You are here
ISO 27001 Implementation
Neural IT is in the process of implementing ISO 27001 standards from April 2013.
ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organsation's information risk management processes.
According to its documentation, ISO 27001 was developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system."
ISO 27001 formally specifies a management system that is intended to bring information security under explicit management control. Being a formal specification means that it mandates specific requirements.
The specific requirements are as follows:
- Security policy.
- Scope of the ISMS.
- Risk assessment.
- Manage identified risks.
- Control objectives and controls to be implemented.
- Statement of applicability.
The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. The standard requires cooperation among all sections of an organisation.