ISO/IEC 27001:2005 is a third party assessable standard against which organizations can achieve certification. It was revised in 2005 and is based on the plan - do - check - act model in common with ISO 9001 and ISO 14001 and uses risk assessment and business impact analysis to identify and manage risks to the confidentiality, integrity and availability of information.
ISO/IEC 27001:2005 aims to ensure that adequate controls addressing confidentiality, integrity and availability of information are in place to safeguard the information of 'interested parties'. These include your customers, employees, trading partners and the needs of society in general.
The ISO/IEC 27001:2005 standard covers:
- scope
- normative references
- terms and definitions
- information security management system
- management responsibility
- management review of the ISMS
- ISMS improvement
No comments:
Post a Comment