ISO 27001 provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS).
The adoption of an ISMS should be a strategic decision for an organisation.
The design and implementation of an organisation’s ISMS is influenced by their needs and objectives, security requirements, the processes employed and the size and structure of the organization. These and their supporting systems are expected to change over time. It is expected that an ISMS implementation will be scaled in accordance with the needs of the organization, e.g. a simple situation requires a simple ISMS solution.
ISO 27001 covers all types of organizations (e.g. commercial enterprises, government agencies, non-profit organisations). And specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving documented ISMS within the context of an organisation’s overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organisations or parts thereof. The ISMS is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
For more detail, please refer to ISO 27001 brochure.
Great article anyway did you know ISO certified company in the philippines
ReplyDeleteAwesome information and its well written to understand it.keep sharing your informative ideas.
ReplyDeleteISO Training
ISO 14001 Certification in Malaysia
ReplyDeleteISO 22000 Certification in Malaysia
ReplyDeleteThis blog is very useful to me, Thanks for sharing....
ReplyDeleteiso 27001 certification malaysia