ISO/IEC 27001 : 2005
ISO/IEC 27001:2005 (formerly BS 7799 : 2002) is a standard for an information Security Management System.
- It helps identify, manage and minimize the range of threats to which
information is regularly subjected.
- The standard is designed to ensure the selection of adequate and proportionate security controls
that protect information assets and give confidence to Organization's customers and stockholders.
It is suitable for several different types of organizational use, including the following :
- Formulation of security requirements and objectives.
- To ensure that security risks are cost effectively managed.
- To ensure compliance with laws and regulations.
- As a process framework for the implementation and management of controls to ensure that the specific security objectives of an organization are met.
- Identification and clarification of existing information security management processes.
- To be used by management to determine the status of information security management activities.
- To be used by internal and external auditors to determine the degree of compliance with the policies, directives and standards adopted by an organization.
- To provide relevant information about information security policies,directives, standards and procedures to trading partners.
- To provide relevant information about information security to customers.