance evaluation of the ISMS
- Internal ISMS audits
- ISMS improvement
- Control objectives and controls.
View/download our ISO/IEC 27001 Certification Overview Leaflet.