The ISO 27001 is part of the Information Security Management System standard that was originally published in October of 2005. The standard organizes information security and puts it under the explicit control of management. It requires management to systematically evaluate their security risks, including any security vulnerabilities and treats. They also must design and implement controls that address any vulnerability that is listed as unacceptable, and they must implement a management system that ensures all security controls meet the organizations needs over time. There is a three stage audit process that all information security management systems must pass before accreditation is given.
1 Comment
|