What is ISO 27001 standard?

The ISO 27001 standard provides a framework for implementing an ISMS, safeguarding your information assets while making the process easier to manage, measure, and improve. It helps you address the three dimensions of information security: Confidentiality, Integrity, and Availability. ISO 27001 also specify requirements for the implementation of security controls customised to the needs of individual organisations through establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS).

The design and implementation of an organisation’s ISMS is influenced by their needs and objectives, security requirements, the processes employed and the size and structure of the organisation.

Principles of ISO 27001 standard

ISO 27001 defines how to manage information security through a series of information security management. The ISO 27001 standard is based on the Plan-Do-Check-Act methodology that should be continuously implemented in order to minimise risks to the confidentiality, integrity and availability of information. The phases are as following:

• Plan: Serves to plan the basic organisation of information security, set objectives for information security and choose the appropriate security controls.
• Do: Implement the planned processes.
• Check: Monitor the functioning of the ISMS and measure if the results meet the set objectives.
• Act: Take action to continually improve effectiveness on things that were identified as non-compliant in the previous phase.