Skip to main content

ISO 27001

ISMS Requirements

What Is ISO 27001?

The international standard ISO/IEC 27001 is part of the ISO 27000 series of standards and is based on the British Standard BS7799. In 2005, it was published as an ISO standard by Joint Technical Committee JTC1 established by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its official title is "Information technology – Security techniques – Information security management systems – Requirements".

ISO 27001 contains recommendations and controls for establishing an Information Security Management System (ISMS), covering topics such as the introduction of an ISMS process, risk management, and selection of security controls. ISO 27001 specifies requirements an organisation needs to meet using adequate security mechanisms. These mechanisms, in turn, are to be adapted to the company's individual circumstances. ISO 27001 is the only certifiable standard of the ISO 27000 series; all related publications serve exclusively as supplements since they provide either guidelines for practical implementation or industry-specific adjustments to the ISO 27001 requirements. For more information, please refer to our overview.

ISO 27001: Topics and Content

ISO 27001 covers the following topics:
  • ISMS requirements
  • ISMS development
  • Documentation requirements
  • Management responsibility
  • Monitoring the ISMS process
  • Optimising the ISMS process
  • Generic security controls
Appendix A defines specific security controls. They are classified as follows:
  • General guidelines on information security
  • Organisational structures
  • Responsibility for and classification of information assets
  • Human resources security
  • Physical and environmental security
  • Network and operational security
  • Access control
  • System development and maintenance
  • Security incident handling
  • Business continuity
  • Compliance with internal and legal requirements

ISO 27001 Benefits

An ISO 27001 oriented or certified ISMS offers the following benefits:
  • Ensure process stability – Reliable information availability guarantees smooth operations.
  • Meet requirements – ISO 27001 helps you comply with legal regulations regarding confidentiality and integrity.
  • Increase client confidence – An ISO 27001-compliant ISMS meets your clients' privacy expectations.
  • Avoid losses – Reduce the frequency and impact of security incidents and, in doing so, your operating losses.
  • Provide and protect information – Processes in line with ISO 27001 ensure smooth information exchange while protecting your data and assets.

ISO 27001 in Your Organisation

Are you interested in implementing ISO 27001 in your organisation? Please refer to our overview to find out which other standards from the ISO 27000 series are relevant for you. Our project procedure describes how plan42 supports you during implementation. Do you have any further questions? Please feel free to contact us.