ISO 27001:2005 is an international standard which specifies the requirements for an Information Security Management System (ISMS).
The secure flow and exchange of data and information are vital to the seamless operation of any organisation. Establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an ISMS will help an organisation to manage and protect its valuable information assets.
ISO 27001:2005 is the only auditable international standard which defines the requirements for an Information Security Management System. Certification against ISO 27001:2005 aids an organisation to protect its information assets and to give confidence to any interested parties, especially its customers that all data including personal information is adequately managed and maintained.
Certification against ISO 27001:2005 is especially relevant to organisations where the protection of information is critical, such as in the finance, telecommunications, health, public and IT sectors.
Certification against ISO 27001:2005 requires an organisation to:
- Systematically examine the organisation's information security risks, taking into account of all threats,vulnerabilities and impacts; and
- Design and implement an extensive set of information security controls and/or other forms of risk management (such as risk avoidance or risk transfer) to address those risks that are considered unacceptable.