ISO 27001

ISO/IEC 27001 is the international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).

Core Components

• Context of the Organization - Understanding internal and external factors
• Leadership - Top management commitment and policy
• Planning - Risk assessment and treatment
• Support - Resources, competence, awareness, communication, and documentation
• Operation - Implementing and operating the ISMS
• Performance Evaluation - Monitoring, measurement, analysis, and evaluation
• Improvement - Continual improvement of the ISMS

Annex A Control Domains

• Organizational controls
• People controls
• Physical controls
• Technological controls

Certification Process

• Gap analysis and scoping
• Risk assessment and treatment plan
• ISMS documentation development
• Implementation and awareness training
• Internal audit
• Management review
• Stage 1 audit (documentation review)
• Stage 2 audit (implementation audit)
• Surveillance audits (annual)
• Recertification (every 3 years)