It defines a set of information security management requirements. The official complete name of this standard is ISO/IEC 27001:2013Information technology – Security techniques – Information security management systems – Requirements.
These requirements can be found in the following seven sections:
- Context
- Leadership
- Planning
- Support
- Operation
- Evaluation
- Improvement
According to ISO IEC 27001, you must meet every requirement if you wish to claim that your information security management system (ISMS) complies with this standard.
Benefits of 27001 Information Security Management
- Identify risks and put controls in place to manage or eliminate them
- Flexibility to adapt controls to all or selected areas of your business
- Gain stakeholder and customer trust that their data is protected as Keeps confidential information secure
- Demonstrate compliance and gain status as preferred supplier
- Meet more tender expectations by demonstrating compliance
- Provides customers and stakeholders with confidence in how you manage risk
- Allows for secure exchange of information
- Allows you to ensure you are meeting your legal obligations
- Helps you to comply with other regulations (e.g. SOX)
- Provide you with a competitive advantage
- Enhanced customer satisfaction that improves client retention
- Consistency in the delivery of your service or product
- Manages and minimizes risk exposure
- Builds a culture of security
15. Protects the company, assets, shareholders and directors