ISO/IEC 27001 is an information security standard, part of the ISO/IEC 27000 family of standards, of which the last version was published in 2013, with a few minor updates since then. It is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27. ISO/IEC 27001 specifies a management system that is intended to bring information security under management control and gives specific requirements. Organisations that meet the requirements may be certified by an accredited certification body following successful completion of an audit

Type of content: Assets
Type of asset:
Standard
Phase in the policy cycle:
Agenda Setting
Open license availability
No
Tags: Security by Design Data Governance Privacy

Comments

Standards can be useful only if the employees that get affected by the implementation of a standard, embrace it in the day to day operations. It is important to engage the employees in the new processes so that they do not consider them as extra work, but rather as something that can potentially make processes more automated and easier to track.