 DAS
CERTIFICATION LTD |
||
|
Main menu Next Page |
||
About ISO 27001
ISO 27001 provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security
Management System (ISMS).
The adoption of an ISMS should be a strategic decision for an organization.
The design and implementation of an organization’s ISMS is influenced by their needs and objectives, security requirements, the processes employed and the size and structure of the organization. These and their supporting systems are expected to change over time. It is expected that an ISMS implementation will be scaled in accordance with the needs of the organization, e.g. a simple situation requires a simple ISMS solution.
ISO 27001 covers all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations). And specifies the
requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving documented ISMS within the context of
an organization’s overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual
organizations or parts thereof.
The ISMS is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to
interested parties.