ISO/IEC 27001 A standard for Information Security Management Systems
A management system approach to Information Security.
ISO/IEC 27001:2013 is an international standard for Information Security Management System requirements. It is the system for managing information security in line with the organization’s business, contractual and regulatory requirements in conjunction with its risk appetite.
The 2013 version of the standard is the most current and aligns with ISO 9001:2015 and also takes into consideration the rapid changes of the cyber threat landscape over recent years. The standard allows for a wide set of best practice controls to ensure the level of security applicable to your business.
Comparison of ISMS to QMS
Information & Classification
Market / Legal / Regulatory
Customer / Interested Parties
Products and Services
|ISMS Policy and Objectives||QMS Scope Policy and Objectives|
|Roles and Responsibilities||Roles and Responsibilities|
|Controls and Security Risk Assessment||Key Processes & Clause Gap Analysis|
|Implement Security Controls||Implement Key Processes/Fill Gaps|
|Document & Record Control|
|Security Objectives, Control Indicators/KPI Measurement|
|Nonconformity & Corrective Action|
|Management Review/Continual Improvement|
There are 2 major parts to the ISO 27000 standard family. The first part is the specifications for the ISMS and considerations of all the Annex A controls as outlined in ISO 27001:2013. The second part is ISO 27002:2013, which provides guidance on how to implement the controls. Together they combine the what and how for an Information Security Management System.
Core Business Solutions offers customized consulting programs to fit your business needs to assist you in implementing and maintaining an effective ISMS. Once you have implemented ISO 27001:2013 with our assistance, you will be compliant to the international standard. Should you choose to continue toward certification, we can offer options for you.
Many customers that pursue ISO 27001:2013, have or need to have ISO 9001:2015 in place. ISO 27001:2013 is designed to dovetail with other standards in the ISO family such as ISO 9001, ISO 14001, ISO 20000-1 and more.
Consulting Support for ISO 27001
Core Business Solutions has qualified ISO 27001 consultants in addition to Information Security Technicians ready to help you achieve compliance/certification. Support for the standard is available through our Onsite Consulting Programs.
To learn more about first time certification, contact us at 866-354-0300 or email firstname.lastname@example.org to request a quote.