ISO 27001 (formerly BS7799) is recognized as the standard for information security management. It provides a framework to minimize the threats to information and communication technology assets and the business.
Most organizations already have a number of information security policies and controls in place, yet, these tend to be fragmented and are often based on generic threats or past security incidents.
A formal Readiness Assessment is not a requirement of certification to the ISO/IEC 2700 Standard but it can be helpful in assisting your organization to prepare for initial certiﬁcation.
The intention of the assessment is to save the organization time and money by identifying deficiencies in its Information Security Management System (ISMS) before seeking Certification to the ISO/IEC 27001 Standard.
-ISO 27001 survey
Regulation type: Standards
Governing body: ISO does not perform certification. Organizations looking to get certified to an ISO standard must contact an independent certification body.
Purpose: ISO 27001 was developed to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.”
ISO 27001 uses a risk-based approach and is technology agnostic. The specification defines a six-part planning process:
Certified compliance with ISO/IEC 27001 by an accredited and respected certification body is entirely optional but is increasingly being demanded from suppliers and business partners by organizations that are (quite rightly!) concerned about the security of their information, and about information security throughout the supply chain or network.