ISO 27001

ISO 27001 is the Certification Standard from the International Standards Oganization [ISO] Certification for Information Security Management System [ISMS]. It is based on the internationally accredited British Standard BS7799 that has been in existence for more than a decade and was significantly revised and improved in May 1999.

All organisations trying to follow best practice to design, deploy, run and support ICT security systems should consider an ISMS. ISMS are frameworks with a systematic approach to managing sensitive company information so that it remains secure. It encompasses premises, people, processes and IT systems.

ISO/IEC 27001:2005 is the latest international standard Specification for an ISMS. In October 2005, BS 7799 part 2 was adopted by ISO, its name was changed to be officially released as the new international standard ISO/IEC 27001:2005. ISO 27001 is essentially a direct replacement for BS 7799 part 2. It includes a summary of ISO 27001:2005 controls as an appendix.

The standard covers the following topics:

• Security policy
• Organization of assets and resources
• Asset classification and control
• Personnel security
• Physical and environmental security
• Communications and operations management
• Access control - To control access to information
• Systems development and maintenance
• Business continuity management
• Compliance

It is important to note that not all departments of the organisation must apply for the standard which means that organisation XYZ may be certified for department 1 but not for department 2. When applying for the standard, applicants are asked to confirm where the standard should be applicable for their organisation in the “Statements of Applicability”.

To implement the ISMS according to ISO 27001 in your organisation, consult the Digi-CAST™ Team that use a methodology specifically for ISO 27001 that can expedite your ISO 27001 Certification considerably.