866.354.0300

Choose a standard:

ISO/IEC 27001 A standard for Information Security Management Systems

A management system approach to Information Security.

ISO/IEC 27001:2013 is an international standard for Information Security Management System requirements. It is the system for managing information security in line with the organization’s business, contractual and regulatory requirements in conjunction with its risk appetite.

The 2013 version of the standard is the most current and aligns with ISO 9001:2015 and also takes into consideration the rapid changes of the cyber threat landscape over recent years. The standard allows for a wide set of best practice controls to ensure the level of security applicable to your business.

Comparison of ISMS to QMS

ISMSQMS
Identify in-scope
Information & Classification
Business Context
Market / Legal / Regulatory
Customer / Interested Parties

Requirements for
SecurityQuality
Identify in-scope
Products and Services
ISMS Policy and ObjectivesQMS Scope Policy and Objectives
Roles and ResponsibilitiesRoles and Responsibilities
Controls and Security Risk AssessmentKey Processes & Clause Gap Analysis
Implement Security ControlsImplement Key Processes/Fill Gaps
Document & Record Control
Security Objectives, Control Indicators/KPI Measurement
Nonconformity & Corrective Action
Internal Audit
Management Review/Continual Improvement

There are 2 major parts to the ISO 27000 standard family. The first part is the specifications for the ISMS and considerations of all the Annex A controls as outlined in ISO 27001:2013. The second part is ISO 27002:2013, which provides guidance on how to implement the controls. Together they combine the what and how for an Information Security Management System.

Core Business Solutions offers customized consulting programs to fit your business needs to assist you in implementing and maintaining an effective ISMS. Once you have implemented ISO 27001:2013 with our assistance, you will be compliant to the international standard. Should you choose to continue toward certification, we can offer options for you.

Many customers that pursue ISO 27001:2013, have or need to have ISO 9001:2015 in place. ISO 27001:2013 is designed to dovetail with other standards in the ISO family such as ISO 9001, ISO 14001, ISO 20000-1 and more.

Consulting Support for ISO 27001

Core Business Solutions has qualified ISO 27001 consultants in addition to Information Security Technicians ready to help you achieve compliance/certification. Support for the standard is available through our Onsite Consulting Programs.

To learn more about first time certification, contact us at 866-354-0300 or email info@thecoresolution.com to request a quote.

Related standards

See ISO 9001:2015

See ISO 14001