What is ISO 27001?
ISO/IEC 27001, is an information security management standard jointly-published by the International Organization for Standardisation, and the International Electrotechnical Commission. ISO 27001, structures how businesses should manage risk associated with information security threats; including policies, procedures and staff training.
Defined within the ISO 27001 standard are information security guidelines, requirements intended to protect an organisation’s data assets from loss or unauthorised access and recognised means of demonstrating their commitment to information security management through certification.
ISO 27001, includes a risk assessment process, organisational structure, Information classification, Access control mechanisms, physical and technical safeguards, Information security policies, procedures, monitoring and reporting guidelines.
Disclaimer
Organizations are not required as a matter of law to comply with this tool, unless legislation, or a direction given under legislation or by some other lawful authority, compels them to comply. This tool does not override any obligations imposed by legislation or law. Furthermore, if this tool conflicts with legislation or law, the latter takes precedence.