What is ISO 27001-2013 Stands for ?
Information is an ASSET which, like other important business assets, has VALUE to an organization and consequently needs to be SUITABLY protected.
“Information Security Management System” is that part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security. ISMS always follows Plan-Do-Check-Act methodology.
- The Plan phase is about designing the ISMS, assessing information security risks and selecting appropriate controls.
- The Do phase involves implementing and operating the controls.
- The Check phase objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS.
- In the Act phase, changes are made where necessary to bring the ISMS back to peak performance
Features of ISMS:
- Adopted PDCA ( PLAN – DO – CHECK – ACT ) Model
- Adopted a Process Approach
- Identify – Manage Activities – Function Effectively
- Stress On Continual Process Improvements
- Scope covers Information Security not only IT Security
- Focused on People, Process, Technology
- Resistance to intentional acts designed to cause harm or damage to the Organisation.
- Combination of Management Controls, Operational Controls and Technical Control.
- Overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve Information security.
- ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS)