ISMS standards overview

ISO/IEC 27001 is a management standard, and specifies requirements for establishing, implementing, maintaining and continuously improving an Information Security Management System (ISMS).

First and foremost, a management system is a management method, a way to manage information security. It is therefore a management capability, albeit supported by documented information and technology. Being predicted on risk management, ISO/IEC 27001 provides an excellent basis on which to build the management controls necessary to achieve an organisation’s mission, to manage risk, to assure effective control and to seek improvements where appropriate.  An ISMS forms part of an organisation’s internal control system.

ISO/IEC 27002 is a code of practice for information security management. The 2013 version provides guidance on 114 information security controls structured under 14 major headings. As well as giving detailed guidance for computers and networks,the standard also provides guidance on security policy, staff security awareness, business continuity planning, and legal requirements. There are other standards in the 27000 series that provide additional guidance for controls appropriate to particular market sectors and services.

The ISMS standards are particularly pertinent to corporate governance in an "e-biz" context, where risk management not only has to contend with the usual risks of doing business but also with rapidly changing IT/Internet risks and multiple legal jurisdictions. Thus the standards explain how to address the all-to-common and often devastating business impacts caused by viruses, web-site outages, improper disclosure of customer account details and incorrect pricing information.

A growing number of politicians and leaders of industry are now recognising the importance of these standards. Businesses, notably throughout Europe and Asia, who have a desire to flourish in the Information Age are already taking advantage of ISMS.  


Click on the following for further details:

In order to buy a copy of the standards, please contact BSI Customer Services by telephone at (+44) 20 8996 7555 or go to http://shop.bsigroup.com/ .