What is ISO 27001?
ISO 27001 is the formal standard against which organizations may seek independent certification of their Information Security Management Systems (meaning their frameworks to design, implement, manage, maintain and enforce information security processes and controls systematically and consistently throughout the organizations). The standard covers all types of organizations (e.g. commercial enterprises, government agencies and non-profit organizations). It specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISM within the context of the organization’s overall risk management processes. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.
